Mozila prijavljuje blokadu ip adrese

Mozila prijavljuje blokadu ip adrese

offline
  • Pridružio: 16 Avg 2007
  • Poruke: 315
  • Gde živiš: Srbija

Mozila prijavljuje blokadu ip adrese nekog sajta, da li je virus
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-11-2015
Ran by Boban (administrator) on THE_RAIN (01-12-2015 15:53:31)
Running from C:\Users\Boban\Desktop
Loaded Profiles: Boban (Available Profiles: Boban & postgres & Administrator)
Platform: Microsoft Windows 8.1 Pro (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(MDL Forum, mod by Ratiborus) C:\ProgramData\KMSAuto\bin\KMSSS.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\WINDOWS\System32\GWX\GWX.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Intel Corporation) C:\WINDOWS\System32\igfxHK.exe
(Intel Corporation) C:\WINDOWS\System32\igfxTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek semiconductor) C:\WINDOWS\RTFTrack.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
() C:\Users\Boban\AppData\Local\Viber\Viber.exe
(BitTorrent Inc.) C:\Users\Boban\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\Boban\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
(BitTorrent Inc.) C:\Users\Boban\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2248080 2013-03-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [4899552 2013-01-05] (Realtek semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5088456 2014-09-22] (ESET)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-06-13] (Adobe Systems Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [15464464 2013-08-09] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\Utility.exe [183280 2013-05-10] (Lenovo(beijing) Limited)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\...\Run: [Viber] => C:\Users\Boban\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()
HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\...\Run: [uTorrent] => C:\Users\Boban\AppData\Roaming\uTorrent\uTorrent.exe [1822048 2015-10-08] (BitTorrent Inc.)
HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6564776 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\...\MountPoints2: {198c266f-1d11-11e5-9733-48d22498a097} - "F:\Startme.exe"
HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\...\MountPoints2: {46162e71-56b9-11e3-abf2-48d22498a097} - "G:\setup.exe"
HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\...\MountPoints2: {6c803f99-7f37-11e5-986b-48d22498a097} - "F:\setup.exe"
HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\...\MountPoints2: {80cf536e-59cf-11e3-a01c-48d22498a097} - "F:\HTC_Sync_Manager_PC.exe"
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2015-06-13] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 cap.cyberlink.com
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 192.168.1.1
Tcpip\..\Interfaces\{D5E9BD5E-CCB1-4A6B-9FA7-F25D74923A37}: [DhcpNameServer] 8.8.8.8 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1993937917-1451754262-3973385152-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1993937917-1451754262-3973385152-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1993937917-1451754262-3973385152-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10196_swoc_campaign_151008__yaie&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-11-15] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-15] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Boban\AppData\Roaming\Mozilla\Firefox\Profiles\z42j9o0l.default
FF NewTab: hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
FF SelectedSearchEngine: Bing
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-12] ()
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-01-12] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-01-12] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-01-12] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-01-12] (Foxit Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Boban\AppData\Roaming\Mozilla\Firefox\Profiles\z42j9o0l.default\extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-07-14]
