Molim za provjeru laptopa

Molim za provjeru laptopa

offline
  • Pridružio: 14 Okt 2012
  • Poruke: 3611
  • Gde živiš: Herceg Novi

Pokušala sam da instaliram µTorrent, ali ne ide. U kontrol panelu postoji, a u Program-u Files i Program-u Files (x86) ne postoji. Nešto ne dozvoljava instalaciju, a prilikom deinstalacije sa Revo Uninstaler-om takođe ne može, i on+ prijavljuje grešku.

Skenirala sam laptop sa Avastom (nije ništa našao) i MBAR-om (prijavio 31 potencijalnu prijetnju). U izveštaju se najviše pominje SlimDrivers (instaliran zajedno sa Windowsom).


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2017
Ran by Ljilja (administrator) on LJILJA-PC (27-02-2017 18:49:36)
Running from C:\Users\Ljilja\Desktop
Loaded Profiles: Ljilja (Available Profiles: Ljilja)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-27] (AVAST Software)
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2074189543-3294617753-2427880266-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2074189543-3294617753-2427880266-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-2074189543-3294617753-2427880266-1000\...\Run: [GoogleChromeAutoLaunch_AE2C712981C67602D63C90F9347623AC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
HKU\S-1-5-21-2074189543-3294617753-2427880266-1000\...\MountPoints2: {d3c9111c-be41-11e6-8743-88ae1df86fa6} - F:\AutoRun.exe
HKU\S-1-5-21-2074189543-3294617753-2427880266-1000\...\MountPoints2: {d3c9112a-be41-11e6-8743-88ae1df86fa6} - F:\AutoRun.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-27] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-27] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7C2F006E-707D-4DAE-B310-B95E9C64D750}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9AEC18AF-D4B3-4764-A175-93EC933E0DF6}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avast.com/AV772/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2074189543-3294617753-2427880266-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
HKU\S-1-5-21-2074189543-3294617753-2427880266-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avast.com/AV772/
SearchScopes: HKLM-x32 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKLM-x32 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2074189543-3294617753-2427880266-1000 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2074189543-3294617753-2427880266-1000 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-25] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-27] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-27] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-25] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: z16lxt41.default
FF ProfilePath: C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\z16lxt41.default [2017-02-27]
FF NewTab: Mozilla\Firefox\Profiles\z16lxt41.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\z16lxt41.default -> Avast Search
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\z16lxt41.default -> hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\z16lxt41.default -> Avast Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\z16lxt41.default -> Avast Search
FF Homepage: Mozilla\Firefox\Profiles\z16lxt41.default -> hxxps://search.avast.com/AV772/
FF Keyword.URL: Mozilla\Firefox\Profiles\z16lxt41.default -> hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF Extension: (EHTip) - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\z16lxt41.default\Extensions\ehtip@robertkatic [2017-02-27]
FF Extension: (Dictionary (Google™ Translate) Anywhere) - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\z16lxt41.default\Extensions\jid0-fbHwsGfb6kJyq2hj65KnbGte3yT@jetpack.xpi [2016-12-01]
FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\z16lxt41.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2016-12-01]
FF Extension: (Translate This!) - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\z16lxt41.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2016-12-01]
FF Extension: (uBlock Origin) - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\z16lxt41.default\Extensions\uBlock0@raymondhill.net.xpi [2017-02-27]
FF Extension: (Video DownloadHelper) - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\z16lxt41.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-31]
FF Extension: (Adblock Plus) - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\z16lxt41.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-29]
FF SearchPlugin: C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\z16lxt41.default\searchplugins\avast-search.xml [2017-02-27]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-02-27]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-02-27]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon => not found
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-25] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-09-19] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-09-19] (Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google.me/
CHR StartupUrls: Default -> "hxxp://google.me/","hxxp://www.default-search.net?sid=476&aid=104&itype=n&ver=11471&tm=262&src=hmp","hxxp://www.google.com/"
CHR Profile: C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default [2017-02-27]
