Restartuje mi se racunar

1

Restartuje mi se racunar

offline
  • Pridružio: 22 Apr 2015
  • Poruke: 4

Pozdrav, imam problem da mi se računar ponekad cesto restartuje, ne restartuje se stalno nego naprimer on radi nedelju-mesec npr normalno da se ne restart a nekad se u toku dana restartuje 5-6 puta sam od sebe.Primetio sam da kada se restart i krene da se pali na onoj slici koja se prva pojavi pise 92 u desnom donjem cosku i kada pise tako 92 nwce da se upali nego se opet restartuje , i onda ga j ugasim pa upalim i onda tu umesto 92 pise 99 i onda se normalno upali, pa posle nekog vremena se opet restart i tako, jel zna neko do cega je to.Hvala unapred

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,

Skini MiniToolBox na Desktop;
Pokreni ga dvoklikom, strikliraj sve ponudjene stavke i klikni na Go;
Nakon sto aplikacija zavrsi rad, izbacice izvestaj u Notepad-u; taj izvestaj okaci u sledecoj poruci da pogledamo.

offline
  • Pridružio: 09 Jun 2015
  • Poruke: 56

Okacio sam sa ovog profila jer sam ono bio pisao sa fona jer se pc restartovao bio,evo ovo sto si trazio
mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Izvini, pomislio sam da je tema otvorena u Windows forumu.

Isprati ovu temu i dostavi FRST izvestaje: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 09 Jun 2015
  • Poruke: 56

evo frst ( mycity.rs/must-login.png ) i nesto addition mi je izaslo ( mycity.rs/must-login.png )





Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by N1kola (administrator) on N1KOLA-PC (25-09-2015 12:00:05)
Running from C:\Users\N1kola\Downloads
Loaded Profiles: N1kola (Available Profiles: N1kola)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DTools LIMITED) C:\ProgramData\cWinManProc\WinManPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ShopperPro) C:\Program Files\Common Files\ShopperPro\spbiu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
(tapochek.net ) C:\Users\N1kola\Downloads\[R.G. Mechanics] Mad Max\setup.exe
() C:\Users\N1kola\AppData\Local\Temp\is-AU7HB.tmp\setup.tmp


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [676608 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-2202714847-2926606003-1158938094-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-2202714847-2926606003-1158938094-1000\...\Run: [uTorrent] => C:\Users\N1kola\AppData\Roaming\uTorrent\uTorrent.exe [1774432 2015-09-18] (BitTorrent Inc.)
HKU\S-1-5-21-2202714847-2926606003-1158938094-1000\...\Run: [LightShot] => C:\Users\N1kola\AppData\Local\Skillbrains\lightshot\Lightshot.exe
HKU\S-1-5-21-2202714847-2926606003-1158938094-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [785416 2015-02-18] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2202714847-2926606003-1158938094-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-04-10] (Electronic Arts)
HKU\S-1-5-21-2202714847-2926606003-1158938094-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53655680 2015-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2202714847-2926606003-1158938094-1000\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-2202714847-2926606003-1158938094-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1303872 2015-03-12] (Lavasoft)
HKU\S-1-5-21-2202714847-2926606003-1158938094-1000\...\MountPoints2: F - F:\Autorun.exe
HKU\S-1-5-21-2202714847-2926606003-1158938094-1000\...\MountPoints2: {029cffd4-d21f-11e4-8977-b8975a6ec3eb} - G:\setup.exe
HKU\S-1-5-21-2202714847-2926606003-1158938094-1000\...\MountPoints2: {1d28a83a-f2a9-11e4-8ebf-b8975a6ec3eb} - H:\setup.exe
HKU\S-1-5-21-2202714847-2926606003-1158938094-1000\...\MountPoints2: {b0c1268b-c6fc-11e4-930a-b8975a6ec3eb} - F:\Autorun.exe
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-11] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-04-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\N1kola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk [2015-06-09]
ShortcutTarget: GameRanger.lnk -> C:\Users\N1kola\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)
Startup: C:\Users\N1kola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-08-18]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [373864 2015-04-21] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [373864 2015-04-21] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [373864 2015-04-21] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [373864 2015-04-21] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [373864 2015-04-21] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BA0454EC-5BF5-41B6-935D-0325022A04C8}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2202714847-2926606003-1158938094-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_150421__yaie
HKU\S-1-5-21-2202714847-2926606003-1158938094-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2202714847-2926606003-1158938094-1000 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150421__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2202714847-2926606003-1158938094-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150421__yaie&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-23] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll [2015-08-11] (Goobzo Ltd.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Ó¦Óñ¦Ò»¼ü°²×°²å¼þ -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-23] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll [2015-08-11] (Goobzo Ltd.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-25] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-07-16] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-07-16] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-07-16] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-07-16] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1440505463&z=fe5657a28f1cff1d8d107d8gdz8z3eawaecw4z6wam&from=amt&uid=TOSHIBAXDT01ACA100_946UMJJNSXX946UMJJNSX

