Laptop je inficiran

1

Laptop je inficiran

offline
  • Pridružio: 07 Jan 2017
  • Poruke: 6

Napisano: 08 Jan 2017 1:25

Dragi prijatelji, ja se nalazim na privremenom radu u Slovackoj. Pre dva i po meseca sam kupio ovaj laptop u zalagaoni za 120 evra. Ne koristim ga za ne znam kakve stvari, pretezno za surf, gledanje filmova, itsl. Prosecno.
Onda sam u medjuvremenu instalirao: Messenger, Viber, Torrentex, Popcorn Time i igricu Aladin (nisam uspeo da je deinstaliram). Od tada je sve krenulo nizbrdo.
Poceo je da koci i brljavi, ne slusa komande, treba mu tusta i tma vremena da otvori obican prozor (nekad i nekoliko min.), mogu da downloadujem programe, ne i da ih pokrenem. Sada sam, npr, potrosio dva-tri sata, kako bih pokrenuo FRST. Nakon preuzimanja i klika na .exe file, kursor pokazuje da se nesto desava. To traje i traje... Onda se otvorio Explorer, a zatim iskocilo obavestenje, u stilu: Windows je zastitio vas racunar... Windows SmartScreen je sprecio pokretanje aplikacije... Uzas!
Na racunaru je bio instaliran McAfee i mislim da on ne dozvoljava normalan rad, samim tim sto ne mogu da ga deinstaliram. Pored toga, postoji gomila bespotrebnih aplikacija i programa koji ne znam cemu sluze i koje verovatno nikada necu koristiti. Mislim i na Lenovo ovo - Lenovo ono...
Racunar je na neki nacin personalizovan. Ja imam sifru, zalepljenu pored touch pad-a.
Molim vas da, ukoliko mozete, uklonite tu sifru, kao i sve suvisne aplikacije i programe, pogotovo McAfee (instaliracu Avast ili nesto laksi program). Tu prvenstveno mislim na toda bude svedeno na bazicno, da ostane samo suvi Windows, a ja cu skinuti playere i sta mi vec bude neophodno. Zaista nemam neka velika znanja i vestina iz ove oblasti, a samim tim ni mogucnosti da to resim. Nisam ga cistio, jer nemam cime to da uradim. Skinuo sam CCleaner, ali nisam uspeo da ga pokrenem.
I jos, jedva sam uspeo da uklonim slovacki jezik i postavim da bazicni bude srpski. Jos ponegde pokzuje uputstva na slovackom. Ako vam je potrebno, sifra za pristup racunaru je: eleonor.stojkova, pass: jose11..
Idem sada da skeniram racunar, to ce verovatno potrajati.
Kako sam i mislio, skeniranje je potrajalo. Nisam uspeo da iskljucim McAfee prema prilozenom uputstvu, vec sam samo iz Control Panela iskljucio Firewall (da li da ga ponovo aktiviram?). Cekao sam i cekao i dok sam trazio kako i sta da uradim, video sam da je FRST spreman. Brze bolje sam kliknuo Scan. Onda je tokom scanninga bagovao bar 20 puta, pisalo je (NE REAGUJE). Pored toga, jedna nelogicnost: kod mene je Windows (x64), a na FRST-u je pisalo system32. Ne znam o cemu se radi.
Pomagajte.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-01-2017
Ran by eleanor.stojkova (administrator) on LENOVO-PC (08-01-2017 00:46:22)
Running from C:\Users\eleanor.stojkova\Desktop
Loaded Profiles: eleanor.stojkova (Available Profiles: eleanor.stojkova & Administrator)
Platform: Windows 8.1 Connected (Update) (X64) Language: slovački (Slovačka)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Uancy RIYRYAJOU) C:\Users\eleanor.stojkova\AppData\Roaming\HPRewriter2\HPWriterSrv3.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\USB Blocker\USBBKSvc.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
() C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Validity Sensors\Shared\SensorDBSynch.exe
(Pokki) C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
() C:\Program Files\Lenovo\iMController\AutoUpdate.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Password Manager\password_manager.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_desktop.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_metro.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\password_manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(BDYRYOV moudyj) C:\Users\eleanor.stojkova\AppData\Roaming\SimpleNotepad4\SimpleNoteApp5.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
(Pokki) C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Pokki) C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\sc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [217088 2014-04-08] (Realtek Semiconductor Corporation)
HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1622072 2014-01-09] (Lenovo Group Limited)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-09-04] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-09-04] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10973168 2014-09-04] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [snp2uvc] => C:\windows\vsnp2uvc.exe
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2000202158-699708774-3916072420-1001\...\Run: [Viber] => C:\Users\eleanor.stojkova\AppData\Local\Viber\Viber.exe [41351248 2016-12-07] (Viber Media S.à r.l.)
HKU\S-1-5-21-2000202158-699708774-3916072420-1001\...\Run: [SimpleNoteApp5] => C:\Users\eleanor.stojkova\AppData\Roaming\SimpleNotepad4\SimpleNoteApp5.exe [2258944 2016-10-31] (BDYRYOV moudyj) <===== ATTENTION
HKU\S-1-5-21-2000202158-699708774-3916072420-1001\...\Run: [Torrentex] => C:\Torrentex\Torrentex.exe [417744 2015-11-13] ()
HKU\S-1-5-21-2000202158-699708774-3916072420-1001\...\RunOnce: [Application Restart #2] => C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7873512 2016-11-16] (Pokki)
HKU\S-1-5-21-2000202158-699708774-3916072420-1001\...\MountPoints2: {af6ded02-d0c9-11e5-826a-f8a96350b1fd} - "F:\LG_PC_Programs.exe"
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00USBBlockerShellDs] -> {BE57AC86-892D-436E-B763-71DA8FA49A48} => C:\Program Files (x86)\Lenovo\USB Blocker\USBBlockerShell.dll [2013-12-25] (Lenovo(beijing) Limited)
ShellIconOverlayIdentifiers: [00USBBlockerShellRd] -> {FFBCBB89-938E-4412-88AF-AE7A531F95C1} => C:\Program Files (x86)\Lenovo\USB Blocker\USBBlockerShell.dll [2013-12-25] (Lenovo(beijing) Limited)
ShellIconOverlayIdentifiers: [00USBBlockerShellRw] -> {42D4ABFA-0604-45F1-9A7C-622F85614BAB} => C:\Program Files (x86)\Lenovo\USB Blocker\USBBlockerShell.dll [2013-12-25] (Lenovo(beijing) Limited)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{46772345-D641-4587-9C54-89D11AD00C84}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8B127D19-E0EA-47AC-B12D-FDDFDDD23A74}: [DhcpNameServer] 169.254.131.49