CHR Extension: (Google преводилац) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-01-13]
CHR Extension: (Google диск) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-13]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-01-13]
CHR Extension: (YouTube) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-13]
CHR Extension: (Google+) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2017-01-13]
CHR Extension: (AdBlock) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-26]
CHR Extension: (Avast Online Security) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-02-27]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Click&Clean App) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-01-13]
CHR Extension: (Speedtest by Ookla) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2017-01-17]
CHR Extension: (Gmail) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-13]
CHR Extension: (Chrome Media Router) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR Profile: C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-02-26]
CHR Profile: C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-26]
CHR HKU\S-1-5-21-2074189543-3294617753-2427880266-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-02-27] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-27] (AVAST Software)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2015-06-23] (CHENGDU YIWO Tech Development Co., Ltd)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2016-12-09] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309272 2017-02-27] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-02-27] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-02-27] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-02-27] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-02-27] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-02-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126600 2017-02-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-02-27] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-02-27] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [993608 2017-02-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [547904 2017-02-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-02-27] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337592 2017-02-27] (AVAST Software)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2016-12-09] (Bytemobile, Inc.) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-14] ()
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2016-12-09] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3731672 2016-09-16] (Realtek Semiconductor Corporation )
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2017-02-27] (SlimWare Utilities, Inc.)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2016-12-09] (Bytemobile, Inc.) [File not signed]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-27 18:49 - 2017-02-27 18:50 - 00045431 _____ C:\Users\Ljilja\Desktop\FRST.txt
2017-02-27 18:48 - 2017-02-27 18:49 - 00000000 ____D C:\FRST
2017-02-27 18:37 - 2017-02-27 18:37 - 02423296 _____ (Farbar) C:\Users\Ljilja\Desktop\FRST64.exe
2017-02-27 18:32 - 2017-02-27 18:32 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-02-27 18:22 - 2017-02-27 18:33 - 00002840 _____ C:\Windows\System32\Tasks\SlimDrivers Startup
2017-02-27 18:22 - 2017-02-27 18:33 - 00000412 _____ C:\Windows\Tasks\SlimDrivers Startup.job
2017-02-27 18:22 - 2017-02-27 18:22 - 00002483 _____ C:\Users\Public\Desktop\SlimDrivers.lnk
2017-02-27 18:22 - 2017-02-27 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
2017-02-27 18:22 - 2017-02-27 18:22 - 00000000 ____D C:\Program Files (x86)\SlimDrivers
2017-02-27 18:08 - 2017-02-27 18:08 - 00005511 _____ C:\Users\Ljilja\Desktop\mbam_txt.txt
2017-02-27 17:53 - 2017-02-27 17:54 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-27 17:32 - 2017-02-27 17:32 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-02-27 17:20 - 2017-02-27 17:20 - 00000000 ____D C:\Users\Ljilja\AppData\Local\VS Revo Group
2017-02-27 16:17 - 2017-02-27 16:17 - 00002606 _____ C:\Users\Ljilja\Desktop\µTorrent.lnk
2017-02-27 16:16 - 2017-02-27 16:48 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\uTorrent
2017-02-27 15:39 - 2017-02-27 15:39 - 02400960 _____ (BitTorrent Inc.) C:\Users\Ljilja\Downloads\uTorrent.exe
2017-02-27 15:24 - 2017-02-27 16:17 - 00002606 _____ C:\Users\Ljilja\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-02-27 12:47 - 2017-02-27 12:47 - 00000000 ____D C:\Users\Ljilja\AppData\Local\ElevatedDiagnostics
2017-02-26 17:36 - 2017-02-26 17:36 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\AVAST Software
2017-02-26 17:35 - 2017-02-26 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-02-26 17:34 - 2017-02-27 17:37 - 00003894 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1488126880