FF Extension: Video Downloader Professional - C:\Users\Boban\AppData\Roaming\Mozilla\Firefox\Profiles\z42j9o0l.default\Extensions\ffext_basicvideoext@startpage24.xpi [2015-11-02]
FF Extension: Translate This! - C:\Users\Boban\AppData\Roaming\Mozilla\Firefox\Profiles\z42j9o0l.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2015-11-07]
FF Extension: To Google Translate - C:\Users\Boban\AppData\Roaming\Mozilla\Firefox\Profiles\z42j9o0l.default\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2015-09-03]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-06-09] (Adobe Systems Incorporated)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [281488 2014-10-02] (Intel Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1350112 2014-09-16] (ESET)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [281488 2014-10-02] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462088 2012-06-19] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R2 KMSEmulator; C:\ProgramData\KMSAuto\bin\KMSSS.exe [297472 2014-05-20] (MDL Forum, mod by Ratiborus) [File not signed]
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284520 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIVPC; C:\WINDOWS\System32\drivers\AcpiVpc.sys [28432 2015-07-23] (Lenovo Corporation)
R3 athr; C:\WINDOWS\system32\DRIVERS\athw8.sys [2795520 2013-06-18] (Qualcomm Atheros Communications, Inc.)
S3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [186880 2014-11-21] (Microsoft Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [242240 2015-10-30] (DT Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [191928 2014-08-18] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [190368 2014-08-18] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [135296 2014-08-18] (ESET)
R2 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [176448 2014-08-18] (ESET)
R1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [37928 2014-08-18] (ESET)
R0 epfwwfp; C:\WINDOWS\System32\DRIVERS\epfwwfp.sys [51288 2014-09-18] (ESET)
R3 ETD; C:\WINDOWS\system32\DRIVERS\ETD.sys [311696 2013-03-06] (ELAN Microelectronics Corp.)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [32152 2014-08-01] (Intel Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [23448 2014-08-01] (Intel Corporation)
S3 LGBusEnum; C:\WINDOWS\system32\drivers\LGBusEnum.sys [33824 2015-06-11] (Logitech Inc.)
S3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [64168 2015-06-11] (Logitech Inc.)
S3 LGVirHid; C:\WINDOWS\system32\drivers\LGVirHid.sys [25768 2015-06-11] (Logitech Inc.)
R0 LHDmgr; C:\WINDOWS\System32\DRIVERS\LhdX86.sys [32352 2010-01-15] (Lenovo.)
R3 MEI; C:\WINDOWS\System32\drivers\HECI.sys [55104 2012-07-18] (Intel Corporation)
S3 RSUSBVSTOR; C:\WINDOWS\System32\Drivers\RtsUVStor.sys [242760 2013-01-16] (Realtek Semiconductor Corp.)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [6367072 2013-01-05] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [28656 2013-03-09] (Synaptics Incorporated)
S3 tap0901; C:\WINDOWS\system32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [38928 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [233304 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84824 2015-07-07] (Microsoft Corporation)
R3 WUDFSensorLP; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [190976 2014-11-21] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [190976 2014-11-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-01 15:53 - 2015-12-01 15:54 - 00016433 _____ C:\Users\Boban\Desktop\FRST.txt
2015-12-01 15:52 - 2015-12-01 15:53 - 01721344 _____ (Farbar) C:\Users\Boban\Desktop\FRST.exe
2015-12-01 15:25 - 2015-12-01 15:25 - 00000000 ____D C:\Users\Boban\AppData\LocalLow\uTorrent
2015-11-29 11:06 - 2014-07-11 11:09 - 00278248 _____ C:\Users\Boban\Desktop\IMG-20140711-WA0004.jpeg
2015-11-27 16:04 - 2015-11-27 16:11 - 00000000 ____D C:\Users\Boban\Desktop\tenis
2015-11-25 22:30 - 2015-11-25 22:30 - 00358990 _____ C:\Users\Boban\Desktop\Brosura1jpf_Page13.jpx
2015-11-25 22:18 - 2015-11-25 22:26 - 00000000 ____D C:\Users\Boban\Downloads\Acrobat.DC
2015-11-25 22:12 - 2015-11-25 22:14 - 00000000 ____D C:\Users\Boban\Downloads\Live At Teufelsberg Berlin 2015
