Kako da se resim ovoga

1

Kako da se resim ovoga

offline
  • maha  Male
  • Super građanin
  • Pridružio: 06 Dec 2006
  • Poruke: 1152

Pri nekoj instalaciji..moja zena je ubacila i ovo...kako da ga uklonim...cini mi se da koci net...

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zdravo,

https://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • maha  Male
  • Super građanin
  • Pridružio: 06 Dec 2006
  • Poruke: 1152

Napisano: 24 Jun 2017 19:41

Error: (06/24/2017 07:26:54 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 803.

Error: (06/24/2017 07:26:54 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 1110.

Error: (06/24/2017 07:26:54 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 803.

Error: (06/24/2017 07:26:54 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 1110.

Error: (06/24/2017 07:26:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 803.

Error: (06/24/2017 07:26:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 1110.

Error: (06/24/2017 07:26:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 803.

Error: (06/24/2017 07:26:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 1110.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 61%
Total physical RAM: 4094.18 MB
Available physical RAM: 1595.35 MB
Total Virtual: 8186.5 MB
Available Virtual: 4663.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:34.7 GB) NTFS
Drive d: () (Fixed) (Total:368.1 GB) (Free:80.34 GB) NTFS
Drive f: (Elements) (Fixed) (Total:931.51 GB) (Free:771.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D3F86C74)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 87F356DD)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Dopuna: 24 Jun 2017 19:42

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-06-2017 01
Ran by PC (administrator) on PC-PC (24-06-2017 19:37:18)
Running from C:\Users\PC\Downloads
Loaded Profiles: PC (Available Profiles: PC)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(BitTorrent Inc.) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe
(Facebook) C:\Users\PC\AppData\Local\Facebook\Games\FacebookGameroom.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(BitTorrent Inc.) C:\Users\PC\AppData\Roaming\uTorrent\updates\3.5.0_43900\utorrentie.exe
(BitTorrent Inc.) C:\Users\PC\AppData\Roaming\uTorrent\updates\3.5.0_43900\utorrentie.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(The CefSharp Authors) C:\Users\PC\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(Microleaves LTD) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
() C:\Windows\Temp\g187F.tmp.exe
(Microleaves LTD) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
(Microleaves LTD) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
() C:\Windows\Temp\gDAE6.tmp.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE*
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 [0 2017-06-24] ()
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 [0 2017-06-24] ()
HKU\S-1-5-21-2917841586-4204570114-2067478582-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-2917841586-4204570114-2067478582-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-2917841586-4204570114-2067478582-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-2917841586-4204570114-2067478582-1000\...\Run: [uTorrent] => C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe [2166464 2017-06-21] (BitTorrent Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2017-02-22]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Plants vs Zombies.lnk [2017-01-06]
ShortcutTarget: Plants vs Zombies.lnk -> C:\Program Files\Plants vs Zombies\PlantsVsZombies.exe ()
Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-05-19]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\PC\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2017-02-16]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{55A639B5-31BA-424B-888E-BA8A2FE82741}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{86562B1A-2706-46FC-9446-04504B5F7CE0}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2917841586-4204570114-2067478582-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-20] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2917841586-4204570114-2067478582-1000 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: id7p96dn.default
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\id7p96dn.default [2017-06-24]
FF user.js: detected! => C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\id7p96dn.default\user.js [2017-05-10]
FF Extension: (Tables) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\id7p96dn.default\Extensions\455574@extcorp.com.xpi [2017-06-24]
FF Extension: (Grammarly for Firefox) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\id7p96dn.default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2017-06-20]
FF Extension: (Adblock Plus) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\id7p96dn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08]
FF Extension: (Click-to-Play staged rollout) - C:\Program Files (x86)\Mozilla Firefox\browser\features\clicktoplay-rollout@mozilla.org.xpi [2017-06-24] [not signed]
FF Extension: (Follow-on Search Telemetry) - C:\Program Files (x86)\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi [2017-06-24] [not signed]
FF Extension: (Shield Recipe Client) - C:\Program Files (x86)\Mozilla Firefox\browser\features\shield-recipe-client@mozilla.org.xpi [2017-06-24] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-20] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\enpsysau.js [2017-06-24]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/ncr","hxxp://www.google.com/ncr",["hxxp://search.conduit.com/?ctid=CT2481032&SearchSource=48"
CHR NewTab: Default -> Not-active:"chrome-extension://dpjamkmjmigaoobjbekmfgabipmfilij/empty_ntp.html", Active:"chrome-extension://mgmiemnjjchgkmgbeljfocdjjnpjnmcg/ntp.html"
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default [2017-06-24]
CHR Extension: (Google Slides) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-06]
CHR Extension: (Google Docs) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-06]
CHR Extension: (Google Drive) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-06]
CHR Extension: (Weather (extension)) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc [2017-03-06]
CHR Extension: (Gismeteo) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfegaehidkkcfaikpaijcdahnpikhobf [2017-03-10]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-06]
CHR Extension: (Guitarist's Reference) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cddaabhppoebkmalboinjhgofbhdbcgk [2017-03-06]
CHR Extension: (Adblock Plus) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-23]
CHR Extension: (Empty New Tab Page) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij [2017-03-06]
CHR Extension: (Google Sheets) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-06]
CHR Extension: (Bookmarks Menu) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmdedmghpoipeldijkdlcckdpempkdi [2017-03-06]
CHR Extension: (Tables) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-06-24]
CHR Extension: (Google Docs Offline) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-06]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-06-23]
CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb [2017-03-06]
CHR Extension: (Awesome New Tab Page) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2017-03-06]
CHR Extension: (Google Mail Checker) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-03-06]
CHR Extension: (Search Box) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mknehpjhljpfaghmicofickbkdagooni [2017-03-06]
CHR Extension: (Google Input Tools) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig [2017-03-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Hover Zoom) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2017-04-14]
CHR Extension: (Context Menu Search) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocpcmghnefmdhljkoiapafejjohldoga [2017-03-06]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2017-06-15]
CHR Extension: (My IP address) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhoeoiodcebkkigjiooibeccnfmmkoe [2017-03-06]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-06]
CHR Extension: (Chrome Media Router) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
CHR Extension: (easychrome) - C:\Users\PC\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk [2017-06-24]
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\System Profile [2017-06-07]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-07-09] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2541192 2016-06-23] (ESET)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 mptpmdxm; C:\Windows\SysWow64\mptpmdxm.dll [463144 2017-06-24] () <==== ATTENTION
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2016-12-11] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 1e785095cf15fdf1a82c1a1cd3de54ab; C:\Windows\system32\drivers\1e785095cf15fdf1a82c1a1cd3de54ab.sys [71536 2017-06-23] (KE84TD) <==== ATTENTION
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-08-16] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-08-16] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2016-10-09] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263336 2016-06-23] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197288 2016-06-23] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [153248 2016-06-23] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [208552 2016-06-23] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61608 2016-06-23] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84640 2016-06-23] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [124760 2010-04-07] (ESET)
R1 LanmaMaster; C:\Windows\system32\drivers\lanmamaster.sys [2985064 2009-07-14] () [File not signed] <==== ATTENTION
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
R2 UefGdstor; C:\Windows\system32\drivers\UefGdstor.sys [197480 2009-07-14] () [File not signed] <==== ATTENTION
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-24 19:37 - 2017-06-24 19:37 - 00018238 _____ C:\Users\PC\Downloads\FRST.txt
2017-06-24 19:36 - 2017-06-24 19:36 - 02440704 _____ (Farbar) C:\Users\PC\Downloads\FRST64.exe
2017-06-24 17:38 - 2017-06-24 17:45 - 00000000 ____D C:\ProgramData\DataCache
2017-06-24 17:37 - 2017-06-24 17:37 - 00000000 ____D C:\Users\PC\AppData\Roaming\BrowserModule
2017-06-24 17:35 - 2017-06-24 17:36 - 00000000 ____D C:\Windows\SysWOW64\SSL
2017-06-24 17:25 - 2017-06-24 19:38 - 00016758 _____ C:\Windows\System32\Tasks\Windows Password Ex Lite
2017-06-24 17:25 - 2017-06-24 18:11 - 00000000 ____D C:\Program Files (x86)\WindowsTM
2017-06-24 17:25 - 2017-06-24 17:35 - 00000000 ____D C:\ProgramData\Cache
2017-06-24 17:25 - 2017-06-24 17:25 - 00463144 _____ C:\Windows\SysWOW64\mptpmdxm.dll
2017-06-24 17:25 - 2017-06-24 17:25 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
2017-06-24 17:25 - 2017-06-24 17:25 - 00000000 ____D C:\Users\PC\AppData\Roaming\UCChannel
2017-06-24 17:25 - 2017-06-24 17:25 - 00000000 ____D C:\Users\PC\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
2017-06-24 17:25 - 2017-06-24 17:25 - 00000000 ____D C:\ProgramData\Microleaves
2017-06-24 17:23 - 2017-06-24 19:35 - 00000342 _____ C:\Windows\Tasks\Online Application V2G3.job
2017-06-24 17:23 - 2017-06-24 19:35 - 00000342 _____ C:\Windows\Tasks\Online Application V2G2.job
2017-06-24 17:23 - 2017-06-24 19:35 - 00000342 _____ C:\Windows\Tasks\Online Application V2G1.job
2017-06-24 17:23 - 2017-06-24 17:25 - 00000374 _____ C:\Windows\Tasks\Updater_Online_Application.job
2017-06-24 17:23 - 2017-06-24 17:23 - 07307776 _____ C:\Users\PC\AppData\Local\agent.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 03137536 _____ (TODO: <Company name>) C:\Users\PC\AppData\Local\Geodox.exe
2017-06-24 17:23 - 2017-06-24 17:23 - 01897945 _____ C:\Users\PC\AppData\Local\Geodox.tst
2017-06-24 17:23 - 2017-06-24 17:23 - 00930816 _____ C:\Users\PC\AppData\Local\test_db_cara.db
2017-06-24 17:23 - 2017-06-24 17:23 - 00140800 _____ C:\Users\PC\AppData\Local\installer.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 00126464 _____ C:\Users\PC\AppData\Local\noah.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 00070800 _____ C:\Users\PC\AppData\Local\Config.xml
2017-06-24 17:23 - 2017-06-24 17:23 - 00018432 _____ C:\Users\PC\AppData\Local\Main.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 00011568 _____ C:\Users\PC\AppData\Local\InstallationConfiguration.xml
2017-06-24 17:23 - 2017-06-24 17:23 - 00005568 _____ C:\Users\PC\AppData\Local\md.xml
2017-06-24 17:23 - 2017-06-24 17:23 - 00003206 _____ C:\Windows\System32\Tasks\Updater_Online_Application
2017-06-24 17:23 - 2017-06-24 17:23 - 00003170 _____ C:\Windows\System32\Tasks\Online Application V2G3
2017-06-24 17:23 - 2017-06-24 17:23 - 00003170 _____ C:\Windows\System32\Tasks\Online Application V2G2
2017-06-24 17:23 - 2017-06-24 17:23 - 00003170 _____ C:\Windows\System32\Tasks\Online Application V2G1
2017-06-24 17:23 - 2017-06-24 17:23 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-06-24 17:22 - 2017-06-24 17:22 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microleaves
2017-06-24 17:22 - 2017-06-24 17:22 - 00000000 ____D C:\Users\PC\AppData\Local\AdvinstAnalytics
2017-06-23 06:54 - 2017-06-23 06:54 - 00689152 _____ C:\Windows\b7cad336bcaef8766398d2dc3888be9e.exe
2017-06-23 06:54 - 2017-06-23 06:54 - 00071536 _____ (KE84TD) C:\Windows\system32\Drivers\1e785095cf15fdf1a82c1a1cd3de54ab.sys
2017-06-23 06:54 - 2017-06-23 06:54 - 00051619 _____ C:\Windows\uninstaller.dat
2017-06-23 03:22 - 2017-06-23 03:22 - 01060944 _____ C:\Users\PC\Downloads\download.htm
2017-06-18 14:42 - 2017-06-18 14:42 - 00000000 ____D C:\inilog
2017-06-16 18:17 - 2017-06-16 18:17 - 00002645 _____ C:\Users\PC\Desktop\Microsoft Office PowerPoint 2007.lnk
2017-06-14 16:10 - 2017-06-14 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2017-06-09 15:44 - 2017-06-09 15:44 - 00460720 _____ C:\Users\PC\Downloads\photo (1).htm
2017-06-09 15:38 - 2017-06-09 15:38 - 00456461 _____ C:\Users\PC\Downloads\photo.htm