FireFox:
========
FF ProfilePath: C:\Users\N1kola\AppData\Roaming\Mozilla\Firefox\Profiles\fy9eeq4j.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: oursurfing
FF SelectedSearchEngine: oursurfing
FF Homepage: hxxp://www.oursurfing.com/?type=hp&ts=1440505463&z=fe5657a28f1cff1d8d107d8gdz8z3eawaecw4z6wam&from=amt&uid=TOSHIBAXDT01ACA100_946UMJJNSXX946UMJJNSX
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-04-09] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-04-09] (globalUpdate)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-05-27] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2014-06-10] (Verimatrix, Inc.)
FF Plugin HKU\S-1-5-21-2202714847-2926606003-1158938094-1000: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2014-06-10] (Verimatrix, Inc.)
FF Plugin HKU\S-1-5-21-2202714847-2926606003-1158938094-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Users\N1kola\AppData\Roaming\Mozilla\Firefox\Profiles\fy9eeq4j.default\searchplugins\oursurfing-1.xml [2015-09-23]
FF SearchPlugin: C:\Users\N1kola\AppData\Roaming\Mozilla\Firefox\Profiles\fy9eeq4j.default\searchplugins\oursurfing-2.xml [2015-09-23]
FF SearchPlugin: C:\Users\N1kola\AppData\Roaming\Mozilla\Firefox\Profiles\fy9eeq4j.default\searchplugins\oursurfing-3.xml [2015-09-23]
FF SearchPlugin: C:\Users\N1kola\AppData\Roaming\Mozilla\Firefox\Profiles\fy9eeq4j.default\searchplugins\oursurfing-4.xml [2015-09-25]
FF SearchPlugin: C:\Users\N1kola\AppData\Roaming\Mozilla\Firefox\Profiles\fy9eeq4j.default\searchplugins\oursurfing.xml [2015-09-23]
FF Extension: Default SearchProtected - C:\Users\N1kola\AppData\Roaming\Mozilla\Firefox\Profiles\fy9eeq4j.default\Extensions\defsearchp@gmail.com [2015-08-25]
FF Extension: deskCut - C:\Users\N1kola\AppData\Roaming\Mozilla\Firefox\Profiles\fy9eeq4j.default\Extensions\deskCutv2@gmail.com [2015-08-25]
FF Extension: Shopper-Pro - C:\Users\N1kola\AppData\Roaming\Mozilla\Firefox\Profiles\fy9eeq4j.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2015-07-25]
FF Extension: "Fruit - C:\Users\N1kola\AppData\Roaming\Mozilla\Firefox\Profiles\fy9eeq4j.default\Extensions\@BBE3F2ADA671A2F3CE8917BDEA4A3466BBE3.xpi [2015-09-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-23]
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\N1kola\AppData\Roaming\Mozilla\Firefox\Profiles\fy9eeq4j.default\extensions\defsearchp@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\N1kola\AppData\Roaming\Mozilla\Firefox\Profiles\fy9eeq4j.default\extensions\deskCutv2@gmail.com
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\!BBE3F2ADA671A2F3CE8917BDEA4A3466BBE3.js [2015-09-08]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.oursurfing.com/?type=hp&ts=1440505463&z=fe5657a28f1cff1d8d107d8gdz8z3eawaecw4z6wam&from=amt&uid=TOSHIBAXDT01ACA100_946UMJJNSXX946UMJJNSX
CHR StartupUrls: Default -> "hxxp://www.oursurfing.com/?type=hp&ts=1440505463&z=fe5657a28f1cff1d8d107d8gdz8z3eawaecw4z6wam&from=amt&uid=TOSHIBAXDT01ACA100_946UMJJNSXX946UMJJNSX"
CHR DefaultSearchURL: Default -> hxxp://www.oursurfing.com/web/?type=ds&ts=1440505463&z=fe5657a28f1cff1d8d107d8gdz8z3eawaecw4z6wam&from=amt&uid=TOSHIBAXDT01ACA100_946UMJJNSXX946UMJJNSX&q={searchTerms}
CHR DefaultSearchKeyword: Default -> oursurfing
CHR Profile: C:\Users\N1kola\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\N1kola\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-10]
CHR Extension: (Google Docs) - C:\Users\N1kola\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-10]
CHR Extension: (Google Drive) - C:\Users\N1kola\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-10]
CHR Extension: (YouTube) - C:\Users\N1kola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-10]
CHR Extension: (Google Search) - C:\Users\N1kola\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-10]
CHR Extension: (MusixLib Search) - C:\Users\N1kola\AppData\Local\Google\Chrome\User Data\Default\Extensions\egekhjenodlmckpgpkkdpfnodobbgnkf [2015-07-25]
CHR Extension: (Avast SafePrice) - C:\Users\N1kola\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-03-28]
CHR Extension: (Google Docs Offline) - C:\Users\N1kola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-08]
CHR Extension: (Avast Online Security) - C:\Users\N1kola\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\N1kola\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\N1kola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Gmail) - C:\Users\N1kola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-10]
