MyCity » Ambulanta -> Arhiva Ambulante » Laptop je inficiran

Laptop je inficiran

Napisano na dan: 8.1.2017
1

Laptop je inficiran
Sledeća strana Pagination

Idi na vrh

Poslao: 08 Jan 2017 01:32
Idi na vrh
offline
  • Pridružio: 07 Jan 2017
  • Poruke: 6

Napisano: 08 Jan 2017 1:25

Dragi prijatelji, ja se nalazim na privremenom radu u Slovackoj. Pre dva i po meseca sam kupio ovaj laptop u zalagaoni za 120 evra. Ne koristim ga za ne znam kakve stvari, pretezno za surf, gledanje filmova, itsl. Prosecno.
Onda sam u medjuvremenu instalirao: Messenger, Viber, Torrentex, Popcorn Time i igricu Aladin (nisam uspeo da je deinstaliram). Od tada je sve krenulo nizbrdo.
Poceo je da koci i brljavi, ne slusa komande, treba mu tusta i tma vremena da otvori obican prozor (nekad i nekoliko min.), mogu da downloadujem programe, ne i da ih pokrenem. Sada sam, npr, potrosio dva-tri sata, kako bih pokrenuo FRST. Nakon preuzimanja i klika na .exe file, kursor pokazuje da se nesto desava. To traje i traje... Onda se otvorio Explorer, a zatim iskocilo obavestenje, u stilu: Windows je zastitio vas racunar... Windows SmartScreen je sprecio pokretanje aplikacije... Uzas!
Na racunaru je bio instaliran McAfee i mislim da on ne dozvoljava normalan rad, samim tim sto ne mogu da ga deinstaliram. Pored toga, postoji gomila bespotrebnih aplikacija i programa koji ne znam cemu sluze i koje verovatno nikada necu koristiti. Mislim i na Lenovo ovo - Lenovo ono...
Racunar je na neki nacin personalizovan. Ja imam sifru, zalepljenu pored touch pad-a.
Molim vas da, ukoliko mozete, uklonite tu sifru, kao i sve suvisne aplikacije i programe, pogotovo McAfee (instaliracu Avast ili nesto laksi program). Tu prvenstveno mislim na toda bude svedeno na bazicno, da ostane samo suvi Windows, a ja cu skinuti playere i sta mi vec bude neophodno. Zaista nemam neka velika znanja i vestina iz ove oblasti, a samim tim ni mogucnosti da to resim. Nisam ga cistio, jer nemam cime to da uradim. Skinuo sam CCleaner, ali nisam uspeo da ga pokrenem.
I jos, jedva sam uspeo da uklonim slovacki jezik i postavim da bazicni bude srpski. Jos ponegde pokzuje uputstva na slovackom. Ako vam je potrebno, sifra za pristup racunaru je: eleonor.stojkova, pass: jose11..
Idem sada da skeniram racunar, to ce verovatno potrajati.
Kako sam i mislio, skeniranje je potrajalo. Nisam uspeo da iskljucim McAfee prema prilozenom uputstvu, vec sam samo iz Control Panela iskljucio Firewall (da li da ga ponovo aktiviram?). Cekao sam i cekao i dok sam trazio kako i sta da uradim, video sam da je FRST spreman. Brze bolje sam kliknuo Scan. Onda je tokom scanninga bagovao bar 20 puta, pisalo je (NE REAGUJE). Pored toga, jedna nelogicnost: kod mene je Windows (x64), a na FRST-u je pisalo system32. Ne znam o cemu se radi.
Pomagajte.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-01-2017
Ran by eleanor.stojkova (administrator) on LENOVO-PC (08-01-2017 00:46:22)
Running from C:\Users\eleanor.stojkova\Desktop
Loaded Profiles: eleanor.stojkova (Available Profiles: eleanor.stojkova & Administrator)
Platform: Windows 8.1 Connected (Update) (X64) Language: slovački (Slovačka)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Uancy RIYRYAJOU) C:\Users\eleanor.stojkova\AppData\Roaming\HPRewriter2\HPWriterSrv3.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\USB Blocker\USBBKSvc.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
() C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Validity Sensors\Shared\SensorDBSynch.exe
(Pokki) C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
() C:\Program Files\Lenovo\iMController\AutoUpdate.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Password Manager\password_manager.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_desktop.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_metro.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\password_manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(BDYRYOV moudyj) C:\Users\eleanor.stojkova\AppData\Roaming\SimpleNotepad4\SimpleNoteApp5.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
(Pokki) C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Pokki) C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\sc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [217088 2014-04-08] (Realtek Semiconductor Corporation)
HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1622072 2014-01-09] (Lenovo Group Limited)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-09-04] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-09-04] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10973168 2014-09-04] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [snp2uvc] => C:\windows\vsnp2uvc.exe
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2000202158-699708774-3916072420-1001\...\Run: [Viber] => C:\Users\eleanor.stojkova\AppData\Local\Viber\Viber.exe [41351248 2016-12-07] (Viber Media S.à r.l.)
HKU\S-1-5-21-2000202158-699708774-3916072420-1001\...\Run: [SimpleNoteApp5] => C:\Users\eleanor.stojkova\AppData\Roaming\SimpleNotepad4\SimpleNoteApp5.exe [2258944 2016-10-31] (BDYRYOV moudyj) <===== ATTENTION
HKU\S-1-5-21-2000202158-699708774-3916072420-1001\...\Run: [Torrentex] => C:\Torrentex\Torrentex.exe [417744 2015-11-13] ()
HKU\S-1-5-21-2000202158-699708774-3916072420-1001\...\RunOnce: [Application Restart #2] => C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7873512 2016-11-16] (Pokki)
HKU\S-1-5-21-2000202158-699708774-3916072420-1001\...\MountPoints2: {af6ded02-d0c9-11e5-826a-f8a96350b1fd} - "F:\LG_PC_Programs.exe"
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00USBBlockerShellDs] -> {BE57AC86-892D-436E-B763-71DA8FA49A48} => C:\Program Files (x86)\Lenovo\USB Blocker\USBBlockerShell.dll [2013-12-25] (Lenovo(beijing) Limited)
ShellIconOverlayIdentifiers: [00USBBlockerShellRd] -> {FFBCBB89-938E-4412-88AF-AE7A531F95C1} => C:\Program Files (x86)\Lenovo\USB Blocker\USBBlockerShell.dll [2013-12-25] (Lenovo(beijing) Limited)
ShellIconOverlayIdentifiers: [00USBBlockerShellRw] -> {42D4ABFA-0604-45F1-9A7C-622F85614BAB} => C:\Program Files (x86)\Lenovo\USB Blocker\USBBlockerShell.dll [2013-12-25] (Lenovo(beijing) Limited)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{46772345-D641-4587-9C54-89D11AD00C84}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8B127D19-E0EA-47AC-B12D-FDDFDDD23A74}: [DhcpNameServer] 169.254.131.49