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-24 19:38 - 2017-05-13 15:00 - 00000000 ____D C:\Users\PC\AppData\Roaming\uTorrent
2017-06-24 19:37 - 2017-01-05 15:34 - 00000000 ____D C:\FRST
2017-06-24 19:24 - 2017-03-06 08:24 - 00002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-24 19:24 - 2017-03-06 08:24 - 00002395 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-24 19:24 - 2017-02-25 22:01 - 00001217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-06-24 19:24 - 2017-02-25 22:01 - 00001205 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-06-24 19:24 - 2016-07-09 11:21 - 00001501 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-06-24 19:24 - 2016-07-09 11:21 - 00001467 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2017-06-24 18:53 - 2016-07-09 12:06 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-24 18:13 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-24 18:13 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-24 18:08 - 2017-05-13 15:00 - 00000000 ____D C:\Users\PC\AppData\LocalLow\uTorrent
2017-06-24 18:08 - 2017-03-29 18:54 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-24 18:07 - 2016-07-09 13:48 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-24 18:07 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-24 18:06 - 2016-07-09 13:49 - 00061544 _____ C:\Windows\system32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx
2017-06-24 18:06 - 2016-07-09 13:49 - 00061544 _____ C:\Windows\system32\BMXState-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx
2017-06-24 18:06 - 2016-07-09 13:49 - 00000788 _____ C:\Windows\system32\DVCState-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx
2017-06-24 17:35 - 2017-02-27 13:44 - 00000000 ____D C:\Users\PC\Downloads\1
2017-06-24 17:29 - 2009-07-14 07:13 - 00801926 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-24 17:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-06-24 17:28 - 2017-02-25 22:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-24 17:24 - 2016-10-09 12:15 - 00000000 ____D C:\Users\PC\Desktop\New folder1
2017-06-24 17:18 - 2017-01-06 22:39 - 00000000 ____D C:\KMPlayer
2017-06-24 17:02 - 2017-02-23 12:41 - 00000382 _____ C:\Windows\Tasks\update-sys.job
2017-06-24 16:15 - 2017-02-23 12:41 - 00000382 _____ C:\Windows\Tasks\update-S-1-5-21-2917841586-4204570114-2067478582-1000.job
2017-06-24 10:21 - 2017-05-06 01:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-24 09:56 - 2016-11-16 00:02 - 00000000 ____D C:\Users\PC\AppData\LocalLow\Mozilla
2017-06-23 22:54 - 2017-02-23 13:10 - 00000000 ____D C:\Users\PC\Desktop\Sparta
2017-06-22 23:03 - 2017-04-06 11:34 - 00000000 ____D C:\Users\PC\Desktop\Stormfall
2017-06-21 01:05 - 2017-04-24 23:23 - 00000000 ____D C:\Users\PC\Desktop\JNA
2017-06-17 12:31 - 2016-07-09 16:52 - 00000000 ___SD C:\Users\PC\AppData\LocalLow\Temp
2017-06-17 11:00 - 2017-02-26 02:40 - 00004438 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-06-17 11:00 - 2017-02-26 02:35 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-17 11:00 - 2017-02-26 02:35 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-17 11:00 - 2017-02-26 02:35 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-06-17 11:00 - 2017-02-26 02:35 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-14 16:10 - 2017-02-23 12:41 - 00003250 _____ C:\Windows\System32\Tasks\update-S-1-5-21-2917841586-4204570114-2067478582-1000
2017-06-14 16:10 - 2017-02-23 12:41 - 00000425 _____ C:\Users\PC\AppData\Local\UserProducts.xml
2017-06-14 11:54 - 2009-07-14 07:08 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-06-13 00:14 - 2017-01-30 14:45 - 00000000 ____D C:\Users\PC\Desktop\Tel
2017-06-08 23:55 - 2017-05-13 07:25 - 00000000 ____D C:\Users\PC\Desktop\Alija
2017-06-06 00:23 - 2016-07-13 18:53 - 00000000 ____D C:\Users\PC\TapinRadio
2017-06-05 18:08 - 2017-03-18 08:01 - 00000000 ____D C:\Users\PC\Desktop\Soldier
2017-05-31 11:05 - 2016-07-18 16:46 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-05-31 11:04 - 2016-07-30 16:11 - 00000000 ____D C:\Games
2017-05-27 10:13 - 2017-05-09 17:23 - 00000000 ____D C:\Users\PC\AppData\LocalLow\Rocketeer Games Studio
2017-05-27 10:10 - 2017-01-13 00:11 - 00000000 ____D C:\Users\Public\Facebook Games

==================== Files in the root of some directories =======

2017-03-24 18:07 - 2017-03-24 18:08 - 0000373 _____ () C:\Users\PC\AppData\Roaming\apachesrvin.vbs
2017-03-24 18:07 - 2017-03-24 18:08 - 0000052 _____ () C:\Users\PC\AppData\Roaming\die.bat
2015-10-30 03:21 - 2015-10-30 03:21 - 0069632 _____ (FelineSoft) C:\Users\PC\AppData\Roaming\Fazala.exe
2017-06-24 17:23 - 2017-06-24 17:23 - 7307776 _____ () C:\Users\PC\AppData\Local\agent.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 0070800 _____ () C:\Users\PC\AppData\Local\Config.xml
2017-06-24 17:23 - 2017-06-24 17:23 - 3137536 _____ (TODO: <Company name>) C:\Users\PC\AppData\Local\Geodox.exe
2017-06-24 17:23 - 2017-06-24 17:23 - 1897945 _____ () C:\Users\PC\AppData\Local\Geodox.tst
2017-06-24 17:23 - 2017-06-24 17:23 - 0011568 _____ () C:\Users\PC\AppData\Local\InstallationConfiguration.xml
2017-06-24 17:23 - 2017-06-24 17:23 - 0140800 _____ () C:\Users\PC\AppData\Local\installer.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 0018432 _____ () C:\Users\PC\AppData\Local\Main.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 0005568 _____ () C:\Users\PC\AppData\Local\md.xml
2017-06-24 17:23 - 2017-06-24 17:23 - 0126464 _____ () C:\Users\PC\AppData\Local\noah.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 0930816 _____ () C:\Users\PC\AppData\Local\test_db_cara.db
2017-02-23 12:41 - 2017-02-23 12:41 - 0000003 _____ () C:\Users\PC\AppData\Local\updater.log
2017-02-23 12:41 - 2017-06-14 16:10 - 0000425 _____ () C:\Users\PC\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2017-06-24 17:25 - 2017-06-24 17:25 - 0037172 _____ () C:\Users\PC\AppData\Local\Temp\nop.exe
2017-06-22 00:06 - 2017-06-22 00:06 - 11546708 _____ () C:\Users\PC\AppData\Local\Temp\setup.dll
2017-06-24 17:34 - 2017-05-02 17:09 - 0076409 _____ () C:\Users\PC\AppData\Local\Temp\Setup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-22 00:19

