API tools faq
paste
Advertisement
mahovina

Untitled

mahovina
Oct 4th, 2015
352
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 27.24 KB | None | 0 0
raw download clone embed print report
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-10-2015
  2. Ran by MARKO (administrator) on MARKO-PC (04-10-2015 17:54:24)
  3. Running from C:\Users\MARKO\Downloads
  4. Loaded Profiles: MARKO (Available Profiles: MARKO)
  5. Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Engleski (Sjedinjene Države)
  6. Internet Explorer Version 10 (Default browser: FF)
  7. Boot Mode: Normal
  8. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
  9.  
  10. ==================== Processes (Whitelisted) =================
  11.  
  12. (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
  13.  
  14. (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
  15. (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
  16. (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
  17. (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
  18. () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
  19. (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
  20. (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
  21. (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
  22. (Microsoft Corporation) C:\Windows\System32\dllhost.exe
  23.  
  24.  
  25. ==================== Registry (Whitelisted) ===========================
  26.  
  27. (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
  28.  
  29. HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2013-09-04] (Realtek Semiconductor)
  30. HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-10-03] (COMODO)
  31. HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
  32. HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-01-05] (Advanced Micro Devices, Inc.)
  33. HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2015-04-05] ()
  34. HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-10-04] (Malwarebytes Corporation)
  35. HKU\S-1-5-19\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\PPSKernel.exe
  36. HKU\S-1-5-20\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\PPSKernel.exe
  37. HKU\S-1-5-21-704505325-1926296974-3857051907-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
  38. HKU\S-1-5-21-704505325-1926296974-3857051907-1000\...\Run: [uTorrent] => C:\Users\MARKO\AppData\Roaming\uTorrent\uTorrent.exe [1439144 2015-03-24] (BitTorrent Inc.)
  39. HKU\S-1-5-21-704505325-1926296974-3857051907-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718720 2010-12-21] (Microsoft Corporation)
  40. HKU\S-1-5-21-704505325-1926296974-3857051907-1000\...\Run: [Facebook Update] => C:\Users\MARKO\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-24] (Facebook Inc.)
  41. HKU\S-1-5-21-704505325-1926296974-3857051907-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-30] (Skype Technologies S.A.)
  42. HKU\S-1-5-21-704505325-1926296974-3857051907-1000\...\Run: [Viber] => C:\Users\MARKO\AppData\Local\Viber\Viber.exe [72389840 2015-08-21] ()
  43. HKU\S-1-5-21-704505325-1926296974-3857051907-1000\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2015-06-29] (Comfort Software Group)
  44. HKU\S-1-5-21-704505325-1926296974-3857051907-1000\...\MountPoints2: {2462968d-fc6e-11e4-8a39-00304f7fe9c9} - H:\HTC_Sync_Manager_PC.exe
  45. HKU\S-1-5-21-704505325-1926296974-3857051907-1000\...\MountPoints2: {eeda6a11-0503-11e5-be9f-00304f7fe9c9} - F:\HTC_Sync_Manager_PC.exe
  46. HKU\S-1-5-21-704505325-1926296974-3857051907-1000\...\MountPoints2: {fc83f6c0-166d-11e3-ae31-806e6f6e6963} - G:\autorun.exe
  47. HKU\S-1-5-18\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\PPSKernel.exe
  48. HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-01-05] (Advanced Micro Devices, Inc.)
  49. Startup: C:\Users\MARKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2014-11-01] ()
  50.  
  51. ==================== Internet (Whitelisted) ====================
  52.  
  53. (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
  54.  
  55. Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
  56. Tcpip\..\Interfaces\{561B1418-DC0F-43A3-888B-063430E82863}: [DhcpNameServer] 172.30.3.254
  57. Tcpip\..\Interfaces\{7946A9F1-5143-451C-9A7E-F51476A3CED4}: [NameServer] 85.114.32.7,85.114.32.8
  58. Tcpip\..\Interfaces\{9C546357-891C-491D-8500-8EFCD1EA5E1C}: [DhcpNameServer] 192.168.1.1
  59.  