2015-11-25 16:24 - 2015-11-25 16:48 - 1148281818 ____R C:\Users\Boban\Downloads\Spectre.2015.REAL.720P.HDTS.1GB.MkvCage.mkv
2015-11-25 16:19 - 2015-11-25 16:19 - 03897753 _____ C:\Users\Boban\Desktop\Brosura1.pdf
2015-11-25 16:18 - 2015-11-25 16:18 - 00000000 ____D C:\Users\Boban\AppData\Local\Foxit PhantomPDF
2015-11-25 14:52 - 2015-11-25 16:12 - 483242136 ____R C:\Users\Boban\Downloads\AdbIdsgn015.11.0.0.72.x32.rar
2015-11-25 14:51 - 2015-11-25 14:51 - 00037625 _____ C:\Users\Boban\Desktop\[kat.cr]adobe.indesign.cc.2015.v11.0.0.72.multilingual.x86.patch.keygen.appzdam.torrent
2015-11-25 09:26 - 2015-11-25 09:52 - 00000000 ____D C:\Users\Boban\Desktop\brosura
2015-11-22 15:58 - 2015-11-22 16:00 - 11123663 _____ C:\Users\Boban\Desktop\Brosura.pdf
2015-11-21 23:24 - 2015-11-21 23:24 - 00001075 _____ C:\Users\Public\Desktop\Foxit PhantomPDF.lnk
2015-11-21 23:24 - 2015-11-21 23:24 - 00000000 ____D C:\Users\Public\Foxit Software
2015-11-21 23:24 - 2015-11-21 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2015-11-21 23:23 - 2015-11-21 23:23 - 00000000 ____D C:\Program Files\Foxit Software
2015-11-21 23:12 - 2015-11-21 23:12 - 00000000 ____D C:\Users\Boban\Downloads\Foxit PhantomPDF Business 7.2.5.930
2015-11-21 22:42 - 2015-11-21 22:43 - 00116086 _____ C:\Users\Boban\Documents\cc_20151121_224238.reg
2015-11-21 22:22 - 2015-11-21 22:22 - 00000981 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-11-21 22:22 - 2015-11-21 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-11-21 22:12 - 2015-11-21 22:26 - 00000000 ____D C:\Program Files\CCleaner
2015-11-21 22:11 - 2015-11-21 22:11 - 00000000 ____D C:\Users\Boban\Downloads\CCleaner PRO- Business-Technician 5.11.5408 FINAL + (zabranjeno) [TechTools.net]
2015-11-21 16:12 - 2015-12-01 15:53 - 00000000 ____D C:\FRST
2015-11-21 16:07 - 2015-11-21 16:09 - 00000000 ____D C:\AdwCleaner
2015-11-20 20:55 - 2015-11-20 20:55 - 00000000 ____D C:\Users\Boban\AppData\Local\Caminova
2015-11-20 20:55 - 2015-11-20 20:55 - 00000000 ____D C:\ProgramData\Caminova
2015-11-20 20:37 - 2015-11-29 09:05 - 00000000 ____D C:\Users\Boban\AppData\Roaming\Foxit Software
2015-11-20 20:16 - 2015-11-20 20:29 - 00000000 ____D C:\Users\Boban\Downloads\Foxit PhantomPDF Business 7.2.0.0722
2015-11-20 13:23 - 2015-11-20 13:24 - 00000000 ____D C:\Users\Boban\AppData\LocalLow\Temp
2015-11-20 12:08 - 2015-11-20 12:08 - 00000000 ____D C:\Users\Boban\tmp132496
2015-11-20 11:51 - 2015-11-20 11:51 - 00000000 ____D C:\Users\Boban\tmp12321
2015-11-20 11:44 - 2015-11-20 13:03 - 00000000 ____D C:\Users\Boban\AppData\Roaming\Nitro
2015-11-20 11:39 - 2015-11-20 11:39 - 00000000 ____D C:\ProgramData\Nitro
2015-11-20 11:38 - 2015-11-20 11:38 - 00000000 ____D C:\Users\Boban\AppData\Roaming\Downloaded Installations
2015-11-20 11:22 - 2015-11-20 11:22 - 00001532 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2015-11-20 11:19 - 2015-11-20 11:24 - 00000000 ____D C:\Users\Boban\Downloads\Nitro PDF Pro Retail V 9.0.4.5 _x32 Bit & x 64 Bit_ {Aryan_l33t}-[LittleFairyRG]
2015-11-20 11:17 - 2015-11-20 11:29 - 00000000 ____D C:\Users\Boban\Downloads\Adobe InDesign CC 2015 (v11.0) x86-x64 RUS-ENG {by M0nkrus}-=TEAM OS=-
2015-11-20 11:14 - 2015-11-20 11:34 - 00000000 ____D C:\Temp Adobe
2015-11-19 23:39 - 2015-11-20 10:53 - 00013396 _____ C:\Users\Boban\Desktop\Book1.xlsx
2015-11-19 21:58 - 2015-11-19 21:58 - 12173112 _____ C:\Users\Boban\Desktop\Platne_liste.pdf
2015-11-16 17:51 - 2015-11-16 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingsoft Office
2015-11-16 17:51 - 2015-11-16 17:51 - 00000000 ____D C:\ProgramData\Kingsoft
2015-11-16 17:49 - 2015-11-16 17:49 - 00000000 ____D C:\Users\Boban\AppData\Roaming\Kingsoft
2015-11-16 17:49 - 2015-11-16 17:49 - 00000000 ____D C:\Program Files\Kingsoft
2015-11-15 17:58 - 2015-11-15 17:58 - 00000000 ____D C:\Program Files\Common Files\Java