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2000202158-699708774-3916072420-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131234411495523568&GUID=89B0DC03-2215-47E3-960C-7F7A4FBAE6AE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2000202158-699708774-3916072420-1001 -> {1F7F9447-3C6F-4C22-B4DF-B247F930BC6C} URL =
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-01-08] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-01-08] (McAfee, Inc.)

FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-02-11] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-2000202158-699708774-3916072420-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\eleanor.stojkova\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-22] (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default [2017-01-07]
CHR Extension: (Prezentácie Google) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-02]
CHR Extension: (Dokumenty Google) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-02]
CHR Extension: (Disk Google) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-02]
CHR Extension: (YouTube) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-02]
CHR Extension: (Hľadať v Google) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-06-02]
CHR Extension: (Adblocker na Youtube™) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg [2016-11-12]
CHR Extension: (Tabuľky Google) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-02]
CHR Extension: (Lenovo Password Manager) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\geempcnjhccnoepfmahaeemnnfnignab [2016-06-02]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-02]
CHR Extension: (Gmail) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-02]
CHR Extension: (Chrome Media Router) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-20]
CHR HKLM-x32\...\Chrome\Extension: [geempcnjhccnoepfmahaeemnnfnignab] - C:\Program Files (x86)\Lenovo\Password Manager\chrome_npapi_extension.crx [2014-01-09]