==================== End of FRST.txt ============================

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Okaci Addition log ili ga bar celog kopiraj.

offline
  • maha  Male
  • Super građanin
  • Pridružio: 06 Dec 2006
  • Poruke: 1152

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-06-2017 01
Ran by PC (24-06-2017 19:38:34)
Running from C:\Users\PC\Downloads
Windows 7 Ultimate (X64) (2016-07-09 18:16:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2917841586-4204570114-2067478582-500 - Administrator - Disabled)
Guest (S-1-5-21-2917841586-4204570114-2067478582-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2917841586-4204570114-2067478582-1003 - Limited - Enabled)
PC (S-1-5-21-2917841586-4204570114-2067478582-1000 - Administrator - Enabled) => C:\Users\PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.386.0 (Enabled - Out of date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.386.0 (Enabled - Out of date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2917841586-4204570114-2067478582-1000\...\uTorrent) (Version: 3.5.0.43900 - BitTorrent Inc.)
Adobe Acrobat Reader DC MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6229 - CDBurnerXP)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0316 - DT Soft Ltd)
Driver Booster 3.4 (HKLM-x32\...\Driver Booster_is1) (Version: 3.4 - IObit)
ESET Smart Security (HKLM\...\{C20E6525-879A-47C3-BBC4-6B8096D3F53D}) (Version: 9.0.386.0 - ESET, spol. s r.o.)
Facebook Gameroom 1.4.1.0 (HKLM-x32\...\{BF83FC65-8072-4850-A4CE-969A5F3570DA}) (Version: 1.4.1.0 - Facebook)
FastStone Image Viewer 5.8 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.8 - FastStone Soft)
FlashPeak Slimjet (HKLM-x32\...\Slimjet) (Version: 10.0.7.0 - FlashPeak Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
K-Lite Codec Pack 4.3.4 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 4.3.4 - )
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.1.5.8 - PandoraTV)
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\Minecraft 1.0.0) (Version: 1.0.0 - Mojang (installer by OfficialHawk))
Minecraft (x32 Version: 1.0.0 - Mojang (installer by OfficialHawk)) Hidden
Mozilla Firefox 55.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0 (x86 en-US)) (Version: 55.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.0.6382 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.95 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Online Application (x32 Version: 2.6.0 - Microleaves) Hidden <==== ATTENTION
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Plants vs Zombies (HKLM\...\{1E4E9CEB-AF32-4C7C-BEFB-CB3EAC11FE38}_is1) (Version: 1.0.0.1051 - PopcapGames)
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TapinRadio 1.72.7 (x64) (HKLM-x32\...\TapinRadio_is1) (Version: - Raimersoft)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinUtilities Professional Edition 12.25 (HKLM-x32\...\{FC274982-5AAD-4C20-848D-4424A5043009}_is1) (Version: 12.25 - YL Computing, Inc)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D64BE0B-E9C7-4F19-8E24-1121189BC988} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-06] (Google Inc.)
Task: {11985CD6-5148-48F1-8B3F-5DF433000EBB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-17] (Adobe Systems Incorporated)
Task: {1F1D6B09-F4AD-4B2F-9447-DEDC23B2DF0D} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== ATTENTION
Task: {424E78C6-0CA3-4CD8-9312-A1711931D9B9} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {4DDC4348-8663-4874-AC92-E6F13535734C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-06] (Google Inc.)
Task: {51AA088B-5311-44B6-AA70-B0EEA765163F} - System32\Tasks\GoogleUpdateTaskMachineUA1d1dd2418c61b28 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-06] (Google Inc.)
Task: {6395B71A-16B6-496E-8734-84E83F924EF1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe [2017-06-17] (Adobe Systems Incorporated)
Task: {657F151B-A692-4476-A23E-66FF11DAB8D2} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {659EA927-7F83-44BA-B2FD-8C86411F6F13} - System32\Tasks\Update Manager => C:\Users\PC\AppData\Roaming\PAYDAY.2.Career.Criminal.[Update.117.v1.55.43]-ALI213\Upgrade.exe
Task: {65BDAEEA-D281-457B-A019-307CD6F16C3B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {9312DB75-A1A4-4615-BDEC-DA4D005391B0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {9AB5284D-7120-46C7-9559-8C78A69F8BD4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {A2E8A6E7-5118-4E2A-A665-DD8C10BA25BF} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {AB8EB394-9969-43EF-9216-95352E7CD653} - System32\Tasks\Driver Booster SkipUAC (PC) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-05-25] (IObit)
Task: {AE23EF00-A213-4D4E-9E80-398665EE57A9} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {BBCCBFE6-0DFE-4252-9352-047DB00C04A0} - System32\Tasks\Windows Password Ex Lite => Rundll32.exe "C:\Program Files\Windows Password Ex Lite\Windows Password Ex Lite.dll",cnQJPcQeHdC <==== ATTENTION
Task: {E4B11C9D-1E11-4CE2-A836-1FC68FF322BC} - System32\Tasks\update-S-1-5-21-2917841586-4204570114-2067478582-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {FE146E35-0F54-4479-8BA3-91BB1CE1131B} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-05-25] (IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1dd2418c61b28.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\update-S-1-5-21-2917841586-4204570114-2067478582-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION

ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\PC\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\PC\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (3).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\PC\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\PC\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/

==================== Loaded Modules (Whitelisted) ==============

2016-07-09 13:48 - 2016-01-29 12:49 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-07-14 01:22 - 2009-07-14 03:43 - 02849480 ____N () C:\Windows\system32\lanmamasterHelp.dll
2017-06-24 17:25 - 2015-06-01 22:29 - 02265088 _____ () C:\Program Files\Windows Password Ex Lite\Windows Password Ex Lite.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-12-11 16:12 - 2016-12-11 16:12 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2017-06-24 18:18 - 2017-06-24 18:18 - 00481792 _____ () C:\Windows\TEMP\g187F.tmp.exe
2017-06-24 19:34 - 2017-06-24 19:34 - 00460800 _____ () C:\Windows\TEMP\gDAE6.tmp.exe
2017-06-24 17:25 - 2017-06-24 17:25 - 00463144 _____ () c:\windows\syswow64\mptpmdxm.dll
2017-05-02 18:50 - 2017-05-02 18:50 - 01162752 _____ () C:\Users\PC\AppData\Local\Facebook\Games\CefSharp.Core.dll
2017-05-02 18:50 - 2017-05-02 18:50 - 67197440 _____ () C:\Users\PC\AppData\Local\Facebook\Games\libcef.dll
2014-03-01 01:20 - 2014-03-01 01:20 - 00002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2016-07-09 13:39 - 2009-03-26 14:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2017-05-02 18:50 - 2017-05-02 18:50 - 00752640 _____ () C:\Users\PC\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2017-05-02 18:50 - 2017-05-02 18:50 - 01886208 _____ () C:\Users\PC\AppData\Local\Facebook\Games\libglesv2.dll
2017-05-02 18:50 - 2017-05-02 18:50 - 00078848 _____ () C:\Users\PC\AppData\Local\Facebook\Games\libegl.dll
2016-07-09 15:31 - 2016-06-27 08:13 - 01728000 _____ () C:\Program Files (x86)\Slimjet\libglesv2.dll
2016-07-09 15:31 - 2016-06-27 08:13 - 00075264 _____ () C:\Program Files (x86)\Slimjet\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-02-26 12:31 - 00000888 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 v1.ff.avast.com
127.0.0.1 vlcproxy.ff.avast.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2917841586-4204570114-2067478582-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{39E0397E-1169-4110-8728-80DAFFDD3209}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{3C09F3A6-6B33-40D2-889A-EB8BCC150718}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{EC19EAA1-293F-4525-BA9C-00526273E529}C:\games\counter-strike\hl.exe] => (Block) C:\games\counter-strike\hl.exe
FirewallRules: [UDP Query User{9CD4C9BF-D912-42DE-A5E8-F5B261A69B6A}C:\games\counter-strike\hl.exe] => (Block) C:\games\counter-strike\hl.exe
FirewallRules: [{944880F3-3566-437B-AE5F-373417BE0AED}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{30BBCD3C-4E15-4A05-BFB8-764B9EA63022}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8BF35758-5BE7-45F9-B3FF-92CEC14A91D6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FA177D20-8544-49A1-8E67-535526551ABB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4492681C-A334-4E1C-A30C-F603CFD8CEA7}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{FA5349DC-4BBA-4D09-AED8-4EC6C84A74D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9D3FA333-5123-47D7-965C-E53FAAF07DB4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BF797082-EAB8-4E3C-ADF1-EF77B3BAEF50}D:\games 1\tf2\team fortress 2\hl2.exe] => (Block) D:\games 1\tf2\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{0F1E3C3A-5EF7-44B7-8B55-86595EBE7C9C}D:\games 1\tf2\team fortress 2\hl2.exe] => (Block) D:\games 1\tf2\team fortress 2\hl2.exe
FirewallRules: [{40DF1B27-31FE-4071-BF82-AFC0C5EADA66}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AF9C2E26-1DD9-4E86-BCB4-6DF52B5F4E73}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9AF882E7-7D41-42B6-A8E2-7A67573CF17A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{27863B0B-6323-4639-8A2A-2465979D7D3F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1AEC18A4-3E68-46E1-B1DC-E396726ACFAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{BFD4B8E4-C365-4C8D-AC8B-34B2CAAB9910}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{C8E38728-4401-4326-8AD5-D5E257BFBEDE}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EE61945C-AFB2-41A3-83F9-830C1EE26EEA}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AC9E5B9C-3786-4B93-B7A3-F26A805B1D45}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2E9445BA-1CD2-4763-AA0A-B8DD641BBC73}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C6A65C0D-7466-4A66-B803-62A539187FB1}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6CF82976-0C99-4911-BB76-CDAF99B8BE03}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B8238ACB-7E60-4C56-A988-CFAFC0317A0D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{503B0069-004B-4B58-9480-4F82CE663AF8}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{A0409345-2AC3-49E9-BB06-9108B99CF51A}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{D225BDCB-E426-429B-A3F5-D918A1F1439B}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{1037DB60-1B7A-4227-9691-87EDCFACC940}] => (Allow) C:\Windows\System32\rundll32.exe