2015-11-12 21:57 - 2015-11-12 21:57 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-12 16:06 - 2015-09-29 13:30 - 00131416 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-12 16:06 - 2015-09-04 19:04 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-12 16:06 - 2015-08-28 23:24 - 00148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-12 16:06 - 2015-08-20 21:01 - 01134168 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-12 15:58 - 2015-11-12 16:00 - 00000000 ____D C:\Users\Boban\AppData\Local\Viber
2015-11-12 13:07 - 2015-10-20 22:59 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-12 13:07 - 2015-10-20 15:21 - 03066368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-12 13:07 - 2015-10-20 15:14 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-12 13:07 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-12 13:07 - 2015-10-20 15:13 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-12 13:07 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-12 13:07 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-12 13:07 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-12 13:07 - 2015-10-17 15:00 - 03521536 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-12 13:07 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-12 13:07 - 2015-10-15 00:07 - 05765976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-12 13:07 - 2015-10-15 00:07 - 01393584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-12 13:07 - 2015-10-15 00:07 - 01282528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-12 13:07 - 2015-10-15 00:07 - 01269072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-12 13:07 - 2015-10-15 00:07 - 01168912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-12 13:07 - 2015-10-13 17:24 - 00462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-12 13:07 - 2015-10-13 17:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-12 13:07 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-12 13:07 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-12 13:07 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-12 13:07 - 2015-10-11 07:41 - 00478800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-12 13:07 - 2015-10-11 07:41 - 00148312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-12 13:07 - 2015-10-10 18:35 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-12 13:07 - 2015-10-10 18:35 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-12 13:07 - 2015-10-10 17:46 - 01117696 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-12 13:07 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-12 13:07 - 2015-10-08 16:45 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-12 13:07 - 2015-09-12 14:28 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-12 13:07 - 2015-08-10 18:01 - 00570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-12 13:07 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-12 13:07 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-12 13:06 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-12 13:06 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-12 13:06 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-12 13:06 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-12 13:06 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-12 13:06 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-12 13:06 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-12 13:06 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-12 13:06 - 2015-10-30 23:09 - 00686080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-12 13:06 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-12 13:06 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-12 13:06 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-12 13:06 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-12 13:06 - 2015-09-07 16:53 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2015-11-12 13:06 - 2015-09-07 16:51 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ppcsnap.dll
2015-11-12 13:06 - 2015-09-07 16:22 - 00873984 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-08 21:47 - 2015-11-07 11:23 - 510750318 _____ C:\Users\Boban\Desktop\MOV09221.MPG
