Maliciozni softver ili nešto drugo

1

Maliciozni softver ili nešto drugo

offline
  • Pridružio: 14 Okt 2012
  • Poruke: 3611
  • Gde živiš: Herceg Novi

Dobar dan doktori!
Mogli ste lako bez mene danas, nego ja ne mogu bez vas. smešak

U toku rada na jednom "projektu" za MyCity, Smile fotošop mi je tražio ažuriranje koje sam prihvatila. Poslije toga mi se činilo da je laptop usporeniji i uključila sam RogueKiller koji je takođe tražio ažuriranje. Kada sam htjela da preuzmem noviju verziju, vidjela sam da mi je ponuđen komercijalni program i izašla iz toga, a čišćenje sam uradila sa starijom besplatnom verzijom. U obadva slučaja sam bila na sajtu Softonic-a.
Zbog preuzimanja fotošopa i čišćenja, restartovala sam laptop i poslije toga je ekran bio taman kao kad je isključen. Kad sam pritisla dugme za pokretanje, odmah se pojavio plav ekran sa tekstom. Nešto sam prevodila i razumjela da traži prilikom podizanja sistama da pritisnem F8. To sam uradila i dovoljno od mene, dalje ne znam ništa. Smile














Mislila sam da ovo ima veze sa Windiws update i kad sam htjela da pokrenem program, vidim da se za nekoliko dana dosta pokupilo za instalaciju, a pominje se maliciozni softver. Što se tiče rada laptopa, čini mi se da je u redu, a nema ni plavog ekrana sa bilo kakvim tekstom.




Evo FRST64 izvještaj:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015
Ran by Ljilja (administrator) on LJILJA-PC (18-08-2015 12:58:56)
Running from C:\Users\Ljilja\Desktop
Loaded Profiles: Ljilja (Available Profiles: Ljilja)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmtray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Threat Expert Ltd.) C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2014-12-15] ()
HKLM-x32\...\Run: [cmsc] => c:\program files (x86)\cmcm\Clean Master\cmtray.exe [468328 2015-08-08] (Kingsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.me/
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000 - PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000 -> {35D572E1-74D8-4E8C-9B9C-9DBE726E62CC} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-31] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-31] (Oracle Corporation)
BHO-x32: PC Tools Browser Guard BHO -> {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} -> C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-10-23] (Threat Expert Ltd.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-10-23] (Threat Expert Ltd.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553530000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9023283C-7551-42FD-961C-22362109F770}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{E812A994-7905-489D-87B7-484EE28B9B28}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default
FF SelectedSearchEngine: sweet-page
FF Homepage: www.google.me
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-31] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-23] (Apple Inc.)
FF Extension: EHTip - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\ehtip@robertkatic [2015-05-31]
FF Extension: Easy Translate - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\jid1-f7dnBeTj8ElpWQ@jetpack.xpi [2015-04-04]
FF Extension: Video DownloadHelper - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-08-10]
FF Extension: Google Privacy - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2015-03-31]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF HKLM-x32\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox
FF Extension: Browser Guard Toolbar - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox [2015-04-20]