==================== Restore Points =========================

20-06-2017 10:53:24 Scheduled Checkpoint
24-06-2017 18:11:53 Removed Skype™ 7.33

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: K:\
Description: USB MS Reader
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/24/2017 06:12:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/24/2017 05:36:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/23/2017 05:02:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/22/2017 06:27:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 143003082537413.fbunity, version: 5.5.2.10711, time stamp: 0x58ad74ab
Faulting module name: 143003082537413.fbunity, version: 5.5.2.10711, time stamp: 0x58ad74ab
Exception code: 0xc0000005
Fault offset: 0x0078b7bf
Faulting process id: 0xe58
Faulting application start time: 0x01d2eb73ecd2c42f
Faulting application path: C:\Users\Public\Facebook Games\143003082537413\39\143003082537413.fbunity
Faulting module path: C:\Users\Public\Facebook Games\143003082537413\39\143003082537413.fbunity
Report Id: 9ffced30-5767-11e7-8c27-048d3874878d

Error: (06/22/2017 06:25:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FacebookGameroom.exe version 1.4.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12a8

Start Time: 01d2eb2c3197594f

Termination Time: 993

Application Path: C:\Users\PC\AppData\Local\Facebook\Games\FacebookGameroom.exe

Report Id: 636af946-5767-11e7-8c27-048d3874878d

Error: (06/22/2017 05:35:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/22/2017 01:02:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/21/2017 12:39:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FacebookGameroom.exe version 1.4.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b70

Start Time: 01d2ea4409e6f26a

Termination Time: 16

Application Path: C:\Users\PC\AppData\Local\Facebook\Games\FacebookGameroom.exe

Report Id:

Error: (06/21/2017 09:02:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/20/2017 11:03:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (06/24/2017 07:26:54 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 803.

Error: (06/24/2017 07:26:54 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 1110.

Error: (06/24/2017 07:26:54 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 803.

Error: (06/24/2017 07:26:54 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 1110.

Error: (06/24/2017 07:26:54 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 803.

Error: (06/24/2017 07:26:54 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 1110.

Error: (06/24/2017 07:26:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 803.

Error: (06/24/2017 07:26:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 1110.

Error: (06/24/2017 07:26:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 803.

Error: (06/24/2017 07:26:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 1110.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 61%
Total physical RAM: 4094.18 MB
Available physical RAM: 1595.35 MB
Total Virtual: 8186.5 MB
Available Virtual: 4663.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:34.7 GB) NTFS
Drive d: () (Fixed) (Total:368.1 GB) (Free:80.34 GB) NTFS
Drive f: (Elements) (Fixed) (Total:931.51 GB) (Free:771.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D3F86C74)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 87F356DD)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Preuzmi AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

offline
  • maha  Male
  • Super građanin
  • Pridružio: 06 Dec 2006
  • Poruke: 1152

Napisano: 24 Jun 2017 20:12

# AdwCleaner v6.047 - Logfile created 24/06/2017 at 20:08:54
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-19.1 [Local]
# Operating System : Windows 7 Ultimate (X64)
# Username : PC - PC-PC
# Running from : C:\Users\PC\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: 1e785095cf15fdf1a82c1a1cd3de54ab


***** [ Folders ] *****

[#] Folder deleted on reboot: C:\Users\PC\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
[#] Folder deleted on reboot: C:\Users\PC\AppData\Local\AdvinstAnalytics
[#] Folder deleted on reboot: C:\Users\PC\AppData\LocalLow\Zynga
[#] Folder deleted on reboot: C:\Users\PC\AppData\Roaming\Microleaves
[#] Folder deleted on reboot: C:\Users\PC\AppData\Roaming\BrowserModule
[#] Folder deleted on reboot: C:\Users\PC\AppData\Roaming\BROWSERMODULE
[#] Folder deleted on reboot: C:\Users\PC\AppData\Roaming\UCChannel
[#] Folder deleted on reboot: C:\Users\PC\Desktop\StormFall
[#] Folder deleted on reboot: C:\Program Files\Plants Vs Zombies
[#] Folder deleted on reboot: C:\Program Files\Common Files\AVG Secure Search
[#] Folder deleted on reboot: C:\ProgramData\Microleaves
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Microleaves
[#] Folder deleted on reboot: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plants Vs Zombies
[#] Folder deleted on reboot: C:\Program Files (x86)\Microleaves
[#] Folder deleted on reboot: C:\Program Files (x86)\Common Files\AVG Secure Search
[#] Folder deleted on reboot: C:\Windows\SysWOW64\SSL
[#] Folder deleted on reboot: C:\Users\PC\AppData\Roaming\BrowserModule
[#] Folder deleted on reboot: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
[#] Folder deleted on reboot: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg
[#] Folder deleted on reboot: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgmiemnjjchgkmgbeljfocdjjnpjnmcg
[#] Folder deleted on reboot: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl
[#] Folder deleted on reboot: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig


***** [ Files ] *****

[-] File deleted: C:\Windows\SysNative\drivers\1e785095cf15fdf1a82c1a1cd3de54ab.sys
[-] File deleted: C:\Users\Public\Desktop\Plants Vs Zombies.lnk
[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plants Vs Zombies.lnk
[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Plants Vs Zombies.lnk
[-] File deleted: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mgmiemnjjchgkmgbeljfocdjjnpjnmcg_0.localstorage
[-] File deleted: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mpphfcjpaldmedbbomcdhgonmhjngfig_0.localstorage


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****

[-] Shortcut disinfected: C:\Users\Public\Desktop\Google Chrome.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk


***** [ Scheduled Tasks ] *****

[-] Task deleted: apachesrvin
[-] Task deleted: Updater_Online_Application
[-] Task deleted: Online Application V2G2
[-] Task deleted: Online Application V2G3
[-] Task deleted: Online Application V2G1


***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BF8946CD-EEBE-436B-8282-B19A021C9EFE}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{38DD0B4A-E4E0-4A57-99EE-DCCB185B4728}
[-] Key deleted: HKU\S-1-5-21-2917841586-4204570114-2067478582-1000\Software\CoinisRevShare
[-] Key deleted: HKU\S-1-5-21-2917841586-4204570114-2067478582-1000\Software\Installer
[-] Key deleted: HKU\S-1-5-21-2917841586-4204570114-2067478582-1000\Software\WajIEnhance
[-] Key deleted: HKU\S-1-5-21-2917841586-4204570114-2067478582-1000\Software\Event Monitor
[#] Key deleted on reboot: HKCU\Software\CoinisRevShare
[#] Key deleted on reboot: HKCU\Software\Installer
[#] Key deleted on reboot: HKCU\Software\WajIEnhance
[#] Key deleted on reboot: HKCU\Software\Event Monitor
[-] Key deleted: HKLM\SOFTWARE\Jawego
[-] Key deleted: HKLM\SOFTWARE\PC
[-] Key deleted: HKLM\SOFTWARE\Event Monitor
[-] Key deleted: HKLM\SOFTWARE\Microleaves
[-] Key deleted: HKLM\SOFTWARE\{84416237-6490-494D-9AD6-4994DD978971}
[-] Key deleted: HKLM\SOFTWARE\Soci2Sear Browser Enhancer
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
[#] Key deleted on reboot: [x64] HKCU\Software\CoinisRevShare
[#] Key deleted on reboot: [x64] HKCU\Software\Installer
[#] Key deleted on reboot: [x64] HKCU\Software\WajIEnhance
[#] Key deleted on reboot: [x64] HKCU\Software\Event Monitor
[-] Key deleted: [x64] HKLM\SOFTWARE\Soci2Sear Browser Enhancer
[-] Key deleted: HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9