CHR Extension: () - C:\Users\N1kola\AppData\Local\Fruit\Component [2015-09-08]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACTION_SVC; C:\Program Files (x86)\Mirillis\Action!\action_svc.exe [16064 2014-10-25] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-11] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-11] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-04-09] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-04-09] (globalUpdate) [File not signed] <==== ATTENTION
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [836984 2015-03-12] (Lavasoft Limited)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-10] (Electronic Arts)
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [214520 2015-07-30] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175112 2015-02-18] (Sandboxie Holdings, LLC)
S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-03-12] ()
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346416 2015-08-11] (ShopperPro)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\cWinManProc\WinManPro.exe [707720 2015-08-25] (DTools LIMITED) <==== ATTENTION
S2 QQPCRTP; "C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRtp.exe" -r [X]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-11] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-11] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-11] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-11] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-11] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-11] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2015-08-06] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-03-10] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2015-08-06] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [237064 2015-02-18] (Sandboxie Holdings, LLC)
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41632 2015-08-11] ()
R2 SPDRIVER_Unknown; C:\Program Files (x86)\ShopperPro\JSDriver\Unknown\jsdrv.sys [52384 2015-08-11] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-03-30] (Duplex Secure Ltd.)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-08-25] (电脑管家)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-11] (Avast Software)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMUdisk64.sys [X]
S3 TS888x64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TS888x64.sys [X]
S1 TsDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TsDefenseBT64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-25 12:00 - 2015-09-25 12:05 - 00027576 _____ C:\Users\N1kola\Downloads\FRST.txt
2015-09-25 11:59 - 2015-09-25 12:01 - 00000000 ____D C:\FRST
2015-09-25 11:58 - 2015-09-25 11:59 - 02192384 _____ (Farbar) C:\Users\N1kola\Downloads\FRST64.exe
2015-09-25 11:04 - 2015-09-25 11:04 - 00068477 _____ C:\Users\N1kola\Desktop\file.txt
2015-09-25 11:03 - 2015-09-25 11:04 - 00068477 _____ C:\Users\N1kola\Downloads\MTB.txt
2015-09-25 11:02 - 2015-09-25 11:03 - 00891392 _____ (Farbar) C:\Users\N1kola\Downloads\MiniToolBox.exe
2015-09-24 13:07 - 2015-09-24 15:50 - 00000000 ____D C:\Users\N1kola\Downloads\[R.G. Mechanics] Mad Max
2015-09-24 02:30 - 2015-09-24 02:30 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2015-09-19 10:45 - 2015-09-19 10:45 - 00103889 _____ C:\Users\N1kola\Downloads\Mad Max FULL UNLOCKED.torrent
2015-09-19 10:12 - 2015-09-19 10:31 - 00000000 ____D C:\Program Files (x86)\Pro Evolution Soccer 2016
2015-09-19 10:12 - 2015-09-19 10:12 - 00000918 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro Evolution Soccer 2016.lnk
2015-09-19 10:12 - 2015-09-19 10:12 - 00000906 _____ C:\Users\Public\Desktop\Pro Evolution Soccer 2016.lnk
2015-09-18 19:03 - 2015-09-18 19:03 - 00000000 ____D C:\Users\N1kola\Downloads\3DMGAME-Mad.Max.Update.0.Incl.DLC.and.(zabranjeno).v3-3DM
2015-09-18 17:51 - 2015-09-24 18:25 - 00000000 ____D C:\Users\N1kola\Documents\WB Games
2015-09-18 17:43 - 2015-09-18 17:46 - 00000000 ____D C:\Users\N1kola\Downloads\3DMGAME-Mad.Max.Update.0.Incl.DLC.and.(zabranjeno)-3DM
2015-09-18 17:34 - 2015-09-18 17:34 - 00000029 _____ C:\Users\N1kola\Desktop\mad max aa.txt
2015-09-18 14:41 - 2015-09-19 09:59 - 905117696 _____ C:\Users\N1kola\Downloads\rld-prevso2016.iso
2015-09-18 14:40 - 2015-09-18 14:40 - 00013001 _____ C:\Users\N1kola\Downloads\Pro Evolution Soccer 2016-RELOADED-[rarbg.com].torrent
2015-09-16 18:15 - 2015-09-16 18:15 - 00000000 ____D C:\Users\N1kola\Documents\Amnesia