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2000202158-699708774-3916072420-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131234411495523568&GUID=89B0DC03-2215-47E3-960C-7F7A4FBAE6AE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2000202158-699708774-3916072420-1001 -> {1F7F9447-3C6F-4C22-B4DF-B247F930BC6C} URL =
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-01-08] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-01-08] (McAfee, Inc.)

FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-02-11] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-2000202158-699708774-3916072420-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\eleanor.stojkova\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-22] (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default [2017-01-07]
CHR Extension: (Prezentácie Google) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-02]
CHR Extension: (Dokumenty Google) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-02]
CHR Extension: (Disk Google) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-02]
CHR Extension: (YouTube) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-02]
CHR Extension: (Hľadať v Google) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-06-02]
CHR Extension: (Adblocker na Youtube™) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg [2016-11-12]
CHR Extension: (Tabuľky Google) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-02]
CHR Extension: (Lenovo Password Manager) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\geempcnjhccnoepfmahaeemnnfnignab [2016-06-02]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-02]
CHR Extension: (Gmail) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-02]
CHR Extension: (Chrome Media Router) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-20]
CHR HKLM-x32\...\Chrome\Extension: [geempcnjhccnoepfmahaeemnnfnignab] - C:\Program Files (x86)\Lenovo\Password Manager\chrome_npapi_extension.crx [2014-01-09]

