Zablokiran racunar.

1

Zablokiran racunar.

offline
  • DaX. 
  • Novi MyCity građanin
  • Pridružio: 06 Avg 2012
  • Poruke: 18

Napisano: 27 Jul 2014 20:51

Zdravo,
racunar mi je totalno zablokirao, nijedan program ne moze da pokrene znaci nista ne funkcionise.
Vise puta sa ga restartova ali je i dalje je zablokiran a na kabl mora da se iskljuci.
Racunar sam skenira sa Malwarebytes - Anti - Malware. nakon skeniranja se je taj problem pojavio.
Izvestaj ne mogu da prilozim jer preko usb na rabunar nista ne mogu da prebacim.

Ovo mi izbacuje :
The applikation ist not responding. The program may respond aganin if yo wait.
Dn you want to end this proces.

Dopuna: 27 Jul 2014 21:07

Zaboravih da napisem da mi je windows 7 64 bit.

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Probaj da pokreneš sistem u safe Mode with Networking režimu i onda probaj da postaviš tražene izvještaje.

http://www.mycity.rs/MyCity-Laboratorija/Kako-uci-u-Safe-Mode-2.html

offline
  • DaX. 
  • Novi MyCity građanin
  • Pridružio: 06 Avg 2012
  • Poruke: 18