2015-11-08 19:36 - 2015-11-08 19:36 - 00001152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2015-11-08 19:36 - 2015-11-08 19:36 - 00001140 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2015-11-08 19:31 - 2015-11-08 19:32 - 00000000 ____D C:\Users\Boban\Downloads\TeamViewer Enterprise 9.0.27614 Final Multilanguage Incl (zabranjeno) - SceneDL
2015-11-08 17:51 - 2015-11-08 17:51 - 00000000 ____D C:\Users\Boban\AppData\Roaming\AVS4YOU
2015-11-08 17:51 - 2015-11-08 17:51 - 00000000 ____D C:\ProgramData\AVS4YOU
2015-11-08 17:50 - 2015-11-08 17:50 - 00001179 _____ C:\Users\Boban\Desktop\AVS Video Editor.lnk
2015-11-08 17:50 - 2015-11-08 17:50 - 00000000 ____D C:\Users\Boban\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-11-08 17:50 - 2015-11-08 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-11-08 17:49 - 2015-11-08 17:50 - 00000000 ____D C:\Program Files\Common Files\AVSMedia
2015-11-08 17:49 - 2015-11-08 17:50 - 00000000 ____D C:\Program Files\AVS4YOU
2015-11-08 17:49 - 2011-06-23 12:25 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3a.dll
2015-11-08 17:48 - 2015-11-08 17:48 - 00000826 _____ C:\WINDOWS\system32\Drivers\etc\hosts.txt
2015-11-08 17:35 - 2015-11-08 17:45 - 00000000 ____D C:\Users\Boban\Downloads\AVS Video Editor 7.1.4.264 + (zabranjeno) {B4tman}
2015-11-07 23:19 - 2015-11-07 23:20 - 00000000 ____D C:\Users\Public\CyberLink
2015-11-07 19:13 - 2015-11-07 19:13 - 00000000 ____D C:\Users\Boban\AppData\Roaming\CyberLink
2015-11-07 19:13 - 2015-11-07 19:13 - 00000000 ____D C:\Users\Boban\AppData\Local\CyberLink
2015-11-07 19:12 - 2015-11-07 19:12 - 00000000 ____D C:\ProgramData\SmartSound Software Inc
2015-11-07 19:12 - 2015-11-07 19:12 - 00000000 ____D C:\ProgramData\eSellerate
2015-11-07 19:12 - 2015-11-07 19:12 - 00000000 ____D C:\Program Files\SmartSound Software
2015-11-07 19:11 - 2015-11-07 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-11-07 19:11 - 2015-11-07 19:11 - 00000000 ____D C:\ProgramData\Apple Computer
2015-11-07 19:11 - 2015-11-07 19:11 - 00000000 ____D C:\Program Files\QuickTime
2015-11-07 19:10 - 2015-11-07 19:10 - 00000000 ____D C:\Users\Boban\AppData\Local\Apple
2015-11-07 19:10 - 2015-11-07 19:10 - 00000000 ____D C:\ProgramData\Apple
2015-11-07 19:06 - 2015-11-07 19:26 - 00335896 _____ (proDAD GmbH) C:\WINDOWS\system32\proDAD-PA-Support.dll
2015-11-07 19:06 - 2015-11-07 19:21 - 00506392 _____ (proDAD GmbH) C:\WINDOWS\system32\prodad-codec.dll
2015-11-07 19:06 - 2015-11-07 19:06 - 00000000 ____D C:\Users\Boban\AppData\Roaming\proDAD
2015-11-07 19:06 - 2015-11-07 19:06 - 00000000 ____D C:\Users\Boban\AppData\LocalLow\Apple Computer
2015-11-07 19:06 - 2015-11-07 19:06 - 00000000 ____D C:\ProgramData\proDAD
2015-11-07 19:06 - 2015-11-07 19:06 - 00000000 ____D C:\Program Files\proDAD
2015-11-07 19:05 - 2015-11-08 17:43 - 00000000 ____D C:\Program Files\NewBlue
2015-11-07 19:05 - 2015-11-07 19:05 - 00000000 ____D C:\Program Files\NSIS Uninstall Information
2015-11-07 19:05 - 2015-11-07 19:05 - 00000000 ____D C:\Program Files\Common Files\NewBlue
2015-11-07 19:00 - 2015-11-08 17:39 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2015-11-07 19:00 - 2015-11-08 17:15 - 00000000 ____D C:\ProgramData\CyberLink
2015-11-07 19:00 - 2015-11-07 19:00 - 00000000 ____D C:\ProgramData\install_clap
2015-11-07 17:51 - 2015-11-07 18:09 - 1283958539 _____ C:\Users\Boban\Downloads\CybPwrDir.Ultimate.14.0.2019.0.rar
2015-11-06 15:21 - 2015-11-06 15:21 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-11-06 15:20 - 2015-11-06 15:20 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-11-06 15:20 - 2015-11-06 15:20 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-11-05 19:32 - 2015-11-05 19:32 - 00000000 ____D C:\WebSite X5 - Websites
2015-11-05 19:27 - 2015-11-05 19:27 - 00000000 ____D C:\Users\Boban\AppData\Local\Incomedia
2015-11-05 19:15 - 2015-11-05 19:15 - 00001133 _____ C:\Users\Public\Desktop\WebSite X5 Professional 12.lnk
2015-11-05 19:15 - 2015-11-05 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebSite X5 v12 - Professional
2015-11-05 19:14 - 2015-11-05 19:18 - 00000000 ____D C:\Program Files\WebSite X5 v12 - Professional
2015-11-02 16:24 - 2015-11-02 16:42 - 00000000 ____D C:\Users\Boban\Downloads\Quick 'n Easy Web Builder v. 1.0.6 [K]racked