Opera:
=======
OPR Extension: (Adblocker na Youtube™) - C:\Users\eleanor.stojkova\AppData\Roaming\Opera Software\Opera Stable\Extensions\nhcombnfcfkgnammoobfmfiokobfpokb [2016-11-12]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [95232 2014-03-27] () [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 HPWriter Service; C:\Users\eleanor.stojkova\AppData\Roaming\HPRewriter2\HPWriterSrv3.exe [2045424 2016-10-29] (Uancy RIYRYAJOU) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe [389680 2014-09-04] (Lenovo(beijing) Limited)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-04] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-18] (Lenovo(beijing) Limited)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-01-08] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe [1694152 2015-12-02] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [681680 2016-01-08] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-09-04] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [305136 2014-09-04] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
R2 USBBKSvc; C:\Program Files (x86)\Lenovo\USB Blocker\USBBKSvc.exe [35824 2013-12-25] (Lenovo(beijing) Limited)
R2 valWBFPolicyService; C:\WINDOWS\System32\valWBFPolicyService.exe [46992 2014-01-17] (Validity Sensors, Inc.)
R2 valWbioSyncSvc; C:\windows\system32\valWbioSyncSvc.exe [32256 2014-01-17] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
S2 LubFsFlt; C:\windows\System32\Drivers\LubFsFlt.sys [27384 2014-02-22] (Lenovo(beijing) Limited)
R0 LubSec; C:\WINDOWS\System32\Drivers\LubSec.sys [45304 2014-02-22] (Lenovo(beijing) Limited)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
S3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [290520 2013-09-24] (Realtek Semiconductor Corp.)
S3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [559832 2014-02-26] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [3421040 2014-04-30] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-01-24] (Synaptics Incorporated)
R1 SMIDriver; C:\WINDOWS\System32\drivers\smi.sys [19760 2014-01-22] (Windows (R) Win 7 DDK provider)
R3 SNP2UVC; C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2855960 2014-04-26] (Sonix Co. Ltd.)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-08 00:46 - 2017-01-08 00:46 - 00022904 _____ C:\Users\eleanor.stojkova\Desktop\FRST.txt
2017-01-07 23:49 - 2017-01-08 00:46 - 00000000 ____D C:\FRST
2017-01-07 22:48 - 2017-01-07 22:48 - 02418688 _____ (Farbar) C:\Users\eleanor.stojkova\Desktop\FRST64.exe
2017-01-07 22:39 - 2017-01-07 22:39 - 00022016 ___SH C:\Users\eleanor.stojkova\Downloads\Thumbs.db
2017-01-07 21:47 - 2017-01-07 21:47 - 08803648 _____ (Piriform Ltd) C:\Users\eleanor.stojkova\Desktop\ccsetup525.exe
2017-01-07 20:27 - 2017-01-07 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-01-07 05:54 - 2017-01-07 05:54 - 00000000 ____D C:\Program Files\Windows Journal
2017-01-03 19:53 - 2017-01-03 21:51 - 00000000 ____D C:\Users\eleanor.stojkova\Downloads\PopcornTime
2017-01-03 19:51 - 2017-01-03 19:51 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Local\PopcornTime
2017-01-03 19:42 - 2017-01-03 19:42 - 00001220 _____ C:\Users\Public\Desktop\Popcorn Time.lnk
2017-01-03 19:42 - 2017-01-03 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2017-01-03 19:31 - 2017-01-03 19:43 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2017-01-03 19:08 - 2017-01-03 19:14 - 56002117 _____ (Popcorn Time ) C:\Users\eleanor.stojkova\Downloads\PopcornTime-latest.exe
2016-12-17 11:52 - 2016-12-01 15:13 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-12-17 11:52 - 2016-12-01 15:13 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-12-17 11:52 - 2016-12-01 15:11 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-12-17 11:52 - 2016-12-01 15:11 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-12-17 11:52 - 2016-10-20 14:14 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2016-12-17 11:52 - 2016-10-20 14:10 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2016-12-17 07:32 - 2016-12-17 07:33 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Local\Viber
2016-12-14 16:33 - 2016-11-12 20:08 - 25759744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 16:33 - 2016-11-12 19:17 - 20302848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 16:33 - 2016-11-12 18:41 - 15257088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 16:33 - 2016-11-12 18:21 - 13653504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 16:32 - 2016-11-19 22:24 - 00567152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 16:32 - 2016-11-19 22:24 - 00152856 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 16:32 - 2016-11-19 18:22 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 16:32 - 2016-11-16 22:49 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 16:32 - 2016-11-12 22:06 - 00738104 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-12-14 16:32 - 2016-11-12 20:38 - 00613632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-12-14 16:32 - 2016-11-12 19:53 - 06049280 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 16:32 - 2016-11-12 18:37 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 16:32 - 2016-11-12 18:35 - 02920960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-14 16:32 - 2016-11-12 18:20 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-14 16:32 - 2016-11-12 18:05 - 02444800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-14 16:32 - 2016-11-12 18:02 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-14 16:32 - 2016-11-11 03:33 - 01541240 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 16:32 - 2016-11-09 18:25 - 01376768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 16:32 - 2016-11-05 21:46 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-12-14 16:32 - 2016-11-05 19:35 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 16:32 - 2016-11-05 18:57 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 16:32 - 2016-11-05 18:11 - 03606528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 16:32 - 2016-11-05 16:56 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-12-14 16:32 - 2016-11-05 16:46 - 02463744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-12-14 16:32 - 2016-10-28 03:56 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-12-14 16:32 - 2016-10-27 15:28 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-12-14 16:32 - 2016-10-12 22:49 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-12-14 16:32 - 2016-10-12 22:11 - 00922968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2016-12-14 16:32 - 2016-10-11 17:45 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-12-14 16:32 - 2016-10-11 00:31 - 00990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-12-14 16:32 - 2016-10-10 19:18 - 00069976 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2016-12-14 16:32 - 2016-10-10 19:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cmimcext.sys
2016-12-14 16:32 - 2016-10-09 15:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionQueue.dll
2016-12-14 16:32 - 2016-10-09 15:08 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2016-12-14 16:32 - 2016-10-09 15:08 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll
2016-12-14 16:32 - 2016-10-08 23:24 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-12-14 16:32 - 2016-10-08 22:31 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-12-14 16:32 - 2016-10-08 22:10 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-12-14 16:32 - 2016-10-05 15:01 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-12-14 16:32 - 2016-10-05 15:00 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-12-14 16:32 - 2016-10-05 15:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-12-14 16:32 - 2016-10-05 05:15 - 01969944 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-12-14 16:32 - 2016-10-05 05:15 - 01613528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-12-14 16:32 - 2016-10-05 05:15 - 00324896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-12-14 16:32 - 2016-10-05 05:15 - 00245320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-12-14 16:32 - 2016-09-20 23:30 - 02462040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-12-14 16:31 - 2016-11-19 20:29 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-12-14 16:31 - 2016-11-19 19:44 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-12-14 16:31 - 2016-11-19 18:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-12-14 16:31 - 2016-11-12 20:25 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-12-14 16:31 - 2016-11-12 20:07 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-12-14 16:31 - 2016-11-12 19:29 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-12-14 16:31 - 2016-11-12 19:23 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-12-14 16:31 - 2016-11-12 19:14 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-12-14 16:31 - 2016-11-12 19:10 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-12-14 16:31 - 2016-11-12 18:45 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-12-14 16:31 - 2016-11-12 18:38 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-12-14 16:31 - 2016-11-12 18:11 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-12-14 16:31 - 2016-11-12 18:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-12-14 16:31 - 2016-10-05 14:52 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-12-14 16:31 - 2016-10-05 14:52 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2016-12-14 16:31 - 2016-09-27 21:16 - 00445873 _____ C:\WINDOWS\system32\ApnDatabase.xml

