Izgleda da je virus?

Izgleda da je virus?

offline
  • Pridružio: 25 Apr 2012
  • Poruke: 143

Napisano: 08 Dec 2015 9:40

Programi i dokumenta mi se otvaraju preko jednog programa?



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-12-2015
Ran by USER (administrator) on USER-PC (08-12-2015 09:36:49)
Running from C:\Users\USER\Desktop
Loaded Profiles: USER (Available Profiles: USER)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Swearware) C:\Users\USER\Desktop\Adw cleaneri\ComboFix.exe
(Swearware) C:\Users\USER\Desktop\Adw cleaneri\ComboFix.exe
(Swearware) C:\Users\USER\Desktop\Adw cleaneri\ComboFix.exe
(Swearware) C:\Users\USER\Desktop\Adw cleaneri\ComboFix.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-11] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-3345264416-2506394193-1830772125-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50137728 2015-11-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3345264416-2506394193-1830772125-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-3345264416-2506394193-1830772125-1000\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-3345264416-2506394193-1830772125-1000\...\MountPoints2: F - F:\SISetup.exe
HKU\S-1-5-21-3345264416-2506394193-1830772125-1000\...\MountPoints2: {f67d0e0e-99a5-11e5-82c6-001c26d60255} - F:\SISetup.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-09-21] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.100.219
Tcpip\..\Interfaces\{2A602D36-E577-4306-A071-E4C74BDBCA43}: [DhcpNameServer] 192.168.100.219

Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-07] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-21] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-07] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\eigmhogd.default
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-07] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-21] [not signed]