Chrome:
=======
CHR Profile: C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-08-14]
CHR Extension: (Translate Language) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehihmefpkkchenckklpjmfaaobbfacij [2015-08-14]
CHR Extension: (Adblock Super) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-08-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-09]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-08-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-08-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-01] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1212048 2015-08-01] (Avira Operations GmbH & Co. KG)
R2 Browser Defender Update Service; C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [580728 2012-10-23] (Threat Expert Ltd.)
R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315240 2015-08-08] (Kingsoft Corporation)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2015-06-23] (CHENGDU YIWO Tech Development Co., Ltd)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2013-12-18] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-08-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-08-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-12-18] (Bytemobile, Inc.) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
R3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2015-08-08] (Kingsoft Corporation)
S3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [77144 2012-10-23] (PC Tools)
R1 QbikHkVista; C:\Windows\System32\DRIVERS\QbikHkVistaamd64.sys [243904 2013-03-07] ()
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-12-18] (Bytemobile, Inc.) [File not signed]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
U4 vsserv; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-18 12:58 - 2015-08-18 12:59 - 00016572 _____ C:\Users\Ljilja\Desktop\FRST.txt
2015-08-18 12:58 - 2015-08-18 12:58 - 00000000 ____D C:\FRST
2015-08-18 12:55 - 2015-08-18 12:55 - 02173440 _____ (Farbar) C:\Users\Ljilja\Desktop\FRST64.exe
2015-08-18 12:54 - 2015-08-18 12:54 - 00000000 ____D C:\Users\Ljilja\Desktop\Za abulantu
2015-08-18 12:38 - 2015-08-18 12:38 - 00000056 _____ C:\Windows\setupact.log
2015-08-18 12:38 - 2015-08-18 12:38 - 00000000 _____ C:\Windows\setuperr.log
2015-08-17 19:15 - 2015-08-18 11:11 - 00000000 ____D C:\Windows\Minidump
2015-08-17 17:30 - 2015-08-17 17:30 - 00071450 _____ C:\Users\Ljilja\AppData\Local\recently-used.xbel
2015-08-16 22:07 - 2015-08-16 22:07 - 00000000 ____D C:\Users\Ljilja\Documents\Updater
2015-08-16 18:10 - 2015-08-16 18:10 - 00175424 _____ C:\Users\Ljilja\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-16 18:06 - 2015-08-16 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2015-08-16 18:05 - 2015-08-16 18:05 - 18376624 _____ (Mooii) C:\Users\Ljilja\Downloads\PhotoScape_V3.6.2 (1).exe
2015-08-16 18:01 - 2015-08-16 18:01 - 05456896 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-16 17:59 - 2015-08-18 12:42 - 00091248 _____ C:\Windows\WindowsUpdate.log
2015-08-16 17:55 - 2015-08-16 17:55 - 00001110 _____ C:\AdwCleaner[C8].txt
2015-08-16 17:40 - 2015-08-16 17:41 - 00000950 _____ C:\AdwCleaner[S9].txt
2015-08-16 17:39 - 2015-08-16 17:39 - 00001298 _____ C:\Users\Ljilja\Desktop\AdwCleaner[C7].txt
2015-08-16 17:32 - 2015-08-16 17:32 - 00001298 _____ C:\AdwCleaner[C7].txt
2015-08-16 17:29 - 2015-08-16 17:31 - 00001119 _____ C:\AdwCleaner[S8].txt
2015-08-16 17:22 - 2015-08-16 17:22 - 01563648 _____ C:\Users\Ljilja\Downloads\adwcleaner_5.000.exe
2015-08-15 23:01 - 2015-08-15 23:01 - 00019666 _____ C:\Users\Ljilja\Desktop\Hellraiser---Pinhead--C10040177.jpeg
2015-08-15 20:47 - 2015-08-15 20:47 - 00018759 _____ C:\Users\Ljilja\Downloads\animstack (1).zip
2015-08-15 11:03 - 2015-08-15 11:03 - 01367267 _____ C:\Users\Ljilja\Desktop\aleksandar.xcf
2015-08-14 15:49 - 2015-08-14 15:49 - 02074670 _____ C:\Users\Ljilja\Downloads\FSResizer34.zip
2015-08-12 22:53 - 2015-08-12 22:53 - 00032768 _____ C:\Users\Ljilja\Desktop\video.VSP
2015-08-12 13:25 - 2015-08-16 20:03 - 00000000 ____D C:\Users\Ljilja\Desktop\2009
2015-08-12 13:10 - 2015-08-12 13:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-08-10 15:03 - 2015-08-10 15:03 - 00000000 ____D C:\ProgramData\Free YouTube Downloader
2015-08-10 14:47 - 2015-08-16 23:55 - 00000000 ___RD C:\Users\Ljilja\Desktop\youtube
2015-08-10 14:41 - 2015-08-10 14:57 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Free YouTube Downloader
2015-08-10 14:41 - 2015-08-10 14:41 - 00001260 _____ C:\Users\Public\Desktop\Free YouTube Downloader.lnk
2015-08-10 14:41 - 2015-08-10 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader
2015-08-10 14:41 - 2015-08-10 14:41 - 00000000 ____D C:\Program Files (x86)\Free YouTube Downloader
2015-08-10 14:38 - 2015-08-10 14:41 - 14299248 _____ (HOW Inc. ) C:\Users\Ljilja\Downloads\FYTDSetup.exe
2015-08-10 14:37 - 2015-08-10 14:37 - 01179136 _____ (How, Inc) C:\Users\Ljilja\Downloads\FreeYouTubeDownloaderOC.exe
2015-08-10 13:49 - 2015-08-17 17:09 - 00000000 ____D C:\Users\Ljilja\Desktop\Originals
2015-08-10 12:22 - 2015-08-10 12:22 - 00000000 ____D C:\Program Files (x86)\ConvertHelper
2015-08-09 16:04 - 2015-08-16 17:32 - 00000000 ____D C:\AdwCleaner
2015-08-09 13:14 - 2015-08-09 13:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-08 17:28 - 2015-08-08 17:28 - 00001037 _____ C:\Users\Public\Desktop\Clean Master.lnk
2015-08-08 17:28 - 2015-08-08 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clean Master
2015-08-08 17:27 - 2015-08-08 17:27 - 05767600 _____ (Kingsoft Corporation) C:\Users\Ljilja\Downloads\cleanmaster_12_1.exe
2015-08-07 22:14 - 2015-08-14 18:41 - 00000000 ____D C:\Users\Ljilja\Desktop\ct
2015-08-06 14:55 - 2015-08-06 14:55 - 01234432 _____ C:\Users\Ljilja\Downloads\ImageResizer-2.1_x86 (1).msi
2015-08-06 14:49 - 2015-08-06 14:49 - 01234432 _____ C:\Users\Ljilja\Downloads\ImageResizer-2.1_x86.msi