***** [ Web browsers ] *****

[-] [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: dpjamkmjmigaoobjbekmfgabipmfilij
[-] [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mgmiemnjjchgkmgbeljfocdjjnpjnmcg
[-] [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mpphfcjpaldmedbbomcdhgonmhjngfig
[-] [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: nonjdcjchghhkdoolnlbekcfllmednbl


*************************

:: "Tracing" keys deleted

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5773 Bytes] - [05/01/2017 15:15:19]
C:\AdwCleaner\AdwCleaner[C2].txt - [6230 Bytes] - [24/06/2017 20:08:54]
C:\AdwCleaner\AdwCleaner[S0].txt - [5640 Bytes] - [05/01/2017 15:14:38]
C:\AdwCleaner\AdwCleaner[S1].txt - [6529 Bytes] - [24/06/2017 20:07:21]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [6449 Bytes] ##########

Dopuna: 24 Jun 2017 20:15

ok ..super...uspelo...rade brovseri ...hvala na pomoci..

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Postavi nove FRST logove da vidim da li je to to.

offline
  • maha  Male
  • Super građanin
  • Pridružio: 06 Dec 2006
  • Poruke: 1152

Napisano: 24 Jun 2017 20:26

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-06-2017 01
Ran by PC (administrator) on PC-PC (24-06-2017 20:23:53)
Running from C:\Users\PC\Downloads
Loaded Profiles: PC (Available Profiles: PC)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Windows\Temp\gDAE6.tmp.exe
() C:\Windows\Temp\g187F.tmp.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(BitTorrent Inc.) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe
(Facebook) C:\Users\PC\AppData\Local\Facebook\Games\FacebookGameroom.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BitTorrent Inc.) C:\Users\PC\AppData\Roaming\uTorrent\updates\3.5.0_43900\utorrentie.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(BitTorrent Inc.) C:\Users\PC\AppData\Roaming\uTorrent\updates\3.5.0_43900\utorrentie.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(The CefSharp Authors) C:\Users\PC\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(The CefSharp Authors) C:\Users\PC\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(The CefSharp Authors) C:\Users\PC\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(The CefSharp Authors) C:\Users\PC\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE*
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 [0 2017-06-24] ()
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 [0 2017-06-24] ()
HKU\S-1-5-21-2917841586-4204570114-2067478582-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-2917841586-4204570114-2067478582-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-2917841586-4204570114-2067478582-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-2917841586-4204570114-2067478582-1000\...\Run: [uTorrent] => C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe [2166464 2017-06-21] (BitTorrent Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2017-02-22]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-05-19]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\PC\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2017-02-16]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{55A639B5-31BA-424B-888E-BA8A2FE82741}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{86562B1A-2706-46FC-9446-04504B5F7CE0}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2917841586-4204570114-2067478582-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-20] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2917841586-4204570114-2067478582-1000 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: id7p96dn.default
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\id7p96dn.default [2017-06-24]
FF user.js: detected! => C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\id7p96dn.default\user.js [2017-05-10]
FF Extension: (Tables) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\id7p96dn.default\Extensions\455574@extcorp.com.xpi [2017-06-24]
FF Extension: (Grammarly for Firefox) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\id7p96dn.default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2017-06-20]
FF Extension: (Adblock Plus) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\id7p96dn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08]
FF Extension: (Click-to-Play staged rollout) - C:\Program Files (x86)\Mozilla Firefox\browser\features\clicktoplay-rollout@mozilla.org.xpi [2017-06-24] [not signed]
FF Extension: (Follow-on Search Telemetry) - C:\Program Files (x86)\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi [2017-06-24] [not signed]
FF Extension: (Shield Recipe Client) - C:\Program Files (x86)\Mozilla Firefox\browser\features\shield-recipe-client@mozilla.org.xpi [2017-06-24] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-20] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\enpsysau.js [2017-06-24]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/ncr","hxxp://www.google.com/ncr",["hxxp://search.conduit.com/?ctid=CT2481032&SearchSource=48"
CHR NewTab: Default -> Active:"chrome-extension://mgmiemnjjchgkmgbeljfocdjjnpjnmcg/ntp.html"
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default [2017-06-24]
CHR Extension: (Google Slides) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-06]
CHR Extension: (Google Docs) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-06]
CHR Extension: (Google Drive) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-06]
CHR Extension: (Weather (extension)) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc [2017-03-06]
CHR Extension: (Gismeteo) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfegaehidkkcfaikpaijcdahnpikhobf [2017-03-10]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-06]
CHR Extension: (Guitarist's Reference) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cddaabhppoebkmalboinjhgofbhdbcgk [2017-03-06]
CHR Extension: (Adblock Plus) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-23]
CHR Extension: (Empty New Tab Page) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij [2017-06-24]
CHR Extension: (Google Sheets) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-06]
CHR Extension: (Bookmarks Menu) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmdedmghpoipeldijkdlcckdpempkdi [2017-03-06]
CHR Extension: (Tables) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-06-24]
CHR Extension: (Google Docs Offline) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-06]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-06-23]
CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb [2017-03-06]
CHR Extension: (Awesome New Tab Page) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2017-06-24]
CHR Extension: (Google Mail Checker) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-03-06]
CHR Extension: (Search Box) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mknehpjhljpfaghmicofickbkdagooni [2017-03-06]
CHR Extension: (Google Input Tools) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig [2017-06-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Hover Zoom) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2017-06-24]
CHR Extension: (Context Menu Search) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocpcmghnefmdhljkoiapafejjohldoga [2017-03-06]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2017-06-15]
CHR Extension: (My IP address) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhoeoiodcebkkigjiooibeccnfmmkoe [2017-03-06]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-06]
CHR Extension: (Chrome Media Router) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
CHR Extension: (easychrome) - C:\Users\PC\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk [2017-06-24]
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\System Profile [2017-06-07]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-07-09] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2541192 2016-06-23] (ESET)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 mptpmdxm; C:\Windows\SysWow64\mptpmdxm.dll [463144 2017-06-24] () <==== ATTENTION
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2016-12-11] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-08-16] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-08-16] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2016-10-09] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263336 2016-06-23] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197288 2016-06-23] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [153248 2016-06-23] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [208552 2016-06-23] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61608 2016-06-23] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84640 2016-06-23] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [124760 2010-04-07] (ESET)
R1 LanmaMaster; C:\Windows\system32\drivers\lanmamaster.sys [2985064 2009-07-14] () [File not signed] <==== ATTENTION
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
R2 UefGdstor; C:\Windows\system32\drivers\UefGdstor.sys [197480 2009-07-14] () [File not signed] <==== ATTENTION
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-24 20:23 - 2017-06-24 20:24 - 00018355 _____ C:\Users\PC\Downloads\FRST.txt
2017-06-24 19:59 - 2017-06-24 19:59 - 04110280 _____ C:\Users\PC\Downloads\AdwCleaner.exe
2017-06-24 19:54 - 2017-06-24 19:54 - 00000000 ____D C:\Windows.old
2017-06-24 19:36 - 2017-06-24 19:36 - 02440704 _____ (Farbar) C:\Users\PC\Downloads\FRST64.exe
2017-06-24 17:38 - 2017-06-24 17:45 - 00000000 ____D C:\ProgramData\DataCache
2017-06-24 17:37 - 2017-06-24 17:37 - 00000000 ____D C:\Users\PC\AppData\Roaming\BrowserModule
2017-06-24 17:35 - 2017-06-24 17:36 - 00000000 ____D C:\Windows\SysWOW64\SSL
2017-06-24 17:25 - 2017-06-24 20:24 - 00016758 _____ C:\Windows\System32\Tasks\Windows Password Ex Lite
2017-06-24 17:25 - 2017-06-24 17:35 - 00000000 ____D C:\ProgramData\Cache
2017-06-24 17:25 - 2017-06-24 17:25 - 00463144 _____ C:\Windows\SysWOW64\mptpmdxm.dll
2017-06-24 17:25 - 2017-06-24 17:25 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
2017-06-24 17:25 - 2017-06-24 17:25 - 00000000 ____D C:\Users\PC\AppData\Roaming\UCChannel
2017-06-24 17:25 - 2017-06-24 17:25 - 00000000 ____D C:\Users\PC\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
2017-06-24 17:25 - 2017-06-24 17:25 - 00000000 ____D C:\ProgramData\Microleaves
2017-06-24 17:23 - 2017-06-24 17:23 - 07307776 _____ C:\Users\PC\AppData\Local\agent.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 03137536 _____ (TODO: <Company name>) C:\Users\PC\AppData\Local\Geodox.exe
2017-06-24 17:23 - 2017-06-24 17:23 - 01897945 _____ C:\Users\PC\AppData\Local\Geodox.tst
2017-06-24 17:23 - 2017-06-24 17:23 - 00930816 _____ C:\Users\PC\AppData\Local\test_db_cara.db
2017-06-24 17:23 - 2017-06-24 17:23 - 00140800 _____ C:\Users\PC\AppData\Local\installer.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 00126464 _____ C:\Users\PC\AppData\Local\noah.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 00070800 _____ C:\Users\PC\AppData\Local\Config.xml
2017-06-24 17:23 - 2017-06-24 17:23 - 00018432 _____ C:\Users\PC\AppData\Local\Main.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 00011568 _____ C:\Users\PC\AppData\Local\InstallationConfiguration.xml
2017-06-24 17:23 - 2017-06-24 17:23 - 00005568 _____ C:\Users\PC\AppData\Local\md.xml
2017-06-24 17:23 - 2017-06-24 17:23 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-06-24 17:22 - 2017-06-24 17:22 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microleaves
2017-06-24 17:22 - 2017-06-24 17:22 - 00000000 ____D C:\Users\PC\AppData\Local\AdvinstAnalytics
2017-06-23 06:54 - 2017-06-23 06:54 - 00689152 _____ C:\Windows\b7cad336bcaef8766398d2dc3888be9e.exe
2017-06-23 06:54 - 2017-06-23 06:54 - 00051619 _____ C:\Windows\uninstaller.dat
2017-06-23 03:22 - 2017-06-23 03:22 - 01060944 _____ C:\Users\PC\Downloads\download.htm
2017-06-18 14:42 - 2017-06-18 14:42 - 00000000 ____D C:\inilog
2017-06-16 18:17 - 2017-06-16 18:17 - 00002645 _____ C:\Users\PC\Desktop\Microsoft Office PowerPoint 2007.lnk
2017-06-14 16:10 - 2017-06-14 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2017-06-09 15:44 - 2017-06-09 15:44 - 00460720 _____ C:\Users\PC\Downloads\photo (1).htm
2017-06-09 15:38 - 2017-06-09 15:38 - 00456461 _____ C:\Users\PC\Downloads\photo.htm