Opera:
=======
OPR Extension: (Adblocker na Youtube™) - C:\Users\eleanor.stojkova\AppData\Roaming\Opera Software\Opera Stable\Extensions\nhcombnfcfkgnammoobfmfiokobfpokb [2016-11-12]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [95232 2014-03-27] () [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 HPWriter Service; C:\Users\eleanor.stojkova\AppData\Roaming\HPRewriter2\HPWriterSrv3.exe [2045424 2016-10-29] (Uancy RIYRYAJOU) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe [389680 2014-09-04] (Lenovo(beijing) Limited)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-04] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-18] (Lenovo(beijing) Limited)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-01-08] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe [1694152 2015-12-02] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [681680 2016-01-08] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-09-04] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [305136 2014-09-04] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
R2 USBBKSvc; C:\Program Files (x86)\Lenovo\USB Blocker\USBBKSvc.exe [35824 2013-12-25] (Lenovo(beijing) Limited)
R2 valWBFPolicyService; C:\WINDOWS\System32\valWBFPolicyService.exe [46992 2014-01-17] (Validity Sensors, Inc.)
R2 valWbioSyncSvc; C:\windows\system32\valWbioSyncSvc.exe [32256 2014-01-17] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
S2 LubFsFlt; C:\windows\System32\Drivers\LubFsFlt.sys [27384 2014-02-22] (Lenovo(beijing) Limited)
R0 LubSec; C:\WINDOWS\System32\Drivers\LubSec.sys [45304 2014-02-22] (Lenovo(beijing) Limited)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
S3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [290520 2013-09-24] (Realtek Semiconductor Corp.)
S3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [559832 2014-02-26] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [3421040 2014-04-30] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-01-24] (Synaptics Incorporated)
R1 SMIDriver; C:\WINDOWS\System32\drivers\smi.sys [19760 2014-01-22] (Windows (R) Win 7 DDK provider)
R3 SNP2UVC; C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2855960 2014-04-26] (Sonix Co. Ltd.)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-08 00:46 - 2017-01-08 00:46 - 00022904 _____ C:\Users\eleanor.stojkova\Desktop\FRST.txt
2017-01-07 23:49 - 2017-01-08 00:46 - 00000000 ____D C:\FRST
2017-01-07 22:48 - 2017-01-07 22:48 - 02418688 _____ (Farbar) C:\Users\eleanor.stojkova\Desktop\FRST64.exe
2017-01-07 22:39 - 2017-01-07 22:39 - 00022016 ___SH C:\Users\eleanor.stojkova\Downloads\Thumbs.db
2017-01-07 21:47 - 2017-01-07 21:47 - 08803648 _____ (Piriform Ltd) C:\Users\eleanor.stojkova\Desktop\ccsetup525.exe
2017-01-07 20:27 - 2017-01-07 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-01-07 05:54 - 2017-01-07 05:54 - 00000000 ____D C:\Program Files\Windows Journal
2017-01-03 19:53 - 2017-01-03 21:51 - 00000000 ____D C:\Users\eleanor.stojkova\Downloads\PopcornTime
2017-01-03 19:51 - 2017-01-03 19:51 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Local\PopcornTime
2017-01-03 19:42 - 2017-01-03 19:42 - 00001220 _____ C:\Users\Public\Desktop\Popcorn Time.lnk
2017-01-03 19:42 - 2017-01-03 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2017-01-03 19:31 - 2017-01-03 19:43 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2017-01-03 19:08 - 2017-01-03 19:14 - 56002117 _____ (Popcorn Time ) C:\Users\eleanor.stojkova\Downloads\PopcornTime-latest.exe
2016-12-17 11:52 - 2016-12-01 15:13 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-12-17 11:52 - 2016-12-01 15:13 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-12-17 11:52 - 2016-12-01 15:11 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-12-17 11:52 - 2016-12-01 15:11 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-12-17 11:52 - 2016-10-20 14:14 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2016-12-17 11:52 - 2016-10-20 14:10 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2016-12-17 07:32 - 2016-12-17 07:33 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Local\Viber
2016-12-14 16:33 - 2016-11-12 20:08 - 25759744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 16:33 - 2016-11-12 19:17 - 20302848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 16:33 - 2016-11-12 18:41 - 15257088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 16:33 - 2016-11-12 18:21 - 13653504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 16:32 - 2016-11-19 22:24 - 00567152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 16:32 - 2016-11-19 22:24 - 00152856 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 16:32 - 2016-11-19 18:22 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 16:32 - 2016-11-16 22:49 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 16:32 - 2016-11-12 22:06 - 00738104 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-12-14 16:32 - 2016-11-12 20:38 - 00613632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-12-14 16:32 - 2016-11-12 19:53 - 06049280 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 16:32 - 2016-11-12 18:37 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 16:32 - 2016-11-12 18:35 - 02920960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-14 16:32 - 2016-11-12 18:20 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-14 16:32 - 2016-11-12 18:05 - 02444800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-14 16:32 - 2016-11-12 18:02 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-14 16:32 - 2016-11-11 03:33 - 01541240 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 16:32 - 2016-11-09 18:25 - 01376768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 16:32 - 2016-11-05 21:46 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-12-14 16:32 - 2016-11-05 19:35 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 16:32 - 2016-11-05 18:57 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 16:32 - 2016-11-05 18:11 - 03606528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 16:32 - 2016-11-05 16:56 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-12-14 16:32 - 2016-11-05 16:46 - 02463744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-12-14 16:32 - 2016-10-28 03:56 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-12-14 16:32 - 2016-10-27 15:28 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-12-14 16:32 - 2016-10-12 22:49 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-12-14 16:32 - 2016-10-12 22:11 - 00922968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2016-12-14 16:32 - 2016-10-11 17:45 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-12-14 16:32 - 2016-10-11 00:31 - 00990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-12-14 16:32 - 2016-10-10 19:18 - 00069976 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2016-12-14 16:32 - 2016-10-10 19:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cmimcext.sys
2016-12-14 16:32 - 2016-10-09 15:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionQueue.dll
2016-12-14 16:32 - 2016-10-09 15:08 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2016-12-14 16:32 - 2016-10-09 15:08 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll
2016-12-14 16:32 - 2016-10-08 23:24 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-12-14 16:32 - 2016-10-08 22:31 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-12-14 16:32 - 2016-10-08 22:10 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-12-14 16:32 - 2016-10-05 15:01 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-12-14 16:32 - 2016-10-05 15:00 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-12-14 16:32 - 2016-10-05 15:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-12-14 16:32 - 2016-10-05 05:15 - 01969944 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-12-14 16:32 - 2016-10-05 05:15 - 01613528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-12-14 16:32 - 2016-10-05 05:15 - 00324896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-12-14 16:32 - 2016-10-05 05:15 - 00245320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-12-14 16:32 - 2016-09-20 23:30 - 02462040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-12-14 16:31 - 2016-11-19 20:29 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-12-14 16:31 - 2016-11-19 19:44 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-12-14 16:31 - 2016-11-19 18:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-12-14 16:31 - 2016-11-12 20:25 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-12-14 16:31 - 2016-11-12 20:07 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-12-14 16:31 - 2016-11-12 19:29 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-12-14 16:31 - 2016-11-12 19:23 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-12-14 16:31 - 2016-11-12 19:14 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-12-14 16:31 - 2016-11-12 19:10 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-12-14 16:31 - 2016-11-12 18:45 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-12-14 16:31 - 2016-11-12 18:38 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-12-14 16:31 - 2016-11-12 18:11 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-12-14 16:31 - 2016-11-12 18:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-12-14 16:31 - 2016-10-05 14:52 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-12-14 16:31 - 2016-10-05 14:52 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2016-12-14 16:31 - 2016-09-27 21:16 - 00445873 _____ C:\WINDOWS\system32\ApnDatabase.xml

