Komp br2 provera

Komp br2 provera

offline
  • Pridružio: 27 Avg 2005
  • Poruke: 556

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by PC (administrator) on PC-PC (26-01-2016 13:36:32)
Running from C:\Users\PC\Desktop
Loaded Profiles: PC (Available Profiles: PC & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(KVIrc Development Team) C:\Program Files (x86)\KVIrc\kvirc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-10-07] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1802424 2015-11-19] (NVIDIA Corporation)
HKLM-x32\...\Run: [HPUsageTracking] => C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe "C:\Program Files (x86)\HP\HP UT\"
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-10-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKU\S-1-5-21-3421853655-1393382260-1997549237-1001\...\MountPoints2: {bb9e9417-bcd1-11e5-8cdd-1c6f65b26aa4} - "F:\autorun.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{5be899f8-4a88-4254-834a-daf0c3fa7219}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{d3761a41-c026-485e-9297-44117fb5f7bc}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-20] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-20] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\55uyt799.default
FF Plugin-x32: @huawei.com/NPPlugin -> C:\Program Files (x86)\Web_TV\WebTVPlugin\NPPlugin.dll [2015-04-23] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google презентације) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-02]
CHR Extension: (Google документи) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-02]
CHR Extension: (Google диск) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-02]
CHR Extension: (Google Search) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Tampermonkey) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-12-18]
CHR Extension: (Google табеле) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-02]
CHR Extension: (Google документи офлајн) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (AdBlock) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-20]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-01-19]
CHR Extension: ([CB] eRepublik) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcllofidbkalfnhfapholimfflgpojdp [2016-01-18]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-02]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-02]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6887696 2015-11-30] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AzureWavePci; C:\Windows\System32\Drivers\AzureWavePci.sys [351232 2010-07-29] (AzureWave Provide)
S3 tsusbhub; C:\Windows\system32\drivers\tsusbhub.sys [117248 2010-11-21] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-26 13:36 - 2016-01-26 13:37 - 00011688 _____ C:\Users\PC\Desktop\FRST.txt
2016-01-26 13:36 - 2016-01-26 13:36 - 00000000 ____D C:\FRST
2016-01-26 13:35 - 2016-01-26 13:36 - 02370560 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2016-01-24 13:50 - 2016-01-24 13:50 - 50706829 _____ C:\Users\PC\Desktop\Sastav CRODA za posudje nova zadnja jan 2016 rv2.cdr
2016-01-24 11:46 - 2016-01-24 11:46 - 50705460 _____ C:\Users\PC\Desktop\Sastav CRODA za posudje nova zadnja jan 2016 rv1.cdr
2016-01-24 10:07 - 2016-01-24 10:07 - 00783202 _____ C:\Users\PC\Downloads\Pravilnik o detergentima 25 15.pdf
2016-01-22 12:09 - 2016-01-22 12:09 - 00000079 _____ C:\Users\PC\Desktop\Acc.txt
2016-01-17 21:23 - 2016-01-17 21:24 - 00583026 _____ C:\Users\PC\Downloads\Soft-Inz.pdf
2016-01-17 21:23 - 2016-01-17 21:23 - 00130006 _____ C:\Users\PC\Downloads\SoftIng-Ispit3.pdf
2016-01-15 23:53 - 2016-01-19 07:28 - 00000050 _____ C:\Users\PC\Desktop\Multi acc.txt
2016-01-15 21:52 - 2016-01-15 21:52 - 00000000 ____H C:\Users\PC\Documents\Default.rdp
2016-01-13 05:52 - 2016-01-05 02:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-13 05:51 - 2016-01-05 03:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-13 05:51 - 2016-01-05 03:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-13 05:51 - 2016-01-05 03:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-13 05:51 - 2016-01-05 03:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-13 05:51 - 2016-01-05 03:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-13 05:51 - 2016-01-05 03:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-13 05:51 - 2016-01-05 03:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-13 05:51 - 2016-01-05 03:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-13 05:51 - 2016-01-05 03:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-13 05:51 - 2016-01-05 03:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-13 05:51 - 2016-01-05 03:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-13 05:51 - 2016-01-05 03:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-13 05:51 - 2016-01-05 03:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-13 05:51 - 2016-01-05 03:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-13 05:51 - 2016-01-05 03:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-13 05:51 - 2016-01-05 03:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-13 05:51 - 2016-01-05 03:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-13 05:51 - 2016-01-05 03:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-13 05:51 - 2016-01-05 03:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-13 05:51 - 2016-01-05 03:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-13 05:51 - 2016-01-05 03:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-13 05:51 - 2016-01-05 03:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-13 05:51 - 2016-01-05 03:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-13 05:51 - 2016-01-05 03:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-13 05:51 - 2016-01-05 03:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-13 05:51 - 2016-01-05 03:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-13 05:51 - 2016-01-05 03:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-13 05:51 - 2016-01-05 03:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-13 05:51 - 2016-01-05 03:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-13 05:51 - 2016-01-05 03:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-13 05:51 - 2016-01-05 03:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-13 05:51 - 2016-01-05 03:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-13 05:51 - 2016-01-05 03:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-13 05:51 - 2016-01-05 03:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-13 05:51 - 2016-01-05 03:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-13 05:51 - 2016-01-05 02:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-13 05:51 - 2016-01-05 02:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-13 05:51 - 2016-01-05 02:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-13 05:51 - 2016-01-05 02:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-13 05:51 - 2016-01-05 02:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-13 05:51 - 2016-01-05 02:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-13 05:51 - 2016-01-05 02:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-13 05:51 - 2016-01-05 02:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-13 05:51 - 2016-01-05 02:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-13 05:51 - 2016-01-05 02:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-13 05:51 - 2016-01-05 02:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-13 05:51 - 2016-01-05 02:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-13 05:51 - 2016-01-05 02:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-13 05:51 - 2016-01-05 02:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-13 05:51 - 2016-01-05 02:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-13 05:51 - 2016-01-05 02:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-13 05:51 - 2016-01-05 02:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-13 05:51 - 2016-01-05 02:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-13 05:51 - 2016-01-05 02:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-13 05:51 - 2016-01-05 02:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-13 05:51 - 2016-01-05 02:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-13 05:51 - 2016-01-05 02:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-13 05:51 - 2016-01-05 02:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-13 05:51 - 2016-01-05 02:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-13 05:51 - 2016-01-05 02:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-13 05:51 - 2016-01-05 02:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-13 05:51 - 2016-01-05 02:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-13 05:51 - 2016-01-05 02:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-13 05:51 - 2016-01-05 02:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-13 05:51 - 2016-01-05 02:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-13 05:51 - 2016-01-05 02:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-13 05:51 - 2016-01-05 02:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-13 05:51 - 2016-01-05 02:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-13 05:51 - 2016-01-05 02:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-13 05:51 - 2016-01-05 02:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-13 05:51 - 2016-01-05 02:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-13 05:51 - 2016-01-05 02:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-13 05:51 - 2016-01-05 02:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-13 05:51 - 2016-01-05 02:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-13 05:51 - 2016-01-05 02:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-13 05:51 - 2016-01-05 02:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-13 05:51 - 2016-01-05 02:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-13 05:51 - 2016-01-05 02:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-13 05:51 - 2016-01-05 02:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-13 05:51 - 2016-01-05 02:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-13 05:51 - 2016-01-05 02:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-13 05:51 - 2016-01-05 02:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-13 05:51 - 2016-01-05 02:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-13 05:51 - 2016-01-05 02:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-13 05:51 - 2016-01-05 02:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-13 05:51 - 2016-01-05 02:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-12 23:18 - 2016-01-13 06:01 - 00000000 ____D C:\Users\PC\Desktop\IZVOZ 001 2016
2016-01-12 20:10 - 2016-01-12 20:10 - 00000936 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-01-12 20:10 - 2016-01-12 20:10 - 00000888 _____ C:\Users\PC\Desktop\Start Tor Browser.lnk
2016-01-12 20:09 - 2016-01-12 20:10 - 00000000 ____D C:\Users\PC\Desktop\Tor Browser
2016-01-11 00:05 - 2016-01-11 00:05 - 00000000 ____D C:\Users\PC\AppData\Local\ElevatedDiagnostics
2016-01-09 02:36 - 2016-01-09 02:36 - 00000000 _____ C:\Users\PC\ipconfig
2016-01-07 22:04 - 2016-01-11 02:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-05 00:08 - 2016-01-05 00:08 - 00000312 _____ C:\Users\PC\Desktop\masina.txt
2016-01-04 23:36 - 2016-01-05 11:55 - 00000000 ____D C:\Users\PC\AppData\Local\Filmovita
2016-01-04 23:35 - 2016-01-04 23:35 - 00002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Filmovita.lnk
2016-01-04 23:35 - 2016-01-04 23:35 - 00002220 _____ C:\Users\Public\Desktop\Filmovita.lnk
2016-01-04 23:35 - 2016-01-04 23:35 - 00000000 ____D C:\ProgramData\Caphyon
2016-01-04 23:34 - 2016-01-04 23:35 - 00000000 ____D C:\Users\PC\AppData\Local\Filmovita-App
2016-01-04 23:34 - 2016-01-04 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Filmovita
2016-01-04 23:32 - 2016-01-04 23:32 - 00000000 ____D C:\Users\PC\AppData\Roaming\CG
2016-01-02 17:34 - 2016-01-02 17:34 - 00000000 ____D C:\Users\PC\Downloads\The Hobbit 1, 2, 3 - Complete Extended Trilogy Fantasy 2012-2015 Eng Subs 720p [H246-mp4]
2016-01-02 16:16 - 2016-01-02 16:16 - 00001708 _____ C:\Users\PC\Desktop\преузимање.htm
2016-01-02 16:08 - 2016-01-13 17:11 - 00000011 _____ C:\Users\PC\Desktop\Mildred Pierce 1945 xvid Hr.ByShebo (25 fps).srt
2015-12-28 01:43 - 2015-12-28 01:43 - 00002044 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\PokerStars.lnk
2015-12-28 01:43 - 2015-12-28 01:43 - 00002020 _____ C:\Users\PC\Desktop\PokerStars.lnk
2015-12-28 01:43 - 2015-12-28 01:43 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars
2015-12-27 19:28 - 2015-12-27 20:15 - 00000000 ____D C:\Users\PC\Desktop\ETIKETE DIGITALNA STAMPA
2015-12-27 18:25 - 2015-12-27 19:05 - 00000000 ____D C:\Users\PC\Desktop\KREMANSKA VODA