  60. Internet Explorer:
  61. ==================
  62. HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
  63. HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  64. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
  65. HKU\S-1-5-21-704505325-1926296974-3857051907-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
  66. SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  67. SearchScopes: HKU\S-1-5-21-704505325-1926296974-3857051907-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  68. SearchScopes: HKU\S-1-5-21-704505325-1926296974-3857051907-1000 -> OldSearch URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
  69. BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
  70. BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
  71. BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
  72. BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
  73. BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
  74. BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-09] (Oracle Corporation)
  75. BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
  76. BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
  77. BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
  78. BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-09] (Oracle Corporation)
  79. Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
  80. Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
  81.  
  82. FireFox:
  83. ========
  84. FF ProfilePath: C:\Users\MARKO\AppData\Roaming\Mozilla\Firefox\Profiles\a1jin049.default
  85. FF SelectedSearchEngine: Default
  86. FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
  87. FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
  88. FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
  89. FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
  90. FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-06-26] (Adobe Systems, Inc.)
  91. FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
  92. FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-09] (Oracle Corporation)
  93. FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-09] (Oracle Corporation)
  94. FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
  95. FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
  96. FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
  97. FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-07-24] (Nullsoft, Inc.)
  98. FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll [No File]
  99. FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)
  100. FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
  101. FF Plugin HKU\S-1-5-21-704505325-1926296974-3857051907-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\MARKO\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
  102. FF Plugin HKU\S-1-5-21-704505325-1926296974-3857051907-1000: @tools.google.com/Google Update;version=3 -> C:\Users\MARKO\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
  103. FF Plugin HKU\S-1-5-21-704505325-1926296974-3857051907-1000: @tools.google.com/Google Update;version=9 -> C:\Users\MARKO\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
  104. FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
  105. FF SearchPlugin: C:\Users\MARKO\AppData\Roaming\Mozilla\Firefox\Profiles\a1jin049.default\searchplugins\default.xml [2015-10-04]
  106. FF Extension: Avira Browser Safety - C:\Users\MARKO\AppData\Roaming\Mozilla\Firefox\Profiles\a1jin049.default\Extensions\abs@avira.com [2015-10-04]
  107. FF Extension: TrafficLight - C:\Users\MARKO\AppData\Roaming\Mozilla\Firefox\Profiles\a1jin049.default\Extensions\trafficlight@bitdefender.com.xpi [2015-10-04]
  108. FF Extension: FlashGot - C:\Users\MARKO\AppData\Roaming\Mozilla\Firefox\Profiles\a1jin049.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-09-06]
  109. FF Extension: Adblock Plus - C:\Users\MARKO\AppData\Roaming\Mozilla\Firefox\Profiles\a1jin049.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-13]
  110. FF Extension: Roll Around - C:\Users\MARKO\AppData\Roaming\Mozilla\Firefox\Profiles\a1jin049.default\Extensions\{f03d5e04-efef-4fbf-9c50-0079529383b9}.xpi [2015-03-19]
  111. FF Extension: Adblock Edge - C:\Users\MARKO\AppData\Roaming\Mozilla\Firefox\Profiles\a1jin049.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-06-06]
  112. FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-03]
  113.  
  114. Chrome:
  115. =======
  116. CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCcAgAVFxHFxgTIlsKTA0TFwEOIQ0BWRREFg0SIwtZWAlHFwYFIk0FA1oDB0VXfV5bFElXTwhxL1VUIEseVFtH"
  117. CHR Plugin: (Shockwave Flash) - C:\Users\MARKO\AppData\Local\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()
  118. CHR Plugin: (Native Client) - C:\Users\MARKO\AppData\Local\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
  119. CHR Plugin: (Chrome PDF Viewer) - C:\Users\MARKO\AppData\Local\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
  120. CHR Profile: C:\Users\MARKO\AppData\Local\Google\Chrome\User Data\Default
  121. CHR Extension: (Google Docs) - C:\Users\MARKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2012-09-05]
  122. CHR Extension: (Google disk) - C:\Users\MARKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-09-05]
  123. CHR Extension: (YouTube) - C:\Users\MARKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-05]
  124. CHR Extension: (WhatsWeb) - C:\Users\MARKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cebcbiddpikadcfodbjihffmddoohdma [2015-04-22]
  125. CHR Extension: (Google pretraživanje) - C:\Users\MARKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-05]
  126. CHR Extension: (Google dokumenti izvanmrežno) - C:\Users\MARKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-07]
  127. CHR Extension: (AdBlock) - C:\Users\MARKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-10]
  128. CHR Extension: (Skype Click to Call) - C:\Users\MARKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-12-04]
  129. CHR Extension: (Plaćanja u web-trgovini Chrome) - C:\Users\MARKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]
  130. CHR Extension: (Gmail) - C:\Users\MARKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-05]
  131. CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
  132. StartMenuInternet: Google Chrome.VSOYH6XW2T4XTOMIUO35XEGASE - C:\Users\MARKO\AppData\Local\Google\Chrome\Application\chrome.exe
  133.  