Napisano: 28 Jul 2014 2:41

Zavrsio sam skeniranje.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014 Ran by Korisnik (administrator) on KORISNIK-PC on 28-07-2014 02:18:01 Running from C:\Users\Korisnik\Desktop Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Safe Mode (with Networking) The only official download link for FRST: Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (FSPro Labs) C:\Program Files\My Lockbox\mylbx.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\mylbx.exe [2289952 2013-10-28] (FSPro Labs) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-21] (Microsoft Corporation) HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] () HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2770432 2010-02-10] (VIA) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 HKLM-x32\...\Run: [ROC_ROC_NT] => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT HKLM-x32\...\Run: [EPSON Product Herinnering betreffende registratie] => C:\Windows\Temp\RegModule.exe HKLM-x32\...\Run: [DApp] => C:\Program Files\PCDApp\start.vbs HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-1431677337-705458299-3697831354-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation) HKU\S-1-5-21-1431677337-705458299-3697831354-1001\...\Run: [QuickPhrase] => "C:\Program Files (x86)\TypingMaster\quickphrase\quickphrase.exe" HKU\S-1-5-21-1431677337-705458299-3697831354-1001\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent HKU\S-1-5-21-1431677337-705458299-3697831354-1001\...\Run: [Google Update] => C:\Users\Korisnik\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-29] (Google Inc.) HKU\S-1-5-21-1431677337-705458299-3697831354-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S3].txt HKU\S-1-5-21-1431677337-705458299-3697831354-1001\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-1431677337-705458299-3697831354-1001\...\MountPoints2: {0133e7cd-e250-11e2-acb6-8405cd3b61fb} - G:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B} HKU\S-1-5-21-1431677337-705458299-3697831354-1001\...\MountPoints2: {71efa4dd-30bf-11e3-bb13-20cf30bbaa36} - G:\Setup.exe ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x83D6A2236075CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = giga.de/software/ SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {132B05E5-54C6-429E-9FA0-4AE8070831CD} URL = t1.search.com/search?q={searchTerms} SearchScopes: HKCU - {20EB3396-1366-4A81-8828-4F223DB74E5F} URL = de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout SearchScopes: HKCU - {3487DA13-8171-410E-82DF-985818D42A3C} URL = search.aol.com/aol/search?s_it=tb50winamp&q={searchTerms} SearchScopes: HKCU - {451B0B5D-DCDB-4701-BCA5-CF5CC3EC1CB4} URL = search.softonic.com/MON00179/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=122 BHO: SNT -> {58973959-5EBE-8000-0893-99A38318051C} -> C:\Program Files (x86)\SNT\93buVN0ZB.x64.dll No File BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: SNT -> {B48A685B-9C50-0D95-4AD0-DE71068775BB} -> C:\Program Files (x86)\SNT\Q4R.x64.dll No File BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper64.dll No File BHO-x32: No Name -> {120A8821-2BEE-4C29-BCDA-62C577781992} -> No File BHO-x32: SNT -> {58973959-5EBE-8000-0893-99A38318051C} -> C:\Program Files (x86)\SNT\93buVN0ZB.dll No File BHO-x32: No Name -> {66F57190-01EB-45A6-8260-7895267209F7} -> No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: SNT -> {B48A685B-9C50-0D95-4AD0-DE71068775BB} -> C:\Program Files (x86)\SNT\Q4R.dll No File BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper.dll No File Toolbar: HKLM-x32 - No Name - {610AF794-9293-4129-9FAF-A81BBDFBFA14} - No File Toolbar: HKCU - No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No File Tcpip\Parameters: [DhcpNameServer] 89.216.1.40 89.216.1.50 FireFox: ======== FF ProfilePath: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\niumlhf6.default FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Korisnik\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Korisnik\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Extension: GreatSaave4U - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\niumlhf6.default\Extensions\0bsdspju@lxks-oiu.co.uk [2014-06-02] FF Extension: Amazon-Icon - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\niumlhf6.default\Extensions\amazon-icon@giga.de [2014-05-23] FF Extension: SNT - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\niumlhf6.default\Extensions\dyyb9@rtolhfsr.net [2014-03-06] FF Extension: SNT - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\niumlhf6.default\Extensions\eeuenl@yiofo.com [2014-04-18] FF Extension: VisualBee Toolbar - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\niumlhf6.default\Extensions\ffxtlbr@visualbee.com [2013-10-15] FF Extension: No Name - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\niumlhf6.default\Extensions\staged [2014-05-22] FF Extension: NextCCOaup - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\niumlhf6.default\Extensions\ysts3aiou@dapebvz-rszs.co.uk [2014-03-06] FF Extension: Webbing - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\niumlhf6.default\Extensions\zwb9sldpzp@ercnvioea.co.uk [2014-03-06] FF Extension: Youtube Accelerator Helper - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\niumlhf6.default\Extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E} [2014-05-30] FF Extension: SmileysWeLove: Smileys for use with Facebook, GMail, and more - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\niumlhf6.default\Extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi [2014-03-06] FF Extension: Recorder Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} [2014-03-06] Chrome: ======= CHR HomePage: CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-29] CHR Extension: (Google Wallet) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-29] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed] S2 MBAMScheduler; D:\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-21] (Microsoft Corporation) S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-21] (Microsoft Corporation) S2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346880 2014-05-12] (ShopperPro) S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation) S2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed] S2 84ef8d51; "C:\Windows\system32\rundll32.exe" "c:\progra~2\ws-boo~1\AssistantSvc.dll",service ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 bomebus; C:\Windows\System32\DRIVERS\bomebus.sys [34376 2010-10-13] (Bome Software) S3 bomemidi; C:\Windows\System32\drivers\bomemidi.sys [30792 2010-10-13] (Bome Software) R0 FSProFilter2; C:\Windows\System32\Drivers\FSPFltd2.sys [57648 2011-06-04] (FSPro Labs) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) S3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41856 2014-05-12] () S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-11-01] (Anchorfree Inc.) S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\WNt500x64\Sandra.sys [X] S1 tolosbnj; \??\C:\Windows\system32\drivers\tolosbnj.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-28 02:18 - 2014-07-28 02:18 - 00013889 _____ () C:\Users\Korisnik\Desktop\FRST.txt 2014-07-28 02:17 - 2014-07-28 02:18 - 00000000 ____D () C:\FRST 2014-07-28 01:58 - 2014-07-28 01:58 - 00030533 _____ () C:\Users\Korisnik\Desktop\Addition.txt 2014-07-28 01:57 - 2014-07-27 20:36 - 02093568 _____ (Farbar) C:\Users\Korisnik\Desktop\FRST64.exe 2014-07-28 01:29 - 2014-07-28 01:29 - 00000000 ____D () C:\ProgramData\ShopperPro 2014-07-14 04:44 - 2014-07-14 05:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-14 04:44 - 2014-07-14 04:44 - 00000613 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-14 04:44 - 2014-07-14 04:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-14 04:44 - 2014-07-14 04:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-14 04:44 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-14 04:44 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-14 04:44 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-14 04:43 - 2014-07-14 04:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Korisnik\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-14 04:35 - 2014-07-14 04:35 - 138843954 _____ () C:\Users\Korisnik\Documents\Easy German 31 - Was machst du hier_.mp4 2014-07-14 04:25 - 2014-07-14 04:25 - 181546405 _____ () C:\Users\Korisnik\Documents\Easy German Episode 30.mp4 2014-07-14 04:19 - 2014-07-14 04:19 - 60006370 _____ () C:\Users\Korisnik\Documents\Easy German Episode 29 - City Edition_ Hamburg.mp4 2014-07-14 04:15 - 2014-07-14 04:15 - 85367571 _____ () C:\Users\Korisnik\Documents\Easy German 28 - Der typische Münsteraner.mp4 2014-07-14 04:09 - 2014-07-14 04:09 - 184157279 _____ () C:\Users\Korisnik\Documents\Easy German Episode 26 - Was machst du heute_.mp4 2014-07-14 04:04 - 2014-07-14 04:04 - 228481698 _____ () C:\Users\Korisnik\Documents\Easy German Episode 25 - Was glaubst du_.mp4 2014-07-14 03:51 - 2014-07-14 03:51 - 03016826 _____ ( ) C:\Users\Korisnik\Downloads\FFmpeg_v0.6.2_for_Audacity_on_Windows.exe 2014-07-14 03:49 - 2014-07-14 03:49 - 74028024 _____ () C:\Users\Korisnik\Documents\Easy German 24 - Was magst du an England_.mp4 2014-07-14 03:47 - 2014-07-14 03:47 - 117046637 _____ () C:\Users\Korisnik\Documents\Easy German Episode 23 - Berlin in einem Wort.mp4 2014-07-14 03:47 - 2014-07-14 03:47 - 00000544 _____ () C:\Users\Korisnik\Desktop\Audacity.lnk 2014-07-14 03:47 - 2014-07-14 03:47 - 00000544 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2014-07-14 03:45 - 2014-07-14 03:43 - 194787481 _____ () C:\Users\Korisnik\Documents\Easy German