Chrome:
=======
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-05]
CHR Extension: (Google Drive) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-05]
CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-05]
CHR Extension: (Google Search) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-05]
CHR Extension: (Google Docs Offline) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-05]
CHR Extension: (Avast Online Security) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-05]
CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-05]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-21] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3219136 2015-09-21] (Avast Software)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-09-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-09-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-09-21] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-09-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [794952 2015-11-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [435464 2015-11-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [115640 2015-09-21] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-09-21] (AVAST Software)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [107984 2015-09-21] (AVAST Software)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-09-21] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-08 09:36 - 2015-12-08 09:37 - 00010275 _____ C:\Users\USER\Desktop\FRST.txt
2015-12-08 09:36 - 2015-12-08 09:36 - 00000000 ____D C:\FRST
2015-12-08 09:36 - 2015-12-08 09:35 - 01719808 _____ (Farbar) C:\Users\USER\Desktop\FRST.exe
2015-12-08 09:35 - 2015-12-08 09:35 - 01719808 _____ (Farbar) C:\Users\USER\Downloads\FRST.exe
2015-12-08 09:25 - 2015-12-08 09:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard
2015-12-08 09:25 - 2015-12-08 09:25 - 00000000 ____D C:\Program Files\EaseUS
2015-12-08 09:25 - 2015-12-08 09:23 - 13916256 _____ (EaseUS ) C:\Users\USER\Desktop\drw_free.exe
2015-12-08 09:24 - 2015-12-08 09:24 - 00000000 ____D C:\Windows\ERUNT
2015-12-07 16:54 - 2015-12-07 16:54 - 00000000 ____D C:\Program Files\Common Files\Java
2015-12-07 16:51 - 2015-12-08 09:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-07 16:51 - 2015-12-07 16:51 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-07 16:51 - 2015-12-07 16:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-07 16:48 - 2015-12-07 16:48 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-07 16:44 - 2015-12-07 16:44 - 00000000 ____D C:\Users\USER\AppData\Local\factormystic.net
2015-12-07 16:41 - 2015-12-07 16:41 - 00000000 ____D C:\Windows\pss
2015-12-07 16:39 - 2015-12-07 16:40 - 00000000 ____D C:\Users\USER\Desktop\DefaultProgramsEditor
2015-12-07 16:15 - 2015-12-08 09:32 - 00000000 ____D C:\Users\USER\Desktop\Adw cleaneri
2015-12-05 22:38 - 2015-12-05 22:38 - 00009588 _____ C:\Users\USER\how_recover+kxh.html
2015-12-05 22:38 - 2015-12-05 22:38 - 00009588 _____ C:\Users\USER\Downloads\how_recover+kxh.html
2015-12-05 22:38 - 2015-12-05 22:38 - 00009588 _____ C:\Users\USER\Documents\how_recover+kxh.html
2015-12-05 22:38 - 2015-12-05 22:38 - 00002777 _____ C:\Users\USER\how_recover+kxh.txt
2015-12-05 22:38 - 2015-12-05 22:38 - 00002777 _____ C:\Users\USER\Downloads\how_recover+kxh.txt
2015-12-05 22:38 - 2015-12-05 22:38 - 00002777 _____ C:\Users\USER\Documents\how_recover+kxh.txt
2015-12-05 22:37 - 2015-12-05 22:37 - 00009588 _____ C:\Users\USER\AppData\Roaming\how_recover+kxh.html
2015-12-05 22:37 - 2015-12-05 22:37 - 00009588 _____ C:\Users\USER\AppData\how_recover+kxh.html
2015-12-05 22:37 - 2015-12-05 22:37 - 00002777 _____ C:\Users\USER\AppData\Roaming\how_recover+kxh.txt
2015-12-05 22:37 - 2015-12-05 22:37 - 00002777 _____ C:\Users\USER\AppData\how_recover+kxh.txt
2015-12-05 22:34 - 2015-12-05 22:38 - 00009588 _____ C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+kxh.html
2015-12-05 22:34 - 2015-12-05 22:38 - 00002777 _____ C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+kxh.txt