2015-09-16 18:15 - 2015-09-16 18:15 - 00000000 ____D C:\Users\N1kola\AppData\Roaming\fltk.org
2015-09-16 18:15 - 2015-09-16 18:15 - 00000000 ____D C:\ProgramData\fltk.org
2015-09-16 16:43 - 2015-09-16 16:43 - 00000221 _____ C:\Users\N1kola\Desktop\Amnesia The Dark Descent.url
2015-09-14 15:12 - 2015-09-14 15:41 - 00000000 ____D C:\ProgramData\Test Drive Unlimited
2015-09-14 15:12 - 2015-09-14 15:12 - 00000000 ____D C:\Users\N1kola\Documents\Test Drive Unlimited
2015-09-14 15:02 - 2015-09-14 15:02 - 00000000 ____D C:\Users\N1kola\Desktop\TDU
2015-09-08 15:19 - 2015-09-08 15:19 - 00003056 _____ C:\Windows\System32\Tasks\Fruit
2015-09-08 15:19 - 2015-09-08 15:19 - 00000000 ____D C:\Users\N1kola\AppData\Local\Fruit
2015-09-06 17:57 - 2015-09-06 17:57 - 00001934 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-09-06 17:57 - 2015-09-06 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-09-06 17:57 - 2015-09-06 17:57 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-08-31 20:39 - 2015-08-31 20:39 - 222643542 _____ C:\Windows\MEMORY.DMP
2015-08-31 20:39 - 2015-08-31 20:39 - 00341336 _____ C:\Windows\Minidump\083115-26192-01.dmp
2015-08-28 14:39 - 2015-09-08 15:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-26 15:02 - 2015-08-26 15:02 - 01259872 _____ (Tencent) C:\Users\N1kola\AppData\Roaming\Win10TipsCfg.dll
2015-08-26 15:02 - 2015-08-26 15:02 - 00465248 _____ (Tencent) C:\Users\N1kola\AppData\Roaming\QMNetWorkMgr.dll
2015-08-26 15:02 - 2015-08-26 15:02 - 00008277 _____ C:\Users\N1kola\AppData\Roaming\BlockSoftareList.json
2015-08-26 15:02 - 2015-08-26 15:02 - 00000065 _____ C:\Users\N1kola\AppData\Roaming\QMNetworkMgr.ini
2015-08-26 15:02 - 2015-08-26 15:02 - 00000000 ____D C:\Users\N1kola\AppData\Roaming\resources
2015-08-26 15:02 - 2015-08-26 15:02 - 00000000 ____D C:\Users\N1kola\AppData\Roaming\Log
2015-08-26 15:01 - 2015-08-26 15:02 - 03115360 _____ C:\Users\N1kola\AppData\Roaming\WIN10CHECK0825.EXE
2015-08-26 13:40 - 2015-08-26 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-08-26 10:54 - 2015-08-26 14:57 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-25 12:03 - 2015-03-22 15:19 - 00000390 _____ C:\Windows\Tasks\update-S-1-5-21-2202714847-2926606003-1158938094-1000.job
2015-09-25 11:28 - 2015-03-22 15:19 - 00000390 _____ C:\Windows\Tasks\update-sys.job
2015-09-25 11:28 - 2015-03-10 09:27 - 02008462 _____ C:\Windows\WindowsUpdate.log
2015-09-25 11:21 - 2015-05-17 17:31 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2015-09-25 11:17 - 2015-07-16 22:56 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-25 11:17 - 2015-07-16 22:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-25 11:14 - 2015-04-09 21:14 - 00003450 _____ C:\Windows\Tasks\0fc766ec-80a8-4bf3-9d80-8d358b05d0a9-1-6.job
2015-09-25 11:14 - 2015-04-09 21:14 - 00003444 _____ C:\Windows\Tasks\f03778a3-983c-4693-8f38-85a9ce7f052d-1-6.job
2015-09-25 11:14 - 2015-04-09 21:14 - 00002088 _____ C:\Windows\Tasks\0fc766ec-80a8-4bf3-9d80-8d358b05d0a9-10_user.job
2015-09-25 11:11 - 2015-04-16 12:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-25 11:10 - 2015-04-09 21:10 - 00003134 _____ C:\Windows\Tasks\50d39682-837d-49c6-ab7e-5db076378fe6-1-6.job
2015-09-25 11:10 - 2015-04-09 21:10 - 00002108 _____ C:\Windows\Tasks\50d39682-837d-49c6-ab7e-5db076378fe6-10_user.job
2015-09-25 11:10 - 2009-07-14 06:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-25 11:10 - 2009-07-14 06:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-25 10:59 - 2015-04-09 21:10 - 00000906 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-09-25 10:59 - 2015-03-11 04:08 - 00000000 ____D C:\Users\N1kola\AppData\Roaming\uTorrent
2015-09-25 10:58 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-25 10:58 - 2009-07-14 06:51 - 00057906 _____ C:\Windows\setupact.log
2015-09-25 03:47 - 2015-03-10 14:53 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-25 03:20 - 2015-04-09 21:10 - 00000910 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-09-24 17:17 - 2010-11-21 05:47 - 00197644 _____ C:\Windows\PFRO.log
2015-09-24 13:32 - 2015-07-14 23:36 - 00000000 ____D C:\Program Files (x86)\F1.2015.FULL.UNLOCKED-RLDGAMES
2015-09-24 13:32 - 2015-03-12 02:40 - 00000000 ____D C:\Users\N1kola\Documents\ConvertXtoDVD