2015-08-06 14:44 - 2015-08-06 14:44 - 00000000 ____D C:\Program Files\Image Resizer for Windows
2015-08-06 14:44 - 2015-08-06 14:44 - 00000000 ____D C:\Program Files (x86)\Image Resizer for Windows
2015-08-06 14:04 - 2015-08-06 14:04 - 00000000 ____D C:\Windows\en
2015-08-06 14:03 - 2015-08-06 14:03 - 00001272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-08-06 14:03 - 2015-08-06 14:03 - 00000000 ____D C:\Windows\sr-latn-cs
2015-08-06 14:02 - 2015-08-06 14:02 - 00001425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-08-06 14:01 - 2015-08-06 14:01 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-08-06 14:00 - 2015-08-06 14:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-08-06 13:57 - 2015-08-08 10:55 - 00000000 ___RD C:\Users\Ljilja\OneDrive
2015-08-06 13:57 - 2015-08-06 13:57 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2015-08-06 13:15 - 2015-08-06 13:15 - 00023544 _____ C:\Users\Ljilja\Downloads\Dropresize013b.zip
2015-08-06 12:58 - 2015-08-06 12:59 - 00000000 ____D C:\ProgramData\nWinManPron
2015-08-06 12:57 - 2015-08-06 12:57 - 00000000 ____D C:\Program Files (x86)\pictureresizer_setup
2015-08-05 14:57 - 2015-08-05 14:57 - 05233880 _____ (X.M.Y International LLC ) C:\Users\Ljilja\Downloads\regopt461.exe
2015-08-04 19:04 - 2015-08-04 19:04 - 05058840 _____ (JAM Software ) C:\Users\Ljilja\Downloads\TreeSizeFreeSetup.exe
2015-08-04 19:00 - 2015-08-04 19:00 - 01402251 _____ C:\Users\Ljilja\Downloads\spacesniffer_1_2_0_2.zip
2015-08-04 15:23 - 2015-06-09 14:49 - 57667584 _____ C:\Users\Ljilja\Desktop\Emergencydisk.iso
2015-08-02 18:35 - 2015-08-02 18:35 - 00004096 ___SH C:\{7B029527-FA48-4C35-8F91-E8D99C7BBDB9}.CBM
2015-08-02 17:05 - 2015-08-02 17:50 - 00400384 ___SH C:\EUMONBMP.SYS
2015-08-02 17:05 - 2015-08-02 17:50 - 00000000 ____D C:\Windows\system32\config\regsave
2015-08-02 14:35 - 2015-08-02 15:40 - 00000000 ___RD C:\Users\Ljilja\Desktop\Nero_Info_Tool
2015-08-02 14:19 - 2015-08-02 14:19 - 00002096 _____ C:\Users\Public\Desktop\EaseUS Todo Backup Free 8.5 .lnk
2015-08-02 14:19 - 2015-08-02 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Free 8.5
2015-08-02 14:17 - 2014-12-15 01:03 - 00024104 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\fbnative.exe
2015-08-02 14:05 - 2015-08-02 14:09 - 109014792 _____ (CHENGDU YIWO Tech Development Co., Ltd ) C:\Users\Ljilja\Downloads\tb_free.exe
2015-08-02 13:26 - 2014-12-15 00:59 - 00192040 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EuFdDisk.sys
2015-08-02 13:26 - 2014-12-15 00:59 - 00060968 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eubakup.sys
2015-08-02 13:26 - 2014-12-15 00:59 - 00018472 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eudskacs.sys
2015-08-02 13:25 - 2014-12-15 00:59 - 00048168 _____ C:\Windows\system32\Drivers\EUBKMON.sys
2015-08-02 13:23 - 2015-08-02 13:23 - 00000000 ____D C:\Program Files (x86)\EaseUS
2015-08-01 18:17 - 2015-08-01 18:17 - 00000000 ____D C:\Users\Ljilja\AppData\Local\CEF
2015-08-01 12:54 - 2015-08-01 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-30 22:38 - 2015-07-30 22:38 - 00035662 _____ C:\Users\Ljilja\Downloads\wcmd_loc_srl.zip
2015-07-30 22:35 - 2015-07-30 22:35 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\GHISLER
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\UC.PIF
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\RAR.PIF
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\PKZIP.PIF
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\PKUNZIP.PIF
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\NOCLOSE.PIF
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\LHA.PIF
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\ARJ.PIF
2015-07-30 22:23 - 2015-07-30 22:23 - 03280704 _____ (Ghisler Software GmbH) C:\Users\Ljilja\Downloads\tcmd756a.exe
2015-07-30 22:03 - 2015-07-30 22:03 - 00034559 _____ C:\Users\Ljilja\Downloads\tc2usb.zip
2015-07-28 21:23 - 2015-07-25 20:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 21:23 - 2015-07-25 20:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 21:23 - 2015-07-25 20:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 21:23 - 2015-07-25 20:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 21:23 - 2015-07-25 20:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 21:23 - 2015-07-25 20:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 21:23 - 2015-07-25 20:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 21:23 - 2015-07-25 19:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-28 21:02 - 2015-07-28 21:02 - 00302011 _____ C:\Users\Ljilja\Downloads\WindowsUpdateDiagnostic.diagcab
2015-07-28 20:06 - 2015-08-12 22:48 - 00000000 ___RD C:\Users\Ljilja\Desktop\video pro
2015-07-25 10:13 - 2015-07-25 10:14 - 29654131 _____ (DownloadHelper ) C:\Users\Ljilja\Downloads\ConvertHelper3Setup.exe
2015-07-24 22:58 - 2015-08-15 10:41 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\ViberPC
2015-07-24 22:58 - 2015-07-24 23:24 - 00000970 _____ C:\Users\Ljilja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2015-07-24 22:58 - 2015-07-24 23:24 - 00000962 _____ C:\Users\Ljilja\Desktop\Viber.lnk
2015-07-24 22:54 - 2015-07-24 23:24 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Viber
2015-07-24 22:49 - 2015-07-24 22:52 - 67701008 _____ (Viber Media Inc) C:\Users\Ljilja\Downloads\ViberSetup.exe
2015-07-22 22:54 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-22 22:54 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-22 22:54 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-22 22:54 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-22 22:54 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-22 22:54 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-22 22:54 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-22 22:54 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-22 22:54 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-22 22:54 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 16:36 - 2015-08-12 13:20 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\Adobe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-18 12:58 - 2012-12-23 23:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-18 12:48 - 2013-01-31 19:36 - 00000000 ____D C:\ProgramData\Temp