2015-12-05 22:34 - 2015-12-05 22:34 - 00009588 _____ C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+kxh.html
2015-12-05 22:34 - 2015-12-05 22:34 - 00009588 _____ C:\Users\USER\AppData\LocalLow\how_recover+kxh.html
2015-12-05 22:34 - 2015-12-05 22:34 - 00002777 _____ C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+kxh.txt
2015-12-05 22:34 - 2015-12-05 22:34 - 00002777 _____ C:\Users\USER\AppData\LocalLow\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:38 - 00009588 _____ C:\Users\USER\AppData\Local\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:38 - 00009588 _____ C:\Users\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:38 - 00006654 _____ C:\Users\USER\Downloads\doc_h3420r2p3s (2).zip.vvv
2015-12-05 22:32 - 2015-12-05 22:38 - 00006654 _____ C:\Users\USER\Downloads\doc_h3420r2p3s (1).zip.vvv
2015-12-05 22:32 - 2015-12-05 22:38 - 00002777 _____ C:\Users\USER\AppData\Local\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:38 - 00002777 _____ C:\Users\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:32 - 00009588 _____ C:\Users\Public\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:32 - 00009588 _____ C:\Users\Public\Downloads\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:32 - 00009588 _____ C:\Users\Public\Documents\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:32 - 00009588 _____ C:\Users\Default\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:32 - 00009588 _____ C:\Users\Default\Downloads\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:32 - 00009588 _____ C:\Users\Default\Documents\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:32 - 00009588 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:32 - 00009588 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:32 - 00009588 _____ C:\Users\Default\AppData\Roaming\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:32 - 00009588 _____ C:\Users\Default\AppData\Local\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:32 - 00009588 _____ C:\Users\Default\AppData\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:32 - 00009588 _____ C:\Users\Default User\Downloads\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:32 - 00009588 _____ C:\Users\Default User\Documents\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:32 - 00009588 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:32 - 00009588 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:32 - 00009588 _____ C:\Users\Default User\AppData\Roaming\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:32 - 00009588 _____ C:\Users\Default User\AppData\Local\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:32 - 00009588 _____ C:\Users\Default User\AppData\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:32 - 00009588 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:32 - 00009588 _____ C:\ProgramData\Microsoft\Windows\Start Menu\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:32 - 00009588 _____ C:\ProgramData\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:32 - 00002777 _____ C:\Users\Public\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:32 - 00002777 _____ C:\Users\Public\Downloads\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:32 - 00002777 _____ C:\Users\Public\Documents\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:32 - 00002777 _____ C:\Users\Default\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:32 - 00002777 _____ C:\Users\Default\Downloads\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:32 - 00002777 _____ C:\Users\Default\Documents\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:32 - 00002777 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:32 - 00002777 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:32 - 00002777 _____ C:\Users\Default\AppData\Roaming\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:32 - 00002777 _____ C:\Users\Default\AppData\Local\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:32 - 00002777 _____ C:\Users\Default\AppData\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:32 - 00002777 _____ C:\Users\Default