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-26 13:37 - 2015-11-11 11:40 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-26 13:36 - 2015-10-30 07:28 - 00000000 ____D C:\Windows
2016-01-26 13:19 - 2015-11-02 16:08 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-26 13:00 - 2015-11-22 21:28 - 00000000 ____D C:\Users\PC\AppData\Roaming\HPPlugin
2016-01-26 10:59 - 2015-11-06 19:38 - 00000000 ____D C:\Users\PC\AppData\Local\PokerStars
2016-01-26 10:51 - 2015-11-02 21:17 - 00000382 _____ C:\WINDOWS\Tasks\update-sys.job
2016-01-26 09:55 - 2015-11-02 21:17 - 00000382 _____ C:\WINDOWS\Tasks\update-S-1-5-21-3421853655-1393382260-1997549237-1001.job
2016-01-26 08:41 - 2015-12-01 01:47 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-26 08:41 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-26 08:36 - 2015-11-02 16:08 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-26 08:35 - 2015-12-01 01:58 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-26 08:35 - 2015-12-01 01:44 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-25 20:53 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-25 05:25 - 2015-12-01 02:03 - 00000000 ____D C:\Users\PC\AppData\Local\Packages
2016-01-24 20:27 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-24 09:49 - 2015-12-02 06:41 - 00000000 ____D C:\Users\PC\Desktop\New folder
2016-01-22 14:00 - 2015-12-01 01:47 - 00000000 ____D C:\Users\PC
2016-01-20 22:14 - 2015-11-02 16:30 - 00000000 ____D C:\ProgramData\Oracle
2016-01-20 22:09 - 2015-11-02 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-20 22:09 - 2015-11-02 16:30 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-20 22:08 - 2015-11-02 16:31 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-01-20 22:08 - 2015-11-02 16:31 - 00000000 ____D C:\Users\PC\.oracle_jre_usage
2016-01-20 01:24 - 2015-10-30 07:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-18 03:55 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-15 01:21 - 2015-11-02 16:07 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-14 23:38 - 2015-11-14 08:06 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-14 23:38 - 2015-11-14 08:06 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-13 17:47 - 2015-11-11 11:43 - 00000000 ____D C:\Users\PC\AppData\Local\Steam
2016-01-13 06:18 - 2015-11-02 16:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-01-13 06:18 - 2015-11-02 16:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-13 06:15 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-13 06:15 - 2009-07-14 03:34 - 00000478 _____ C:\WINDOWS\win.ini
2016-01-13 06:11 - 2015-11-02 18:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-13 06:07 - 2015-07-18 23:46 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-11 19:46 - 2015-11-06 19:37 - 00000000 ____D C:\Program Files (x86)\PokerStars
2016-01-11 00:08 - 2015-11-22 21:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-05 11:32 - 2015-11-15 17:18 - 00000000 ____D C:\Users\PC\AppData\Roaming\vlc
2016-01-03 02:40 - 2015-10-30 08:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-03 02:40 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 23:30 - 2015-11-29 12:59 - 00000000 ____D C:\Users\PC\AppData\Roaming\uTorrent