Episode 22 - Dreams and Wishes.mp4 2014-07-14 03:45 - 2014-07-14 03:28 - 36822546 _____ () C:\Users\Korisnik\Documents\Easy German 21 - What is typical German_ (Part II).mp4 2014-07-14 03:26 - 2014-07-14 03:26 - 00001289 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk 2014-07-14 03:26 - 2014-07-14 03:26 - 00000000 ____D () C:\ProgramData\YTD Video Downloader 2014-07-14 03:26 - 2014-07-14 03:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader 2014-07-14 03:25 - 2014-07-14 03:26 - 16691888 _____ () C:\Users\Korisnik\Downloads\YTDSetup.exe 2014-07-12 05:00 - 2014-07-12 05:09 - 00000000 ____D () C:\ProgramData\FLEXnet 2014-07-10 02:50 - 2014-07-10 02:50 - 00000000 ____D () C:\Users\Korisnik\Documents\GomPlayer 2014-07-10 02:43 - 2014-07-10 03:07 - 247482490 _____ () C:\Users\Korisnik\Downloads\Balduin der Schrecken von St.Tropez (ganzer Film)(240p_H.263-MP3).flv 2014-07-10 01:58 - 2014-07-10 01:59 - 00000000 ____D () C:\Users\Korisnik\Downloads\Filmovi 2014-07-06 20:14 - 2014-07-06 20:16 - 00014542 _____ () C:\Windows\system32\�ȪUSB001.dat 2014-07-06 20:13 - 2014-07-06 20:13 - 00001322 _____ () C:\Windows\system32\ƠȫUSB001.dat 2014-07-06 20:11 - 2014-07-06 20:11 - 00002644 _____ () C:\Windows\system32\윰ȪUSB001.dat 2014-07-06 20:11 - 2014-07-06 20:11 - 00001322 _____ () C:\Windows\system32\쩐ȩUSB001.dat 2014-07-06 20:11 - 2014-07-06 20:11 - 00000603 _____ () C:\Windows\system32\ȪUSB001.dat 2014-07-06 12:47 - 2014-07-06 12:48 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-07-06 12:47 - 2014-07-06 12:47 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-07-06 12:47 - 2014-07-06 12:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-06-29 03:50 - 2014-06-29 03:50 - 00002382 _____ () C:\Users\Korisnik\Desktop\Google Chrome.lnk 2014-06-29 03:50 - 2014-06-29 03:50 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-06-29 03:48 - 2014-07-14 13:03 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1431677337-705458299-3697831354-1001UA.job 2014-06-29 03:48 - 2014-07-06 05:07 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1431677337-705458299-3697831354-1001Core.job 2014-06-29 03:48 - 2014-06-29 03:48 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1431677337-705458299-3697831354-1001UA 2014-06-29 03:48 - 2014-06-29 03:48 - 00003500 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1431677337-705458299-3697831354-1001Core 2014-06-29 03:18 - 2014-06-29 03:24 - 00034795 _____ () C:\Users\Korisnik\Downloads\Result.txt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-28 02:18 - 2014-07-28 02:18 - 00013889 _____ () C:\Users\Korisnik\Desktop\FRST.txt 2014-07-28 02:18 - 2014-07-28 02:17 - 00000000 ____D () C:\FRST 2014-07-28 02:15 - 2014-03-11 14:31 - 00000000 ____D () C:\Users\Korisnik\Downloads\l 2014-07-28 02:06 - 2009-07-14 07:13 - 00871102 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-28 01:58 - 2014-07-28 01:58 - 00030533 _____ () C:\Users\Korisnik\Desktop\Addition.txt 2014-07-28 01:46 - 2014-03-11 03:00 - 00000438 ____H () C:\Windows\Tasks\WS.Booster-S-667284051.job 2014-07-28 01:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-28 01:34 - 2013-10-02 12:08 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\uTorrent 2014-07-28 01:34 - 2013-01-17 05:36 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\Winamp 2014-07-28 01:29 - 2014-07-28 01:29 - 00000000 ____D () C:\ProgramData\ShopperPro 2014-07-27 20:36 - 2014-07-28 01:57 - 02093568 _____ (Farbar) C:\Users\Korisnik\Desktop\FRST64.exe 2014-07-14 13:03 - 2014-06-29 03:48 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1431677337-705458299-3697831354-1001UA.job 2014-07-14 05:43 - 2014-07-14 04:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-14 05:05 - 2012-08-08 14:39 - 00000000 ____D () C:\Windows\PCHEALTH 2014-07-14 05:05 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker 2014-07-14 04:54 - 2014-03-11 03:00 - 00000000 ____D () C:\Program Files (x86)\WS-Booster 2014-07-14 04:44 - 2014-07-14 04:44 - 00000613 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-14 04:44 - 2014-07-14 04:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-14 04:44 - 2014-07-14 04:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-14 04:43 - 2014-07-14 04:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Korisnik\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-14 04:35 - 2014-07-14 04:35 - 138843954 _____ () C:\Users\Korisnik\Documents\Easy German 31 - Was machst du hier_.mp4 2014-07-14 04:25 - 2014-07-14 04:25 - 181546405 _____ () C:\Users\Korisnik\Documents\Easy German Episode 30.mp4 2014-07-14 04:21 - 2014-05-28 13:08 - 00571904 ___SH () C:\Users\Korisnik\Downloads\Thumbs.db 2014-07-14 04:19 - 2014-07-14 04:19 - 60006370 _____ () C:\Users\Korisnik\Documents\Easy German Episode 29 - City Edition_ Hamburg.mp4 2014-07-14 04:15 - 2014-07-14 04:15 - 85367571 _____ () C:\Users\Korisnik\Documents\Easy German 28 - Der typische Münsteraner.mp4 2014-07-14 04:12 - 2013-09-27 16:02 - 00000000 ____D () C:\Program Files\Free PDF to Word Converter 2014-07-14 04:09 - 2014-07-14 04:09 - 184157279 _____ () C:\Users\Korisnik\Documents\Easy German Episode 26 - Was machst du heute_.mp4 2014-07-14 04:04 - 2014-07-14 04:04 - 228481698 _____ () C:\Users\Korisnik\Documents\Easy German Episode 25 - Was glaubst du_.mp4 2014-07-14 04:01 - 2012-09-04 02:56 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\Audacity 2014-07-14 03:59 - 2013-09-27 15:54 - 00000000 ____D () C:\Users\Korisnik\Documents\VideoOutput 2014-07-14 03:51 - 2014-07-14 03:51 - 03016826 _____ ( ) C:\Users\Korisnik\Downloads\FFmpeg_v0.6.2_for_Audacity_on_Windows.exe 2014-07-14 03:49 - 2014-07-14 03:49 - 74028024 _____ () C:\Users\Korisnik\Documents\Easy German 24 - Was magst du an England_.mp4 2014-07-14 03:47 - 2014-07-14 03:47 - 117046637 _____ () C:\Users\Korisnik\Documents\Easy German Episode 23 - Berlin in einem Wort.mp4 2014-07-14 03:47 - 2014-07-14 03:47 - 00000544 _____ () C:\Users\Korisnik\Desktop\Audacity.lnk 2014-07-14 03:47 - 2014-07-14 03:47 - 00000544 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2014-07-14 03:43 - 2014-07-14 03:45 - 194787481 _____ () C:\Users\Korisnik\Documents\Easy German Episode 22 - Dreams and Wishes.mp4 2014-07-14 03:28 - 2014-07-14 03:45 - 36822546 _____ () C:\Users\Korisnik\Documents\Easy German 21 - What is typical German_ (Part II).mp4 2014-07-14 03:26 - 2014-07-14 03:26 - 00001289 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk 2014-07-14 03:26 - 2014-07-14 03:26 - 00000000 ____D () C:\ProgramData\YTD Video Downloader 2014-07-14 03:26 - 2014-07-14 03:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader 2014-07-14 03:26 - 2014-07-14 03:25 - 16691888 _____ () C:\Users\Korisnik\Downloads\YTDSetup.exe 2014-07-14 02:49 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-14 02:49 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-13 04:18 - 2013-10-16 04:31 - 00000000 ____D () C:\Program Files\LockHunter 2014-07-12 05:09 - 2014-07-12 05:00 - 00000000 ____D () C:\ProgramData\FLEXnet 2014-07-11 17:05 - 2012-09-20 18:49 - 00000000 ____D () C:\Users\Korisnik\Documents\German Truck Simulator 2014-07-11 17:02 - 2014-03-06 17:02 - 00000320 _____ () C:\Windows\Tasks\MT66 Software Update.job 2014-07-10 03:07 - 2014-07-10 02:43 - 247482490 _____ () C:\Users\Korisnik\Downloads\Balduin der Schrecken von St.Tropez (ganzer Film)(240p_H.263-MP3).flv 2014-07-10 02:50 - 2014-07-10 02:50 - 00000000 ____D () C:\Users\Korisnik\Documents\GomPlayer 2014-07-10 01:59 - 2014-07-10 01:58 - 00000000 ____D () C:\Users\Korisnik\Downloads\Filmovi 2014-07-06 20:16 - 2014-07-06 20:14 - 00014542 _____ () C:\Windows\system32\�ȪUSB001.dat 2014-07-06 20:13 - 2014-07-06 20:13 - 00001322 _____ () C:\Windows\system32\ƠȫUSB001.dat 2014-07-06 20:11 - 2014-07-06 20:11 - 00002644 _____ () C:\Windows\system32\윰ȪUSB001.dat 2014-07-06 20:11 - 2014-07-06 20:11 - 00001322 _____ () C:\Windows\system32\쩐ȩUSB001.dat 2014-07-06 20:11 - 2014-07-06 20:11 - 00000603 _____ () C:\Windows\system32\ȪUSB001.dat 2014-07-06 12:48 - 2014-07-06 12:47 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-07-06 12:48 - 2012-08-08 14:36 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-07-06 12:47 - 2014-07-06 12:47 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-07-06 12:47 - 2014-07-06 12:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-07-06 05:07 - 2014-06-29 03:48 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1431677337-705458299-3697831354-1001Core.job 2014-06-29 03:50 - 2014-06-29 03:50 - 00002382 _____ () C:\Users\Korisnik\Desktop\Google Chrome.lnk 2014-06-29 03:50 - 2014-06-29 03:50 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-06-29 03:50 - 2012-08-11 20:33 - 00000000 ____D () C:\Users\Korisnik\AppData\Local\Google 2014-06-29 03:48 - 2014-06-29 03:48 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1431677337-705458299-3697831354-1001UA 2014-06-29 03:48 - 2014-06-29 03:48 - 00003500 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1431677337-705458299-3697831354-1001Core 2014-06-29 03:37 - 2012-08-08 14:18 - 00000000 ____D () C:\Users\Korisnik 2014-06-29 03:24 - 2014-06-29 03:18 - 00034795 _____ () C:\Users\Korisnik\Downloads\Result.txt 2014-06-28 15:00 - 2012-08-08 15:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-06-28 14:23 - 2012-09-23 17:59 - 00000000 ____D () C:\Users\Korisnik\Downloads\Extr4temeTruy5cker2-elamigos 2014-06-28 14:19 - 2014-03-05 14:28 - 00000000 ____D () C:\ProgramData\TP-LINK Some content of TEMP: ==================== C:\Users\Korisnik\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-28 01:03 ==================== End Of Log ============================