  134. ==================== Services (Whitelisted) ========================
  135.  
  136. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  137.  
  138. S2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-01-05] (Advanced Micro Devices, Inc.) [File not signed]
  139. S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136544 2010-03-12] ()
  140. R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-06-10] (Microsoft Corporation)
  141. R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-06-10] (Microsoft Corporation)
  142. R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-10-03] (COMODO)
  143. S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-10-03] (COMODO)
  144. S2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1994936 2015-06-29] (Comodo)
  145. S3 GSService; C:\Windows\SysWOW64\GSService.exe [490208 2013-07-26] ()
  146. S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-10-04] (Malwarebytes Corporation)
  147. R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2015-05-17] () [File not signed]
  148. S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-31] (TuneUp Software)
  149. S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
  150. S2 Privacy Content Firewall; "C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\PrivDogService.exe" [X]
  151. S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
  152.  
  153. ===================== Drivers (Whitelisted) ==========================
  154.  
  155. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  156.  
  157. R1 admnfd; C:\Windows\system32\Drivers\admnfd.sys [49496 2014-12-04] (Windows (R) Win 7 DDK provider)
  158. R3 AODDriver; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
  159. R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
  160. R1 browserMon; C:\Windows\System32\DRIVERS\browserMon.sys [20728 2015-03-03] (Windows (R) Win 7 DDK provider)
  161. R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-08-05] (COMODO)
  162. R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-08-05] (COMODO)
  163. R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-05] (COMODO)
  164. S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
  165. R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-10-04] ()
  166. R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-05] (COMODO)
  167. R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
  168. S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-08-19] (RapidSolution Software AG)
  169. R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-08-19] (RapidSolution Software AG)
  170. R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
  171. S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation )
  172. R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-09-05] (Duplex Secure Ltd.)
  173. R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
  174. S3 USBET; C:\Windows\System32\DRIVERS\ETdrv.sys [6408704 2010-11-29] (Etron)
  175. U3 a0snau1f; C:\Windows\System32\Drivers\a0snau1f.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
  176. S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
  177. S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
  178. S3 VGPU; System32\drivers\rdvgkmd.sys [X]
  179.  
  180. ==================== NetSvcs (Whitelisted) ===================
  181.  
  182. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  183.  
  184.  
  185. ==================== One Month Created files and folders ========
  186.  
  187. (If an entry is included in the fixlist, the file/folder will be moved.)
  188.  
  189. 2015-10-04 17:54 - 2015-10-04 17:54 - 00019209 _____ C:\Users\MARKO\Downloads\FRST.txt
  190. 2015-10-04 17:53 - 2015-10-04 17:54 - 00000000 ____D C:\FRST
  191. 2015-10-04 17:52 - 2015-10-04 17:53 - 02193408 _____ (Farbar) C:\Users\MARKO\Downloads\FRST64.exe
  192. 2015-10-04 17:52 - 2015-10-04 17:52 - 01697280 _____ (Farbar) C:\Users\MARKO\Downloads\FRST.exe
  193. 2015-10-04 17:30 - 2015-10-04 17:30 - 00002569 _____ C:\Users\MARKO\Desktop\JRT.txt
  194. 2015-10-04 17:13 - 2015-10-04 17:13 - 01801288 _____ (Malwarebytes) C:\Users\MARKO\Downloads\JRT(1).exe
  195. 2015-10-04 17:03 - 2015-10-04 17:03 - 02865192 _____ (Malwarebytes ) C:\Users\MARKO\Downloads\mbae-setup-1.07.1.1015.exe
  196. 2015-10-04 17:03 - 2015-10-04 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
  197. 2015-10-04 17:03 - 2015-10-04 17:03 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
  198. 2015-10-04 17:03 - 2015-10-04 17:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
  199. 2015-10-04 16:57 - 2015-10-04 17:11 - 00000000 ____D C:\AdwCleaner
  200. 2015-10-04 16:57 - 2015-10-04 16:58 - 01801288 _____ (Malwarebytes) C:\Users\MARKO\Downloads\JRT.exe
  201. 2015-10-04 16:57 - 2015-10-04 16:57 - 01681408 _____ C:\Users\MARKO\Downloads\AdwCleaner.exe
  202. 2015-10-04 02:52 - 2015-10-04 02:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
  203. 2015-10-03 17:40 - 2015-10-03 18:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
  204. 2015-09-30 19:37 - 2015-09-30 20:03 - 00857558 _____ C:\Users\MARKO\Downloads\Tanja Savic - Za moje dobro - (Audio 2010).mp3.part
  205. 2015-09-12 09:01 - 2015-09-12 09:01 - 00576909 _____ C:\Users\MARKO\Downloads\aZN8q96_460sv.mp4
  206.  