==================== Files in the root of some directories =======

2015-11-02 21:17 - 2015-11-02 21:17 - 0000003 _____ () C:\Users\PC\AppData\Local\updater.log
2015-11-02 21:17 - 2015-11-02 21:17 - 0000424 _____ () C:\Users\PC\AppData\Local\UserProducts.xml
2015-11-02 16:21 - 2015-11-02 16:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\PC\AppData\Local\Temp\jre-8u71-windows-au.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-21 03:48

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by PC (2016-01-26 13:38:15)
Running from C:\Users\PC\Desktop
Windows 10 Pro (X64) (2015-12-01 01:02:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3421853655-1393382260-1997549237-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3421853655-1393382260-1997549237-503 - Limited - Disabled)
Guest (S-1-5-21-3421853655-1393382260-1997549237-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3421853655-1393382260-1997549237-1002 - Limited - Enabled)
PC (S-1-5-21-3421853655-1393382260-1997549237-1001 - Administrator - Enabled) => C:\Users\PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3421853655-1393382260-1997549237-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
CGS17_Setup_x64 (Version: 17.1 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{8616305F-122C-4341-9C37-47A9CD322AB2}) (Version: 17.1.0.572 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 17.1.572 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 17.1.572 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.1.0.572 - Corel Corporation)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Filmovita (HKLM-x32\...\Filmovita 1.0.0) (Version: 1.0.0 - CG)
Filmovita (x32 Version: 1.0.0 - CG) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP LaserJet P1000 series (HKLM-x32\...\HP LaserJet P1000 series) (Version: - )
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.2.0.001 - HTC Corporation)
Incomedia WebSite X5 v12 - Home (HKLM-x32\...\{D25ADC00-2219-495D-A577-F14D1BE72756}_is1) (Version: 12.0.4.20 - Incomedia s.r.l.)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
KVIrc (HKLM-x32\...\KVIrc) (Version: - Szymon Stefanek and The KVIrc Development Team)
Lightshot-5.3.0.0 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.3.0.0 - Skillbrains)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 sr) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 sr)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
NVIDIA 3D Vision Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7628 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.52465 - TeamViewer)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114502) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{B4DBD8FE-927A-4BAF-9158-D71D2EE4C00F}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114502) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{B4DBD8FE-927A-4BAF-9158-D71D2EE4C00F}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114502) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{B4DBD8FE-927A-4BAF-9158-D71D2EE4C00F}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebTV Plugin (HKLM-x32\...\{3824BC79-F29F-43BD-83AF-2A2048536708}) (Version: 6.16.9.5 - WebTV Plugin)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3421853655-1393382260-1997549237-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\PC\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {020AF690-5B7E-498E-AEC0-D230BB0450A8} - System32\Tasks\update-S-1-5-21-3421853655-1393382260-1997549237-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {024048C1-3E50-45CB-8F7A-D4D23F54D6CC} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {069D46B7-AF5E-412A-B4BE-600482166046} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {14618335-4070-4A30-870B-ACC8EE0898FA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {2DBE96CF-7550-4068-BB41-2372334FB056} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {311EAD56-9068-4E6D-8111-8424B297B270} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {3151D25D-A3C2-4E7D-9E65-A617025C4D81} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {3391BE50-0D1F-4FE2-B2C8-0B7E895F76E0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {39D5BE29-4A2D-4777-9AA6-AA5C64EFE1C8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {434916D3-BD59-421F-9EBA-7765FBCD034D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {44AD2A5A-F76B-439F-BF76-4315AD412F77} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {4FCFC630-CB02-4DCF-BE2D-C9B90AFC1C79} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {517F0400-0775-444C-95AB-FB77BCEE2D53} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {53CAE391-8E5E-46C1-B020-88B6EC0077C4} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {5431FF9F-9F6C-4DF5-B0F7-50867A15B6D5} - System32\Tasks\Ashampoo Privacy Protector 2015 Weekly Security Scan => C:\Program Files (x86)\Ashampoo\Ashampoo Privacy Protector 2015\PrivacyProtector2015.exe
Task: {57B73214-C5ED-4CFA-B567-0947B24AAE16} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {59609538-27C7-4801-9196-23D799735972} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {67C871E0-F22C-447D-A3D7-B841253266D2} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {6E50D470-786F-4296-9184-CB17A733937E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-13] (Microsoft Corporation)
Task: {6EBCD0F9-DF25-4872-A12B-74B6FEF4463C} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {83CF74D6-6F66-4A44-93A0-B47EC21AFB31} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {89A4BFD1-404A-4EF8-AFF3-747B0AE1D0FC} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {8CCA4A50-8D48-45B9-AD4F-8293B6441A5A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-02] (Google Inc.)