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-08 00:55 - 2016-06-02 14:34 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-08 00:28 - 2016-06-02 14:34 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-07 23:25 - 2013-08-22 16:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-07 23:21 - 2015-10-30 15:44 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2000202158-699708774-3916072420-1001
2017-01-07 22:45 - 2015-10-30 15:24 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform
2017-01-07 21:23 - 2016-11-01 13:47 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Roaming\Torrentex
2017-01-07 20:49 - 2016-10-21 14:32 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Roaming\ViberPC
2017-01-07 20:39 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2017-01-07 12:21 - 2016-10-21 14:34 - 00000000 ____D C:\Users\eleanor.stojkova\Documents\ViberDownloads
2017-01-07 10:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-07 08:22 - 2015-11-09 10:09 - 00001279 _____ C:\Users\eleanor.stojkova\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk
2017-01-07 08:22 - 2015-10-30 15:34 - 00000000 ____D C:\ProgramData\LU
2017-01-07 08:21 - 2014-03-18 10:53 - 00005384 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-07 08:11 - 2014-09-04 17:19 - 00000000 ____D C:\ProgramData\Validity
2017-01-07 08:11 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-07 07:58 - 2015-10-30 15:36 - 00065132 _____ C:\Users\eleanor.stojkova\AppData\Roaming\AbsoluteReminder.xml
2017-01-07 05:54 - 2014-03-18 10:25 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-01-07 05:54 - 2014-03-18 10:25 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-01-07 05:54 - 2014-03-18 10:25 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-01-07 05:54 - 2014-03-18 10:25 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Help
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\System
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-01-07 05:54 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-01-07 05:54 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-01-07 05:54 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-07 05:54 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\servicing
2017-01-07 04:41 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2017-01-07 03:56 - 2015-10-30 15:24 - 00000000 ____D C:\Users\eleanor.stojkova
2017-01-07 01:21 - 2016-05-30 17:02 - 00004018 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{26A23BE2-48FC-4FCE-A970-0B50C96A2A13}
2017-01-03 15:12 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2017-01-03 15:10 - 2014-09-04 18:00 - 00000000 ____D C:\ProgramData\McAfee
2017-01-03 15:08 - 2014-09-04 18:00 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-02 00:02 - 2016-04-01 18:07 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-30 19:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-21 20:33 - 2016-04-01 18:18 - 00003860 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1459531116
2016-12-20 20:32 - 2015-10-30 22:06 - 00003348 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2016-12-18 12:02 - 2013-08-22 15:44 - 00346744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-18 11:57 - 2014-09-04 16:11 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{e1793794-0b3d-11e3-9dfe-80de722c933b}.TMContainer00000000000000000001.regtrans-ms
2016-12-18 11:57 - 2014-09-04 16:11 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{e1793794-0b3d-11e3-9dfe-80de722c933b}.TM.blf
2016-12-18 11:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK
2016-12-18 11:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-18 11:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sk-SK
2016-12-18 11:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-18 11:53 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64
2016-12-17 12:03 - 2015-11-01 15:14 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-17 11:58 - 2015-11-01 15:13 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-17 08:44 - 2016-06-02 14:47 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 08:44 - 2016-06-02 14:47 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-17 08:44 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-17 07:34 - 2016-11-27 19:42 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Local\Viber.old
2016-12-14 14:07 - 2016-06-02 14:34 - 00003880 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-12-14 14:07 - 2016-06-02 14:34 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-12-14 07:43 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-14 07:43 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-12 00:00 - 2016-11-15 17:12 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-12 00:00 - 2016-11-15 17:12 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-09 00:26 - 2016-12-03 04:29 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Roaming\Messenger for Desktop

==================== Files in the root of some directories =======

2015-10-30 15:36 - 2017-01-07 07:58 - 0065132 _____ () C:\Users\eleanor.stojkova\AppData\Roaming\AbsoluteReminder.xml
2016-11-27 19:51 - 2016-11-27 19:51 - 0076976 _____ () C:\Users\eleanor.stojkova\AppData\Roaming\LoJackSetup.exe
2015-10-30 15:31 - 2017-01-08 00:37 - 1663959 _____ () C:\Users\eleanor.stojkova\AppData\Local\BTServer.log
2014-09-04 17:13 - 2014-09-04 17:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\eleanor.stojkova\AppData\Roaming\SimpleNotepad4\SimpleNoteApp5.exe


Some files in TEMP:
====================
C:\Users\eleanor.stojkova\AppData\Local\Temp\combase.dll
C:\Users\eleanor.stojkova\AppData\Local\Temp\LenovoExperienceImprovement.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\messengerfordesktop-2.0.1-win32-setup-for-nsis.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\oct42C9.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\oct4647.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\oct53F7.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\oct5F8D.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\oct7B3.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\oct8B85.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\octB2E0.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\octB874.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\octBD3B.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\octD7EC.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\octD7F6.tmp.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-13 19:10

==================== End of FRST.txt ============================
mycity.rs/must-login.png

Dopuna: 08 Jan 2017 1:32

Sada se Explorer ukljucuje u nekim intervalima, potpuno van kontrole. Mala digresija - pred kraj scanninga FRST-om, bio se ukljucio i McAfee i ja sam desnim klikom na ikonicu na task baru uspeo da ga iskljucim. Vidim da ga nema, tj. nije aktivan u donjem desnom uglu.

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Pozdrav, dobrodosao u Ambulantu.

Prvo deinstaliraj sledece PUP programe;


Popcorn Time
SimpleNotepad4


Potom, neka ti ovaj AntiMalware program proveri racunar;


Arrow Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish

Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.

• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.

Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.

Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.



• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju .





Arrow Potom, postavi i sveze FRST izvestaje.

offline
  • Pridružio: 07 Jan 2017
  • Poruke: 6

Napisano: 08 Jan 2017 15:36

Hvala lepo. Uspeo sam da uradim sve sto je potrebno. Po zavrsetku operacije, mis je dvoklikom otvarao Properties i to sam nekako resio. Medjutim, tastatura je potpuno neaktivna. Svasta sam probao i nece. Sada pisem s telefona i ne znam kako da ti posaljem fajlove. Sta da uradim??