2017-02-26 17:33 - 2017-02-27 17:33 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-02-26 17:33 - 2017-02-27 17:32 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-02-26 17:33 - 2017-02-27 17:32 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-02-26 17:33 - 2017-02-27 17:32 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-02-26 17:33 - 2017-02-27 17:32 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-02-26 17:33 - 2017-02-26 17:33 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-26 17:32 - 2017-02-27 17:32 - 00126600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-02-26 17:32 - 2017-02-27 17:32 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-02-26 17:32 - 2017-02-27 17:32 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-02-26 17:32 - 2017-02-27 17:31 - 00993608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-02-26 17:32 - 2017-02-27 17:31 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-02-26 17:32 - 2017-02-27 17:30 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-02-26 17:32 - 2017-02-27 17:30 - 00309272 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-02-26 17:32 - 2017-02-27 17:30 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-02-26 17:32 - 2017-02-27 17:30 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-02-26 17:31 - 2017-02-26 17:31 - 00000000 ____D C:\Program Files\AVAST Software
2017-02-26 16:30 - 2017-02-26 16:38 - 283161936 _____ (AVAST Software) C:\Users\Ljilja\Downloads\avast_free_antivirus_setup_offline.exe
2017-02-26 15:32 - 2017-02-26 15:32 - 08347584 _____ (AVAST Software) C:\Users\Ljilja\Desktop\avastclear.exe
2017-02-26 14:44 - 2017-02-26 14:44 - 00000000 ____D C:\ProgramData\VS Revo Group
2017-02-26 14:42 - 2017-02-26 14:43 - 11523496 _____ (VS Revo Group ) C:\Users\Ljilja\Downloads\RevoUninProSetup.exe
2017-02-24 16:20 - 2017-02-24 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2017-02-24 16:20 - 2017-02-24 16:20 - 00000000 ____D C:\Program Files\Defraggler
2017-02-24 16:18 - 2017-02-24 16:18 - 04619752 _____ (Piriform Ltd) C:\Users\Ljilja\Downloads\dfsetup221.exe
2017-02-24 15:56 - 2017-02-24 15:56 - 00008657 _____ C:\Users\Ljilja\AppData\Local\recently-used.xbel
2017-02-24 07:52 - 2017-02-24 07:52 - 00002104 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-02-24 07:52 - 2017-02-24 07:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-02-23 15:28 - 2017-02-23 15:28 - 00000894 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2017-02-23 15:27 - 2017-02-23 15:28 - 00000000 ____D C:\Program Files\GIMP 2
2017-02-23 15:25 - 2017-02-23 18:53 - 00000000 ____D C:\Users\Ljilja\Downloads\najnovija verzija GIMP
2017-02-23 14:27 - 2017-02-23 14:27 - 00003514 _____ C:\Windows\System32\Tasks\{910163FE-FF3B-4E69-8A80-17DEE79D370B}
2017-02-22 17:36 - 2017-02-27 13:40 - 00000000 ____D C:\Users\Ljilja\Downloads\Za GIMP
2017-02-11 23:56 - 2017-02-12 00:38 - 318912029 _____ C:\Users\Ljilja\AppData\Local\ACCCx3_9_5_353.zip.aamdownload
2017-02-11 23:56 - 2017-02-11 23:57 - 00003560 _____ C:\Users\Ljilja\AppData\Local\ACCCx3_9_5_353.zip.aamdownload.aamd
2017-02-11 11:33 - 2017-02-11 11:33 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-02-11 10:54 - 2017-02-20 16:26 - 00001016 _____ C:\Users\Ljilja\Desktop\Adobe Lightroom.lnk
2017-02-11 10:54 - 2017-02-11 10:54 - 00000984 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk
2017-02-11 10:53 - 2017-02-11 11:16 - 00000000 ____D C:\Program Files\Adobe
2017-02-11 10:46 - 2017-02-11 10:46 - 00001494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2017-02-11 10:46 - 2017-02-11 10:46 - 00001482 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2017-02-11 08:41 - 2017-02-27 16:30 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Adobe
2017-02-07 17:11 - 2017-02-07 17:11 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-02-07 17:11 - 2017-02-07 17:11 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-02-06 17:04 - 2017-02-06 17:04 - 00002043 _____ C:\Users\Ljilja\Desktop\CyberLink WaveEditor.lnk
2017-02-06 17:04 - 2017-02-06 17:04 - 00002043 _____ C:\Users\Default\Desktop\CyberLink WaveEditor.lnk
2017-02-06 17:04 - 2017-02-06 17:04 - 00002043 _____ C:\Users\Default User\Desktop\CyberLink WaveEditor.lnk
2017-02-06 17:04 - 2017-02-06 17:04 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor
2017-02-06 17:04 - 2017-02-06 17:04 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor
2017-02-06 17:04 - 2017-02-06 17:04 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor
2017-02-06 17:02 - 2017-02-20 16:26 - 00001151 _____ C:\Users\Public\Desktop\CyberLink PowerDirector.lnk
2017-02-06 17:02 - 2017-02-06 17:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector
2017-02-06 16:16 - 2017-02-06 16:16 - 00380928 _____ C:\Users\Ljilja\Downloads\x4x9ydhx.exe
2017-02-06 15:03 - 2017-02-06 15:03 - 00000000 ____D C:\Users\Public\CyberLink
2017-02-06 15:03 - 2017-02-06 15:03 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\CyberLink
2017-02-06 15:03 - 2017-02-06 15:03 - 00000000 ____D C:\ProgramData\CyberLink
2017-02-06 14:59 - 2017-02-06 14:59 - 00000000 ____D C:\ProgramData\SmartSound Software Inc
2017-02-06 14:59 - 2017-02-06 14:59 - 00000000 ____D C:\ProgramData\eSellerate
2017-02-06 14:59 - 2017-02-06 14:59 - 00000000 ____D C:\Program Files (x86)\SmartSound Software
2017-02-06 14:54 - 2017-02-06 17:00 - 00000000 ____D C:\Program Files\CyberLink
2017-02-06 14:52 - 2017-02-06 14:52 - 00000000 ____D C:\ProgramData\CLSK
2017-02-06 14:49 - 2017-02-06 17:04 - 00000000 ____D C:\Program Files (x86)\CyberLink
2017-02-06 14:47 - 2014-04-24 08:53 - 00000000 ____D C:\Cyberlink_PowerDirector_9.00.3305_Ultra64_Full_Retail-Multilangual + Holidays pack v3