2015-08-18 12:47 - 2009-07-14 06:45 - 00023824 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-18 12:47 - 2009-07-14 06:45 - 00023824 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-18 12:39 - 2013-08-19 19:16 - 00000000 ____D C:\ProgramData\MCShield
2015-08-18 12:38 - 2015-02-08 23:15 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-18 12:38 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-18 12:33 - 2015-02-08 23:15 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-18 11:11 - 2013-01-06 19:12 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\PhotoScape
2015-08-18 10:17 - 2015-02-17 00:26 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1FD0BBB3-F82C-4D61-ADB8-2F3A4AD35621}
2015-08-17 17:54 - 2015-02-06 19:50 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-08-17 17:44 - 2015-02-15 21:17 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Adobe
2015-08-17 17:31 - 2014-04-22 11:02 - 00000000 ____D C:\Users\Ljilja\.gimp-2.8
2015-08-17 17:30 - 2013-07-28 13:39 - 00000000 ____D C:\Users\Ljilja\AppData\Local\gtk-2.0
2015-08-17 17:10 - 2015-05-26 10:13 - 00103424 ____H C:\Users\Ljilja\Desktop\photothumb.db
2015-08-16 21:23 - 2013-01-09 23:06 - 00000069 _____ C:\Windows\NeroDigital.ini
2015-08-16 20:08 - 2012-12-22 19:05 - 00000000 ____D C:\Users\Ljilja
2015-08-16 18:06 - 2013-01-07 00:51 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2015-08-16 18:01 - 2009-07-14 07:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-16 15:22 - 2009-07-14 07:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-15 23:15 - 2012-12-22 21:11 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\Skype
2015-08-15 20:57 - 2013-10-28 15:17 - 00000000 ___RD C:\Users\Ljilja\Desktop\gimp-painter
2015-08-12 22:49 - 2015-01-29 01:37 - 00000000 ___RD C:\Users\Ljilja\Desktop\gifovi
2015-08-12 22:48 - 2015-07-03 20:40 - 00000000 ___RD C:\Users\Ljilja\Desktop\New folder
2015-08-12 22:45 - 2015-02-04 23:54 - 00000000 ___RD C:\Users\Ljilja\Desktop\fotošop
2015-08-12 19:28 - 2013-08-01 10:05 - 00024064 _____ C:\Users\Ljilja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-12 13:10 - 2015-02-21 13:17 - 00000000 ____D C:\ProgramData\Adobe
2015-08-11 23:58 - 2012-12-23 23:09 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 23:58 - 2012-12-23 23:09 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-11 23:58 - 2012-12-23 23:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-10 20:43 - 2015-03-11 19:08 - 00000000 ____D C:\Users\Ljilja\dwhelper
2015-08-10 10:59 - 2012-12-23 08:34 - 00000000 ____D C:\ProgramData\Mozilla
2015-08-09 21:22 - 2015-04-23 15:32 - 00000000 ___RD C:\Users\Ljilja\Desktop\gif
2015-08-09 17:22 - 2015-03-26 21:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-09 16:45 - 2014-05-29 20:48 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-09 16:43 - 2014-05-29 20:47 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-09 16:42 - 2013-09-20 16:27 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\uTorrent
2015-08-09 16:12 - 2015-01-31 21:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-09 12:55 - 2015-02-27 21:48 - 00000000 ___RD C:\Users\Ljilja\Desktop\br
2015-08-08 17:28 - 2015-05-11 21:23 - 00081768 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2015-08-08 17:28 - 2015-05-11 21:23 - 00056680 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys
2015-08-06 14:44 - 2014-11-04 17:57 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-06 14:09 - 2015-05-25 20:08 - 00000000 ____D C:\Users\Ljilja\Tracing
2015-08-06 14:09 - 2013-01-28 23:05 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Windows Live
2015-08-06 14:02 - 2013-01-28 23:15 - 00001341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-08-06 14:00 - 2013-01-28 23:12 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-08-06 13:59 - 2013-01-28 23:12 - 00000000 ____D C:\Program Files\Windows Live
2015-08-06 11:49 - 2014-02-23 21:19 - 00000000 ____D C:\Users\Ljilja\AppData\Local\CrashDumps
2015-08-02 15:43 - 2015-02-07 17:20 - 00000000 ___RD C:\Users\Ljilja\Desktop\PDR9
2015-08-01 21:53 - 2013-01-06 19:55 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\vlc
2015-08-01 14:18 - 2014-04-24 20:07 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\Audacity
2015-08-01 12:51 - 2013-09-16 22:13 - 00162528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-08-01 12:51 - 2013-09-16 22:13 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-07-30 23:24 - 2013-12-28 02:23 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2015-07-30 21:21 - 2012-12-22 21:03 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Google
2015-07-28 21:23 - 2015-04-15 14:13 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-28 18:15 - 2012-12-23 04:02 - 00000000 ____D C:\Windows\softwaredistribution.old
2015-07-28 11:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-24 18:16 - 2012-12-22 21:08 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2015-02-25 19:01 - 2015-02-25 19:01 - 0000000 _____ () C:\Users\Ljilja\AppData\Roaming\3C79.tmp
2013-08-01 10:05 - 2015-08-12 19:28 - 0024064 _____ () C:\Users\Ljilja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-17 17:30 - 2015-08-17 17:30 - 0071450 _____ () C:\Users\Ljilja\AppData\Local\recently-used.xbel
2015-03-22 12:20 - 2015-03-22 12:23 - 0007597 _____ () C:\Users\Ljilja\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Ljilja\AppData\Local\Temp\avgnt.exe
C:\Users\Ljilja\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-17 18:16