User\Downloads\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:32 - 00002777 _____ C:\Users\Default User\Documents\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:32 - 00002777 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:32 - 00002777 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:32 - 00002777 _____ C:\Users\Default User\AppData\Roaming\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:32 - 00002777 _____ C:\Users\Default User\AppData\Local\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:32 - 00002777 _____ C:\Users\Default User\AppData\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:32 - 00002777 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:32 - 00002777 _____ C:\ProgramData\Microsoft\Windows\Start Menu\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:32 - 00002777 _____ C:\ProgramData\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:32 - 00000254 _____ C:\Users\USER\Documents\recover_file_nupljxeey.txt
2015-12-05 22:31 - 2015-12-05 22:38 - 00006654 _____ C:\Users\USER\Downloads\doc_h3420r2p3s.zip.vvv
2015-12-05 11:58 - 2015-12-05 22:37 - 00021358 _____ C:\Users\USER\Desktop\EVROPA O SAUDIJCIMA.docx.vvv
2015-12-03 16:40 - 2015-12-03 16:40 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_mvusbews_01009.Wdf
2015-12-03 16:09 - 2010-04-29 00:49 - 00046592 _____ C:\Windows\system32\HPM1210SMs.dll
2015-12-03 16:08 - 2010-03-31 11:50 - 01167360 _____ C:\Windows\system32\HPM1210SM.exe
2015-12-03 16:03 - 2015-12-05 22:34 - 00000000 ____D C:\Users\USER\AppData\Roaming\HP
2015-12-03 15:31 - 2015-12-03 15:32 - 00599733 _____ C:\Users\USER\Downloads\referat (2).swf
2015-12-03 15:31 - 2015-12-03 15:31 - 00599733 _____ C:\Users\USER\Downloads\referat (3).swf
2015-12-03 15:05 - 2015-12-03 15:07 - 02461139 _____ C:\Users\USER\Downloads\doktorat (2).swf
2015-12-03 15:05 - 2015-12-03 15:06 - 02461139 _____ C:\Users\USER\Downloads\doktorat (3).swf
2015-12-03 15:05 - 2015-12-03 15:05 - 00599733 _____ C:\Users\USER\Downloads\referat.swf
2015-12-03 15:05 - 2015-12-03 15:05 - 00599733 _____ C:\Users\USER\Downloads\referat (1).swf
2015-12-03 15:04 - 2015-12-05 22:38 - 00287310 _____ C:\Users\USER\Downloads\Veselin_Konatar_tema_dopuna_FB (1).pdf.vvv
2015-12-03 14:56 - 2015-12-03 14:56 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-03 11:34 - 2015-12-03 11:36 - 01190616 _____ (Adobe Systems Incorporated) C:\Users\USER\Downloads\flashplayer19pp_da_install (1).exe
2015-12-03 11:23 - 2015-12-03 11:29 - 02461139 _____ C:\Users\USER\Downloads\doktorat.swf
2015-12-03 11:23 - 2015-12-03 11:23 - 02461139 _____ C:\Users\USER\Downloads\doktorat (1).swf
2015-12-02 23:04 - 2015-12-05 22:37 - 01452702 _____ C:\Users\USER\Desktop\20151202-161526.pdf.vvv
2015-12-02 23:01 - 2015-12-05 22:38 - 01452702 _____ C:\Users\USER\Downloads\20151202-161526.pdf.vvv
2015-11-19 00:20 - 2015-12-05 22:38 - 04680414 _____ C:\Users\USER\Downloads\ò(ïðàêò)1.pdf.vvv
2015-11-19 00:18 - 2015-12-05 22:38 - 02280110 _____ C:\Users\USER\Downloads\diplomatica_02_2010.pdf.vvv
2015-11-18 23:56 - 2015-12-05 22:38 - 00373886 _____ C:\Users\USER\Downloads\нато_в_украине_секретные_материалы.pdf.vvv
2015-11-18 20:51 - 2015-12-05 22:38 - 01618686 _____ C:\Users\USER\Downloads\путин_буш_и_война_в_ираке.pdf.vvv
2015-11-18 20:10 - 2015-12-05 22:38 - 01931982 _____ C:\Users\USER\Downloads\leonid-mlechin.pdf.vvv
2015-11-18 20:10 - 2015-12-05 22:38 - 00616350 _____ C:\Users\USER\Downloads\Млечин Леонид Как Брежнев сменил Хрущева. Тайная история дворцового переворота (2014) (1).zip.vvv
2015-11-18 20:09 - 2015-12-05 22:38 - 00616350 _____ C:\Users\USER\Downloads\Млечин Леонид Как Брежнев сменил Хрущева. Тайная история дворцового переворота (2014).zip.vvv
2015-11-18 20:09 - 2015-12-05 22:37 - 00000000 ____D C:\Users\USER\AppData\Roaming\WinRAR
2015-11-11 21:51 - 2015-12-05 22:38 - 02942766 _____ C:\Users\USER\Downloads\BILDERBERG KLUB (2).pdf.vvv
2015-11-11 21:46 - 2015-12-05 22:38 - 02942766 _____ C:\Users\USER\Downloads\BILDERBERG KLUB.pdf.vvv
2015-11-11 21:46 - 2015-12-05 22:38 - 02942766 _____ C:\Users\USER\Downloads\BILDERBERG KLUB (1).pdf.vvv