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-08 00:55 - 2016-06-02 14:34 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-08 00:28 - 2016-06-02 14:34 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-07 23:25 - 2013-08-22 16:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-07 23:21 - 2015-10-30 15:44 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2000202158-699708774-3916072420-1001
2017-01-07 22:45 - 2015-10-30 15:24 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform
2017-01-07 21:23 - 2016-11-01 13:47 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Roaming\Torrentex
2017-01-07 20:49 - 2016-10-21 14:32 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Roaming\ViberPC
2017-01-07 20:39 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2017-01-07 12:21 - 2016-10-21 14:34 - 00000000 ____D C:\Users\eleanor.stojkova\Documents\ViberDownloads
2017-01-07 10:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-07 08:22 - 2015-11-09 10:09 - 00001279 _____ C:\Users\eleanor.stojkova\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk
2017-01-07 08:22 - 2015-10-30 15:34 - 00000000 ____D C:\ProgramData\LU
2017-01-07 08:21 - 2014-03-18 10:53 - 00005384 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-07 08:11 - 2014-09-04 17:19 - 00000000 ____D C:\ProgramData\Validity
2017-01-07 08:11 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-07 07:58 - 2015-10-30 15:36 - 00065132 _____ C:\Users\eleanor.stojkova\AppData\Roaming\AbsoluteReminder.xml
2017-01-07 05:54 - 2014-03-18 10:25 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-01-07 05:54 - 2014-03-18 10:25 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-01-07 05:54 - 2014-03-18 10:25 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-01-07 05:54 - 2014-03-18 10:25 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Help
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\System
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-01-07 05:54 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-01-07 05:54 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-01-07 05:54 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-07 05:54 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\servicing
2017-01-07 04:41 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2017-01-07 03:56 - 2015-10-30 15:24 - 00000000 ____D C:\Users\eleanor.stojkova
2017-01-07 01:21 - 2016-05-30 17:02 - 00004018 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{26A23BE2-48FC-4FCE-A970-0B50C96A2A13}
2017-01-03 15:12 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2017-01-03 15:10 - 2014-09-04 18:00 - 00000000 ____D C:\ProgramData\McAfee
2017-01-03 15:08 - 2014-09-04 18:00 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-02 00:02 - 2016-04-01 18:07 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-30 19:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-21 20:33 - 2016-04-01 18:18 - 00003860 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1459531116
2016-12-20 20:32 - 2015-10-30 22:06 - 00003348 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2016-12-18 12:02 - 2013-08-22 15:44 - 00346744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-18 11:57 - 2014-09-04 16:11 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{e1793794-0b3d-11e3-9dfe-80de722c933b}.TMContainer00000000000000000001.regtrans-ms
2016-12-18 11:57 - 2014-09-04 16:11 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{e1793794-0b3d-11e3-9dfe-80de722c933b}.TM.blf
2016-12-18 11:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK
2016-12-18 11:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-18 11:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sk-SK
2016-12-18 11:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-18 11:53 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64
2016-12-17 12:03 - 2015-11-01 15:14 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-17 11:58 - 2015-11-01 15:13 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-17 08:44 - 2016-06-02 14:47 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 08:44 - 2016-06-02 14:47 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-17 08:44 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-17 07:34 - 2016-11-27 19:42 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Local\Viber.old
2016-12-14 14:07 - 2016-06-02 14:34 - 00003880 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-12-14 14:07 - 2016-06-02 14:34 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-12-14 07:43 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-14 07:43 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-12 00:00 - 2016-11-15 17:12 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-12 00:00 - 2016-11-15 17:12 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-09 00:26 - 2016-12-03 04:29 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Roaming\Messenger for Desktop

==================== Files in the root of some directories =======

2015-10-30 15:36 - 2017-01-07 07:58 - 0065132 _____ () C:\Users\eleanor.stojkova\AppData\Roaming\AbsoluteReminder.xml
2016-11-27 19:51 - 2016-11-27 19:51 - 0076976 _____ () C:\Users\eleanor.stojkova\AppData\Roaming\LoJackSetup.exe
2015-10-30 15:31 - 2017-01-08 00:37 - 1663959 _____ () C:\Users\eleanor.stojkova\AppData\Local\BTServer.log
2014-09-04 17:13 - 2014-09-04 17:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\eleanor.stojkova\AppData\Roaming\SimpleNotepad4\SimpleNoteApp5.exe


Some files in TEMP:
====================
C:\Users\eleanor.stojkova\AppData\Local\Temp\combase.dll
C:\Users\eleanor.stojkova\AppData\Local\Temp\LenovoExperienceImprovement.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\messengerfordesktop-2.0.1-win32-setup-for-nsis.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\oct42C9.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\oct4647.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\oct53F7.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\oct5F8D.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\oct7B3.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\oct8B85.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\octB2E0.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\octB874.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\octBD3B.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\octD7EC.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\octD7F6.tmp.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-13 19:10

==================== End of FRST.txt ============================
mycity.rs/must-login.png

Dopuna: 08 Jan 2017 1:32

Sada se Explorer ukljucuje u nekim intervalima, potpuno van kontrole. Mala digresija - pred kraj scanninga FRST-om, bio se ukljucio i McAfee i ja sam desnim klikom na ikonicu na task baru uspeo da ga iskljucim. Vidim da ga nema, tj. nije aktivan u donjem desnom uglu.

Poslao: 08 Jan 2017 01:46
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Pozdrav, dobrodosao u Ambulantu.

Prvo deinstaliraj sledece PUP programe;


Popcorn Time
SimpleNotepad4


Potom, neka ti ovaj AntiMalware program proveri racunar;


Arrow Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish

Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.

• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.

Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.

Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.


• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju .





Arrow Potom, postavi i sveze FRST izvestaje.

Poslao: 08 Jan 2017 16:00
Idi na vrh
offline
  • Pridružio: 07 Jan 2017
  • Poruke: 6

Napisano: 08 Jan 2017 15:36

Hvala lepo. Uspeo sam da uradim sve sto je potrebno. Po zavrsetku operacije, mis je dvoklikom otvarao Properties i to sam nekako resio. Medjutim, tastatura je potpuno neaktivna. Svasta sam probao i nece. Sada pisem s telefona i ne znam kako da ti posaljem fajlove. Sta da uradim??