==================== End of log ============================


https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,

Pomalo mi je sumnjiv ovaj program Browser Guard 4.0, pa cemo ga zato ukloniti.

Prvo ga deinstaliraj putem Control Panel-a.


1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

closeprocesses:
emptytemp:
createrestorepoint:
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Task: {EC4EC398-8143-4121-A1C9-F45BBD4A8F2C} - System32\Tasks\Grand Panda Updater => C:\Program Files (x86)\PrivateVPN\gpup.exe <==== ATTENTION
C:\Program Files (x86)\PrivateVPN
AlternateDataStreams: C:\ProgramData\Temp:1AAB2E68
AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
C:\Program Files (x86)\PC Tools
KLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.me/
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000 - PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000 -> {35D572E1-74D8-4E8C-9B9C-9DBE726E62CC} URL = hxxps://www.google.com/search?q={searchTerms}
BHO-x32: PC Tools Browser Guard BHO -> {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} -> C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-10-23] (Threat Expert Ltd.)
Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-10-23] (Threat Expert Ltd.)
FF HKLM-x32\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox
FF Extension: Browser Guard Toolbar - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox [2015-04-20]
R2 Browser Defender Update Service; C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [580728 2012-10-23] (Threat Expert Ltd.)
S3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [77144 2012-10-23] (PC Tools)
C:\Windows\System32\Drivers\PCTBD64.sys


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Pridružio: 14 Okt 2012
  • Poruke: 3611
  • Gde živiš: Herceg Novi

Fix result of Farbar Recovery Scan Tool (x64) Version:17-08-2015
Ran by Ljilja (2015-08-18 15:17:04) Run:1
Running from C:\Users\Ljilja\Desktop
Loaded Profiles: Ljilja (Available Profiles: Ljilja)
Boot Mode: Normal
==============================================

fixlist content:
*****************
closeprocesses:
emptytemp:
createrestorepoint:
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Task: {EC4EC398-8143-4121-A1C9-F45BBD4A8F2C} - System32\Tasks\Grand Panda Updater => C:\Program Files (x86)\PrivateVPN\gpup.exe <==== ATTENTION
C:\Program Files (x86)\PrivateVPN
AlternateDataStreams: C:\ProgramData\Temp:1AAB2E68
AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
C:\Program Files (x86)\PC Tools
KLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.me/
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000 - PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000 -> {35D572E1-74D8-4E8C-9B9C-9DBE726E62CC} URL = hxxps://www.google.com/search?q={searchTerms}
BHO-x32: PC Tools Browser Guard BHO -> {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} -> C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-10-23] (Threat Expert Ltd.)
Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-10-23] (Threat Expert Ltd.)
FF HKLM-x32\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox
FF Extension: Browser Guard Toolbar - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox [2015-04-20]
R2 Browser Defender Update Service; C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [580728 2012-10-23] (Threat Expert Ltd.)
S3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [77144 2012-10-23] (PC Tools)
C:\Windows\System32\Drivers\PCTBD64.sys
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC4EC398-8143-4121-A1C9-F45BBD4A8F2C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC4EC398-8143-4121-A1C9-F45BBD4A8F2C}" => key removed successfully
C:\Windows\System32\Tasks\Grand Panda Updater => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Grand Panda Updater" => key removed successfully
"C:\Program Files (x86)\PrivateVPN" => File/Folder not found.
C:\ProgramData\Temp => ":1AAB2E68" ADS removed successfully.
C:\ProgramData\Temp => ":430C6D84" ADS removed successfully.
C:\ProgramData\Temp => ":DFC5A2B2" ADS removed successfully.
C:\Program Files (x86)\PC Tools => moved successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} => value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{35D572E1-74D8-4E8C-9B9C-9DBE726E62CC}" => key removed successfully
HKCR\CLSID\{35D572E1-74D8-4E8C-9B9C-9DBE726E62CC} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} => key not found.
HKCR\Wow6432Node\CLSID\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value not found.
HKCR\Wow6432Node\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => key not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16} => value not found.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox not found.
Browser Defender Update Service => service not found.
PCTBD => service not found.
"C:\Windows\System32\Drivers\PCTBD64.sys" => File/Folder not found.
EmptyTemp: => 52.9 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 15:17:39 ====

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Odlicno. Sada ponovo pokreni FRST, obelezi Addition.txt, klikni na Scan i nakon zavrsetka skeniranja dostavi oba izvestaja.