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-24 20:23 - 2017-01-05 15:34 - 00000000 ____D C:\FRST
2017-06-24 20:21 - 2017-05-13 15:00 - 00000000 ____D C:\Users\PC\AppData\Roaming\uTorrent
2017-06-24 20:15 - 2017-02-23 12:41 - 00000382 _____ C:\Windows\Tasks\update-S-1-5-21-2917841586-4204570114-2067478582-1000.job
2017-06-24 20:15 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-24 20:15 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-24 20:10 - 2017-05-13 15:00 - 00000000 ____D C:\Users\PC\AppData\LocalLow\uTorrent
2017-06-24 20:10 - 2017-03-29 18:54 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-24 20:10 - 2016-07-09 13:48 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-24 20:10 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-24 20:09 - 2016-07-09 13:49 - 00061544 _____ C:\Windows\system32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx
2017-06-24 20:09 - 2016-07-09 13:49 - 00061544 _____ C:\Windows\system32\BMXState-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx
2017-06-24 20:09 - 2016-07-09 13:49 - 00000788 _____ C:\Windows\system32\DVCState-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx
2017-06-24 20:08 - 2017-01-05 15:11 - 00000000 ____D C:\AdwCleaner
2017-06-24 20:07 - 2017-03-06 08:24 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-24 20:07 - 2017-03-06 08:24 - 00001031 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-24 19:54 - 2017-02-25 22:01 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-06-24 19:54 - 2017-02-25 22:01 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-06-24 19:54 - 2016-07-09 11:21 - 00001447 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-06-24 19:54 - 2016-07-09 11:21 - 00001413 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2017-06-24 19:53 - 2016-07-09 12:06 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-24 17:35 - 2017-02-27 13:44 - 00000000 ____D C:\Users\PC\Downloads\1
2017-06-24 17:29 - 2009-07-14 07:13 - 00801926 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-24 17:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-06-24 17:28 - 2017-02-25 22:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-24 17:24 - 2016-10-09 12:15 - 00000000 ____D C:\Users\PC\Desktop\New folder1
2017-06-24 17:18 - 2017-01-06 22:39 - 00000000 ____D C:\KMPlayer
2017-06-24 17:02 - 2017-02-23 12:41 - 00000382 _____ C:\Windows\Tasks\update-sys.job
2017-06-24 10:21 - 2017-05-06 01:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-24 09:56 - 2016-11-16 00:02 - 00000000 ____D C:\Users\PC\AppData\LocalLow\Mozilla
2017-06-23 22:54 - 2017-02-23 13:10 - 00000000 ____D C:\Users\PC\Desktop\Sparta
2017-06-21 01:05 - 2017-04-24 23:23 - 00000000 ____D C:\Users\PC\Desktop\JNA
2017-06-17 12:31 - 2016-07-09 16:52 - 00000000 ___SD C:\Users\PC\AppData\LocalLow\Temp
2017-06-17 11:00 - 2017-02-26 02:40 - 00004438 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-06-17 11:00 - 2017-02-26 02:35 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-17 11:00 - 2017-02-26 02:35 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-17 11:00 - 2017-02-26 02:35 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-06-17 11:00 - 2017-02-26 02:35 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-14 16:10 - 2017-02-23 12:41 - 00003250 _____ C:\Windows\System32\Tasks\update-S-1-5-21-2917841586-4204570114-2067478582-1000
2017-06-14 16:10 - 2017-02-23 12:41 - 00000425 _____ C:\Users\PC\AppData\Local\UserProducts.xml
2017-06-14 11:54 - 2009-07-14 07:08 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-06-13 00:14 - 2017-01-30 14:45 - 00000000 ____D C:\Users\PC\Desktop\Tel
2017-06-08 23:55 - 2017-05-13 07:25 - 00000000 ____D C:\Users\PC\Desktop\Alija
2017-06-06 00:23 - 2016-07-13 18:53 - 00000000 ____D C:\Users\PC\TapinRadio
2017-06-05 18:08 - 2017-03-18 08:01 - 00000000 ____D C:\Users\PC\Desktop\Soldier
2017-05-31 11:05 - 2016-07-18 16:46 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-05-31 11:04 - 2016-07-30 16:11 - 00000000 ____D C:\Games
2017-05-27 10:13 - 2017-05-09 17:23 - 00000000 ____D C:\Users\PC\AppData\LocalLow\Rocketeer Games Studio
2017-05-27 10:10 - 2017-01-13 00:11 - 00000000 ____D C:\Users\Public\Facebook Games

==================== Files in the root of some directories =======

2017-03-24 18:07 - 2017-03-24 18:08 - 0000373 _____ () C:\Users\PC\AppData\Roaming\apachesrvin.vbs
2017-03-24 18:07 - 2017-03-24 18:08 - 0000052 _____ () C:\Users\PC\AppData\Roaming\die.bat
2015-10-30 03:21 - 2015-10-30 03:21 - 0069632 _____ (FelineSoft) C:\Users\PC\AppData\Roaming\Fazala.exe
2017-06-24 17:23 - 2017-06-24 17:23 - 7307776 _____ () C:\Users\PC\AppData\Local\agent.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 0070800 _____ () C:\Users\PC\AppData\Local\Config.xml
2017-06-24 17:23 - 2017-06-24 17:23 - 3137536 _____ (TODO: <Company name>) C:\Users\PC\AppData\Local\Geodox.exe
2017-06-24 17:23 - 2017-06-24 17:23 - 1897945 _____ () C:\Users\PC\AppData\Local\Geodox.tst
2017-06-24 17:23 - 2017-06-24 17:23 - 0011568 _____ () C:\Users\PC\AppData\Local\InstallationConfiguration.xml
2017-06-24 17:23 - 2017-06-24 17:23 - 0140800 _____ () C:\Users\PC\AppData\Local\installer.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 0018432 _____ () C:\Users\PC\AppData\Local\Main.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 0005568 _____ () C:\Users\PC\AppData\Local\md.xml
2017-06-24 17:23 - 2017-06-24 17:23 - 0126464 _____ () C:\Users\PC\AppData\Local\noah.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 0930816 _____ () C:\Users\PC\AppData\Local\test_db_cara.db
2017-02-23 12:41 - 2017-02-23 12:41 - 0000003 _____ () C:\Users\PC\AppData\Local\updater.log
2017-02-23 12:41 - 2017-06-14 16:10 - 0000425 _____ () C:\Users\PC\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2017-06-24 17:25 - 2017-06-24 17:25 - 0037172 _____ () C:\Users\PC\AppData\Local\Temp\nop.exe
2017-06-22 00:06 - 2017-06-22 00:06 - 11546708 _____ () C:\Users\PC\AppData\Local\Temp\setup.dll
2017-06-24 17:34 - 2017-05-02 17:09 - 0076409 _____ () C:\Users\PC\AppData\Local\Temp\Setup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-22 00:19