Dopuna: 08 Jan 2017 16:00

Dobro je, resio sam to, ne znam ni sam kako.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-01-2017
Ran by eleanor.stojkova (administrator) on LENOVO-PC (08-01-2017 13:23:34)
Running from C:\Users\eleanor.stojkova\Desktop
Loaded Profiles: eleanor.stojkova (Available Profiles: eleanor.stojkova & Administrator)
Platform: Windows 8.1 Connected (Update) (X64) Language: slovački (Slovačka)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\USB Blocker\USBBKSvc.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Pokki) C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Viber Media S.à r.l.) C:\Users\eleanor.stojkova\AppData\Local\Viber\Viber.exe
() C:\Program Files\Lenovo\iMController\AutoUpdate.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe
(Opera Software) C:\Program Files (x86)\Opera\launcher.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
(Pokki) C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LU.exe
(Pokki) C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Pokki) C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [217088 2014-04-08] (Realtek Semiconductor Corporation)
HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1622072 2014-01-09] (Lenovo Group Limited)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-09-04] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-09-04] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10973168 2014-09-04] (Lenovo(beijing) Limited)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [snp2uvc] => C:\windows\vsnp2uvc.exe
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2000202158-699708774-3916072420-1001\...\Run: [Viber] => C:\Users\eleanor.stojkova\AppData\Local\Viber\Viber.exe [41351248 2016-12-07] (Viber Media S.à r.l.)
HKU\S-1-5-21-2000202158-699708774-3916072420-1001\...\Run: [Torrentex] => C:\Torrentex\Torrentex.exe [417744 2015-11-13] ()
HKU\S-1-5-21-2000202158-699708774-3916072420-1001\...\RunOnce: [Application Restart #2] => C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7873512 2016-11-16] (Pokki)
HKU\S-1-5-21-2000202158-699708774-3916072420-1001\...\MountPoints2: {af6ded02-d0c9-11e5-826a-f8a96350b1fd} - "F:\LG_PC_Programs.exe"
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00USBBlockerShellDs] -> {BE57AC86-892D-436E-B763-71DA8FA49A48} => C:\Program Files (x86)\Lenovo\USB Blocker\USBBlockerShell.dll [2013-12-25] (Lenovo(beijing) Limited)
ShellIconOverlayIdentifiers: [00USBBlockerShellRd] -> {FFBCBB89-938E-4412-88AF-AE7A531F95C1} => C:\Program Files (x86)\Lenovo\USB Blocker\USBBlockerShell.dll [2013-12-25] (Lenovo(beijing) Limited)
ShellIconOverlayIdentifiers: [00USBBlockerShellRw] -> {42D4ABFA-0604-45F1-9A7C-622F85614BAB} => C:\Program Files (x86)\Lenovo\USB Blocker\USBBlockerShell.dll [2013-12-25] (Lenovo(beijing) Limited)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{46772345-D641-4587-9C54-89D11AD00C84}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8B127D19-E0EA-47AC-B12D-FDDFDDD23A74}: [DhcpNameServer] 169.254.131.49