offline
  • Pridružio: 14 Okt 2012
  • Poruke: 3611
  • Gde živiš: Herceg Novi

Napisano: 19 Avg 2015 19:16

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015
Ran by Ljilja (administrator) on LJILJA-PC (19-08-2015 18:58:02)
Running from C:\Users\Ljilja\Desktop
Loaded Profiles: Ljilja (Available Profiles: Ljilja)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2014-12-15] ()
HKLM-x32\...\Run: [cmsc] => c:\program files (x86)\cmcm\Clean Master\cmtray.exe [468328 2015-08-08] (Kingsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-31] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-31] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553530000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9023283C-7551-42FD-961C-22362109F770}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{E812A994-7905-489D-87B7-484EE28B9B28}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default
FF SelectedSearchEngine: sweet-page
FF Homepage: www.google.me
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-31] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-23] (Apple Inc.)
FF Extension: EHTip - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\ehtip@robertkatic [2015-05-31]
FF Extension: Easy Translate - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\jid1-f7dnBeTj8ElpWQ@jetpack.xpi [2015-04-04]
FF Extension: Video DownloadHelper - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-08-10]
FF Extension: Google Privacy - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2015-03-31]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon

Chrome:
=======
CHR Profile: C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-08-14]
CHR Extension: (Translate Language) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehihmefpkkchenckklpjmfaaobbfacij [2015-08-14]
CHR Extension: (Adblock Super) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-08-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-09]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-08-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-08-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-01] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1212048 2015-08-01] (Avira Operations GmbH & Co. KG)
R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315240 2015-08-08] (Kingsoft Corporation)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2015-06-23] (CHENGDU YIWO Tech Development Co., Ltd)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2013-12-18] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-08-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-08-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-12-18] (Bytemobile, Inc.) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
R3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2015-08-08] (Kingsoft Corporation)
R1 QbikHkVista; C:\Windows\System32\DRIVERS\QbikHkVistaamd64.sys [243904 2013-03-07] ()
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-12-18] (Bytemobile, Inc.) [File not signed]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
U4 vsserv; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-18 19:49 - 2015-08-18 19:49 - 00072252 _____ C:\Users\Ljilja\AppData\Local\recently-used.xbel
2015-08-18 15:06 - 2015-08-18 15:06 - 00001938 _____ C:\Windows\PFRO.log
2015-08-18 13:00 - 2015-08-18 13:01 - 00054154 _____ C:\Users\Ljilja\Desktop\Addition.txt
2015-08-18 12:58 - 2015-08-19 18:59 - 00013967 _____ C:\Users\Ljilja\Desktop\FRST.txt
2015-08-18 12:58 - 2015-08-19 18:58 - 00000000 ____D C:\FRST
2015-08-18 12:55 - 2015-08-18 12:55 - 02173440 _____ (Farbar) C:\Users\Ljilja\Desktop\FRST64.exe
2015-08-18 12:38 - 2015-08-19 18:52 - 00000224 _____ C:\Windows\setupact.log
2015-08-18 12:38 - 2015-08-18 12:38 - 00000000 _____ C:\Windows\setuperr.log
2015-08-17 19:15 - 2015-08-18 11:11 - 00000000 ____D C:\Windows\Minidump
2015-08-16 22:07 - 2015-08-16 22:07 - 00000000 ____D C:\Users\Ljilja\Documents\Updater
2015-08-16 18:10 - 2015-08-16 18:10 - 00175424 _____ C:\Users\Ljilja\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-16 18:06 - 2015-08-16 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2015-08-16 18:05 - 2015-08-16 18:05 - 18376624 _____ (Mooii) C:\Users\Ljilja\Downloads\PhotoScape_V3.6.2 (1).exe
2015-08-16 18:01 - 2015-08-16 18:01 - 05456896 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-16 17:59 - 2015-08-19 18:56 - 00121783 _____ C:\Windows\WindowsUpdate.log
2015-08-16 17:55 - 2015-08-16 17:55 - 00001110 _____ C:\AdwCleaner[C8].txt
2015-08-16 17:40 - 2015-08-16 17:41 - 00000950 _____ C:\AdwCleaner[S9].txt
2015-08-16 17:32 - 2015-08-16 17:32 - 00001298 _____ C:\AdwCleaner[C7].txt
2015-08-16 17:29 - 2015-08-16 17:31 - 00001119 _____ C:\AdwCleaner[S8].txt
2015-08-16 17:22 - 2015-08-16 17:22 - 01563648 _____ C:\Users\Ljilja\Downloads\adwcleaner_5.000.exe
2015-08-15 20:47 - 2015-08-15 20:47 - 00018759 _____ C:\Users\Ljilja\Downloads\animstack (1).zip
2015-08-14 15:49 - 2015-08-14 15:49 - 02074670 _____ C:\Users\Ljilja\Downloads\FSResizer34.zip
2015-08-12 22:53 - 2015-08-12 22:53 - 00032768 _____ C:\Users\Ljilja\Desktop\video.VSP
2015-08-12 13:10 - 2015-08-12 13:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-08-10 15:03 - 2015-08-10 15:03 - 00000000 ____D C:\ProgramData\Free YouTube Downloader