Task: {9BEC2D10-861A-4413-ABBC-9862A3708BBE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A667728F-7EB2-41DD-A620-4318D9BA55E7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A697D817-8C6C-4E82-BACD-A506EF579FA4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A8EC8FD9-AE85-455D-B302-B2BC109ACC01} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B675713F-BCA4-4332-8E61-86180CDF4980} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {C692A921-BC9D-40DE-A567-B1C4ECC9DDFE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C9FE7AE6-4B41-4FC0-BB08-C6EBDC777762} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {CD7C3AFE-3A5D-4726-85A1-3531662319DB} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {CE8839D6-B58A-4ED5-AEF1-B113A2BC7305} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {D0ABD12F-6098-410D-9BB2-D0C55E9A3C5D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {D582A782-6E79-40B8-8D07-4378405ACFC7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-02] (Google Inc.)
Task: {D6A9D0B9-5749-4F31-B6AE-80DEEF803B0A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {DB5C4042-E0CC-441A-97B1-BED0993EB243} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {E64F1C9B-F36B-4A6B-977C-BEEE5DD7C14E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {EDC9D2CB-1857-4758-9D3F-7F7069F5D747} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {F1206799-F859-4B22-9314-E324DB233D9A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F4C9EC4A-CE10-410C-845D-C2DCA0A5F157} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F603A091-0D3D-4FB7-AF20-8FB49CD64485} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {FB9CF27B-EF90-4C77-A7AF-E8C5946D8761} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {FCCD76FE-93B1-4F1E-8726-61F22830583D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3421853655-1393382260-1997549237-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-01 01:44 - 2015-10-13 18:26 - 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-11-19 22:13 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-12-03 03:49 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-22 03:34 - 2016-01-22 03:35 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-03 03:49 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-13 15:07 - 2015-10-13 15:07 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-12-18 15:15 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 15:15 - 2015-12-07 05:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-18 15:15 - 2015-12-07 05:00 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-01-13 05:51 - 2016-01-05 02:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 05:52 - 2016-01-05 02:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-13 05:51 - 2016-01-05 02:24 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-13 05:51 - 2016-01-05 02:26 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-22 03:34 - 2016-01-22 03:35 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 03:34 - 2016-01-22 03:35 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-01-15 01:20 - 2016-01-12 17:35 - 01590088 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libglesv2.dll
2016-01-15 01:20 - 2016-01-12 17:35 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libegl.dll
2016-01-19 23:49 - 2016-01-19 14:06 - 16792256 _____ () C:\Users\PC\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.286\pepflashplayer.dll
2015-04-23 22:43 - 2015-04-23 22:43 - 00044544 _____ () C:\Program Files (x86)\Web_TV\WebTVPlugin\NPPlugin.dll
2015-04-23 22:42 - 2015-04-23 22:42 - 00391168 _____ () C:\Program Files (x86)\Web_TV\WebTVPlugin\libhpp.dll
2015-04-23 22:40 - 2015-04-23 22:40 - 00512000 _____ () C:\Program Files (x86)\Web_TV\WebTVPlugin\dmpbase.dll
2015-04-23 22:41 - 2015-04-23 22:41 - 00046080 _____ () C:\Program Files (x86)\Web_TV\WebTVPlugin\OttCaInterface.dll
2015-04-23 22:40 - 2015-04-23 22:40 - 00490496 _____ () C:\Program Files (x86)\Web_TV\WebTVPlugin\libepp.dll
2015-04-23 22:40 - 2015-04-23 22:40 - 03482112 _____ () C:\Program Files (x86)\Web_TV\WebTVPlugin\PowerEngine.dll
2015-04-23 22:40 - 2015-04-23 22:40 - 00057344 _____ () C:\Program Files (x86)\Web_TV\WebTVPlugin\PELog.dll
2015-04-23 22:41 - 2015-04-23 22:41 - 00069120 _____ () C:\Program Files (x86)\Web_TV\WebTVPlugin\PEBase.dll
2015-04-23 22:41 - 2015-04-23 22:41 - 00028160 _____ () C:\Program Files (x86)\Web_TV\WebTVPlugin\PEDiag.dll
2015-04-23 22:41 - 2015-04-23 22:41 - 01203712 _____ () C:\Program Files (x86)\Web_TV\WebTVPlugin\PEHttpBase.dll
2015-04-23 22:40 - 2015-04-23 22:40 - 00534016 _____ () C:\Program Files (x86)\Web_TV\WebTVPlugin\OttVmxCa.dll
2015-04-23 22:40 - 2015-04-23 22:40 - 07093600 _____ () C:\Program Files (x86)\Web_TV\WebTVPlugin\ViewRightWebClient.dll
2012-07-04 15:50 - 2012-07-04 15:50 - 01347511 _____ () C:\Program Files (x86)\KVIrc\libkvilib.dll
2012-05-13 08:01 - 2012-05-13 08:01 - 00101390 _____ () C:\Program Files (x86)\KVIrc\libz-1.dll
2011-05-10 09:53 - 2011-05-10 09:53 - 00043008 _____ () C:\Program Files (x86)\KVIrc\libgcc_s_dw2-1.dll
2011-05-10 09:53 - 2011-05-10 09:53 - 00011362 _____ () C:\Program Files (x86)\KVIrc\mingwm10.dll
2012-07-04 16:04 - 2012-07-04 16:04 - 00320056 _____ () C:\Program Files (x86)\KVIrc\modules\libkvitrayicon.dll
2012-07-04 15:59 - 2012-07-04 15:59 - 00399129 _____ () C:\Program Files (x86)\KVIrc\modules\libkvinotifier.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0A8E2C33