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2000202158-699708774-3916072420-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://startpage-home.com/?s=lenovo&m=start
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2000202158-699708774-3916072420-1001 -> {1F7F9447-3C6F-4C22-B4DF-B247F930BC6C} URL =
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-01-08] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-01-08] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: 9051zb1r.default
FF ProfilePath: C:\Users\eleanor.stojkova\AppData\Roaming\Mozilla\Firefox\Profiles\9051zb1r.default [2017-01-08]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-02-11] [not signed]
FF HKU\S-1-5-21-2000202158-699708774-3916072420-1001\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF Extension: (Lenovo Password Manager) - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 [2014-09-04] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-2000202158-699708774-3916072420-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\eleanor.stojkova\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-22] (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default [2017-01-08]
CHR Extension: (Google презентације) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-02]
CHR Extension: (Google документи) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-02]
CHR Extension: (Google диск) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-02]
CHR Extension: (YouTube) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-02]
CHR Extension: (Google претрага) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-06-02]
CHR Extension: (Google табеле) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-02]
CHR Extension: (Lenovo Password Manager) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\geempcnjhccnoepfmahaeemnnfnignab [2016-06-02]
CHR Extension: (Google документи офлајн) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-09]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-02]
CHR Extension: (Gmail) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-02]
CHR Extension: (Chrome Media Router) - C:\Users\eleanor.stojkova\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-20]
CHR HKLM-x32\...\Chrome\Extension: [geempcnjhccnoepfmahaeemnnfnignab] - C:\Program Files (x86)\Lenovo\Password Manager\chrome_npapi_extension.crx [2014-01-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [95232 2014-03-27] () [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330144 2015-09-09] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe [389680 2014-09-04] (Lenovo(beijing) Limited)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-04] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-18] (Lenovo(beijing) Limited)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-01-08] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe [1694152 2015-12-02] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [681680 2016-01-08] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-09-04] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [305136 2014-09-04] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
R2 USBBKSvc; C:\Program Files (x86)\Lenovo\USB Blocker\USBBKSvc.exe [35824 2013-12-25] (Lenovo(beijing) Limited)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [49040 2014-07-24] (Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [32256 2014-07-24] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
S2 LubFsFlt; C:\windows\System32\Drivers\LubFsFlt.sys [27384 2014-02-22] (Lenovo(beijing) Limited)
R0 LubSec; C:\WINDOWS\System32\Drivers\LubSec.sys [45304 2014-02-22] (Lenovo(beijing) Limited)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-08] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
S3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [290520 2013-09-24] (Realtek Semiconductor Corp.)
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [559832 2014-02-26] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [3421040 2014-04-30] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-01-24] (Synaptics Incorporated)
R1 SMIDriver; C:\WINDOWS\System32\drivers\smi.sys [19760 2014-01-22] (Windows (R) Win 7 DDK provider)
R3 SNP2UVC; C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2855960 2014-04-26] (Sonix Co. Ltd.)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-08 13:23 - 2017-01-08 13:23 - 00022565 _____ C:\Users\eleanor.stojkova\Desktop\FRST.txt
2017-01-08 12:55 - 2017-01-08 12:56 - 00000000 ____D C:\Users\eleanor.stojkova\Desktop\cistka
2017-01-08 12:35 - 2017-01-08 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-01-08 12:30 - 2017-01-08 12:30 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-08 12:18 - 2017-01-08 12:18 - 00062162 _____ C:\Users\eleanor.stojkova\Desktop\mbam.txt
2017-01-08 10:45 - 2017-01-08 10:45 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-08 10:44 - 2017-01-08 12:31 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-08 10:44 - 2017-01-08 12:31 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-08 10:43 - 2017-01-08 12:30 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-08 10:43 - 2017-01-08 12:30 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-08 10:43 - 2017-01-08 10:43 - 00001894 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-08 10:43 - 2017-01-08 10:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-08 10:42 - 2017-01-08 10:42 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-08 10:42 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-08 10:24 - 2017-01-08 10:25 - 54199488 _____ (Malwarebytes ) C:\Users\eleanor.stojkova\Desktop\mb3-setup-consumer-3.0.5.1299.exe
2017-01-08 10:08 - 2017-01-08 12:30 - 00000000 __SHD C:\Users\eleanor.stojkova\IntelGraphicsProfiles
2017-01-08 10:07 - 2017-01-08 10:07 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2017-01-08 07:22 - 2017-01-08 07:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-08 05:59 - 2017-01-08 05:59 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_wbf_vfs_lvcmn_01_09_00.Wdf
2017-01-08 01:58 - 2017-01-08 01:58 - 00002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2017-01-08 01:57 - 2017-01-08 01:57 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\LocalLow\Mozilla
2017-01-08 01:54 - 2017-01-08 01:57 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Roaming\Mozilla
2017-01-08 01:54 - 2017-01-08 01:54 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Local\Mozilla
2017-01-08 01:54 - 2017-01-08 01:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-08 01:53 - 2017-01-08 01:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-07 23:49 - 2017-01-08 13:23 - 00000000 ____D C:\FRST
2017-01-07 22:48 - 2017-01-07 22:48 - 02418688 _____ (Farbar) C:\Users\eleanor.stojkova\Desktop\FRST64.exe
2017-01-07 22:39 - 2017-01-07 22:39 - 00022016 ___SH C:\Users\eleanor.stojkova\Downloads\Thumbs.db
2017-01-07 21:47 - 2017-01-07 21:47 - 08803648 _____ (Piriform Ltd) C:\Users\eleanor.stojkova\Desktop\ccsetup525.exe
2017-01-07 04:23 - 2015-06-09 23:39 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2017-01-07 04:23 - 2015-06-09 23:39 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2017-01-07 04:23 - 2015-06-09 23:38 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-01-03 19:53 - 2017-01-03 21:51 - 00000000 ____D C:\Users\eleanor.stojkova\Downloads\PopcornTime
2017-01-03 19:51 - 2017-01-03 19:51 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Local\PopcornTime
2017-01-03 19:31 - 2017-01-08 03:26 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2017-01-03 19:08 - 2017-01-03 19:14 - 56002117 _____ (Popcorn Time ) C:\Users\eleanor.stojkova\Downloads\PopcornTime-latest.exe
2016-12-17 11:52 - 2016-12-01 15:13 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-12-17 11:52 - 2016-12-01 15:13 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-12-17 11:52 - 2016-12-01 15:11 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-12-17 11:52 - 2016-12-01 15:11 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-12-17 11:52 - 2016-10-20 14:14 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2016-12-17 11:52 - 2016-10-20 14:10 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2016-12-17 07:32 - 2016-12-17 07:33 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Local\Viber
2016-12-14 16:33 - 2016-11-12 20:08 - 25759744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 16:33 - 2016-11-12 19:17 - 20302848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 16:33 - 2016-11-12 18:41 - 15257088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 16:33 - 2016-11-12 18:21 - 13653504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 16:32 - 2016-11-19 22:24 - 00567152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 16:32 - 2016-11-19 22:24 - 00152856 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 16:32 - 2016-11-19 18:22 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 16:32 - 2016-11-16 22:49 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 16:32 - 2016-11-12 22:06 - 00738104 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-12-14 16:32 - 2016-11-12 20:38 - 00613632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-12-14 16:32 - 2016-11-12 19:53 - 06049280 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 16:32 - 2016-11-12 18:37 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 16:32 - 2016-11-12 18:35 - 02920960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-14 16:32 - 2016-11-12 18:20 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-14 16:32 - 2016-11-12 18:05 - 02444800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-14 16:32 - 2016-11-12 18:02 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-14 16:32 - 2016-11-11 03:33 - 01541240 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 16:32 - 2016-11-09 18:25 - 01376768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 16:32 - 2016-11-05 21:46 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-12-14 16:32 - 2016-11-05 19:35 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 16:32 - 2016-11-05 18:57 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 16:32 - 2016-11-05 18:11 - 03606528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 16:32 - 2016-11-05 16:56 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-12-14 16:32 - 2016-11-05 16:46 - 02463744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-12-14 16:32 - 2016-10-28 03:56 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-12-14 16:32 - 2016-10-27 15:28 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-12-14 16:32 - 2016-10-12 22:49 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-12-14 16:32 - 2016-10-12 22:11 - 00922968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2016-12-14 16:32 - 2016-10-11 17:45 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-12-14 16:32 - 2016-10-11 00:31 - 00990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-12-14 16:32 - 2016-10-10 19:18 - 00069976 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2016-12-14 16:32 - 2016-10-10 19:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cmimcext.sys
2016-12-14 16:32 - 2016-10-09 15:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionQueue.dll
2016-12-14 16:32 - 2016-10-09 15:08 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2016-12-14 16:32 - 2016-10-09 15:08 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll
2016-12-14 16:32 - 2016-10-08 23:24 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-12-14 16:32 - 2016-10-08 22:31 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-12-14 16:32 - 2016-10-08 22:10 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-12-14 16:32 - 2016-10-05 15:01 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-12-14 16:32 - 2016-10-05 15:00 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-12-14 16:32 - 2016-10-05 15:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-12-14 16:32 - 2016-10-05 05:15 - 01969944 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-12-14 16:32 - 2016-10-05 05:15 - 01613528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-12-14 16:32 - 2016-10-05 05:15 - 00324896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-12-14 16:32 - 2016-10-05 05:15 - 00245320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-12-14 16:32 - 2016-09-20 23:30 - 02462040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-12-14 16:31 - 2016-11-19 20:29 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-12-14 16:31 - 2016-11-19 19:44 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-12-14 16:31 - 2016-11-19 18:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-12-14 16:31 - 2016-11-12 20:25 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-12-14 16:31 - 2016-11-12 20:07 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-12-14 16:31 - 2016-11-12 19:29 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-12-14 16:31 - 2016-11-12 19:23 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-12-14 16:31 - 2016-11-12 19:14 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-12-14 16:31 - 2016-11-12 19:10 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-12-14 16:31 - 2016-11-12 18:45 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-12-14 16:31 - 2016-11-12 18:38 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-12-14 16:31 - 2016-11-12 18:11 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-12-14 16:31 - 2016-11-12 18:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-12-14 16:31 - 2016-10-05 14:52 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-12-14 16:31 - 2016-10-05 14:52 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2016-12-14 16:31 - 2016-09-27 21:16 - 00445873 _____ C:\WINDOWS\system32\ApnDatabase.xml