2017-02-06 14:28 - 2017-02-06 14:29 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Viber
2017-02-06 13:39 - 2017-02-06 13:39 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\Netscape
2017-02-06 13:38 - 2017-02-06 13:38 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\Photodex
2017-02-04 21:32 - 2017-02-04 21:32 - 00000000 ____D C:\ProgramData\Samsung
2017-02-04 19:56 - 2017-02-04 19:56 - 00000000 ____D C:\Users\Ljilja\AppData\LocalLow\Google
2017-02-04 15:11 - 2017-02-04 15:11 - 02865917 _____ C:\Users\Ljilja\Desktop\puž.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-27 18:41 - 2009-07-14 05:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-27 18:41 - 2009-07-14 05:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-27 18:33 - 2016-09-16 16:03 - 00016056 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2017-02-27 18:32 - 2016-09-17 19:52 - 00000000 ____D C:\ProgramData\MCShield
2017-02-27 18:31 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-27 18:30 - 2016-09-16 16:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-27 18:14 - 2016-09-16 17:04 - 00000000 ____D C:\Windows\PCHEALTH
2017-02-27 17:46 - 2016-09-16 17:35 - 00001139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-27 17:26 - 2016-09-16 18:12 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\Skype
2017-02-27 17:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-02-27 16:33 - 2016-12-26 21:02 - 00000000 ____D C:\Users\Ljilja\Desktop\Originals
2017-02-27 15:41 - 2016-11-30 17:57 - 00000000 ____D C:\Users\Ljilja\AppData\LocalLow\Mozilla
2017-02-27 15:00 - 2016-09-17 20:34 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\PhotoScape
2017-02-27 14:20 - 2016-10-21 16:25 - 00030720 ____H C:\Users\Ljilja\Desktop\photothumb.db
2017-02-27 12:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-27 12:44 - 2017-01-13 16:11 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-26 14:56 - 2016-10-29 14:20 - 00000000 ____D C:\Users\Ljilja\AppData\Local\CrashDumps
2017-02-24 15:56 - 2016-11-08 18:00 - 00000000 ____D C:\Users\Ljilja\AppData\Local\gtk-2.0
2017-02-24 15:56 - 2016-09-18 08:37 - 00000000 ____D C:\Users\Ljilja\.gimp-2.8
2017-02-24 07:52 - 2016-09-16 17:43 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-23 15:36 - 2016-11-30 07:28 - 00000000 ____D C:\Windows\system32\MRT
2017-02-23 15:33 - 2015-07-18 23:46 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-23 15:31 - 2016-09-16 17:22 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-23 11:19 - 2016-11-08 18:00 - 00000000 ____D C:\Users\Ljilja\.thumbnails
2017-02-23 09:43 - 2016-09-16 17:42 - 00000000 ____D C:\ProgramData\Skype
2017-02-20 12:17 - 2017-01-13 16:20 - 00003894 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1484320810
2017-02-15 15:31 - 2016-09-16 16:59 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-15 15:31 - 2016-09-16 16:59 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 15:31 - 2016-09-16 16:59 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-15 15:31 - 2016-09-16 16:59 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-15 15:31 - 2016-09-16 16:59 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-11 07:35 - 2009-07-14 06:08 - 00032614 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-08 19:48 - 2016-11-30 17:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-08 13:46 - 2016-12-26 17:52 - 00000000 ____D C:\ProgramData\TEMP
2017-02-08 13:34 - 2016-11-28 18:17 - 00000069 _____ C:\Windows\NeroDigital.ini
2017-02-08 12:34 - 2009-07-14 06:13 - 00787694 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-07 17:11 - 2016-11-30 13:01 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-02-07 07:55 - 2017-01-13 15:44 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 17:44 - 2016-09-17 19:38 - 00000000 ____D C:\Users\Ljilja\Documents\ViberDownloads
2017-02-06 17:43 - 2016-09-16 18:35 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\ViberPC
2017-02-06 17:04 - 2016-09-16 16:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-06 15:56 - 2016-09-16 15:45 - 00114384 _____ C:\Users\Ljilja\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-06 15:53 - 2009-07-14 05:45 - 00420128 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-06 13:39 - 2016-09-16 18:08 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\Mozilla
2017-02-03 19:22 - 2016-09-16 17:42 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-01 15:50 - 2015-07-18 14:39 - 00801192 ____N C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2016-11-14 12:56 - 2014-12-04 16:44 - 16061256 _____ (SAMSUNG Electronics Co., Ltd.) C:\Program Files\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
2017-02-11 23:56 - 2017-02-12 00:38 - 318912029 _____ () C:\Users\Ljilja\AppData\Local\ACCCx3_9_5_353.zip.aamdownload
2017-02-11 23:56 - 2017-02-11 23:57 - 0003560 _____ () C:\Users\Ljilja\AppData\Local\ACCCx3_9_5_353.zip.aamdownload.aamd
2017-02-24 15:56 - 2017-02-24 15:56 - 0008657 _____ () C:\Users\Ljilja\AppData\Local\recently-used.xbel
2016-09-16 16:21 - 2016-09-16 16:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-02-27 16:30 - 2014-09-08 14:10 - 2414760 _____ (Adobe Systems Incorporated) C:\Users\Ljilja\AppData\Local\Temp\AdobeApplicationManager.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-23 09:39