==================== End of FRST.txt ============================

Dopuna: 24 Jun 2017 20:27

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-06-2017 01
Ran by PC (24-06-2017 20:24:51)
Running from C:\Users\PC\Downloads
Windows 7 Ultimate (X64) (2016-07-09 18:16:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2917841586-4204570114-2067478582-500 - Administrator - Disabled)
Guest (S-1-5-21-2917841586-4204570114-2067478582-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2917841586-4204570114-2067478582-1003 - Limited - Enabled)
PC (S-1-5-21-2917841586-4204570114-2067478582-1000 - Administrator - Enabled) => C:\Users\PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.386.0 (Enabled - Out of date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.386.0 (Enabled - Out of date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2917841586-4204570114-2067478582-1000\...\uTorrent) (Version: 3.5.0.43900 - BitTorrent Inc.)
Adobe Acrobat Reader DC MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6229 - CDBurnerXP)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0316 - DT Soft Ltd)
Driver Booster 3.4 (HKLM-x32\...\Driver Booster_is1) (Version: 3.4 - IObit)
ESET Smart Security (HKLM\...\{C20E6525-879A-47C3-BBC4-6B8096D3F53D}) (Version: 9.0.386.0 - ESET, spol. s r.o.)
Facebook Gameroom 1.4.1.0 (HKLM-x32\...\{BF83FC65-8072-4850-A4CE-969A5F3570DA}) (Version: 1.4.1.0 - Facebook)
FastStone Image Viewer 5.8 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.8 - FastStone Soft)
FlashPeak Slimjet (HKLM-x32\...\Slimjet) (Version: 10.0.7.0 - FlashPeak Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
K-Lite Codec Pack 4.3.4 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 4.3.4 - )
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.1.5.8 - PandoraTV)
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\Minecraft 1.0.0) (Version: 1.0.0 - Mojang (installer by OfficialHawk))
Minecraft (x32 Version: 1.0.0 - Mojang (installer by OfficialHawk)) Hidden
Mozilla Firefox 55.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0 (x86 en-US)) (Version: 55.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.0.6382 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.95 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Plants vs Zombies (HKLM\...\{1E4E9CEB-AF32-4C7C-BEFB-CB3EAC11FE38}_is1) (Version: 1.0.0.1051 - PopcapGames)
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TapinRadio 1.72.7 (x64) (HKLM-x32\...\TapinRadio_is1) (Version: - Raimersoft)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinUtilities Professional Edition 12.25 (HKLM-x32\...\{FC274982-5AAD-4C20-848D-4424A5043009}_is1) (Version: 12.25 - YL Computing, Inc)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D64BE0B-E9C7-4F19-8E24-1121189BC988} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-06] (Google Inc.)
Task: {11985CD6-5148-48F1-8B3F-5DF433000EBB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-17] (Adobe Systems Incorporated)
Task: {4DDC4348-8663-4874-AC92-E6F13535734C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-06] (Google Inc.)
Task: {51AA088B-5311-44B6-AA70-B0EEA765163F} - System32\Tasks\GoogleUpdateTaskMachineUA1d1dd2418c61b28 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-06] (Google Inc.)
Task: {6395B71A-16B6-496E-8734-84E83F924EF1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe [2017-06-17] (Adobe Systems Incorporated)
Task: {657F151B-A692-4476-A23E-66FF11DAB8D2} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {659EA927-7F83-44BA-B2FD-8C86411F6F13} - System32\Tasks\Update Manager => C:\Users\PC\AppData\Roaming\PAYDAY.2.Career.Criminal.[Update.117.v1.55.43]-ALI213\Upgrade.exe
Task: {65BDAEEA-D281-457B-A019-307CD6F16C3B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {9312DB75-A1A4-4615-BDEC-DA4D005391B0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {9AB5284D-7120-46C7-9559-8C78A69F8BD4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {AB8EB394-9969-43EF-9216-95352E7CD653} - System32\Tasks\Driver Booster SkipUAC (PC) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-05-25] (IObit)
Task: {BBCCBFE6-0DFE-4252-9352-047DB00C04A0} - System32\Tasks\Windows Password Ex Lite => Rundll32.exe "C:\Program Files\Windows Password Ex Lite\Windows Password Ex Lite.dll",cnQJPcQeHdC <==== ATTENTION
Task: {E4B11C9D-1E11-4CE2-A836-1FC68FF322BC} - System32\Tasks\update-S-1-5-21-2917841586-4204570114-2067478582-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {FE146E35-0F54-4479-8BA3-91BB1CE1131B} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-05-25] (IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1dd2418c61b28.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-2917841586-4204570114-2067478582-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2016-07-09 13:48 - 2016-01-29 12:49 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-07-14 01:22 - 2009-07-14 03:43 - 02849480 ____N () C:\Windows\system32\lanmamasterHelp.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2017-06-24 17:25 - 2015-06-01 22:29 - 02265088 _____ () C:\Program Files\Windows Password Ex Lite\Windows Password Ex Lite.dll
2016-12-11 16:12 - 2016-12-11 16:12 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2017-06-24 19:34 - 2017-06-24 20:10 - 00460800 _____ () C:\Windows\TEMP\gDAE6.tmp.exe
2017-06-24 18:18 - 2017-06-24 20:10 - 00481792 _____ () C:\Windows\TEMP\g187F.tmp.exe
2017-05-16 06:49 - 2017-05-09 11:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-16 06:49 - 2017-05-09 11:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-06-24 17:25 - 2017-06-24 17:25 - 00463144 _____ () c:\windows\syswow64\mptpmdxm.dll
2017-05-02 18:50 - 2017-05-02 18:50 - 01162752 _____ () C:\Users\PC\AppData\Local\Facebook\Games\CefSharp.Core.dll
2017-05-02 18:50 - 2017-05-02 18:50 - 67197440 _____ () C:\Users\PC\AppData\Local\Facebook\Games\libcef.dll
2014-03-01 01:20 - 2014-03-01 01:20 - 00002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2016-07-09 13:39 - 2009-03-26 14:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2016-07-09 15:31 - 2016-06-27 08:13 - 01728000 _____ () C:\Program Files (x86)\Slimjet\libglesv2.dll
2016-07-09 15:31 - 2016-06-27 08:13 - 00075264 _____ () C:\Program Files (x86)\Slimjet\libegl.dll
2017-05-02 18:50 - 2017-05-02 18:50 - 00752640 _____ () C:\Users\PC\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2017-05-02 18:50 - 2017-05-02 18:50 - 01886208 _____ () C:\Users\PC\AppData\Local\Facebook\Games\libglesv2.dll
2017-05-02 18:50 - 2017-05-02 18:50 - 00078848 _____ () C:\Users\PC\AppData\Local\Facebook\Games\libegl.dll
2017-06-21 03:39 - 2017-06-21 03:39 - 17781624 _____ () C:\Users\PC\AppData\Local\Facebook\Games\plugins\fenix26.0.0.131.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-02-26 12:31 - 00000888 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 v1.ff.avast.com
127.0.0.1 vlcproxy.ff.avast.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2917841586-4204570114-2067478582-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{39E0397E-1169-4110-8728-80DAFFDD3209}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{3C09F3A6-6B33-40D2-889A-EB8BCC150718}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{EC19EAA1-293F-4525-BA9C-00526273E529}C:\games\counter-strike\hl.exe] => (Block) C:\games\counter-strike\hl.exe
FirewallRules: [UDP Query User{9CD4C9BF-D912-42DE-A5E8-F5B261A69B6A}C:\games\counter-strike\hl.exe] => (Block) C:\games\counter-strike\hl.exe
FirewallRules: [{944880F3-3566-437B-AE5F-373417BE0AED}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{30BBCD3C-4E15-4A05-BFB8-764B9EA63022}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8BF35758-5BE7-45F9-B3FF-92CEC14A91D6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FA177D20-8544-49A1-8E67-535526551ABB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4492681C-A334-4E1C-A30C-F603CFD8CEA7}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{FA5349DC-4BBA-4D09-AED8-4EC6C84A74D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9D3FA333-5123-47D7-965C-E53FAAF07DB4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BF797082-EAB8-4E3C-ADF1-EF77B3BAEF50}D:\games 1\tf2\team fortress 2\hl2.exe] => (Block) D:\games 1\tf2\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{0F1E3C3A-5EF7-44B7-8B55-86595EBE7C9C}D:\games 1\tf2\team fortress 2\hl2.exe] => (Block) D:\games 1\tf2\team fortress 2\hl2.exe
FirewallRules: [{40DF1B27-31FE-4071-BF82-AFC0C5EADA66}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AF9C2E26-1DD9-4E86-BCB4-6DF52B5F4E73}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9AF882E7-7D41-42B6-A8E2-7A67573CF17A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{27863B0B-6323-4639-8A2A-2465979D7D3F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1AEC18A4-3E68-46E1-B1DC-E396726ACFAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{BFD4B8E4-C365-4C8D-AC8B-34B2CAAB9910}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{C8E38728-4401-4326-8AD5-D5E257BFBEDE}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EE61945C-AFB2-41A3-83F9-830C1EE26EEA}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AC9E5B9C-3786-4B93-B7A3-F26A805B1D45}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2E9445BA-1CD2-4763-AA0A-B8DD641BBC73}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C6A65C0D-7466-4A66-B803-62A539187FB1}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6CF82976-0C99-4911-BB76-CDAF99B8BE03}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B8238ACB-7E60-4C56-A988-CFAFC0317A0D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{503B0069-004B-4B58-9480-4F82CE663AF8}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{A0409345-2AC3-49E9-BB06-9108B99CF51A}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{51ED8204-AEAF-4127-AF05-89D6301D59E7}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{7C3B77E2-AE11-44B0-8771-77A3A163BED7}] => (Allow) C:\Windows\System32\rundll32.exe