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-08 09:37 - 2015-09-21 13:43 - 00000000 ____D C:\Users\USER\AppData\Roaming\Skype
2015-12-08 09:36 - 2009-07-14 03:37 - 00000000 ____D C:\Windows
2015-12-08 09:33 - 2015-09-21 13:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-08 09:25 - 2010-11-20 22:01 - 00785302 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-08 09:25 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2015-12-08 09:24 - 2015-09-21 13:12 - 00000000 ____D C:\ProgramData\MCShield
2015-12-08 09:08 - 2009-07-14 05:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-08 09:08 - 2009-07-14 05:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-08 09:00 - 2015-09-21 12:55 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-08 09:00 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-07 19:58 - 2015-09-21 12:57 - 00000000 ____D C:\ProgramData\Oracle
2015-12-07 19:58 - 2015-09-21 12:55 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-07 16:55 - 2015-09-21 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-07 16:55 - 2015-09-21 12:57 - 00000000 ____D C:\Program Files\Java
2015-12-07 16:54 - 2015-09-21 12:57 - 00000000 ____D C:\Users\USER\.oracle_jre_usage
2015-12-07 16:53 - 2015-09-21 12:57 - 00095840 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-12-07 16:12 - 2015-09-21 12:55 - 00000000 ____D C:\Users\USER\AppData\Local\Google
2015-12-06 10:05 - 2011-04-12 03:24 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-12-06 00:22 - 2015-09-21 12:56 - 00000000 ____D C:\Users\USER\AppData\Roaming\Adobe
2015-12-05 22:46 - 2015-09-21 12:56 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-05 22:38 - 2015-11-06 15:05 - 00269102 _____ C:\Users\USER\Desktop\билдерберг клуб.docx.vvv
2015-12-05 22:38 - 2015-11-03 16:04 - 01959070 _____ C:\Users\USER\Downloads\забытая_трагедия_россия_в_первой_мировой_войне (1).pdf.vvv
2015-12-05 22:38 - 2015-11-03 15:59 - 01770062 _____ C:\Users\USER\Downloads\Seyiers_M._Tayinaya_Voyina_Protiv_So.a6.pdf.vvv
2015-12-05 22:38 - 2015-11-03 15:56 - 01959070 _____ C:\Users\USER\Downloads\забытая_трагедия_россия_в_первой_мировой_войне.pdf.vvv
2015-12-05 22:38 - 2015-11-03 15:50 - 01851694 _____ C:\Users\USER\Downloads\a.pdf.vvv
2015-12-05 22:38 - 2015-11-02 17:05 - 00018334 _____ C:\Users\USER\Downloads\kultura_028_14.pdf.vvv
2015-12-05 22:38 - 2015-11-02 16:27 - 00000000 ____D C:\Users\USER\Desktop\RUSKE KNJIGE
2015-12-05 22:38 - 2015-11-02 16:03 - 06407102 _____ C:\Users\USER\Downloads\Колобов О.А. (под об. ред.) Внешняя политика Соединенных Штатов Америки- принципы формирования и закономерности реализации. Том 1 (3).pdf.vvv
2015-12-05 22:38 - 2015-11-02 16:03 - 06407102 _____ C:\Users\USER\Downloads\Колобов О.А. (под об. ред.) Внешняя политика Соединенных Штатов Америки- принципы формирования и закономерности реализации. Том 1 (2).pdf.vvv
2015-12-05 22:38 - 2015-11-02 16:01 - 06407102 _____ C:\Users\USER\Downloads\Колобов О.А. (под об. ред.) Внешняя политика Соединенных Штатов Америки- принципы формирования и закономерности реализации. Том 1 (1).pdf.vvv
2015-12-05 22:38 - 2015-11-02 16:00 - 06407102 _____ C:\Users\USER\Downloads\Колобов О.А. (под об. ред.) Внешняя политика Соединенных Штатов Америки- принципы формирования и закономерности реализации. Том 1.pdf.vvv
2015-12-05 22:38 - 2015-11-02 15:06 - 01328046 _____ C:\Users\USER\Downloads\O.A.Platonov_-_Epoha_Stalina.pdf.vvv
2015-12-05 22:38 - 2015-11-02 15:04 - 01566958 _____ C:\Users\USER\Downloads\бич_божий_величие_и_трагедия_сталина.pdf.vvv
2015-12-05 22:38 - 2015-11-02 14:57 - 01937646 _____ C:\Users\USER\Downloads\Алексиевич Светлана Цинковые мальчики (2006).pdf.vvv
2015-12-05 22:38 - 2015-11-02 14:56 - 21535310 _____ C:\Users\USER\Downloads\Леонтьев М. Большая игра. Британская империя против России и СССР (2012).pdf.vvv
2015-12-05 22:38 - 2015-11-01 13:02 - 00670990 _____ C:\Users\USER\Downloads\теория_заговора_тайны_и_сенсации.pdf.vvv
2015-12-05 22:38 - 2015-11-01 12:52 - 00133550 _____ C:\Users\USER\Downloads\NAUCNI SKUP 2015..doc.vvv