==================== End of FRST.txt ============================


https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

U izvještajima ne vidim ništa sporno no da obavimo još jednu provjeru.



Preuzmi Zemana AntiMalware i sacuvaj ga na Deskop.


Arrow Kada preuzimanje bude zavrseno:

Dvoklikom pokreni instalaciju i prati uputstva. Instalacija je standardna bez ikakvih dodatnih opcija.
Nakon instalacije, program ce se automatski pokrenuti i sada je potrebno klikniti na Scan.
Kada se skeniranje zavrsi, klikni Next kako bi uklonio sve pronadjene stavke.
Ako ti zatrazi da restartujes racunar, klikni na Reboot.
Ukoliko je racunar ozbiljno inficiran, nakon restarta ce uslediti jos jedno skeniranje.


Arrow Nakon toga, potrebno je da dostavis izvestaj/e:

Na tastaturi pritisni + R u isto vreme.
Kopiraj sledecu komandu i potvrdi sa OK:
%USERPROFILE%\AppData\Local\Zemana\Zemana AntiMalware\reports
Najnovji izvestaj/e kopiraj na Deskop, a zatim ga prikaci u sledecoj poruci.

offline
  • Pridružio: 14 Okt 2012
  • Poruke: 3611
  • Gde živiš: Herceg Novi

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

To bi bilo to, nisi imala aktivnu infekciju.

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

offline
  • Pridružio: 14 Okt 2012
  • Poruke: 3611
  • Gde živiš: Herceg Novi

Sass Drake, hvala velika!

Ko je trenutno na forumu
 

Ukupno su 1042 korisnika na forumu :: 32 registrovanih, 5 sakrivenih i 1005 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Petar, AleksSE, Andrija357, Arahne, Asparagus, Brana01, Cassius Clay, cvrle312, dankisha, draganca, Duh sa sekirom, ivan1973, krangovotelo, Kruger, Leonov, maCvele, Marko Marković, milimoj, Milos ZA, Milos82, miodrag, mkukoleca, NoOneEver Dreams, sevenino, skvara, Stoilkovic, suton, Toper, vasa.93, VJ, Vlada78, vukdra