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-11-19 02:03 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3421853655-1393382260-1997549237-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{0F7A1533-09BD-4466-BEB4-E8C77FC56F0B}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DACDAD1E-7634-41ED-9402-A3CEA65DAD1F}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1240D748-8EA3-4F9B-8455-3C09844C29CB}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{64BF38A8-AD9A-4C50-ABB9-0A9D828E3F1F}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A7C5BA3B-5FF0-4F4E-80B1-B2FADB68574C}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{74DA4379-F5DE-48EF-8C1C-CD7F3DCEFCB0}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{9097A29B-7B52-493B-8F3A-83A2EA8FA14B}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{575F70D7-34A8-4A65-9593-1A8C93EFDBA2}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{15841393-4076-4965-8308-7F64972F1631}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EE8E14BD-EE61-40B6-BBE8-47C0AB97F4EA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{E19798EE-D763-4C42-B635-0E22AE43A432}C:\games\counter-strike\hl.exe] => (Allow) C:\games\counter-strike\hl.exe
FirewallRules: [TCP Query User{42E62DBE-BF1C-4FE8-B664-F439C9AFA23C}C:\games\counter-strike\hl.exe] => (Allow) C:\games\counter-strike\hl.exe
FirewallRules: [UDP Query User{6A3D3CD9-8367-45EC-BA23-E6B7FCA26A36}C:\program files (x86)\kvirc\kvirc.exe] => (Allow) C:\program files (x86)\kvirc\kvirc.exe
FirewallRules: [TCP Query User{78582EC1-E63C-4633-9ABF-90C7F36F98A8}C:\program files (x86)\kvirc\kvirc.exe] => (Allow) C:\program files (x86)\kvirc\kvirc.exe
FirewallRules: [{554034F2-1896-47CE-A3D0-5177D2674366}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E37781AE-AC7B-4CF8-86EE-A18605EA78C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{99055D7B-5C9A-42F4-B0F8-59160149784D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B06FE18B-A14A-4DC0-BEB6-4B5A4D94E281}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{623FB0B8-00CB-441B-B135-50306A26A868}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2387B474-5798-4FA7-8950-2A5676DAC3CB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{DAEEFCA2-422B-44E1-BDCB-4A76E28FCA3A}C:\games\counter-strike\hl.exe] => (Allow) C:\games\counter-strike\hl.exe
FirewallRules: [TCP Query User{A12D4665-BCA7-4E0F-9370-C975260BE047}C:\games\counter-strike\hl.exe] => (Allow) C:\games\counter-strike\hl.exe
FirewallRules: [{C0266F84-846E-4CD1-A3F8-CC92EF41F7C4}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
FirewallRules: [{EEF50064-BD61-4F3A-AE13-C6D1B093A544}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
FirewallRules: [{0E477553-A9DD-4982-AD85-56632B43FC56}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{983062BB-F4A4-470B-BEEA-7B9C20E760C1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{65D0C1B1-6EBA-4A40-AC24-5D5294605BBD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{AD8BC70B-913D-4A22-A430-39F61ACCDA9F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{CBF7AEE2-4827-4ACB-B4EC-7A06BC90A3AA}C:\program files (x86)\kvirc\kvirc.exe] => (Allow) C:\program files (x86)\kvirc\kvirc.exe
FirewallRules: [TCP Query User{9510168E-CEC0-42F0-82A9-4FE351B2C059}C:\program files (x86)\kvirc\kvirc.exe] => (Allow) C:\program files (x86)\kvirc\kvirc.exe
FirewallRules: [{E2DECE4C-EE93-493A-B05C-5E89CAA60DF2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B12F5ADA-A2F1-49CB-8709-279A4CC93C59}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{40861264-1560-4B26-8DC8-26ED132D5106}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AF25880C-DDD6-44B3-B59F-37C6F039843A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{40D4699B-2131-443D-A10C-21E5038D382F}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{A689E88F-1B7C-442A-B2F4-3DAE42E82245}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
FirewallRules: [{3970F186-55BF-47D4-9400-F4AB33D938DE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2D8C5666-778F-4834-BB8E-E4CF6273C4F5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{984C67B1-DD6A-496D-9A4B-D03CA786FC15}C:\users\pc\appdata\local\filmovita-app\filmovita.exe] => (Allow) C:\users\pc\appdata\local\filmovita-app\filmovita.exe
FirewallRules: [UDP Query User{A396D3DA-12B5-4416-9FF3-3D4F5E6DFBA1}C:\users\pc\appdata\local\filmovita-app\filmovita.exe] => (Allow) C:\users\pc\appdata\local\filmovita-app\filmovita.exe
FirewallRules: [TCP Query User{D2F2BED1-ABAB-4071-842A-474FB837FC76}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{A8C15C82-4A9D-4443-B77D-A992F63584A9}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{4AF1AA15-47BE-4475-B681-1CCB31264DB3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{47C6F389-1C13-4AA7-8081-8D73033305F7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{31D408EF-4811-4766-AAB7-2EEF5AD7FCD5}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{454DE3F0-4346-4EB4-AC84-745C4E292D15}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BCC823C5-E458-4751-AC38-00A558C2C819}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