2015-12-05 22:38 - 2015-11-01 12:52 - 00133550 _____ C:\Users\USER\Downloads\NAUCNI SKUP 2015. (3).doc.vvv
2015-12-05 22:38 - 2015-11-01 12:52 - 00133550 _____ C:\Users\USER\Downloads\NAUCNI SKUP 2015. (2).doc.vvv
2015-12-05 22:38 - 2015-11-01 12:52 - 00133550 _____ C:\Users\USER\Downloads\NAUCNI SKUP 2015. (1).doc.vvv
2015-12-05 22:38 - 2015-11-01 12:46 - 02827694 _____ C:\Users\USER\Downloads\_panarin_a_s_filosofiya_politiki.doc.vvv
2015-12-05 22:38 - 2015-10-31 10:22 - 00107790 _____ C:\Users\USER\Downloads\AGENDA EDUKATIVNE TRIBINE 1.docx.vvv
2015-12-05 22:38 - 2015-10-27 18:34 - 05673646 _____ C:\Users\USER\Desktop\SVETLANA.JPG.vvv
2015-12-05 22:38 - 2015-10-27 17:57 - 00000590 ____H C:\Users\USER\Desktop\~$JE KNJIGE.doc.vvv
2015-12-05 22:38 - 2015-10-20 21:26 - 00287310 _____ C:\Users\USER\Downloads\Veselin_Konatar_tema_dopuna_FB.pdf.vvv
2015-12-05 22:38 - 2015-10-20 12:07 - 00062894 _____ C:\Users\USER\Downloads\BIOGRAFIJA (3).doc.vvv
2015-12-05 22:38 - 2015-10-20 11:13 - 00062894 _____ C:\Users\USER\Downloads\BIOGRAFIJA (2).doc.vvv
2015-12-05 22:38 - 2015-10-20 11:12 - 00062894 _____ C:\Users\USER\Downloads\BIOGRAFIJA (1).doc.vvv
2015-12-05 22:38 - 2015-10-13 13:50 - 00062894 _____ C:\Users\USER\Downloads\BIOGRAFIJA.doc.vvv
2015-12-05 22:38 - 2015-10-13 12:03 - 00000000 ____D C:\Users\USER\Desktop\ОБЈАВЉЕНИ РАДОВИ
2015-12-05 22:38 - 2015-10-13 12:01 - 00947838 _____ C:\Users\USER\Downloads\PROGRAM (3).pdf.vvv
2015-12-05 22:38 - 2015-10-13 11:53 - 00947838 _____ C:\Users\USER\Downloads\PROGRAM (2).pdf.vvv
2015-12-05 22:38 - 2015-10-13 11:49 - 00947838 _____ C:\Users\USER\Downloads\PROGRAM (1).pdf.vvv
2015-12-05 22:38 - 2015-10-13 11:48 - 00947838 _____ C:\Users\USER\Downloads\PROGRAM.pdf.vvv
2015-12-05 22:38 - 2015-10-13 11:33 - 00063262 _____ C:\Users\USER\Downloads\strana.pdf.vvv
2015-12-05 22:38 - 2015-10-10 23:20 - 00149422 _____ C:\Users\USER\Downloads\2015 XXI C&I - Grand Priory of Bulgaria Program (accreditation and accomodation).pdf.vvv
2015-12-05 22:38 - 2015-09-29 10:03 - 00030638 _____ C:\Users\USER\Downloads\Prilog 3 - Izjava_o_koriscenju.doc.vvv
2015-12-05 22:38 - 2015-09-29 10:03 - 00021422 _____ C:\Users\USER\Downloads\Obrazac_naslovne_strane_disertacije - srpski - cirilica.doc.vvv
2015-12-05 22:38 - 2015-09-24 21:44 - 00000000 ____D C:\Users\USER\Tracing
2015-12-05 22:38 - 2015-09-21 13:16 - 00000000 ____D C:\Users\USER\Office 2007
2015-12-05 22:37 - 2015-11-02 14:54 - 13730174 _____ C:\Users\USER\Desktop\BILDERBERG KLUB.pdf.vvv
2015-12-05 22:37 - 2015-11-01 21:31 - 00039566 _____ C:\Users\USER\Desktop\BIBLIOGLOBUS - KNJIGE.docx.vvv
2015-12-05 22:37 - 2015-10-27 18:24 - 06034894 _____ C:\Users\USER\Desktop\DSC_0747.JPG.vvv
2015-12-05 22:37 - 2015-10-27 18:22 - 05225134 _____ C:\Users\USER\Desktop\DSC_0703.JPG.vvv
2015-12-05 22:37 - 2015-10-27 18:22 - 05133054 _____ C:\Users\USER\Desktop\DSC_0701.JPG.vvv
2015-12-05 22:37 - 2015-10-27 18:09 - 05177486 _____ C:\Users\USER\Desktop\DSC_0043.JPG.vvv
2015-12-05 22:37 - 2015-10-27 18:05 - 02574222 _____ C:\Users\USER\Desktop\21.Demokratija.pdf.vvv
2015-12-05 22:37 - 2015-10-27 17:53 - 02117038 _____ C:\Users\USER\Desktop\MOJE KNJIGE.doc.vvv
2015-12-05 22:37 - 2015-10-20 21:43 - 00191438 _____ C:\Users\USER\Desktop\matica srpska 3.jpg.vvv
2015-12-05 22:37 - 2015-10-20 21:08 - 00046910 _____ C:\Users\USER\Desktop\MATICA SRPSKA 2.jpg.vvv
2015-12-05 22:37 - 2015-10-20 21:06 - 00574814 ____R C:\Users\USER\Desktop\MATICA SRPSKA.jpg.vvv
2015-12-05 22:37 - 2015-09-29 18:30 - 01554542 ____R C:\Users\USER\Desktop\Ostrovskiyi_V._Mossad_Putem_Obmana_Razob.a6.pdf.vvv
2015-12-05 22:37 - 2015-09-29 13:45 - 01367822 _____ C:\Users\USER\Desktop\KGB PROTIV SSSR - Copy.docx.vvv
2015-12-05 22:37 - 2015-09-26 11:29 - 01264942 _____ C:\Users\USER\Desktop\KGB PROTIV SSSR.docx.vvv
2015-12-05 22:37 - 2015-09-21 12:59 - 00000000 ____D C:\Users\USER\AppData\Roaming\Winamp
2015-12-05 22:37 - 2015-09-21 12:57 - 00000000 ____D C:\Users\USER\AppData\Roaming\Sun
2015-12-05 22:34 - 2015-10-27 18:38 - 00000000 ____D C:\Users\USER\AppData\Roaming\MPC-HC