2015-09-24 13:25 - 2015-04-26 13:56 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2015-09-24 13:23 - 2015-03-10 09:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-24 11:59 - 2015-03-23 19:18 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-09-24 02:29 - 2015-03-10 10:53 - 00000000 ____D C:\Users\N1kola\AppData\Roaming\TS3Client
2015-09-23 16:00 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-09-23 13:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-21 21:11 - 2015-04-16 12:48 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-21 21:11 - 2015-04-16 12:48 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-21 21:11 - 2015-04-16 12:48 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-21 11:45 - 2015-03-22 16:36 - 00001678 _____ C:\Windows\Sandboxie.ini
2015-09-19 10:36 - 2015-03-18 22:00 - 00000000 ____D C:\ProgramData\KONAMI
2015-09-19 10:35 - 2015-03-18 21:55 - 00000000 ____D C:\Users\N1kola\Documents\KONAMI
2015-09-19 10:28 - 2009-07-14 07:13 - 00792712 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-19 10:25 - 2015-03-10 10:12 - 00245346 _____ C:\Windows\DirectX.log
2015-09-19 10:23 - 2015-03-22 14:59 - 00000000 ____D C:\Program Files (x86)\Konami
2015-09-18 17:41 - 2015-03-10 09:31 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-18 17:38 - 2015-04-02 18:58 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-09-18 17:38 - 2015-04-02 18:58 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-09-18 01:30 - 2015-04-12 21:49 - 00000000 ____D C:\Users\N1kola\AppData\Local\Windows Live
2015-09-17 11:12 - 2015-07-16 22:56 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-17 11:12 - 2015-07-16 22:56 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-17 10:50 - 2015-08-25 14:25 - 00000000 ____D C:\Program Files (x86)\MiniLite
2015-09-17 02:30 - 2015-08-25 14:25 - 00000000 ____D C:\ProgramData\update
2015-09-16 16:43 - 2015-03-10 15:01 - 00000000 ____D C:\Users\N1kola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-09-16 03:17 - 2015-04-09 21:10 - 00000000 ____D C:\Program Files (x86)\CinemaP-1.8cV09.04
2015-09-15 15:20 - 2015-03-10 10:00 - 00000000 ____D C:\Users\N1kola\AppData\Local\Google
2015-09-14 11:37 - 2015-03-27 16:29 - 00000000 ____D C:\Users\N1kola\AppData\Roaming\Skype
2015-09-03 11:41 - 2015-07-24 00:39 - 00000000 ____D C:\Users\N1kola\AppData\Roaming\Enigma Software Group
2015-09-02 21:35 - 2015-04-21 16:14 - 00000000 ____D C:\KMPlayer
2015-08-31 20:39 - 2015-03-11 10:15 - 00000000 ____D C:\Windows\Minidump
2015-08-30 12:11 - 2015-07-23 21:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-29 13:25 - 2009-07-14 07:08 - 00032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-26 15:17 - 2015-08-25 14:45 - 00000000 ____D C:\Users\N1kola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-08-26 15:01 - 2015-08-25 14:45 - 00000000 ____D C:\Users\N1kola\AppData\Roaming\Tencent
2015-08-26 13:02 - 2015-03-10 09:26 - 00000000 ____D C:\Users\N1kola\AppData\Local\VirtualStore
2015-08-26 12:57 - 2015-03-24 16:21 - 00000000 ____D C:\Users\N1kola\AppData\Local\Unity
2015-08-26 12:57 - 2015-03-10 16:10 - 00000000 ____D C:\Users\N1kola\AppData\Local\Lenovo
2015-08-26 12:57 - 2015-03-10 10:08 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-08-26 12:55 - 2015-04-12 22:06 - 00000000 ____D C:\Windows\system32\appmgmt
2015-08-26 12:50 - 2015-03-23 19:18 - 00000000 ____D C:\Users\N1kola\AppData\Roaming\Dropbox
2015-08-26 12:47 - 2015-08-25 14:25 - 00000000 ____D C:\Users\N1kola\AppData\Roaming\oursurfing
2015-08-26 12:45 - 2015-07-23 21:25 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-26 12:45 - 2015-03-10 09:27 - 00001447 _____ C:\Users\N1kola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-26 12:45 - 2015-03-10 09:27 - 00001413 _____ C:\Users\N1kola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-08-26 12:44 - 2015-07-14 12:51 - 00000000 ____D C:\Users\N1kola\AppData\Local\LogMeIn Hamachi
2015-08-26 12:41 - 2015-08-25 14:45 - 00000000 ____D C:\ProgramData\Tencent
2015-08-26 12:39 - 2015-04-09 21:14 - 00000000 ____D C:\Program Files (x86)\Sense
2015-08-26 12:39 - 2015-04-09 21:14 - 00000000 ____D C:\Program Files (x86)\Ge-Force
2015-08-26 10:58 - 2015-04-09 21:13 - 00000000 ____D C:\Program Files (x86)\ShopperPro
2015-08-26 10:55 - 2015-03-10 09:40 - 00067456 _____ C:\Users\N1kola\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-26 10:53 - 2015-04-09 21:19 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-26 10:52 - 2009-07-14 06:45 - 00300320 _____ C:\Windows\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======