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-01 15:53 - 2015-10-08 15:44 - 00000000 ____D C:\Users\Boban\AppData\Roaming\uTorrent
2015-12-01 15:26 - 2015-06-24 10:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-01 15:25 - 2015-06-24 10:16 - 00000000 ____D C:\Users\Boban\AppData\Roaming\ViberPC
2015-12-01 15:24 - 2015-07-09 13:23 - 00000000 ____D C:\Users\Boban\AppData\Local\HTC MediaHub
2015-12-01 15:24 - 2013-08-22 08:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-01 15:24 - 2013-08-22 07:21 - 00000000 ____D C:\WINDOWS
2015-12-01 15:14 - 2015-06-21 09:37 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-01 15:04 - 2015-06-21 09:40 - 00000000 ____D C:\Users\Boban\AppData\Local\Adobe
2015-12-01 15:02 - 2015-02-20 22:16 - 00000000 ____D C:\Users\Boban\Documents\ViberDownloads
2015-11-29 11:20 - 2015-08-05 20:24 - 01492992 ___SH C:\Users\Boban\Desktop\Thumbs.db
2015-11-29 11:04 - 2015-08-03 16:07 - 00000000 ____D C:\Users\Boban\AppData\Roaming\vlc
2015-11-29 10:29 - 2015-06-20 21:16 - 00000000 ____D C:\ProgramData\TEMP
2015-11-27 16:22 - 2014-11-21 04:14 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-27 16:22 - 2013-08-22 07:21 - 00000000 ____D C:\WINDOWS\inf
2015-11-25 14:53 - 2015-06-21 09:37 - 00000000 ____D C:\Program Files\Adobe
2015-11-22 10:32 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-21 23:18 - 2015-06-21 10:22 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-21 22:51 - 2015-06-21 09:37 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-11-21 22:41 - 2015-10-08 09:48 - 00000000 ____D C:\Users\Boban\AppData\Roaming\TeamViewer
2015-11-21 22:41 - 2015-06-20 19:04 - 00000000 ____D C:\Users\Boban\AppData\Roaming\DAEMON Tools Pro
2015-11-21 22:39 - 2015-06-12 07:55 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-21 22:06 - 2013-08-22 07:13 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-21 16:10 - 2013-08-22 08:22 - 03971512 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-20 12:08 - 2015-06-21 03:04 - 00000000 ____D C:\Users\Boban
2015-11-20 11:51 - 2015-06-20 18:12 - 00000000 ____D C:\Users\Boban\AppData\Roaming\Adobe
2015-11-20 11:34 - 2015-06-21 09:41 - 00000000 ____D C:\ProgramData\Adobe
2015-11-16 18:32 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\rescache
2015-11-15 17:58 - 2015-06-28 10:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-15 17:58 - 2015-06-28 10:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-11-15 17:57 - 2015-08-31 15:19 - 00000000 ____D C:\Users\Boban\.oracle_jre_usage
2015-11-15 17:56 - 2015-06-28 10:09 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-11-15 17:55 - 2015-06-28 10:06 - 00000000 ____D C:\Program Files\Java
2015-11-14 17:29 - 2015-06-20 19:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-14 17:29 - 2013-08-22 09:05 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-13 20:48 - 2015-06-20 18:26 - 00000000 ____D C:\Users\Boban\AppData\Local\GHISLER
2015-11-13 20:25 - 2015-06-21 09:16 - 00000000 ____D C:\Users\Boban\AppData\Roaming\Skype
2015-11-12 17:27 - 2015-06-12 02:56 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-12 17:27 - 2013-08-22 09:17 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-12 16:39 - 2015-06-12 02:56 - 143250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-12 16:26 - 2015-10-14 21:26 - 05286088 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-11-08 20:39 - 2015-10-02 14:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-11-08 20:23 - 2015-10-02 14:57 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-11-08 20:21 - 2015-03-21 20:42 - 00000000 ____D C:\Users\Boban\Downloads\Blues and Rock Ballads Vol.4 (2014)
2015-11-08 20:20 - 2014-01-02 15:14 - 00000000 ____D C:\Users\Boban\Downloads\Jerusalem - Jerusalem (1972)
2015-11-08 19:36 - 2015-10-08 09:48 - 00000000 ____D C:\Program Files\TeamViewer
2015-11-07 23:03 - 2015-06-27 18:42 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-11-07 23:00 - 2013-08-22 09:17 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-07 22:49 - 2015-07-09 13:23 - 00000000 ____D C:\Users\Boban\AppData\Roaming\Apple Computer
2015-11-07 18:08 - 2013-08-22 07:13 - 00000167 _____ C:\WINDOWS\win.ini
2015-11-05 18:54 - 2015-09-26 10:24 - 00000000 ____D C:\WebSite X5 - Projects
2015-11-03 18:51 - 2015-06-12 02:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-11-03 17:01 - 2015-06-12 02:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-11-03 01:23 - 2014-11-21 06:50 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-11-03 01:23 - 2014-11-21 06:50 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-11-02 15:14 - 2014-09-04 22:13 - 00000000 ____D C:\Users\Boban\Documents\Incomedia
2015-11-02 14:39 - 2014-07-02 09:23 - 00000000 ____D C:\usb
2015-11-01 13:04 - 2014-12-06 10:41 - 00000000 ___RD C:\Users\Boban\Dropbox