11-01-2016 02:12:46 Windows Update
19-01-2016 15:10:45 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/26/2016 12:15:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_MapsBroker, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x8400000e
Fault offset: 0x0000000000000000
Faulting process id: 0x1568
Faulting application start time: 0xsvchost.exe_MapsBroker0
Faulting application path: svchost.exe_MapsBroker1
Faulting module path: svchost.exe_MapsBroker2
Report Id: svchost.exe_MapsBroker3
Faulting package full name: svchost.exe_MapsBroker4
Faulting package-relative application ID: svchost.exe_MapsBroker5

Error: (01/25/2016 07:35:59 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/25/2016 04:47:02 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/20/2016 09:07:32 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (01/19/2016 03:10:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/18/2016 04:36:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.10586.11, time stamp: 0x56457cb1
Faulting module name: CoreUIComponents.dll, version: 0.0.0.0, time stamp: 0x565185e4
Exception code: 0xc0000005
Fault offset: 0x00000000000780cd
Faulting process id: 0xe38
Faulting application start time: 0xSystemSettings.exe0
Faulting application path: SystemSettings.exe1
Faulting module path: SystemSettings.exe2
Report Id: SystemSettings.exe3
Faulting package full name: SystemSettings.exe4
Faulting package-relative application ID: SystemSettings.exe5