Dopuna: 28 Jul 2014 2:48

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014 Ran by Korisnik at 2014-07-28 02:18:18 Running from C:\Users\Korisnik\Desktop Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.) Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated) AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{81D00339-968D-15D1-3499-8431658E896F}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.70727.2220 - Advanced Micro Devices, Inc.) Hidden ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach) ASUS Drivers Update Utility For Windows 7 (HKLM-x32\...\ASUS Drivers Update Utility For Windows 7_is1) (Version: - DGTSoft Inc.) Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2433A103-9EC3-49EA-9AD1-58A35F27EE56}) (Version: - Microsoft) EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - ) FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - ) Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line) IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) Malwarebytes Anti-Malware verzija 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation) Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.5.0218.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.218.0 - Microsoft Corporation) Microsoft SQL Server 2008 (64-bit) (Version: - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 14.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 14.0.1 (x86 en-US)) (Version: 14.0.1 - Mozilla) MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden My Lockbox 3.0.5 (HKLM\...\My Lockbox_is1) (Version: 3.0.5 - ) Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1599 - Electronic Arts) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.1 - Notepad++ Team) Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC) Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.34.1130.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.) Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation) Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: - ) Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: - ) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Video to Video (HKLM-x32\...\{7F95A744-78DA-4AED-A8F0-A0AF330B8411}_is1) (Version: - Media Converters) weubssave (HKLM-x32\...\{476D78C4-1DB0-2D88-7FCC-AA6559F59A8D}) (Version: 1.3.0.1798 - weBsAvE) <==== ATTENTION Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc) Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 28-06-2014 12:18:41 Installed TP-LINK Wireless Configuration Utility and Driver 28-06-2014 12:19:28 Installed TP-LINK Wireless Configuration Utility 28-06-2014 12:59:26 Removed TP-LINK Wireless Configuration Utility 28-06-2014 13:00:17 Removed TP-LINK Wireless Configuration Utility and Driver 29-06-2014 01:51:23 Windows Update 02-07-2014 16:01:41 Windows Update 06-07-2014 10:54:50 Windows Update 11-07-2014 12:08:36 Windows Update 12-07-2014 02:59:41 Installed Rosetta Stone Version 3 12-07-2014 03:08:50 Removed Rosetta Stone Version 3 14-07-2014 02:08:53 Installed LibreOffice 4.2 Help Pack (English (United States)) 14-07-2014 02:12:54 Removed LibreOffice 4.2 Help Pack (English (United States)) 14-07-2014 02:13:06 Removed LibreOffice 4.2 Help Pack (English (United States)) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {08316929-8978-4199-A6F3-D91BE6E77C86} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd) Task: {0D44FF3B-F366-4FB3-94DB-CA312D4C388C} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION Task: {22C1E5C2-B6AE-4D45-B9A3-827F778682AF} - \Plus-HD-3.8-firefoxinstaller No Task File <==== ATTENTION Task: {3A06F4F4-9549-4E57-A9A6-0065D372D906} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1431677337-705458299-3697831354-1001Core => C:\Users\Korisnik\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-29] (Google Inc.) Task: {4661A8FA-D321-4721-89DA-B9728ACBA509} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION Task: {5FD50941-7EE5-453A-9482-C5397A94139A} - \Plus-HD-3.8-enabler No Task File <==== ATTENTION Task: {6227CA0D-90F6-4B0D-91EE-B4202707E93C} - \EPUpdater No Task File <==== ATTENTION Task: {6F634CEC-6C08-40E1-A233-78428A0E424C} - \Plus-HD-3.8-updater No Task File <==== ATTENTION Task: {80EBBEFD-663E-46A3-980F-605649FD0749} - System32\Tasks\YTAHelper => C:\Program Files (x86)\YTAHelper\YTAHelper.exe Task: {94F19EB2-0AA0-423D-90C5-822DDF64F632} - System32\Tasks\SPBIW_UpdateTask_Time_333330323139323237312d4a4a5b415a34782a456c375a => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 Task: {9E4E4A95-9B60-4779-879E-465E8220DEE7} - System32\Tasks\YTAUpdate => C:\PROGRA~2\YOUTUB~2\Updater.exe Task: {A07506C4-5BB7-4BF5-A134-EF814FDC197E} - \Plus-HD-3.8-codedownloader No Task File <==== ATTENTION Task: {A0CC79E5-870F-485A-AC0E-261752D1AF3D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1431677337-705458299-3697831354-1001UA => C:\Users\Korisnik\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-29] (Google Inc.) Task: {AD33B51F-120E-44E2-AAC4-B4CA24FC0077} - \YourFile DownloaderUpdate No Task File <==== ATTENTION Task: {C143B866-EC42-4773-AD78-8B7E97845294} - \ShopperPro No Task File <==== ATTENTION Task: {C49AD65C-4BFC-477C-AC7E-F7B5C66672A6} - System32\Tasks\MT66 Software Update => C:\Program Files (x86)\Common Files\MT66 Software Update\UpdateClient.exe Task: {C4BEF7B1-10ED-49F7-8437-6A0F5F65AB6E} - System32\Tasks\WS.Booster-S-667284051 => c:\programdata\hostit\ws.booster\WS.Booster.exe Task: {D44C4FAE-A3E6-4A8C-84A3-76969FF4C7F1} - System32\Tasks\YTAUpdate_logon => C:\PROGRA~2\YOUTUB~2\Updater.exe Task: {FCD83F83-AC5D-434F-AEBA-350657A0C574} - \ShopperProJSUpd No Task File <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1431677337-705458299-3697831354-1001Core.job => C:\Users\Korisnik\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1431677337-705458299-3697831354-1001UA.job => C:\Users\Korisnik\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\MT66 Software Update.job => C:\Program Files (x86)\Common Files\MT66 Software Update\UpdateClient.exe Task: C:\Windows\Tasks\WS.Booster-S-667284051.job => c:\programdata\hostit\ws.booster\WS.Booster.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll 2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Google Update => "C:\Users\Korisnik\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe" ==================== Faulty Device Manager Devices ============= Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Realtek PCIe GBE Family Controller Description: Realtek PCIe GBE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8167 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/28/2014 01:56:18 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/28/2014 01:47:18 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833"1". Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/28/2014 01:43:19 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833"1". Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/28/2014 01:37:24 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/28/2014 01:36:58 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833"1". Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/28/2014 01:33:35 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/28/2014 01:29:34 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/28/2014 01:29:15 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833"1". Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/28/2014 01:23:40 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/28/2014 01:20:00 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/28/2014 02:05:00 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: %NT AUTHORITY51 Update Stage: 4.5.0218.00 Source Path: 4.5.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (07/28/2014 02:05:00 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.177.2422.0 Update Source: %NT AUTHORITY51 Update Stage: 4.5.0218.00 Source Path: 4.5.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (07/28/2014 02:05:00 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.177.2422.0 Update Source: %NT AUTHORITY51 Update Stage: 4.5.0218.00 Source Path: 4.5.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (07/28/2014 02:05:00 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.177.2422.0 Update Source: %NT AUTHORITY59 Update Stage: 4.5.0218.00 Source Path: 4.5.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (07/28/2014 01:56:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (07/28/2014 01:56:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (07/28/2014 01:56:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (07/28/2014 01:56:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (07/28/2014 01:56:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (07/28/2014 01:56:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Microsoft Office Sessions: ========================= Error: (07/28/2014 01:56:18 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/28/2014 01:47:18 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833"C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe Error: (07/28/2014 01:43:19 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833"C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe Error: (07/28/2014 01:37:24 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/28/2014 01:36:58 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833"C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe Error: (07/28/2014 01:33:35 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/28/2014 01:29:34 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/28/2014 01:29:15 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833"C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe Error: (07/28/2014 01:23:40 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/28/2014 01:20:00 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 3959.05 MB Available physical RAM: 3185.2 MB Total Pagefile: 7916.29 MB Available Pagefile: 7209.06 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:97.56 GB) (Free:26.51 GB) NTFS Drive d: () (Fixed) (Total:390.62 GB) (Free:378.84 GB) NTFS Drive e: () (Fixed) (Total:443.23 GB) (Free:442.56 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: A39645B0) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=391 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=443 GB) - (Type=07 NTFS) ==================== End Of Log ============================