2015-07-16 00:30 - 2015-07-16 00:30 - 6420480 _____ () C:\Program Files (x86)\GUT8756.tmp
2015-08-06 20:36 - 2015-08-06 20:36 - 0327984 _____ (Microsoft Corporation) C:\Users\N1kola\AppData\Roaming\appraiserxp.dll
2015-08-26 15:02 - 2015-08-26 15:02 - 0008277 _____ () C:\Users\N1kola\AppData\Roaming\BlockSoftareList.json
2015-03-26 21:14 - 2015-03-26 21:14 - 0005542 _____ () C:\Users\N1kola\AppData\Roaming\ERUKVJ
2015-07-15 23:35 - 2015-07-15 23:35 - 0330032 _____ (Microsoft Corporation) C:\Users\N1kola\AppData\Roaming\GetCurrentDeploy.dll
2015-03-11 11:32 - 2015-03-19 22:17 - 0099384 _____ () C:\Users\N1kola\AppData\Roaming\inst.exe
2015-03-26 21:14 - 2015-03-26 21:14 - 0005542 _____ () C:\Users\N1kola\AppData\Roaming\MOFLXU
2015-03-11 11:32 - 2015-03-19 22:17 - 0007859 _____ () C:\Users\N1kola\AppData\Roaming\pcouffin.cat
2015-03-11 11:32 - 2015-03-19 22:17 - 0001167 _____ () C:\Users\N1kola\AppData\Roaming\pcouffin.inf
2015-03-11 11:32 - 2015-03-19 22:17 - 0000055 _____ () C:\Users\N1kola\AppData\Roaming\pcouffin.log
2015-03-11 11:32 - 2015-03-19 22:17 - 0082816 _____ (VSO Software) C:\Users\N1kola\AppData\Roaming\pcouffin.sys
2015-08-26 15:02 - 2015-08-26 15:02 - 0465248 _____ (Tencent) C:\Users\N1kola\AppData\Roaming\QMNetWorkMgr.dll
2015-08-26 15:02 - 2015-08-26 15:02 - 0000065 _____ () C:\Users\N1kola\AppData\Roaming\QMNetworkMgr.ini
2015-06-02 19:12 - 2015-06-02 19:12 - 0709424 _____ (Microsoft Corporation) C:\Users\N1kola\AppData\Roaming\wimgapi.dll
2015-08-26 15:01 - 2015-08-26 15:02 - 3115360 _____ () C:\Users\N1kola\AppData\Roaming\WIN10CHECK0825.EXE
2015-08-26 15:02 - 2015-08-26 15:02 - 1259872 _____ (Tencent) C:\Users\N1kola\AppData\Roaming\Win10TipsCfg.dll
2015-06-02 19:12 - 2015-06-02 19:12 - 0125744 _____ (Microsoft Corporation) C:\Users\N1kola\AppData\Roaming\xmllite.dll
2015-04-12 21:58 - 2015-04-12 21:59 - 0004608 _____ () C:\Users\N1kola\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-22 15:19 - 2015-03-22 15:19 - 0000003 _____ () C:\Users\N1kola\AppData\Local\updater.log
2015-03-22 15:19 - 2015-05-09 12:11 - 0000424 _____ () C:\Users\N1kola\AppData\Local\UserProducts.xml
2015-08-25 14:25 - 2015-08-25 14:25 - 0000124 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