2015-12-05 22:34 - 2015-09-29 13:43 - 00000000 ____D C:\Users\USER\AppData\LocalLow\Adobe
2015-12-05 22:34 - 2015-09-21 16:25 - 00000000 ____D C:\Users\USER\AppData\Roaming\Opera Software
2015-12-05 22:34 - 2015-09-21 16:20 - 00000000 ____D C:\Users\USER\AppData\Roaming\Mozilla
2015-12-05 22:34 - 2015-09-21 13:43 - 00000000 ____D C:\Users\USER\AppData\Local\Skype
2015-12-05 22:34 - 2015-09-21 13:32 - 00000000 ____D C:\Users\USER\AppData\Roaming\AVAST Software
2015-12-05 22:34 - 2015-09-21 13:02 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2015-12-05 22:34 - 2015-09-21 12:58 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-12-05 22:34 - 2015-09-21 12:57 - 00000000 ____D C:\Users\USER\AppData\LocalLow\Sun
2015-12-05 22:34 - 2015-09-21 12:57 - 00000000 ____D C:\Users\USER\AppData\LocalLow\Oracle
2015-12-05 22:34 - 2015-09-21 12:56 - 00000000 ____D C:\Users\USER\AppData\Roaming\Macromedia
2015-12-05 22:34 - 2015-09-21 00:29 - 00000000 ____D C:\Users\USER\AppData\Roaming\Media Center Programs
2015-12-05 22:34 - 2015-09-21 00:29 - 00000000 ____D C:\Users\USER\AppData\Local\VirtualStore
2015-12-05 22:33 - 2015-09-21 16:25 - 00000000 ____D C:\Users\USER\AppData\Local\Opera Software
2015-12-05 22:33 - 2015-09-21 16:20 - 00000000 ____D C:\Users\USER\AppData\Local\Mozilla
2015-12-05 22:33 - 2015-09-21 13:17 - 00000000 ____D C:\Users\USER\AppData\Local\Microsoft Help
2015-12-05 22:32 - 2015-10-13 10:29 - 00000000 ____D C:\Users\USER\AppData\Local\ElevatedDiagnostics
2015-12-05 22:32 - 2015-09-21 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-12-05 22:32 - 2015-09-21 13:29 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-05 22:32 - 2015-09-21 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-12-05 22:32 - 2015-09-21 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-12-05 22:32 - 2015-09-21 13:17 - 00000000 __RHD C:\MSOCache
2015-12-05 22:32 - 2015-09-21 13:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-05 22:32 - 2015-09-21 13:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2015-12-05 22:32 - 2015-09-21 13:02 - 00000000 ____D C:\KMPlayer
2015-12-05 22:32 - 2015-09-21 13:01 - 00000000 ____D C:\ProgramData\Skype
2015-12-05 22:32 - 2015-09-21 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-05 22:32 - 2015-09-21 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-12-05 22:32 - 2015-09-21 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-12-05 22:32 - 2015-09-21 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-12-05 22:32 - 2015-09-21 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-12-05 22:32 - 2015-09-21 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2015-12-05 22:32 - 2015-09-21 12:56 - 00000000 ____D C:\Users\USER\AppData\Local\Adobe
2015-12-05 22:32 - 2015-09-21 12:56 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-12-05 22:32 - 2015-09-21 12:56 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-12-05 22:32 - 2015-09-21 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-05 22:32 - 2015-09-21 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-05 22:32 - 2015-09-21 12:56 - 00000000 ____D C:\ProgramData\Adobe
2015-12-05 22:32 - 2011-04-12 03:24 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2015-12-05 22:32 - 2011-04-12 03:24 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2015-12-05 22:32 - 2009-07-14 05:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-05 22:32 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-05 22:32 - 2009-07-14 03:37 - 00000000 ____D C:\PerfLogs
2015-12-03 16:04 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-02 23:37 - 2015-09-21 12:54 - 00000000 ____D C:\Program Files\Opera
2015-11-24 16:50 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2015-11-11 22:33 - 2015-09-21 13:02 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-11 22:33 - 2015-09-21 13:02 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-11 21:50 - 2015-09-21 13:31 - 00794952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-11-11 21:50 - 2015-09-21 13:31 - 00435464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