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Izvestaji su totalno razbucani, mozes li jednostavno da ih prikacis opcijom Prikaci fajl?

offline
  • DaX. 
  • Novi MyCity građanin
  • Pridružio: 06 Avg 2012
  • Poruke: 18

Napisano: 28 Jul 2014 9:54

Ne moze da ga prikaci.
mycity.rs/must-login.png

Dopuna: 28 Jul 2014 9:55

Da li je sada uredu.
mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

HKLM-x32\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM-x32\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
C:\Program Files (x86)\AVG Secure Search
HKLM-x32\...\Run: [EPSON Product Herinnering betreffende registratie] => C:\Windows\Temp\RegModule.exe
HKLM-x32\...\Run: [DApp] => C:\Program Files\PCDApp\start.vbs
C:\Program Files\PCDApp
1431677337-705458299-3697831354-1001\...\MountPoints2: {0133e7cd-e250-11e2-acb6-8405cd3b61fb} - G:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1431677337-705458299-3697831354-1001\...\MountPoints2: {71efa4dd-30bf-11e3-bb13-20cf30bbaa36} - G:\Setup.exe
SearchScopes: HKCU - {451B0B5D-DCDB-4701-BCA5-CF5CC3EC1CB4} URL = http://search.softonic.com/MON00179/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=122
BHO: SNT -> {58973959-5EBE-8000-0893-99A38318051C} -> C:\Program Files (x86)\SNT\93buVN0ZB.x64.dll No File
BHO: SNT -> {B48A685B-9C50-0D95-4AD0-DE71068775BB} -> C:\Program Files (x86)\SNT\Q4R.x64.dll No File
BHO-x32: No Name -> {120A8821-2BEE-4C29-BCDA-62C577781992} ->  No File
BHO-x32: No Name -> {66F57190-01EB-45A6-8260-7895267209F7} ->  No File
BHO-x32: SNT -> {B48A685B-9C50-0D95-4AD0-DE71068775BB} -> C:\Program Files (x86)\SNT\Q4R.dll No File
C:\Program Files (x86)\SNT
BHO-x32: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper.dll No File
Toolbar: HKLM-x32 - No Name - {610AF794-9293-4129-9FAF-A81BBDFBFA14} -  No File
Toolbar: HKCU - No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
C:\ProgramData\YTAHelper
FF Extension: GreatSaave4U - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\niumlhf6.default\Extensions\0bsdspju@lxks-oiu.co.uk [2014-06-02]
FF Extension: Amazon-Icon - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\niumlhf6.default\Extensions\amazon-icon@giga.de [2014-05-23]
FF Extension: SNT - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\niumlhf6.default\Extensions\dyyb9@rtolhfsr.net [2014-03-06]
FF Extension: SNT - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\niumlhf6.default\Extensions\eeuenl@yiofo.com [2014-04-18]
FF Extension: VisualBee Toolbar - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\niumlhf6.default\Extensions\ffxtlbr@visualbee.com [2013-10-15]
FF Extension: No Name - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\niumlhf6.default\Extensions\staged [2014-05-22]
FF Extension: NextCCOaup - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\niumlhf6.default\Extensions\ysts3aiou@dapebvz-rszs.co.uk [2014-03-06]
FF Extension: Webbing - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\niumlhf6.default\Extensions\zwb9sldpzp@ercnvioea.co.uk [2014-03-06]
FF Extension: Youtube Accelerator Helper - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\niumlhf6.default\Extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E} [2014-05-30]
FF Extension: SmileysWeLove: Smileys for use with Facebook, GMail, and more - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\niumlhf6.default\Extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi [2014-03-06]
FF Extension: Recorder Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} [2014-03-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 84ef8d51; "C:\Windows\system32\rundll32.exe" "c:\progra~2\ws-boo~1\AssistantSvc.dll",service
c:\progra~2\ws-boo~1
S3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41856 2014-05-12] ()
C:\Program Files\Common Files\ShopperPro
S1 tolosbnj; \??\C:\Windows\system32\drivers\tolosbnj.sys [X]
C:\Windows\system32\drivers\tolosbnj.sys
C:\Program Files (x86)\WS-Booster
Task: {0D44FF3B-F366-4FB3-94DB-CA312D4C388C} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION
Task: {22C1E5C2-B6AE-4D45-B9A3-827F778682AF} - \Plus-HD-3.8-firefoxinstaller No Task File <==== ATTENTION
Task: {4661A8FA-D321-4721-89DA-B9728ACBA509} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {5FD50941-7EE5-453A-9482-C5397A94139A} - \Plus-HD-3.8-enabler No Task File <==== ATTENTION
Task: {6227CA0D-90F6-4B0D-91EE-B4202707E93C} - \EPUpdater No Task File <==== ATTENTION
Task: {6F634CEC-6C08-40E1-A233-78428A0E424C} - \Plus-HD-3.8-updater No Task File <==== ATTENTION
Task: {80EBBEFD-663E-46A3-980F-605649FD0749} - System32\Tasks\YTAHelper => C:\Program Files (x86)\YTAHelper\YTAHelper.exe
Task: {94F19EB2-0AA0-423D-90C5-822DDF64F632} - System32\Tasks\SPBIW_UpdateTask_Time_333330323139323237312d4a4a5b415a34782a456c375a => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0
Task: {9E4E4A95-9B60-4779-879E-465E8220DEE7} - System32\Tasks\YTAUpdate => C:\PROGRA~2\YOUTUB~2\Updater.exe
Task: {A07506C4-5BB7-4BF5-A134-EF814FDC197E} - \Plus-HD-3.8-codedownloader No Task File <==== ATTENTION
Task: {AD33B51F-120E-44E2-AAC4-B4CA24FC0077} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
Task: {C143B866-EC42-4773-AD78-8B7E97845294} - \ShopperPro No Task File <==== ATTENTION
Task: {C4BEF7B1-10ED-49F7-8437-6A0F5F65AB6E} - System32\Tasks\WS.Booster-S-667284051 => c:\programdata\hostit\ws.booster\WS.Booster.exe
c:\programdata\hostit
Task: {D44C4FAE-A3E6-4A8C-84A3-76969FF4C7F1} - System32\Tasks\YTAUpdate_logon => C:\PROGRA~2\YOUTUB~2\Updater.exe
Task: {FCD83F83-AC5D-434F-AEBA-350657A0C574} - \ShopperProJSUpd No Task File <==== ATTENTION
Task: C:\Windows\Tasks\WS.Booster-S-667284051.job => c:\programdata\hostit\ws.booster\WS.Booster.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt). Potrebno je da sadržaj fixlog.txt kopiraš na forum