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-08 13:28 - 2016-06-02 14:34 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-08 12:42 - 2015-10-30 15:24 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Local\SweetLabs App Platform
2017-01-08 12:40 - 2015-10-30 15:44 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2000202158-699708774-3916072420-1001
2017-01-08 12:39 - 2015-11-09 10:09 - 00001279 _____ C:\Users\eleanor.stojkova\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk
2017-01-08 12:39 - 2015-10-30 15:34 - 00000000 ____D C:\ProgramData\LU
2017-01-08 12:35 - 2016-10-21 14:32 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Roaming\ViberPC
2017-01-08 12:33 - 2016-11-01 13:47 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Roaming\Torrentex
2017-01-08 12:30 - 2014-04-02 17:38 - 00000000 ____D C:\Users\Administrator
2017-01-08 12:28 - 2015-10-30 15:24 - 00000000 ____D C:\Users\eleanor.stojkova
2017-01-08 12:28 - 2014-09-04 17:19 - 00000000 ____D C:\ProgramData\Validity
2017-01-08 12:28 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-08 10:14 - 2014-03-18 10:53 - 00005388 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-08 10:14 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2017-01-08 10:05 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-01-08 09:44 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-08 07:13 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-08 06:46 - 2013-08-22 16:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-08 05:59 - 2014-09-04 17:15 - 00000000 ____D C:\Program Files\Synaptics
2017-01-08 05:59 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-08 03:07 - 2016-11-06 19:44 - 00000274 __RSH C:\Users\eleanor.stojkova\ntuser.pol
2017-01-08 03:02 - 2016-06-02 14:34 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-07 12:21 - 2016-10-21 14:34 - 00000000 ____D C:\Users\eleanor.stojkova\Documents\ViberDownloads
2017-01-07 07:58 - 2015-10-30 15:36 - 00065132 _____ C:\Users\eleanor.stojkova\AppData\Roaming\AbsoluteReminder.xml
2017-01-07 05:54 - 2014-03-18 10:25 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-01-07 05:54 - 2014-03-18 10:25 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-01-07 05:54 - 2014-03-18 10:25 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-01-07 05:54 - 2014-03-18 10:25 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Help
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\System
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-01-07 05:54 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-01-07 05:54 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-01-07 05:54 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-01-07 05:54 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-07 05:54 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\servicing
2017-01-07 04:41 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2017-01-07 01:21 - 2016-05-30 17:02 - 00004018 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{26A23BE2-48FC-4FCE-A970-0B50C96A2A13}
2017-01-03 15:12 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2017-01-03 15:10 - 2014-09-04 18:00 - 00000000 ____D C:\ProgramData\McAfee
2017-01-03 15:08 - 2014-09-04 18:00 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-02 00:02 - 2016-04-01 18:07 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-30 19:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-21 20:33 - 2016-04-01 18:18 - 00003860 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1459531116
2016-12-20 20:32 - 2015-10-30 22:06 - 00003348 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2016-12-18 12:02 - 2013-08-22 15:44 - 00346744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-18 11:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK
2016-12-18 11:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-18 11:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sk-SK
2016-12-18 11:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-17 12:03 - 2015-11-01 15:14 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-17 11:58 - 2015-11-01 15:13 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-17 08:44 - 2016-06-02 14:47 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 08:44 - 2016-06-02 14:47 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-17 08:44 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-17 07:34 - 2016-11-27 19:42 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Local\Viber.old
2016-12-14 14:07 - 2016-06-02 14:34 - 00003880 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-12-14 14:07 - 2016-06-02 14:34 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-12-14 07:43 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-14 07:43 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-12 00:00 - 2016-11-15 17:12 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-12 00:00 - 2016-11-15 17:12 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-09 00:26 - 2016-12-03 04:29 - 00000000 ____D C:\Users\eleanor.stojkova\AppData\Roaming\Messenger for Desktop

==================== Files in the root of some directories =======

2015-10-30 15:36 - 2017-01-07 07:58 - 0065132 _____ () C:\Users\eleanor.stojkova\AppData\Roaming\AbsoluteReminder.xml
2016-11-27 19:51 - 2016-11-27 19:51 - 0076976 _____ () C:\Users\eleanor.stojkova\AppData\Roaming\LoJackSetup.exe
2015-10-30 15:31 - 2017-01-08 12:30 - 1679508 _____ () C:\Users\eleanor.stojkova\AppData\Local\BTServer.log
2014-09-04 17:13 - 2014-09-04 17:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\eleanor.stojkova\AppData\Local\Temp\combase.dll
C:\Users\eleanor.stojkova\AppData\Local\Temp\LenovoExperienceImprovement.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\messengerfordesktop-2.0.1-win32-setup-for-nsis.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\oct42C9.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\oct4647.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\oct53F7.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\oct5F8D.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\oct7B3.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\oct8B85.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\octB2E0.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\octB874.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\octBD3B.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\octD7EC.tmp.exe
C:\Users\eleanor.stojkova\AppData\Local\Temp\octD7F6.tmp.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-08 05:53

==================== End of FRST.txt ============================
mycity.rs/must-login.png


mycity.rs/must-login.png

Poslao: 08 Jan 2017 16:51
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

MBAM izvestaj je prazan. Ponovi proceduru molim za postavljanje MBAM loga (ponovo napravi export loga).

Poslao: 08 Jan 2017 19:22
Idi na vrh
offline
  • Pridružio: 07 Jan 2017
  • Poruke: 6

Uradio. Bas mi je zao sto valjano nisam sacuvao mbam, bilo je cak 287 zarazenih fajlova. Sve sam ih pobrisao. Inace, racunar je za mozda 50% brzi nego sto je bio, a u odnosu na ono sto kontam da bi ovakva konfiguracija trebala da postigne. Jos uvek je spor.
mycity.rs/must-login.png

Poslao: 08 Jan 2017 22:23
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Napisano: 08 Jan 2017 22:02

Gledaj, nisam rekao da izvrsis novo skeniranje, vec da ponovo postavis taj izvestaj.