==================== Files in the root of some directories =======

2015-12-05 22:37 - 2015-12-05 22:37 - 0009588 _____ () C:\Users\USER\AppData\Roaming\how_recover+kxh.html
2015-12-05 22:37 - 2015-12-05 22:37 - 0002777 _____ () C:\Users\USER\AppData\Roaming\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:38 - 0009588 _____ () C:\Users\USER\AppData\Local\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:38 - 0002777 _____ () C:\Users\USER\AppData\Local\how_recover+kxh.txt
2015-12-05 22:32 - 2015-12-05 22:32 - 0009588 _____ () C:\ProgramData\how_recover+kxh.html
2015-12-05 22:32 - 2015-12-05 22:32 - 0002777 _____ () C:\ProgramData\how_recover+kxh.txt

Some files in TEMP:
====================
C:\Users\USER\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\USER\AppData\Local\Temp\Quarantine.exe
C:\Users\USER\AppData\Local\Temp\siuninst.exe
C:\Users\USER\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-30 12:23

==================== End of FRST.txt ============================



mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 08 Dec 2015 10:11

ikonice rijesio ,ali podatke ne mogu da otvorim.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,

Nazalost, zarazen si sa najnovijom verzijom TeslaCrypt ransomware infekcijom. Svi fajlovi su ti zarazeni i trenutno je nemoguce vratiti ih u normalu.

Vise o infekciji na ovom linku:

http://www.bleepingcomputer.com/virus-removal/tesl.....nformation

Da li se secas kako si se zarazio?

offline
  • Pridružio: 25 Apr 2012
  • Poruke: 143

Preko mejla,kakda sam otvorio to se desilo.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pa da, imali smo isti slucaj pre par dana. Da li imas jos uvek taj mail?

offline
  • Pridružio: 25 Apr 2012
  • Poruke: 143

Mislim da sam ga pobriso ,prazan mi je i inbox i trash.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Kamo srece da si obrisao odmah, ali brzi prsti od pameti. To ti je sto ti je, smernice sam ti dao, ne mogu ti nikako vise pomoci.

Ko je trenutno na forumu
 

Ukupno su 741 korisnika na forumu :: 34 registrovanih, 7 sakrivenih i 700 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., amstel2, Andrija357, bojank, Boris90, Cirkon, d bos, dac, dekir, Hoegaarden, hyla, indja, Insan, ivica976, Kaplar2, madza, MB120mm, Milos ZA, Neo BetOnBit, pein, peruni, rus1974, Snorks, sokars, sosko, Srki98, stegonosa, stug, Toni, trundle, VJ, wolverined4, Yellow Pinky, zljubomir