==================== Files in the root of some directories =======

2015-07-19 09:48 - 2015-07-19 09:48 - 0000001 _____ () C:\Users\Boban\AppData\Local\llftool.4.40.agreement
2015-07-19 09:59 - 2015-07-19 09:59 - 0000019 _____ () C:\Users\Boban\AppData\Local\llftool.license
2015-08-01 07:56 - 2015-08-01 07:56 - 0000017 _____ () C:\Users\Boban\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-29 10:09

==================== End of FRST.txt ============================
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\...\MountPoints2: {198c266f-1d11-11e5-9733-48d22498a097} - "F:\Startme.exe"
HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\...\MountPoints2: {46162e71-56b9-11e3-abf2-48d22498a097} - "G:\setup.exe"
HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\...\MountPoints2: {6c803f99-7f37-11e5-986b-48d22498a097} - "F:\setup.exe"
HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\...\MountPoints2: {80cf536e-59cf-11e3-a01c-48d22498a097} - "F:\HTC_Sync_Manager_PC.exe"
SearchScopes: HKU\S-1-5-21-1993937917-1451754262-3973385152-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10196_swoc_campaign_151008__yaie&p={searchTerms}
FF Extension: Video Downloader Professional - C:\Users\Boban\AppData\Roaming\Mozilla\Firefox\Profiles\z42j9o0l.default\Extensions\ffext_basicvideoext@startpage24.xpi [2015-11-02]
ShortcutWithArgument: C:\Users\Boban\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://your-home-page.net/?ssid=1438521514" <==== ATTENTION
ShortcutWithArgument: C:\Users\Boban\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://your-home-page.net/?ssid=1438521514" <==== ATTENTION
IE trusted site: HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\...\webcompanion.com -> hxxp://webcompanion.com
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