offline
  • DaX. 
  • Novi MyCity građanin
  • Pridružio: 06 Avg 2012
  • Poruke: 18

Kako je receno tako sam i uraduio.

mycity.rs/must-login.png

Ovaj drugi mi je otvorio u Notepad.

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Da li sad blokira?
Pokreni FRST, označi Addition.txt i postavi mi nove FRST.txt i Addition.txt izvještaje.

offline
  • DaX. 
  • Novi MyCity građanin
  • Pridružio: 06 Avg 2012
  • Poruke: 18

Sad ne blokira.


mycity.rs/must-login.png

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Korisnik (administrator) on KORISNIK-PC on 28-07-2014 14:31:28
Running from C:\Users\Korisnik\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) D:\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(FSPro Labs) C:\Program Files\My Lockbox\mylbx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\mylbx.exe [2289952 2013-10-28] (FSPro Labs)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-21] (Microsoft Corporation)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2770432 2010-02-10] (VIA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ROC_ROC_NT] => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1431677337-705458299-3697831354-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKU\S-1-5-21-1431677337-705458299-3697831354-1001\...\Run: [QuickPhrase] => "C:\Program Files (x86)\TypingMaster\quickphrase\quickphrase.exe"
HKU\S-1-5-21-1431677337-705458299-3697831354-1001\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-1431677337-705458299-3697831354-1001\...\Run: [Google Update] => C:\Users\Korisnik\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-29] (Google Inc.)
HKU\S-1-5-21-1431677337-705458299-3697831354-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-1431677337-705458299-3697831354-1001\...\MountPoints2: {0133e7cd-e250-11e2-acb6-8405cd3b61fb} - G:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x83D6A2236075CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = giga.de/software/
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {132B05E5-54C6-429E-9FA0-4AE8070831CD} URL = t1.search.com/search?q={searchTerms}
SearchScopes: HKCU - {20EB3396-1366-4A81-8828-4F223DB74E5F} URL = de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout
SearchScopes: HKCU - {3487DA13-8171-410E-82DF-985818D42A3C} URL = search.aol.com/aol/search?s_it=tb50winamp&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper64.dll No File
BHO-x32: SNT -> {58973959-5EBE-8000-0893-99A38318051C} -> C:\Program Files (x86)\SNT\93buVN0ZB.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 89.216.1.40 89.216.1.50

FireFox:
========
FF ProfilePath: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\niumlhf6.default
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Korisnik\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Korisnik\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)