2015-08-10 14:47 - 2015-08-18 16:52 - 00000000 ___RD C:\Users\Ljilja\Desktop\youtube
2015-08-10 14:41 - 2015-08-10 14:57 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Free YouTube Downloader
2015-08-10 14:41 - 2015-08-10 14:41 - 00001260 _____ C:\Users\Public\Desktop\Free YouTube Downloader.lnk
2015-08-10 14:41 - 2015-08-10 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader
2015-08-10 14:41 - 2015-08-10 14:41 - 00000000 ____D C:\Program Files (x86)\Free YouTube Downloader
2015-08-10 14:38 - 2015-08-10 14:41 - 14299248 _____ (HOW Inc. ) C:\Users\Ljilja\Downloads\FYTDSetup.exe
2015-08-10 14:37 - 2015-08-10 14:37 - 01179136 _____ (How, Inc) C:\Users\Ljilja\Downloads\FreeYouTubeDownloaderOC.exe
2015-08-10 12:22 - 2015-08-10 12:22 - 00000000 ____D C:\Program Files (x86)\ConvertHelper
2015-08-09 16:04 - 2015-08-16 17:32 - 00000000 ____D C:\AdwCleaner
2015-08-09 13:14 - 2015-08-09 13:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-08 17:28 - 2015-08-08 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clean Master
2015-08-08 17:27 - 2015-08-08 17:27 - 05767600 _____ (Kingsoft Corporation) C:\Users\Ljilja\Downloads\cleanmaster_12_1.exe
2015-08-06 14:55 - 2015-08-06 14:55 - 01234432 _____ C:\Users\Ljilja\Downloads\ImageResizer-2.1_x86 (1).msi
2015-08-06 14:49 - 2015-08-06 14:49 - 01234432 _____ C:\Users\Ljilja\Downloads\ImageResizer-2.1_x86.msi
2015-08-06 14:44 - 2015-08-06 14:44 - 00000000 ____D C:\Program Files\Image Resizer for Windows
2015-08-06 14:44 - 2015-08-06 14:44 - 00000000 ____D C:\Program Files (x86)\Image Resizer for Windows
2015-08-06 14:04 - 2015-08-06 14:04 - 00000000 ____D C:\Windows\en
2015-08-06 14:03 - 2015-08-06 14:03 - 00001272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-08-06 14:03 - 2015-08-06 14:03 - 00000000 ____D C:\Windows\sr-latn-cs
2015-08-06 14:02 - 2015-08-06 14:02 - 00001425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-08-06 14:01 - 2015-08-06 14:01 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-08-06 14:00 - 2015-08-06 14:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-08-06 13:57 - 2015-08-08 10:55 - 00000000 ___RD C:\Users\Ljilja\OneDrive
2015-08-06 13:57 - 2015-08-06 13:57 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2015-08-06 13:15 - 2015-08-06 13:15 - 00023544 _____ C:\Users\Ljilja\Downloads\Dropresize013b.zip
2015-08-06 12:58 - 2015-08-06 12:59 - 00000000 ____D C:\ProgramData\nWinManPron
2015-08-06 12:57 - 2015-08-06 12:57 - 00000000 ____D C:\Program Files (x86)\pictureresizer_setup
2015-08-05 14:57 - 2015-08-05 14:57 - 05233880 _____ (X.M.Y International LLC ) C:\Users\Ljilja\Downloads\regopt461.exe
2015-08-04 19:04 - 2015-08-04 19:04 - 05058840 _____ (JAM Software ) C:\Users\Ljilja\Downloads\TreeSizeFreeSetup.exe
2015-08-04 19:00 - 2015-08-04 19:00 - 01402251 _____ C:\Users\Ljilja\Downloads\spacesniffer_1_2_0_2.zip
2015-08-02 18:35 - 2015-08-02 18:35 - 00004096 ___SH C:\{7B029527-FA48-4C35-8F91-E8D99C7BBDB9}.CBM
2015-08-02 17:05 - 2015-08-02 17:50 - 00400384 ___SH C:\EUMONBMP.SYS
2015-08-02 17:05 - 2015-08-02 17:50 - 00000000 ____D C:\Windows\system32\config\regsave
2015-08-02 14:35 - 2015-08-19 18:55 - 00000000 ___RD C:\Users\Ljilja\Desktop\folder
2015-08-02 14:19 - 2015-08-02 14:19 - 00002096 _____ C:\Users\Public\Desktop\EaseUS Todo Backup Free 8.5 .lnk
2015-08-02 14:19 - 2015-08-02 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Free 8.5
2015-08-02 14:17 - 2014-12-15 01:03 - 00024104 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\fbnative.exe
2015-08-02 14:05 - 2015-08-02 14:09 - 109014792 _____ (CHENGDU YIWO Tech Development Co., Ltd ) C:\Users\Ljilja\Downloads\tb_free.exe
2015-08-02 13:26 - 2014-12-15 00:59 - 00192040 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EuFdDisk.sys
2015-08-02 13:26 - 2014-12-15 00:59 - 00060968 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eubakup.sys
2015-08-02 13:26 - 2014-12-15 00:59 - 00018472 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eudskacs.sys
2015-08-02 13:25 - 2014-12-15 00:59 - 00048168 _____ C:\Windows\system32\Drivers\EUBKMON.sys
2015-08-02 13:23 - 2015-08-02 13:23 - 00000000 ____D C:\Program Files (x86)\EaseUS
2015-08-01 18:17 - 2015-08-01 18:17 - 00000000 ____D C:\Users\Ljilja\AppData\Local\CEF
2015-08-01 12:54 - 2015-08-01 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-30 22:38 - 2015-07-30 22:38 - 00035662 _____ C:\Users\Ljilja\Downloads\wcmd_loc_srl.zip
2015-07-30 22:35 - 2015-07-30 22:35 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\GHISLER
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\UC.PIF
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\RAR.PIF
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\PKZIP.PIF
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\PKUNZIP.PIF
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\NOCLOSE.PIF
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\LHA.PIF
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\ARJ.PIF
2015-07-30 22:23 - 2015-07-30 22:23 - 03280704 _____ (Ghisler Software GmbH) C:\Users\Ljilja\Downloads\tcmd756a.exe
2015-07-30 22:03 - 2015-07-30 22:03 - 00034559 _____ C:\Users\Ljilja\Downloads\tc2usb.zip