Some files in TEMP:
====================
C:\Users\N1kola\AppData\Local\Temp\360Inst_sohuyy.exe
C:\Users\N1kola\AppData\Local\Temp\bdcam64_0.dll
C:\Users\N1kola\AppData\Local\Temp\bdcam64_1.dll
C:\Users\N1kola\AppData\Local\Temp\bdfilters.dll
C:\Users\N1kola\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\N1kola\AppData\Local\Temp\clrvu.exe
C:\Users\N1kola\AppData\Local\Temp\CojLauncher.exe
C:\Users\N1kola\AppData\Local\Temp\downloader.dll
C:\Users\N1kola\AppData\Local\Temp\drm_dialogs.dll
C:\Users\N1kola\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphm4uwj.dll
C:\Users\N1kola\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\N1kola\AppData\Local\Temp\genteert.dll
C:\Users\N1kola\AppData\Local\Temp\gjdatareport.dll
C:\Users\N1kola\AppData\Local\Temp\install1213087.exe
C:\Users\N1kola\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\N1kola\AppData\Local\Temp\KMPAddedCode_KMP_adpageopen_Step1.exe
C:\Users\N1kola\AppData\Local\Temp\mfc110u.dll
C:\Users\N1kola\AppData\Local\Temp\msvcp110.dll
C:\Users\N1kola\AppData\Local\Temp\msvcr110.dll
C:\Users\N1kola\AppData\Local\Temp\OnlineWeatherSetup.exe
C:\Users\N1kola\AppData\Local\Temp\ose00000.exe
C:\Users\N1kola\AppData\Local\Temp\qqpcmgr_v10.10.16434.218_45080_Silence.exe
C:\Users\N1kola\AppData\Local\Temp\SandboxieInstall.exe
C:\Users\N1kola\AppData\Local\Temp\ShopperProDBUpd.exe
C:\Users\N1kola\AppData\Local\Temp\ShopperProJSINJFull.exe
C:\Users\N1kola\AppData\Local\Temp\Skin.dll
C:\Users\N1kola\AppData\Local\Temp\Social%20Club%20v1.1.6.1%20Setup.exe
C:\Users\N1kola\AppData\Local\Temp\SoHuVA_4.2.0.16-c20762-ng-nti-s-tp-x.exe
C:\Users\N1kola\AppData\Local\Temp\SpOrder.dll
C:\Users\N1kola\AppData\Local\Temp\SRLDetectionLibrary7139661488652000504.dll
C:\Users\N1kola\AppData\Local\Temp\SRLDetectionLibrary7205297484220954437.dll
C:\Users\N1kola\AppData\Local\Temp\tu17p84.exe
C:\Users\N1kola\AppData\Local\Temp\ubi1892.tmp.exe
C:\Users\N1kola\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-21 17:49