Error: (01/18/2016 04:00:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NetworkUXBroker.exe, version: 10.0.10586.0, time stamp: 0x5632d7f4
Faulting module name: NetworkUXBroker.exe, version: 10.0.10586.0, time stamp: 0x5632d7f4
Exception code: 0xe0464645
Fault offset: 0x000000000000a6d6
Faulting process id: 0x110c
Faulting application start time: 0xNetworkUXBroker.exe0
Faulting application path: NetworkUXBroker.exe1
Faulting module path: NetworkUXBroker.exe2
Report Id: NetworkUXBroker.exe3
Faulting package full name: NetworkUXBroker.exe4
Faulting package-relative application ID: NetworkUXBroker.exe5

Error: (01/18/2016 02:08:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Steam.exe version 3.17.73.86 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: b9c

Start Time: 01d150136e693fc7

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Steam\Steam.exe

Report Id: eedbc77c-bd7f-11e5-8cdd-1c6f65b26aa4

Faulting package full name:

Faulting package-relative application ID:

Error: (01/14/2016 11:37:52 PM) (Source: MsiInstaller) (EventID: 1024) (User: PC-PC)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5800}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (01/13/2016 01:39:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CorelDrw.exe, version: 17.1.0.572, time stamp: 0x538e8a1a
Faulting module name: VGCore.dll, version: 17.1.0.572, time stamp: 0x538e901e
Exception code: 0xc0000005
Fault offset: 0x000000000005eccf
Faulting process id: 0x193c
Faulting application start time: 0xCorelDrw.exe0
Faulting application path: CorelDrw.exe1
Faulting module path: CorelDrw.exe2
Report Id: CorelDrw.exe3
Faulting package full name: CorelDrw.exe4
Faulting package-relative application ID: CorelDrw.exe5


System errors:
=============
Error: (01/26/2016 08:35:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058

Error: (01/26/2016 08:35:09 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:21:27 AM on 1/26/2016 was unexpected.

Error: (01/26/2016 01:41:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058

Error: (01/26/2016 01:41:27 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:19:08 AM on 1/26/2016 was unexpected.

Error: (01/26/2016 12:16:46 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {7006698D-2974-4091-A424-85DD0B909E23}

Error: (01/25/2016 11:49:14 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video1CMDre 00000008 00000000 ffffffff 00000000 00000000

Error: (01/25/2016 11:49:14 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video1CMDre 00000005 0000080c ffffffff 00000000 00000000

Error: (01/25/2016 11:49:14 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video1CMDre 00000003 00000080 00000000 00000000 00000000

Error: (01/25/2016 11:49:14 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video1CMDre 00000001 00000000 00000004 00000000 00000000

Error: (01/24/2016 10:15:50 AM) (Source: DCOM) (EventID: 10016) (User: PC-PC)
Description: machine-defaultLocalActivation{000C101C-0000-0000-C000-000000000046}{000C101C-0000-0000-C000-000000000046}PC-PCPCS-1-5-21-3421853655-1393382260-1997549237-1001LocalHost (Using LRPC)UnavailableS-1-15-2-345103928-2973598073-206490843-2723525434-2030510010-315149802-1662632504


CodeIntegrity:
===================================
Date: 2016-01-22 16:10:56.032
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-20 13:11:02.543
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-19 14:56:22.705
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-18 16:22:03.952
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-18 06:09:49.759
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2016-01-18 06:09:49.697
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2016-01-18 06:09:49.645
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2016-01-18 06:09:49.572
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2016-01-18 06:09:49.538
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2016-01-18 06:09:49.488
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X4 620 Processor
Percentage of memory in use: 56%
Total physical RAM: 4094.46 MB
Available physical RAM: 1761.28 MB
Total Virtual: 8190.46 MB
Available Virtual: 5167.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.04 GB) (Free:89.54 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (( D )) (Fixed) (Total:151.61 GB) (Free:148.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 00069856)
Partition 1: (Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449 MB) - (Type=27)
Partition 3: (Not Active) - (Size=151.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 27 Avg 2005
  • Poruke: 556

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2016.01.29.02
rootkit: v2016.01.20.01

Windows 10 x64 NTFS
Internet Explorer 11.63.10586.0
PC :: PC-PC [administrator]

29.1.2016 8:21:40
mbar-log-2016-01-29 (08-21-40).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 407840
Time elapsed: 21 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Čist si.

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Ko je trenutno na forumu
 

Ukupno su 634 korisnika na forumu :: 10 registrovanih, 4 sakrivenih i 620 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, Bobrock1, cikadeda, DPera, HrcAk47, Kenanjoz, Krvava Devetka, Lord Nem, nemkea71, zlaya011