Pokreni MBAM, idi u Reports a zatim izaberi najstariji po datumu Scan Report. Znaci ne noviji vec onaj prvi, najstariji. Taj izvestaj izvuci na desktop.

Dopuna: 08 Jan 2017 22:23

Ok...posto nikako da se dogovorimo za Malwarebytes log, evo ti ostatak instrukcija. Inace, prvi/originalni Malwarebytes log svakako postavi, treba mi uvid u njega. A ovo ce ciljati ostatke...




Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

Start
File: C:\Torrentex\Torrentex.exe

CloseProcesses:
(Uancy RIYRYAJOU) C:\Users\eleanor.stojkova\AppData\Roaming\HPRewriter2\HPWriterSrv3.exe

CreateRestorePoint:
R2 HPWriter Service; C:\Users\eleanor.stojkova\AppData\Roaming\HPRewriter2\HPWriterSrv3.exe [2045424 2016-10-29] (Uancy RIYRYAJOU) [File not signed]

Shortcut: C:\Users\eleanor.stojkova\Desktop\Gооglе Сhrоmе.lnk -> C:\Users\eleanor.stojkova\AppData\Roaming\HPRewriter2\RewRun3.exe (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Users\eleanor.stojkova\AppData\Roaming\HPRewriter2\RewRun3.exe (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Users\eleanor.stojkova\AppData\Roaming\HPRewriter2\RewRun3.exe (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ореrа.lnk -> C:\Users\eleanor.stojkova\AppData\Roaming\HPRewriter2\RewRun3.exe (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk -> C:\Users\eleanor.stojkova\AppData\Roaming\HPRewriter2\RewRun3.exe (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\Ореrа.lnk -> C:\Users\eleanor.stojkova\AppData\Roaming\HPRewriter2\RewRun3.exe (No File) <===== Cyrillic

HKU\S-1-5-21-2000202158-699708774-3916072420-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://startpage-home.com/?s=lenovo&m=start
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2000202158-699708774-3916072420-1001 -> {1F7F9447-3C6F-4C22-B4DF-B247F930BC6C} URL =

GroupPolicy: Restriction - Chrome <======= ATTENTION

Hosts:
C:\Users\eleanor.stojkova\AppData\Roaming\HPRewriter2

EmptyTemp:

Reboot:
End



[*] U okviru Notepad-a klikni na File --> Save As
[*] Pod Encoding izaberi UTF-8.
[*] Fajl nazovi Fixlist i sačuvaj na Desktop
[*] Dvoklikom ponovo pokreni FRST.exe
[*] Klikni na Fix i sačekaj dok program ne završi.
[*] Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
[*] Nakon završetka rada, na Desktop-u bice sacuvan i otvoriće se fixlog.txt, sa sadržajem koji treba da prikacis uz poruku koristeci opciju Prikači fajl

Poslao: 09 Jan 2017 21:15
Idi na vrh
offline
  • Pridružio: 07 Jan 2017
  • Poruke: 6

Druze, izvinjavam se. Sinoc kasno sam video poruku i nisam mogao da se bavim racunarom, bio sam isuvise iznuren. Danas sam radio od 6-18h. Sto se mbam-a tice, nikako ne pokazuje taj prvi, vec samo ovaj poslednji. Probao sam tako kako si rekao i jos drugacije - nema ga. Ako mozes, nakaci se na racunar i pokusaj da sam isceprkas. Bas mi je krivo sto se tako dogodilo. Takodje, uradio sam sve sto si rekao u poslednjoj poruci.
mycity.rs/must-login.png

Poslao: 09 Jan 2017 21:54
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Nema veze. Wink

Popravke su izvrsene, reci mi kakva je situacija.

Poslao: 09 Jan 2017 23:39
Idi na vrh
offline
  • Pridružio: 07 Jan 2017
  • Poruke: 6

Napisano: 09 Jan 2017 23:33

Ponasa se znatno bolje. Odaziva se na svaku komandu i nije traljav kao pre. Izuzetno mi smeta taj McAfee, kao i password za admina prilikom starta. Da li to mozes da promenis? I jos, cini mi se da je prenapucan tim Lenovo paketima za sve i svasta. To bi isto valjalo obrisati... Sta mislis?

Dopuna: 09 Jan 2017 23:39

Krenuo sam da brisem programe za koje znam da necu koristiti i pri svakoj deinstalaciji se otvara internet explorer. To se i pre desavalo.

Poslao: 10 Jan 2017 10:29
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Druze, u Ambulanti radimo samo na malicioznim programima. Stoga ti ne mogu savetovati da deinstaliras ili obrises legitimni program. Instlairaj CCleaner pa ih iskljuci iz startup-a. Za dalji tuning sistema mozes potraziti savet u Windows forumu ako zelis.



Sledeća procedura će implementirati završno čišćenje.



Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.






Wink

MyCity » Ambulanta -> Arhiva Ambulante » Laptop je inficiran

Ko je trenutno na forumu
 

Ukupno su 872 korisnika na forumu :: 43 registrovanih, 4 sakrivenih i 825 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: ajo baba, antonije64, benne, Boris BM, cavatina, dane007, Dannyboy, darionis, FOX, Georgius, ILGromovnik, ivan1973, Ivica1102, JOntra, Karla, kihot, kolle.the.kid, Krvava Devetka, kybonacci, laurusri, Leonov, Lieutenant, mikrimaus, milenko crazy north, milutin134, Mixelotti, Mlav, mocnijogurt, naki011, nebojsag, nemkea71, nenad81, ozzy, pein, RJ, rodoljub, Romibrat, royst33, Sirius, slonic_tonic, Srle993, uruk, W123