Dopuna: 08 Jan 2017 16:00

Dobro je, resio sam to, ne znam ni sam kako.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-01-2017
Ran by eleanor.stojkova (administrator) on LENOVO-PC (08-01-2017 13:23:34)
Running from C:\Users\eleanor.stojkova\Desktop
Loaded Profiles: eleanor.stojkova (Available Profiles: eleanor.stojkova & Administrator)
Platform: Windows 8.1 Connected (Update) (X64) Language: slovački (Slovačka)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\USB Blocker\USBBKSvc.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Pokki) C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Viber Media S.à r.l.) C:\Users\eleanor.stojkova\AppData\Local\Viber\Viber.exe
() C:\Program Files\Lenovo\iMController\AutoUpdate.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe
(Opera Software) C:\Program Files (x86)\Opera\launcher.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
(Pokki) C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LU.exe
(Pokki) C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Pokki) C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [217088 2014-04-08] (Realtek Semiconductor Corporation)
HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1622072 2014-01-09] (Lenovo Group Limited)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-09-04] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-09-04] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10973168 2014-09-04] (Lenovo(beijing) Limited)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [snp2uvc] => C:\windows\vsnp2uvc.exe
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2000202158-699708774-3916072420-1001\...\Run: [Viber] => C:\Users\eleanor.stojkova\AppData\Local\Viber\Viber.exe [41351248 2016-12-07] (Viber Media S.à r.l.)
HKU\S-1-5-21-2000202158-699708774-3916072420-1001\...\Run: [Torrentex] => C:\Torrentex\Torrentex.exe [417744 2015-11-13] ()
HKU\S-1-5-21-2000202158-699708774-3916072420-1001\...\RunOnce: [Application Restart #2] => C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7873512 2016-11-16] (Pokki)
HKU\S-1-5-21-2000202158-699708774-3916072420-1001\...\MountPoints2: {af6ded02-d0c9-11e5-826a-f8a96350b1fd} - "F:\LG_PC_Programs.exe"
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00USBBlockerShellDs] -> {BE57AC86-892D-436E-B763-71DA8FA49A48} => C:\Program Files (x86)\Lenovo\USB Blocker\USBBlockerShell.dll [2013-12-25] (Lenovo(beijing) Limited)
ShellIconOverlayIdentifiers: [00USBBlockerShellRd] -> {FFBCBB89-938E-4412-88AF-AE7A531F95C1} => C:\Program Files (x86)\Lenovo\USB Blocker\USBBlockerShell.dll [2013-12-25] (Lenovo(beijing) Limited)
ShellIconOverlayIdentifiers: [00USBBlockerShellRw] -> {42D4ABFA-0604-45F1-9A7C-622F85614BAB} => C:\Program Files (x86)\Lenovo\USB Blocker\USBBlockerShell.dll [2013-12-25] (Lenovo(beijing) Limited)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{46772345-D641-4587-9C54-89D11AD00C84}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8B127D19-E0EA-47AC-B12D-FDDFDDD23A74}: [DhcpNameServer] 169.254.131.49