==================== End of FRST.txt ============================

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Da, ima tu prilicno malware-a aktivno.


Skeniranje sa AdwCleaner

Preuzmi AdwCleaner i sacuvaj ga na Desktop.

Pokreni alat i sacekaj da se izvrši ažuriranje.
Prihvati Terms of use tako što ceš kliknuti na I Agree.
Klikni Scan i sacekaj da se skeniranje završi.
Kada je gotovo, klikni Clean.
Pojavice se poruka da ce svi programi biti zaustavljeni nakon što klikneš OK, tako da ako imaš nešto da sacuvaš, sada je vreme da to uradiš.
Pojaviše se još dve poruke gde je potrebno kliknuti OK. Racunar ce se restartovati.
Nakon restarta, otvorice se izveštaj, ciji sadržaj možeš kopirati u sledecu poruku.

Napomena: Izveštaji ce biti sacuvani na tvoju sistemsku particiju, obicno je to folder C:\AdwCleaner



Skeniranje sa MalwareBytes

Preuzmi Malwarebytes Anti-Malware i sacuvaj instalaciju na Desktop.
Instaliraj program standardnim putem, samo sto na kraju instalacije mozes da iskljucis Trial verziju, ali i ne moras. Drugu opciju ostavi, MalwareBytes ce biti pokrenut i azuriran.
Nakon sto je to gotovo, klikni na Settings tab, na levoj strani izaberi Detctions & protection and obelezi Scan for rootkits ukoliko vec nije.
U istom prozoru, ispod PUP and PUM detections postavi da bude Treat detections as malware.
Zatim klikni na Scan tab, Izaberi Threat Scan i na kraju klikni na Scan Now.
Nakon sto i ukoliko je malware detektovan, klikni na Apply Actions. Zatim ce MalwareBytes krenuti sa uklanjanjem infekcije i zatrazice ti da restartujes racunar.
Nakon zavrsetka skeniranja (ili nakon restart), klikni na History tab.
Klikni na Application Logs, a zatim dvoklik na najnoviji Scan Log.
Na dnu prozora klikni na Export i izaberi Text file.

Sacuvaj izvestaj na Desktop i prikaci ga u sledecoj poruci.

offline
  • Pridružio: 09 Jun 2015
  • Poruke: 56

Uradicu to sve samo me interesuje tvoje misljenje znaci ti misli da to dovodi do restartovanja?

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Trenutno ne vidim drugi razlog zbog kojega dolazi do restartovanja.

offline
  • Pridružio: 09 Jun 2015
  • Poruke: 56

pitam jer mi se desavalo da uradim sistem i da se tog dana isto restartuje.. a predpostavljam da tad nema virusa i to Smile

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

E ne bih mogao da nagadjam sad. Ja bih prvo ocistio racunar od malware-a, pa posle cemo videti sta dalje.

Ko je trenutno na forumu
 

Ukupno su 733 korisnika na forumu :: 39 registrovanih, 6 sakrivenih i 688 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., amstel2, Boris90, Brankoni, cvrle312, d bos, dekir, goxin, goxsys, havoc995, Hoegaarden, hyla, krkalon, louderick, madza, manda87, Milan A. Nikolic, Milos ZA, moldway, naki011, Neo BetOnBit, Panter, pein, Penzula, peruni, RJ, S.Palestinac, Snorks, sokars, sosko, Srki98, Stanlio, stegonosa, stug, Toni, trundle, vlvl, wolverined4