Chrome:
=======
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-29]
CHR Extension: (Google Wallet) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 MBAMScheduler; D:\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-21] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-21] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
S2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe /service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 bomebus; C:\Windows\System32\DRIVERS\bomebus.sys [34376 2010-10-13] (Bome Software)
S3 bomemidi; C:\Windows\System32\drivers\bomemidi.sys [30792 2010-10-13] (Bome Software)
R0 FSProFilter2; C:\Windows\System32\Drivers\FSPFltd2.sys [57648 2011-06-04] (FSPro Labs)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-11-01] (Anchorfree Inc.)
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\WNt500x64\Sandra.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-28 14:31 - 2014-07-28 14:32 - 00011333 _____ () C:\Users\Korisnik\Desktop\FRST.txt
2014-07-28 14:30 - 2014-07-28 14:31 - 00000000 ____D () C:\FRST
2014-07-28 13:18 - 2014-07-28 14:29 - 00021706 ____N () C:\Windows\WindowsUpdate.log
2014-07-28 09:52 - 2014-07-28 09:52 - 00031209 _____ () C:\Users\Korisnik\Downloads\289275_608251537_Addition.txt
2014-07-28 09:51 - 2014-07-28 09:51 - 00028714 _____ () C:\Users\Korisnik\Downloads\289275_190971541_FRST_28-07-2014_02-18-21.txt
2014-07-28 01:57 - 2014-07-27 20:36 - 02093568 _____ (Farbar) C:\Users\Korisnik\Desktop\FRST64.exe
2014-07-28 01:29 - 2014-07-28 01:29 - 00000000 ____D () C:\ProgramData\ShopperPro
2014-07-14 04:44 - 2014-07-28 13:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 04:44 - 2014-07-14 04:44 - 00000613 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-14 04:44 - 2014-07-14 04:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-14 04:44 - 2014-07-14 04:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-14 04:44 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-14 04:44 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-14 04:44 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-14 04:43 - 2014-07-14 04:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Korisnik\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-14 04:35 - 2014-07-14 04:35 - 138843954 _____ () C:\Users\Korisnik\Documents\Easy German 31 - Was machst du hier_.mp4
2014-07-14 04:25 - 2014-07-14 04:25 - 181546405 _____ () C:\Users\Korisnik\Documents\Easy German Episode 30.mp4
2014-07-14 04:19 - 2014-07-14 04:19 - 60006370 _____ () C:\Users\Korisnik\Documents\Easy German Episode 29 - City Edition_ Hamburg.mp4
2014-07-14 04:15 - 2014-07-14 04:15 - 85367571 _____ () C:\Users\Korisnik\Documents\Easy German 28 - Der typische Münsteraner.mp4
2014-07-14 04:09 - 2014-07-14 04:09 - 184157279 _____ () C:\Users\Korisnik\Documents\Easy German Episode 26 - Was machst du heute_.mp4
2014-07-14 04:04 - 2014-07-14 04:04 - 228481698 _____ () C:\Users\Korisnik\Documents\Easy German Episode 25 - Was glaubst du_.mp4
2014-07-14 03:51 - 2014-07-14 03:51 - 03016826 _____ ( ) C:\Users\Korisnik\Downloads\FFmpeg_v0.6.2_for_Audacity_on_Windows.exe
2014-07-14 03:49 - 2014-07-14 03:49 - 74028024 _____ () C:\Users\Korisnik\Documents\Easy German 24 - Was magst du an England_.mp4
2014-07-14 03:47 - 2014-07-14 03:47 - 117046637 _____ () C:\Users\Korisnik\Documents\Easy German Episode 23 - Berlin in einem Wort.mp4
2014-07-14 03:47 - 2014-07-14 03:47 - 00000544 _____ () C:\Users\Korisnik\Desktop\Audacity.lnk
2014-07-14 03:47 - 2014-07-14 03:47 - 00000544 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-07-14 03:45 - 2014-07-14 03:43 - 194787481 _____ () C:\Users\Korisnik\Documents\Easy German Episode 22 - Dreams and Wishes.mp4
2014-07-14 03:45 - 2014-07-14 03:28 - 36822546 _____ () C:\Users\Korisnik\Documents\Easy German 21 - What is typical German_ (Part II).mp4
2014-07-14 03:26 - 2014-07-14 03:26 - 00001289 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2014-07-14 03:26 - 2014-07-14 03:26 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-07-14 03:26 - 2014-07-14 03:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2014-07-14 03:25 - 2014-07-14 03:26 - 16691888 _____ () C:\Users\Korisnik\Downloads\YTDSetup.exe
2014-07-12 05:00 - 2014-07-12 05:09 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-07-10 02:50 - 2014-07-10 02:50 - 00000000 ____D () C:\Users\Korisnik\Documents\GomPlayer
2014-07-10 02:43 - 2014-07-10 03:07 - 247482490 _____ () C:\Users\Korisnik\Downloads\Balduin der Schrecken von St.Tropez (ganzer Film)(240p_H.263-MP3).flv
2014-07-10 01:58 - 2014-07-10 01:59 - 00000000 ____D () C:\Users\Korisnik\Downloads\Filmovi
2014-07-06 20:14 - 2014-07-06 20:16 - 00014542 _____ () C:\Windows\system32\�ȪUSB001.dat
2014-07-06 20:13 - 2014-07-06 20:13 - 00001322 _____ () C:\Windows\system32\ƠȫUSB001.dat
2014-07-06 20:11 - 2014-07-06 20:11 - 00002644 _____ () C:\Windows\system32\윰ȪUSB001.dat
2014-07-06 20:11 - 2014-07-06 20:11 - 00001322 _____ () C:\Windows\system32\쩐ȩUSB001.dat
2014-07-06 20:11 - 2014-07-06 20:11 - 00000603 _____ () C:\Windows\system32\ȪUSB001.dat
2014-07-06 12:47 - 2014-07-06 12:48 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-06 12:47 - 2014-07-06 12:47 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-06 12:47 - 2014-07-06 12:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-06-29 03:50 - 2014-07-28 13:38 - 00002382 _____ () C:\Users\Korisnik\Desktop\Google Chrome.lnk
2014-06-29 03:50 - 2014-06-29 03:50 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-29 03:48 - 2014-07-28 13:38 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1431677337-705458299-3697831354-1001UA.job
2014-06-29 03:48 - 2014-07-28 13:36 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1431677337-705458299-3697831354-1001Core.job
2014-06-29 03:48 - 2014-07-28 13:31 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1431677337-705458299-3697831354-1001UA
2014-06-29 03:48 - 2014-07-28 13:31 - 00003500 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1431677337-705458299-3697831354-1001Core