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2000202158-699708774-3916072420-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://startpage-home.com/?s=lenovo&m=start
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2000202158-699708774-3916072420-1001 -> {1F7F9447-3C6F-4C22-B4DF-B247F930BC6C} URL =
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-01-08] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-01-08] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: 9051zb1r.default
FF ProfilePath: C:\Users\eleanor.stojkova\AppData\Roaming\Mozilla\Firefox\Profiles\9051zb1r.default [2017-01-08]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-02-11] [not signed]
FF HKU\S-1-5-21-2000202158-699708774-3916072420-1001\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF Extension: (Lenovo Password Manager) - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 [2014-09-04] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-2000202158-699708774-3916072420-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\eleanor.stojkova\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-22] (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default [2017-01-08]
CHR Extension: (Google презентације) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-02]
CHR Extension: (Google документи) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-02]
CHR Extension: (Google диск) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-02]
CHR Extension: (YouTube) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-02]
CHR Extension: (Google претрага) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-06-02]
CHR Extension: (Google табеле) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-02]
CHR Extension: (Lenovo Password Manager) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\geempcnjhccnoepfmahaeemnnfnignab [2016-06-02]
CHR Extension: (Google документи офлајн) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-09]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-02]
CHR Extension: (Gmail) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-02]
CHR Extension: (Chrome Media Router) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-20]
CHR HKLM-x32\...\Chrome\Extension: [geempcnjhccnoepfmahaeemnnfnignab] - C:\Program Files (x86)\Lenovo\Password Manager\chrome_npapi_extension.crx [2014-01-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [95232 2014-03-27] () [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330144 2015-09-09] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe [389680 2014-09-04] (Lenovo(beijing) Limited)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-04] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-18] (Lenovo(beijing) Limited)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-01-08] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe [1694152 2015-12-02] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [681680 2016-01-08] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-09-04] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [305136 2014-09-04] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
R2 USBBKSvc; C:\Program Files (x86)\Lenovo\USB Blocker\USBBKSvc.exe [35824 2013-12-25] (Lenovo(beijing) Limited)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [49040 2014-07-24] (Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [32256 2014-07-24] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
S2 LubFsFlt; C:\windows\System32\Drivers\LubFsFlt.sys [27384 2014-02-22] (Lenovo(beijing) Limited)
R0 LubSec; C:\WINDOWS\System32\Drivers\LubSec.sys [45304 2014-02-22] (Lenovo(beijing) Limited)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-08] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
S3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [290520 2013-09-24] (Realtek Semiconductor Corp.)
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [559832 2014-02-26] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [3421040 2014-04-30] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-01-24] (Synaptics Incorporated)
R1 SMIDriver; C:\WINDOWS\System32\drivers\smi.sys [19760 2014-01-22] (Windows (R) Win 7 DDK provider)
R3 SNP2UVC; C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2855960 2014-04-26] (Sonix Co. Ltd.)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-08 13:23 - 2017-01-08 13:23 - 00022565 _____ C:\Users\eleanor.stojkova\Desktop\FRST.txt
2017-01-08 12:55 - 2017-01-08 12:56 - 00000000 ____D C:\Users\eleanor.stojkova\Desktop\cistka
2017-01-08 12:35 - 2017-01-08 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-01-08 12:30 - 2017-01-08 12:30 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-08 12:18 - 2017-01-08 12:18 - 00062162 _____ C:\Users\eleanor.stojkova\Desktop\mbam.txt
2017-01-08 10:45 - 2017-01-08 10:45 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-08 10:44 - 2017-01-08 12:31 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-08 10:44 - 2017-01-08 12:31 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-08 10:43 - 2017-01-08 12:30 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-08 10:43 - 2017-01-08 12:30 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-08 10:43 - 2017-01-08 10:43 - 00001894 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-08 10:43 - 2017-01-08 10:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-08 10:42 - 2017-01-08 10:42 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-08 10:42 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-08 10:24 - 2017-01-08 10:25 - 54199488 _____ (Malwarebytes ) C:\Users\eleanor.stojkova\Desktop\mb3-setup-consumer-3.0.5.1299.exe
2017-01-08 10:08 - 2017-01-08 12:30 - 00000000 __SHD C:\Users\eleanor.stojkova\IntelGraphicsProfiles
2017-01-08 10:07 - 2017-01-08 10:07 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2017-01-08 07:22 - 2017-01-08 07:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-08 05:59 - 2017-01-08 05:59 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_wbf_vfs_lvcmn_01_09_00.Wdf
2017-01-08 01:58 - 2017-01-08 01:58 - 00002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2017-01-08 01:57 - 2017-01-08 01:57 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\LocalLow\Mozilla
2017-01-08 01:54 - 2017-01-08 01:57 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Roaming\Mozilla
2017-01-08 01:54 - 2017-01-08 01:54 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Local\Mozilla
2017-01-08 01:54 - 2017-01-08 01:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-08 01:53 - 2017-01-08 01:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-07 23:49 - 2017-01-08 13:23 - 00000000 ____D C:\FRST
2017-01-07 22:48 - 2017-01-07 22:48 - 02418688 _____ (Farbar) C:\Users\eleanor.stojkova\Desktop\FRST64.exe
2017-01-07 22:39 - 2017-01-07 22:39 - 00022016 ___SH C:\Users\eleanor.stojkova\Downloads\Thumbs.db
2017-01-07 21:47 - 2017-01-07 21:47 - 08803648 _____ (Piriform Ltd) C:\Users\eleanor.stojkova\Desktop\ccsetup525.exe
2017-01-07 04:23 - 2015-06-09 23:39 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2017-01-07 04:23 - 2015-06-09 23:39 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2017-01-07 04:23 - 2015-06-09 23:38 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-01-03 19:53 - 2017-01-03 21:51 - 00000000 ____D C:\Users\eleanor.stojkova\Downloads\PopcornTime
2017-01-03 19:51 - 2017-01-03 19:51 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Local\PopcornTime
2017-01-03 19:31 - 2017-01-08 03:26 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2017-01-03 19:08 - 2017-01-03 19:14 - 56002117 _____ (Popcorn Time ) C:\Users\eleanor.stojkova\Downloads\PopcornTime-latest.exe
2016-12-17 11:52 - 2016-12-01 15:13 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-12-17 11:52 - 2016-12-01 15:13 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-12-17 11:52 - 2016-12-01 15:11 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-12-17 11:52 - 2016-12-01 15:11 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-12-17 11:52 - 2016-10-20 14:14 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2016-12-17 11:52 - 2016-10-20 14:10 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2016-12-17 07:32 - 2016-12-17 07:33 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Local\Viber
2016-12-14 16:33 - 2016-11-12 20:08 - 25759744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 16:33 - 2016-11-12 19:17 - 20302848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 16:33 - 2016-11-12 18:41 - 15257088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 16:33 - 2016-11-12 18:21 - 13653504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 16:32 - 2016-11-19 22:24 - 00567152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 16:32 - 2016-11-19 22:24 - 00152856 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 16:32 - 2016-11-19 18:22 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 16:32 - 2016-11-16 22:49 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 16:32 - 2016-11-12 22:06 - 00738104 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-12-14 16:32 - 2016-11-12 20:38 - 00613632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-12-14 16:32 - 2016-11-12 19:53 - 06049280 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 16:32 - 2016-11-12 18:37 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 16:32 - 2016-11-12 18:35 - 02920960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-14 16:32 - 2016-11-12 18:20 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-14 16:32 - 2016-11-12 18:05 - 02444800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-14 16:32 - 2016-11-12 18:02 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-14 16:32 - 2016-11-11 03:33 - 01541240 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 16:32 - 2016-11-09 18:25 - 01376768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 16:32 - 2016-11-05 21:46 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-12-14 16:32 - 2016-11-05 19:35 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 16:32 - 2016-11-05 18:57 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 16:32 - 2016-11-05 18:11 - 03606528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 16:32 - 2016-11-05 16:56 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-12-14 16:32 - 2016-11-05 16:46 - 02463744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-12-14 16:32 - 2016-10-28 03:56 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-12-14 16:32 - 2016-10-27 15:28 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-12-14 16:32 - 2016-10-12 22:49 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-12-14 16:32 - 2016-10-12 22:11 - 00922968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2016-12-14 16:32 - 2016-10-11 17:45 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-12-14 16:32 - 2016-10-11 00:31 - 00990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-12-14 16:32 - 2016-10-10 19:18 - 00069976 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2016-12-14 16:32 - 2016-10-10 19:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cmimcext.sys
2016-12-14 16:32 - 2016-10-09 15:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionQueue.dll
2016-12-14 16:32 - 2016-10-09 15:08 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2016-12-14 16:32 - 2016-10-09 15:08 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll
2016-12-14 16:32 - 2016-10-08 23:24 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-12-14 16:32 - 2016-10-08 22:31 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-12-14 16:32 - 2016-10-08 22:10 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-12-14 16:32 - 2016-10-05 15:01 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-12-14 16:32 - 2016-10-05 15:00 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-12-14 16:32 - 2016-10-05 15:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-12-14 16:32 - 2016-10-05 05:15 - 01969944 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-12-14 16:32 - 2016-10-05 05:15 - 01613528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-12-14 16:32 - 2016-10-05 05:15 - 00324896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-12-14 16:32 - 2016-10-05 05:15 - 00245320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-12-14 16:32 - 2016-09-20 23:30 - 02462040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-12-14 16:31 - 2016-11-19 20:29 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-12-14 16:31 - 2016-11-19 19:44 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-12-14 16:31 - 2016-11-19 18:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-12-14 16:31 - 2016-11-12 20:25 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-12-14 16:31 - 2016-11-12 20:07 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-12-14 16:31 - 2016-11-12 19:29 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-12-14 16:31 - 2016-11-12 19:23 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-12-14 16:31 - 2016-11-12 19:14 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-12-14 16:31 - 2016-11-12 19:10 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-12-14 16:31 - 2016-11-12 18:45 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-12-14 16:31 - 2016-11-12 18:38 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-12-14 16:31 - 2016-11-12 18:11 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-12-14 16:31 - 2016-11-12 18:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-12-14 16:31 - 2016-10-05 14:52 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-12-14 16:31 - 2016-10-05 14:52 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2016-12-14 16:31 - 2016-09-27 21:16 - 00445873 _____ C:\WINDOWS\system32\ApnDatabase.xml