  207. ==================== One Month Modified files and folders ========
  208.  
  209. (If an entry is included in the fixlist, the file/folder will be moved.)
  210.  
  211. 2015-10-04 17:50 - 2013-09-06 04:00 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
  212. 2015-10-04 17:45 - 2013-09-05 22:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
  213. 2015-10-04 17:39 - 2014-02-21 02:35 - 00000958 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-704505325-1926296974-3857051907-1000UA.job
  214. 2015-10-04 17:36 - 2013-09-04 12:48 - 01763492 _____ C:\Windows\WindowsUpdate.log
  215. 2015-10-04 17:06 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  216. 2015-10-04 17:06 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  217. 2015-10-04 17:01 - 2013-09-06 02:43 - 00000000 ____D C:\Users\MARKO\AppData\Roaming\uTorrent
  218. 2015-10-04 17:01 - 2013-09-06 02:33 - 00000000 ____D C:\Users\MARKO\AppData\Roaming\Skype
  219. 2015-10-04 17:01 - 2013-09-05 23:16 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
  220. 2015-10-04 17:01 - 2013-09-05 23:16 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
  221. 2015-10-04 17:00 - 2015-07-07 17:50 - 00003968 _____ C:\Windows\PFRO.log
  222. 2015-10-04 17:00 - 2015-05-25 22:57 - 00020334 _____ C:\Windows\setupact.log
  223. 2015-10-04 17:00 - 2014-12-21 15:05 - 00000000 ____D C:\Users\MARKO\AppData\Roaming\ViberPC
  224. 2015-10-04 17:00 - 2013-09-05 22:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
  225. 2015-10-04 17:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
  226. 2015-10-04 15:26 - 2014-10-24 15:21 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-704505325-1926296974-3857051907-1000UA.job
  227. 2015-10-04 15:26 - 2014-10-24 15:21 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-704505325-1926296974-3857051907-1000Core.job
  228. 2015-10-04 02:52 - 2015-04-05 22:03 - 00000424 _____ C:\Users\MARKO\AppData\Local\UserProducts.xml
  229. 2015-10-03 23:39 - 2014-02-21 02:35 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-704505325-1926296974-3857051907-1000Core.job
  230. 2015-10-03 18:24 - 2013-09-06 10:42 - 02492512 _____ C:\Windows\system32\Drivers\fvstore.dat
  231. 2015-10-02 16:56 - 2009-07-14 07:13 - 00781480 _____ C:\Windows\system32\PerfStringBackup.INI
  232. 2015-09-30 08:51 - 2015-05-26 01:15 - 00000000 ____D C:\Users\MARKO\Documents\The Witcher 3
  233. 2015-09-24 14:36 - 2015-08-17 18:15 - 00000000 ____D C:\Users\MARKO\Documents\Lightshot
  234. 2015-09-23 13:10 - 2015-05-15 11:24 - 00000000 ____D C:\Users\MARKO\AppData\Local\Microsoft Games
  235. 2015-09-22 14:52 - 2013-09-05 22:54 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
  236. 2015-09-22 14:52 - 2013-09-05 22:54 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
  237. 2015-09-22 14:52 - 2013-09-05 22:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
  238. 2015-09-19 14:21 - 2012-09-05 22:41 - 00000000 ____D C:\Users\MARKO\AppData\Local\Google
  239. 2015-09-14 23:34 - 2014-02-21 02:35 - 00003932 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-704505325-1926296974-3857051907-1000UA
  240. 2015-09-14 23:34 - 2014-02-21 02:35 - 00003536 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-704505325-1926296974-3857051907-1000Core
  241. 2015-09-07 23:38 - 2009-09-21 01:43 - 00161280 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_mdm.sys
  242. 2015-09-07 23:38 - 2009-09-21 01:43 - 00127488 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_bus.sys
  243. 2015-09-07 23:38 - 2009-09-21 01:43 - 00018944 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_mdfl.sys
  244. 2015-09-07 23:38 - 2009-09-21 01:43 - 00015872 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_whnt.sys
  245. 2015-09-07 23:38 - 2009-09-21 01:43 - 00015872 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_wh.sys
  246. 2015-09-07 23:38 - 2009-09-21 01:43 - 00015360 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_cmnt.sys
  247. 2015-09-07 23:38 - 2009-09-21 01:43 - 00015360 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_cm.sys
  248.  