==================== Restore Points =========================

20-06-2017 10:53:24 Scheduled Checkpoint
24-06-2017 18:11:53 Removed Skype™ 7.33

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/24/2017 06:12:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/24/2017 05:36:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/23/2017 05:02:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/22/2017 06:27:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 143003082537413.fbunity, version: 5.5.2.10711, time stamp: 0x58ad74ab
Faulting module name: 143003082537413.fbunity, version: 5.5.2.10711, time stamp: 0x58ad74ab
Exception code: 0xc0000005
Fault offset: 0x0078b7bf
Faulting process id: 0xe58
Faulting application start time: 0x01d2eb73ecd2c42f
Faulting application path: C:\Users\Public\Facebook Games\143003082537413\39\143003082537413.fbunity
Faulting module path: C:\Users\Public\Facebook Games\143003082537413\39\143003082537413.fbunity
Report Id: 9ffced30-5767-11e7-8c27-048d3874878d

Error: (06/22/2017 06:25:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FacebookGameroom.exe version 1.4.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12a8

Start Time: 01d2eb2c3197594f

Termination Time: 993

Application Path: C:\Users\PC\AppData\Local\Facebook\Games\FacebookGameroom.exe

Report Id: 636af946-5767-11e7-8c27-048d3874878d

Error: (06/22/2017 05:35:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/22/2017 01:02:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/21/2017 12:39:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FacebookGameroom.exe version 1.4.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b70

Start Time: 01d2ea4409e6f26a

Termination Time: 16

Application Path: C:\Users\PC\AppData\Local\Facebook\Games\FacebookGameroom.exe

Report Id:

Error: (06/21/2017 09:02:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/20/2017 11:03:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (06/24/2017 08:24:24 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 803.

Error: (06/24/2017 08:24:24 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 1110.

Error: (06/24/2017 08:24:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 803.

Error: (06/24/2017 08:24:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 1110.

Error: (06/24/2017 08:24:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 803.

Error: (06/24/2017 08:24:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 1110.

Error: (06/24/2017 08:24:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 803.

Error: (06/24/2017 08:24:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 1110.

Error: (06/24/2017 08:23:43 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 803.

Error: (06/24/2017 08:23:43 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 1110.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 67%
Total physical RAM: 4094.18 MB
Available physical RAM: 1324.93 MB
Total Virtual: 8186.5 MB
Available Virtual: 3657.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:32.07 GB) NTFS
Drive d: () (Fixed) (Total:368.1 GB) (Free:80.34 GB) NTFS
Drive f: (Elements) (Fixed) (Total:931.51 GB) (Free:768.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D3F86C74)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 87F356DD)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Dopuna: 24 Jun 2017 20:55

opet se pojavi..

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
C:\Windows\Temp\gDAE6.tmp.exe
C:\Windows\Temp\g187F.tmp.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
Toolbar: HKU\S-1-5-21-2917841586-4204570114-2067478582-1000 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
CHR Extension: (easychrome) - C:\Users\PC\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk [2017-06-24]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
R1 LanmaMaster; C:\Windows\system32\drivers\lanmamaster.sys [2985064 2009-07-14] () [File not signed] <==== ATTENTION
C:\Windows\system32\drivers\lanmamaster.sys
R2 UefGdstor; C:\Windows\system32\drivers\UefGdstor.sys [197480 2009-07-14] () [File not signed] <==== ATTENTION
C:\Windows\system32\drivers\UefGdstor.sys
R2 mptpmdxm; C:\Windows\SysWow64\mptpmdxm.dll [463144 2017-06-24] () <==== ATTENTION
C:\Windows\SysWow64\mptpmdxm.dll
Task: {BBCCBFE6-0DFE-4252-9352-047DB00C04A0} - System32\Tasks\Windows Password Ex Lite => Rundll32.exe "C:\Program Files\Windows Password Ex Lite\Windows Password Ex Lite.dll",cnQJPcQeHdC <==== ATTENTION
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
C:\Program Files\Windows Password Ex Lite
FF user.js: detected! => C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\id7p96dn.default\user.js [2017-05-10]
FF Extension: (Tables) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\id7p96dn.default\Extensions\455574@extcorp.com.xpi [2017-06-24]
FF Extension: (Click-to-Play staged rollout) - C:\Program Files (x86)\Mozilla Firefox\browser\features\clicktoplay-rollout@mozilla.org.xpi [2017-06-24] [not signed]
FF Extension: (Follow-on Search Telemetry) - C:\Program Files (x86)\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi [2017-06-24] [not signed]
FF Extension: (Shield Recipe Client) - C:\Program Files (x86)\Mozilla Firefox\browser\features\shield-recipe-client@mozilla.org.xpi [2017-06-24] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\enpsysau.js [2017-06-24]
CHR StartupUrls: Default -> "hxxp://www.google.com/ncr","hxxp://www.google.com/ncr",["hxxp://search.conduit.com/?ctid=CT2481032&SearchSource=48"
CHR NewTab: Default -> Active:"chrome-extension://mgmiemnjjchgkmgbeljfocdjjnpjnmcg/ntp.html"
CHR Extension: (Empty New Tab Page) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij [2017-06-24]
CHR Extension: (Tables) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-06-24]
CHR Extension: (Awesome New Tab Page) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2017-06-24]
CHR Extension: (Google Input Tools) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig [2017-06-24]
CHR Extension: (Hover Zoom) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2017-06-24] 
2017-06-24 17:37 - 2017-06-24 17:37 - 00000000 ____D C:\Users\PC\AppData\Roaming\BrowserModule
2017-06-24 17:25 - 2017-06-24 20:24 - 00016758 _____ C:\Windows\System32\Tasks\Windows Password Ex Lite 
2017-06-24 17:25 - 2017-06-24 17:25 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
2017-06-24 17:25 - 2017-06-24 17:25 - 00000000 ____D C:\Users\PC\AppData\Roaming\UCChannel
2017-06-24 17:25 - 2017-06-24 17:25 - 00000000 ____D C:\Users\PC\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
2017-06-24 17:25 - 2017-06-24 17:25 - 00000000 ____D C:\ProgramData\Microleaves
2017-06-24 17:23 - 2017-06-24 17:23 - 07307776 _____ C:\Users\PC\AppData\Local\agent.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 03137536 _____ (TODO: <Company name>) C:\Users\PC\AppData\Local\Geodox.exe
2017-06-24 17:23 - 2017-06-24 17:23 - 01897945 _____ C:\Users\PC\AppData\Local\Geodox.tst
2017-06-24 17:23 - 2017-06-24 17:23 - 00930816 _____ C:\Users\PC\AppData\Local\test_db_cara.db
2017-06-24 17:23 - 2017-06-24 17:23 - 00140800 _____ C:\Users\PC\AppData\Local\installer.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 00126464 _____ C:\Users\PC\AppData\Local\noah.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 00070800 _____ C:\Users\PC\AppData\Local\Config.xml
2017-06-24 17:23 - 2017-06-24 17:23 - 00018432 _____ C:\Users\PC\AppData\Local\Main.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 00011568 _____ C:\Users\PC\AppData\Local\InstallationConfiguration.xml
2017-06-24 17:23 - 2017-06-24 17:23 - 00005568 _____ C:\Users\PC\AppData\Local\md.xml
2017-06-24 17:23 - 2017-06-24 17:23 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-06-24 17:22 - 2017-06-24 17:22 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microleaves
2017-06-24 17:22 - 2017-06-24 17:22 - 00000000 ____D C:\Users\PC\AppData\Local\AdvinstAnalytics
2017-06-23 06:54 - 2017-06-23 06:54 - 00689152 _____ C:\Windows\b7cad336bcaef8766398d2dc3888be9e.exe
2017-06-23 06:54 - 2017-06-23 06:54 - 00051619 _____ C:\Windows\uninstaller.dat
Folder:C:\Windows\SysWOW64\SSL
Folder:C:\ProgramData\DataCache
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Ko je trenutno na forumu
 

Ukupno su 1329 korisnika na forumu :: 44 registrovanih, 7 sakrivenih i 1278 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., antonije64, Areal84, babaroga, bladesu, Brana01, cenejac111, cikadeda, CikaKURE, Dimitrije Paunovic, Dorcolac, DPera, draganl, Faki-Valjevo, galijot, GandorCC, Georgius, hyla, ikan, kihot, kolle.the.kid, krkalon, Krvava Devetka, kybonacci, Lieutenant, ljuba, markF, Mcdado, mercedesamg, Milos ZA, MilosKop, milutin134, Miroljub1979, Mixelotti, nemkea71, nick79, Parker, prashinar, procesor, robert1979, S-lash, Smd, vathra, 79693