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-08 13:28 - 2016-06-02 14:34 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-08 12:42 - 2015-10-30 15:24 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform
2017-01-08 12:40 - 2015-10-30 15:44 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2000202158-699708774-3916072420-1001
2017-01-08 12:39 - 2015-11-09 10:09 - 00001279 _____ C:\Users\eleanor.stojkova\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk
2017-01-08 12:39 - 2015-10-30 15:34 - 00000000 ____D C:\ProgramData\LU
2017-01-08 12:35 - 2016-10-21 14:32 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Roaming\ViberPC
2017-01-08 12:33 - 2016-11-01 13:47 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Roaming\Torrentex
2017-01-08 12:30 - 2014-04-02 17:38 - 00000000 ____D C:\Users\Administrator
2017-01-08 12:28 - 2015-10-30 15:24 - 00000000 ____D C:\Users\eleanor.stojkova
2017-01-08 12:28 - 2014-09-04 17:19 - 00000000 ____D C:\ProgramData\Validity
2017-01-08 12:28 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-08 10:14 - 2014-03-18 10:53 - 00005388 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-08 10:14 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2017-01-08 10:05 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-01-08 09:44 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-08 07:13 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-08 06:46 - 2013-08-22 16:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-08 05:59 - 2014-09-04 17:15 - 00000000 ____D C:\Program Files\Synaptics
2017-01-08 05:59 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-08 03:07 - 2016-11-06 19:44 - 00000274 __RSH C:\Users\eleanor.stojkova\ntuser.pol
2017-01-08 03:02 - 2016-06-02 14:34 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-07 12:21 - 2016-10-21 14:34 - 00000000 ____D C:\Users\eleanor.stojkova\Documents\ViberDownloads
2017-01-07 07:58 - 2015-10-30 15:36 - 00065132 _____ C:\Users\eleanor.stojkova\AppData\Roaming\AbsoluteReminder.xml
2017-01-07 05:54 - 2014-03-18 10:25 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-01-07 05:54 - 2014-03-18 10:25 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-01-07 05:54 - 2014-03-18 10:25 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-01-07 05:54 - 2014-03-18 10:25 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Help
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\System
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-01-07 05:54 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-01-07 05:54 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-01-07 05:54 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-07 05:54 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\servicing
2017-01-07 04:41 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2017-01-07 01:21 - 2016-05-30 17:02 - 00004018 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{26A23BE2-48FC-4FCE-A970-0B50C96A2A13}
2017-01-03 15:12 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2017-01-03 15:10 - 2014-09-04 18:00 - 00000000 ____D C:\ProgramData\McAfee
2017-01-03 15:08 - 2014-09-04 18:00 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-02 00:02 - 2016-04-01 18:07 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-30 19:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-21 20:33 - 2016-04-01 18:18 - 00003860 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1459531116
2016-12-20 20:32 - 2015-10-30 22:06 - 00003348 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2016-12-18 12:02 - 2013-08-22 15:44 - 00346744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-18 11:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK
2016-12-18 11:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-18 11:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sk-SK
2016-12-18 11:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-17 12:03 - 2015-11-01 15:14 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-17 11:58 - 2015-11-01 15:13 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-17 08:44 - 2016-06-02 14:47 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 08:44 - 2016-06-02 14:47 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-17 08:44 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-17 07:34 - 2016-11-27 19:42 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Local\Viber.old
2016-12-14 14:07 - 2016-06-02 14:34 - 00003880 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-12-14 14:07 - 2016-06-02 14:34 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-12-14 07:43 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-14 07:43 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-12 00:00 - 2016-11-15 17:12 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-12 00:00 - 2016-11-15 17:12 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-09 00:26 - 2016-12-03 04:29 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Roaming\Messenger for Desktop

==================== Files in the root of some directories =======

2015-10-30 15:36 - 2017-01-07 07:58 - 0065132 _____ () C:\Users\eleanor.stojkova\AppData\Roaming\AbsoluteReminder.xml
2016-11-27 19:51 - 2016-11-27 19:51 - 0076976 _____ () C:\Users\eleanor.stojkova\AppData\Roaming\LoJackSetup.exe
2015-10-30 15:31 - 2017-01-08 12:30 - 1679508 _____ () C:\Users\eleanor.stojkova\AppData\Local\BTServer.log
2014-09-04 17:13 - 2014-09-04 17:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\eleanor.stojkova\AppData\Local\Temp\combase.dll
C:\Users\eleanor.stojkova\AppData\Local\Temp\LenovoExperienceImprovement.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\messengerfordesktop-2.0.1-win32-setup-for-nsis.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\oct42C9.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\oct4647.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\oct53F7.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\oct5F8D.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\oct7B3.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\oct8B85.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\octB2E0.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\octB874.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\octBD3B.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\octD7EC.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\octD7F6.tmp.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-08 05:53

==================== End of FRST.txt ============================
mycity.rs/must-login.png


mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

MBAM izvestaj je prazan. Ponovi proceduru molim za postavljanje MBAM loga (ponovo napravi export loga).

offline
  • Pridružio: 07 Jan 2017
  • Poruke: 6

Uradio. Bas mi je zao sto valjano nisam sacuvao mbam, bilo je cak 287 zarazenih fajlova. Sve sam ih pobrisao. Inace, racunar je za mozda 50% brzi nego sto je bio, a u odnosu na ono sto kontam da bi ovakva konfiguracija trebala da postigne. Jos uvek je spor.
mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Napisano: 08 Jan 2017 22:02

Gledaj, nisam rekao da izvrsis novo skeniranje, vec da ponovo postavis taj izvestaj.