  249. ==================== Files in the root of some directories =======
  250.  
  251. 2014-09-17 21:42 - 2014-09-17 21:42 - 1177208 _____ () C:\Users\MARKO\AppData\Roaming\AndyCleanupTool.exe
  252. 2014-09-17 21:42 - 2014-09-17 21:42 - 1176696 _____ () C:\Users\MARKO\AppData\Roaming\AndyCleanVM.exe
  253. 2013-09-05 23:34 - 2013-09-05 23:34 - 0000331 _____ () C:\Users\MARKO\AppData\Roaming\burnaware.ini
  254. 2013-09-06 01:56 - 2015-04-17 10:32 - 0099384 _____ () C:\Users\MARKO\AppData\Roaming\inst.exe
  255. 2013-09-06 01:56 - 2015-04-17 10:32 - 0007859 _____ () C:\Users\MARKO\AppData\Roaming\pcouffin.cat
  256. 2013-09-06 01:56 - 2015-04-17 10:32 - 0001167 _____ () C:\Users\MARKO\AppData\Roaming\pcouffin.inf
  257. 2013-09-06 01:56 - 2015-04-17 10:32 - 0000055 _____ () C:\Users\MARKO\AppData\Roaming\pcouffin.log
  258. 2013-09-06 01:56 - 2015-04-17 10:32 - 0082816 _____ (VSO Software) C:\Users\MARKO\AppData\Roaming\pcouffin.sys
  259. 2015-03-25 18:01 - 2015-03-25 18:01 - 0007844 _____ () C:\Users\MARKO\AppData\Local\CleanupUninstall.txt
  260. 2015-05-15 10:32 - 2015-05-15 10:32 - 0003584 _____ () C:\Users\MARKO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
  261. 2015-04-05 22:03 - 2015-04-05 22:03 - 0000003 _____ () C:\Users\MARKO\AppData\Local\updater.log
  262. 2015-04-05 22:03 - 2015-10-04 02:52 - 0000424 _____ () C:\Users\MARKO\AppData\Local\UserProducts.xml
  263.  
  264. Some files in TEMP:
  265. ====================
  266. C:\Users\MARKO\AppData\Local\Temp\{6CA47808-7565-42DB-8009-A1FDDD834B33}.dll
  267.  
  268.  
  269. ==================== Bamital & volsnap =================
  270.  
  271. (There is no automatic fix for files that do not pass verification.)
  272.  
  273. C:\Windows\system32\winlogon.exe => File is digitally signed
  274. C:\Windows\system32\wininit.exe => File is digitally signed
  275. C:\Windows\SysWOW64\wininit.exe => File is digitally signed
  276. C:\Windows\explorer.exe => File is digitally signed
  277. C:\Windows\SysWOW64\explorer.exe => File is digitally signed
  278. C:\Windows\system32\svchost.exe => File is digitally signed
  279. C:\Windows\SysWOW64\svchost.exe => File is digitally signed
  280. C:\Windows\system32\services.exe => File is digitally signed
  281. C:\Windows\system32\User32.dll => File is digitally signed
  282. C:\Windows\SysWOW64\User32.dll => File is digitally signed
  283. C:\Windows\system32\userinit.exe => File is digitally signed
  284. C:\Windows\SysWOW64\userinit.exe => File is digitally signed
  285. C:\Windows\system32\rpcss.dll => File is digitally signed
  286. C:\Windows\system32\dnsapi.dll => File is digitally signed
  287. C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
  288. C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
  289.  
  290.  
  291. LastRegBack: 2015-10-01 01:45
  292.  
  293. ==================== End of FRST.txt ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!