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-28 14:32 - 2014-07-28 14:31 - 00011333 _____ () C:\Users\Korisnik\Desktop\FRST.txt
2014-07-28 14:31 - 2014-07-28 14:30 - 00000000 ____D () C:\FRST
2014-07-28 14:30 - 2009-07-14 07:13 - 00871102 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-28 14:29 - 2014-07-28 13:18 - 00021706 ____N () C:\Windows\WindowsUpdate.log
2014-07-28 14:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-28 13:38 - 2014-06-29 03:50 - 00002382 _____ () C:\Users\Korisnik\Desktop\Google Chrome.lnk
2014-07-28 13:38 - 2014-06-29 03:48 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1431677337-705458299-3697831354-1001UA.job
2014-07-28 13:36 - 2014-06-29 03:48 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1431677337-705458299-3697831354-1001Core.job
2014-07-28 13:31 - 2014-06-29 03:48 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1431677337-705458299-3697831354-1001UA
2014-07-28 13:31 - 2014-06-29 03:48 - 00003500 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1431677337-705458299-3697831354-1001Core
2014-07-28 13:23 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-28 13:23 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-28 13:06 - 2014-07-14 04:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-28 09:52 - 2014-07-28 09:52 - 00031209 _____ () C:\Users\Korisnik\Downloads\289275_608251537_Addition.txt
2014-07-28 09:51 - 2014-07-28 09:51 - 00028714 _____ () C:\Users\Korisnik\Downloads\289275_190971541_FRST_28-07-2014_02-18-21.txt
2014-07-28 01:34 - 2013-10-02 12:08 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\uTorrent
2014-07-28 01:34 - 2013-01-17 05:36 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\Winamp
2014-07-28 01:29 - 2014-07-28 01:29 - 00000000 ____D () C:\ProgramData\ShopperPro
2014-07-27 20:36 - 2014-07-28 01:57 - 02093568 _____ (Farbar) C:\Users\Korisnik\Desktop\FRST64.exe
2014-07-14 05:05 - 2012-08-08 14:39 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-14 05:05 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-07-14 04:44 - 2014-07-14 04:44 - 00000613 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-14 04:44 - 2014-07-14 04:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-14 04:44 - 2014-07-14 04:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-14 04:43 - 2014-07-14 04:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Korisnik\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-14 04:35 - 2014-07-14 04:35 - 138843954 _____ () C:\Users\Korisnik\Documents\Easy German 31 - Was machst du hier_.mp4
2014-07-14 04:25 - 2014-07-14 04:25 - 181546405 _____ () C:\Users\Korisnik\Documents\Easy German Episode 30.mp4
2014-07-14 04:21 - 2014-05-28 13:08 - 00571904 ___SH () C:\Users\Korisnik\Downloads\Thumbs.db
2014-07-14 04:19 - 2014-07-14 04:19 - 60006370 _____ () C:\Users\Korisnik\Documents\Easy German Episode 29 - City Edition_ Hamburg.mp4
2014-07-14 04:15 - 2014-07-14 04:15 - 85367571 _____ () C:\Users\Korisnik\Documents\Easy German 28 - Der typische Münsteraner.mp4
2014-07-14 04:12 - 2013-09-27 16:02 - 00000000 ____D () C:\Program Files\Free PDF to Word Converter
2014-07-14 04:09 - 2014-07-14 04:09 - 184157279 _____ () C:\Users\Korisnik\Documents\Easy German Episode 26 - Was machst du heute_.mp4
2014-07-14 04:04 - 2014-07-14 04:04 - 228481698 _____ () C:\Users\Korisnik\Documents\Easy German Episode 25 - Was glaubst du_.mp4
2014-07-14 04:01 - 2012-09-04 02:56 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\Audacity
2014-07-14 03:59 - 2013-09-27 15:54 - 00000000 ____D () C:\Users\Korisnik\Documents\VideoOutput
2014-07-14 03:51 - 2014-07-14 03:51 - 03016826 _____ ( ) C:\Users\Korisnik\Downloads\FFmpeg_v0.6.2_for_Audacity_on_Windows.exe
2014-07-14 03:49 - 2014-07-14 03:49 - 74028024 _____ () C:\Users\Korisnik\Documents\Easy German 24 - Was magst du an England_.mp4
2014-07-14 03:47 - 2014-07-14 03:47 - 117046637 _____ () C:\Users\Korisnik\Documents\Easy German Episode 23 - Berlin in einem Wort.mp4
2014-07-14 03:47 - 2014-07-14 03:47 - 00000544 _____ () C:\Users\Korisnik\Desktop\Audacity.lnk
2014-07-14 03:47 - 2014-07-14 03:47 - 00000544 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-07-14 03:43 - 2014-07-14 03:45 - 194787481 _____ () C:\Users\Korisnik\Documents\Easy German Episode 22 - Dreams and Wishes.mp4
2014-07-14 03:28 - 2014-07-14 03:45 - 36822546 _____ () C:\Users\Korisnik\Documents\Easy German 21 - What is typical German_ (Part II).mp4
2014-07-14 03:26 - 2014-07-14 03:26 - 00001289 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2014-07-14 03:26 - 2014-07-14 03:26 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-07-14 03:26 - 2014-07-14 03:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2014-07-14 03:26 - 2014-07-14 03:25 - 16691888 _____ () C:\Users\Korisnik\Downloads\YTDSetup.exe
2014-07-13 04:18 - 2013-10-16 04:31 - 00000000 ____D () C:\Program Files\LockHunter
2014-07-12 05:09 - 2014-07-12 05:00 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-07-11 17:05 - 2012-09-20 18:49 - 00000000 ____D () C:\Users\Korisnik\Documents\German Truck Simulator
2014-07-11 17:02 - 2014-03-06 17:02 - 00000320 _____ () C:\Windows\Tasks\MT66 Software Update.job
2014-07-10 03:07 - 2014-07-10 02:43 - 247482490 _____ () C:\Users\Korisnik\Downloads\Balduin der Schrecken von St.Tropez (ganzer Film)(240p_H.263-MP3).flv
2014-07-10 02:50 - 2014-07-10 02:50 - 00000000 ____D () C:\Users\Korisnik\Documents\GomPlayer
2014-07-10 01:59 - 2014-07-10 01:58 - 00000000 ____D () C:\Users\Korisnik\Downloads\Filmovi
2014-07-06 20:16 - 2014-07-06 20:14 - 00014542 _____ () C:\Windows\system32\�ȪUSB001.dat
2014-07-06 20:13 - 2014-07-06 20:13 - 00001322 _____ () C:\Windows\system32\ƠȫUSB001.dat
2014-07-06 20:11 - 2014-07-06 20:11 - 00002644 _____ () C:\Windows\system32\윰ȪUSB001.dat
2014-07-06 20:11 - 2014-07-06 20:11 - 00001322 _____ () C:\Windows\system32\쩐ȩUSB001.dat
2014-07-06 20:11 - 2014-07-06 20:11 - 00000603 _____ () C:\Windows\system32\ȪUSB001.dat
2014-07-06 12:48 - 2014-07-06 12:47 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-06 12:48 - 2012-08-08 14:36 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-07-06 12:47 - 2014-07-06 12:47 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-06 12:47 - 2014-07-06 12:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-06-29 03:50 - 2014-06-29 03:50 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-29 03:50 - 2012-08-11 20:33 - 00000000 ____D () C:\Users\Korisnik\AppData\Local\Google
2014-06-29 03:37 - 2012-08-08 14:18 - 00000000 ____D () C:\Users\Korisnik
2014-06-28 15:00 - 2012-08-08 15:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-28 14:23 - 2012-09-23 17:59 - 00000000 ____D () C:\Users\Korisnik\Downloads\Extr4temeTruy5cker2-elamigos
2014-06-28 14:19 - 2014-03-05 14:28 - 00000000 ____D () C:\ProgramData\TP-LINK

Some content of TEMP:
====================
C:\Users\Korisnik\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 01:03

==================== End Of Log ============================

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće:

weubssave



Arrow Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

Start
BHO: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper64.dll No File
BHO-x32: SNT -> {58973959-5EBE-8000-0893-99A38318051C} -> C:\Program Files (x86)\SNT\93buVN0ZB.dll No File
S2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe /service [X]
C:\ProgramData\YTAHelper
C:\Program Files (x86)\SNT
C:\Program Files\Common Files\ShopperPro
HKLM-x32\...\Run: [ROC_ROC_NT] => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
C:\Program Files (x86)\AVG Secure Search
End


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt). Potrebno je da sadržaj fixlog.txt kopiraš na forum

Ko je trenutno na forumu
 

Ukupno su 760 korisnika na forumu :: 23 registrovanih, 2 sakrivenih i 735 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Apok, Bane san, Ben Roj, Brana01, delrey, draganca, gasha, goxin, Leonov, milutin134, nenad81, nuke92, Oscar2, Posmatrac77OKB, raptorsi, Rogonos, ser.hill, Stamena, stegonosa, tmanda323, udbas, vasa.93, vladetije