Pokreni MBAM, idi u Reports a zatim izaberi najstariji po datumu Scan Report. Znaci ne noviji vec onaj prvi, najstariji. Taj izvestaj izvuci na desktop.

Dopuna: 08 Jan 2017 22:23

Ok...posto nikako da se dogovorimo za Malwarebytes log, evo ti ostatak instrukcija. Inace, prvi/originalni Malwarebytes log svakako postavi, treba mi uvid u njega. A ovo ce ciljati ostatke...




Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

Start
File: C:\Torrentex\Torrentex.exe

CloseProcesses:
(Uancy RIYRYAJOU) C:\Users\eleanor.stojkova\AppData\Roaming\HPRewriter2\HPWriterSrv3.exe

CreateRestorePoint:
R2 HPWriter Service; C:\Users\eleanor.stojkova\AppData\Roaming\HPRewriter2\HPWriterSrv3.exe [2045424 2016-10-29] (Uancy RIYRYAJOU) [File not signed]

Shortcut: C:\Users\eleanor.stojkova\Desktop\Gооglе Сhrоmе.lnk -> C:\Users\eleanor.stojkova\AppData\Roaming\HPRewriter2\RewRun3.exe (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Users\eleanor.stojkova\AppData\Roaming\HPRewriter2\RewRun3.exe (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Users\eleanor.stojkova\AppData\Roaming\HPRewriter2\RewRun3.exe (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ореrа.lnk -> C:\Users\eleanor.stojkova\AppData\Roaming\HPRewriter2\RewRun3.exe (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk -> C:\Users\eleanor.stojkova\AppData\Roaming\HPRewriter2\RewRun3.exe (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\Ореrа.lnk -> C:\Users\eleanor.stojkova\AppData\Roaming\HPRewriter2\RewRun3.exe (No File) <===== Cyrillic

HKU\S-1-5-21-2000202158-699708774-3916072420-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://startpage-home.com/?s=lenovo&m=start
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2000202158-699708774-3916072420-1001 -> {1F7F9447-3C6F-4C22-B4DF-B247F930BC6C} URL =

GroupPolicy: Restriction - Chrome <======= ATTENTION

Hosts:
C:\Users\eleanor.stojkova\AppData\Roaming\HPRewriter2

EmptyTemp:

Reboot:
End



[*] U okviru Notepad-a klikni na File --> Save As
[*] Pod Encoding izaberi UTF-8.
[*] Fajl nazovi Fixlist i sačuvaj na Desktop
[*] Dvoklikom ponovo pokreni FRST.exe
[*] Klikni na Fix i sačekaj dok program ne završi.
[*] Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
[*] Nakon završetka rada, na Desktop-u bice sacuvan i otvoriće se fixlog.txt, sa sadržajem koji treba da prikacis uz poruku koristeci opciju Prikači fajl

offline
  • Pridružio: 07 Jan 2017
  • Poruke: 6

Druze, izvinjavam se. Sinoc kasno sam video poruku i nisam mogao da se bavim racunarom, bio sam isuvise iznuren. Danas sam radio od 6-18h. Sto se mbam-a tice, nikako ne pokazuje taj prvi, vec samo ovaj poslednji. Probao sam tako kako si rekao i jos drugacije - nema ga. Ako mozes, nakaci se na racunar i pokusaj da sam isceprkas. Bas mi je krivo sto se tako dogodilo. Takodje, uradio sam sve sto si rekao u poslednjoj poruci.
mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Nema veze. Wink

Popravke su izvrsene, reci mi kakva je situacija.

offline
  • Pridružio: 07 Jan 2017
  • Poruke: 6

Napisano: 09 Jan 2017 23:33

Ponasa se znatno bolje. Odaziva se na svaku komandu i nije traljav kao pre. Izuzetno mi smeta taj McAfee, kao i password za admina prilikom starta. Da li to mozes da promenis? I jos, cini mi se da je prenapucan tim Lenovo paketima za sve i svasta. To bi isto valjalo obrisati... Sta mislis?

Dopuna: 09 Jan 2017 23:39

Krenuo sam da brisem programe za koje znam da necu koristiti i pri svakoj deinstalaciji se otvara internet explorer. To se i pre desavalo.

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Druze, u Ambulanti radimo samo na malicioznim programima. Stoga ti ne mogu savetovati da deinstaliras ili obrises legitimni program. Instlairaj CCleaner pa ih iskljuci iz startup-a. Za dalji tuning sistema mozes potraziti savet u Windows forumu ako zelis.



Sledeća procedura će implementirati završno čišćenje.



Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.







Wink

Ko je trenutno na forumu
 

Ukupno su 1023 korisnika na forumu :: 33 registrovanih, 5 sakrivenih i 985 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, BORUTUS, darkangel, Dimitrise93, doktor1964, FileFinder, gorval, ILGromovnik, jackreacher011011, kolle.the.kid, ladro, Leonov, Lošmi, mercedesamg, miodrag, Mixelotti, mocnijogurt, nebkv, Parker, pera bager, Pikac-47, procesor, raptorsi, skvara, Srle993, tmanda323, Trpe Grozni, Tvrtko I, Vlad000, vladulns, yrraf, zlaya011