offline
  • Pridružio: 16 Avg 2007
  • Poruke: 315
  • Gde živiš: Srbija

Fix result of Farbar Recovery Scan Tool (x86) Version:30-11-2015
Ran by Boban (2015-12-02 14:25:47) Run:1
Running from C:\Users\Boban\Desktop
Loaded Profiles: Boban (Available Profiles: Boban & postgres & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\...\MountPoints2: {198c266f-1d11-11e5-9733-48d22498a097} - "F:\Startme.exe"
HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\...\MountPoints2: {46162e71-56b9-11e3-abf2-48d22498a097} - "G:\setup.exe"
HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\...\MountPoints2: {6c803f99-7f37-11e5-986b-48d22498a097} - "F:\setup.exe"
HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\...\MountPoints2: {80cf536e-59cf-11e3-a01c-48d22498a097} - "F:\HTC_Sync_Manager_PC.exe"
SearchScopes: HKU\S-1-5-21-1993937917-1451754262-3973385152-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10196_swoc_campaign_151008__yaie&p={searchTerms}
FF Extension: Video Downloader Professional - C:\Users\Boban\AppData\Roaming\Mozilla\Firefox\Profiles\z42j9o0l.default\Extensions\ffext_basicvideoext@startpage24.xpi [2015-11-02]
ShortcutWithArgument: C:\Users\Boban\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://your-home-page.net/?ssid=1438521514" <==== ATTENTION
ShortcutWithArgument: C:\Users\Boban\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://your-home-page.net/?ssid=1438521514" <==== ATTENTION
IE trusted site: HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\...\webcompanion.com -> hxxp://webcompanion.com
EmptyTemp:
*****************

"HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{198c266f-1d11-11e5-9733-48d22498a097}" => key removed successfully.
HKCR\CLSID\{198c266f-1d11-11e5-9733-48d22498a097} => key not found.
"HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46162e71-56b9-11e3-abf2-48d22498a097}" => key removed successfully.
HKCR\CLSID\{46162e71-56b9-11e3-abf2-48d22498a097} => key not found.
"HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c803f99-7f37-11e5-986b-48d22498a097}" => key removed successfully.
HKCR\CLSID\{6c803f99-7f37-11e5-986b-48d22498a097} => key not found.
"HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80cf536e-59cf-11e3-a01c-48d22498a097}" => key removed successfully.
HKCR\CLSID\{80cf536e-59cf-11e3-a01c-48d22498a097} => key not found.
"HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}" => key removed successfully.
HKCR\CLSID\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => key not found.
C:\Users\Boban\AppData\Roaming\Mozilla\Firefox\Profiles\z42j9o0l.default\Extensions\ffext_basicvideoext@startpage24.xpi => moved successfully
C:\Users\Boban\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully..
C:\Users\Boban\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully..
"HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully.
EmptyTemp: => 922.5 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 14:26:54 ====

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"





Arrow

Kakvo je sada stanje sistema?

offline
  • Pridružio: 16 Avg 2007
  • Poruke: 315
  • Gde živiš: Srbija

AdwCleaner nije trazio restart i napisao 'AdwCleaner found no maliciouns program on your computer'
Laptop se ponasa normalno i nema iskacucih prozora,
Pozdrav

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Da obavimo još jednu provjeru.

Arrow

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 16 Avg 2007
  • Poruke: 315
  • Gde živiš: Srbija

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2015.12.03.03
rootkit: v2015.11.26.01

Windows 8.1 x86 NTFS
Internet Explorer 11.0.9600.18098
Boban :: THE_RAIN [administrator]

12/3/2015 2:01:41 PM
mbar-log-2015-12-03 (14-01-41).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 391855
Time elapsed: 48 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\TeamViewer\(zabranjeno).exe (RiskWare.Tool.HCK) -> Delete on reboot. [88276f310e7d152109657194f1107987]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

U redu. To bi bilo to.


Arrow

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

offline
  • Pridružio: 16 Avg 2007
  • Poruke: 315
  • Gde živiš: Srbija

Uradio, Hvala
Pozdrav

Ko je trenutno na forumu
 

Ukupno su 1382 korisnika na forumu :: 41 registrovanih, 11 sakrivenih i 1330 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Ageofloneliness, Boris BM, Brana01, CikaKURE, darkangel, Dorcolac, draganca, Dukelander, dzoni19, Excalibur13, Georgius, gmlale, hyla, janbo, Kibice, kolle.the.kid, ladro, lord sir giga, Lošmi, Luka Blažević, Mcdado, mercedesamg, Metanoja, milimoj, Milometer, Misirac, Mixelotti, mocnijogurt, Nemanja.M, raptorsi, Smajser, Stanlio, stegonosa, Toper, Vlad000, Vlada1389, vladulns, yrraf, zbazin, zlaya011