2015-07-28 21:23 - 2015-07-25 20:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 21:23 - 2015-07-25 20:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 21:23 - 2015-07-25 20:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 21:23 - 2015-07-25 20:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 21:23 - 2015-07-25 20:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 21:23 - 2015-07-25 20:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 21:23 - 2015-07-25 20:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 21:23 - 2015-07-25 19:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-28 21:02 - 2015-07-28 21:02 - 00302011 _____ C:\Users\Ljilja\Downloads\WindowsUpdateDiagnostic.diagcab
2015-07-28 20:06 - 2015-08-12 22:48 - 00000000 ___RD C:\Users\Ljilja\Desktop\video pro
2015-07-25 10:13 - 2015-07-25 10:14 - 29654131 _____ (DownloadHelper ) C:\Users\Ljilja\Downloads\ConvertHelper3Setup.exe
2015-07-24 22:58 - 2015-08-15 10:41 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\ViberPC
2015-07-24 22:58 - 2015-07-24 23:24 - 00000970 _____ C:\Users\Ljilja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2015-07-24 22:58 - 2015-07-24 23:24 - 00000962 _____ C:\Users\Ljilja\Desktop\Viber.lnk
2015-07-24 22:54 - 2015-07-24 23:24 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Viber
2015-07-24 22:49 - 2015-07-24 22:52 - 67701008 _____ (Viber Media Inc) C:\Users\Ljilja\Downloads\ViberSetup.exe
2015-07-22 22:54 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-22 22:54 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-22 22:54 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-22 22:54 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-22 22:54 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-22 22:54 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-22 22:54 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-22 22:54 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-22 22:54 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-22 22:54 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 16:36 - 2015-08-12 13:20 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\Adobe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-19 18:58 - 2012-12-23 23:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-19 18:55 - 2015-02-27 21:48 - 00000000 ___RD C:\Users\Ljilja\Desktop\br
2015-08-19 18:55 - 2015-02-17 00:26 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1FD0BBB3-F82C-4D61-ADB8-2F3A4AD35621}
2015-08-19 18:53 - 2013-08-19 19:16 - 00000000 ____D C:\ProgramData\MCShield
2015-08-19 18:52 - 2015-02-08 23:15 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-19 18:52 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-18 23:29 - 2012-12-22 21:11 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\Skype
2015-08-18 22:33 - 2015-02-08 23:15 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-18 19:50 - 2014-04-22 11:02 - 00000000 ____D C:\Users\Ljilja\.gimp-2.8
2015-08-18 19:49 - 2013-07-28 13:39 - 00000000 ____D C:\Users\Ljilja\AppData\Local\gtk-2.0
2015-08-18 19:42 - 2014-02-23 21:19 - 00000000 ____D C:\Users\Ljilja\AppData\Local\CrashDumps
2015-08-18 18:22 - 2015-02-15 21:17 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Adobe
2015-08-18 15:28 - 2009-07-14 06:45 - 00023824 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-18 15:28 - 2009-07-14 06:45 - 00023824 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-18 15:05 - 2013-01-31 19:36 - 00000000 ____D C:\ProgramData\Temp
2015-08-18 13:49 - 2013-01-06 19:12 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\PhotoScape
2015-08-18 13:48 - 2015-05-26 10:13 - 00113664 ____H C:\Users\Ljilja\Desktop\photothumb.db
2015-08-17 17:54 - 2015-02-06 19:50 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-08-16 21:23 - 2013-01-09 23:06 - 00000069 _____ C:\Windows\NeroDigital.ini
2015-08-16 20:08 - 2012-12-22 19:05 - 00000000 ____D C:\Users\Ljilja
2015-08-16 18:06 - 2013-01-07 00:51 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2015-08-16 18:01 - 2009-07-14 07:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-16 15:22 - 2009-07-14 07:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-15 20:57 - 2013-10-28 15:17 - 00000000 ___RD C:\Users\Ljilja\Desktop\gimp-painter
2015-08-12 22:49 - 2015-01-29 01:37 - 00000000 ___RD C:\Users\Ljilja\Desktop\gifovi
2015-08-12 22:48 - 2015-07-03 20:40 - 00000000 ___RD C:\Users\Ljilja\Desktop\New folder
2015-08-12 22:45 - 2015-02-04 23:54 - 00000000 ___RD C:\Users\Ljilja\Desktop\fotošop
2015-08-12 19:28 - 2013-08-01 10:05 - 00024064 _____ C:\Users\Ljilja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-12 13:10 - 2015-02-21 13:17 - 00000000 ____D C:\ProgramData\Adobe
2015-08-11 23:58 - 2012-12-23 23:09 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 23:58 - 2012-12-23 23:09 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-11 23:58 - 2012-12-23 23:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-10 20:43 - 2015-03-11 19:08 - 00000000 ____D C:\Users\Ljilja\dwhelper
2015-08-10 10:59 - 2012-12-23 08:34 - 00000000 ____D C:\ProgramData\Mozilla
2015-08-09 21:22 - 2015-04-23 15:32 - 00000000 ___RD C:\Users\Ljilja\Desktop\gif
2015-08-09 17:22 - 2015-03-26 21:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-09 16:45 - 2014-05-29 20:48 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-09 16:43 - 2014-05-29 20:47 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-09 16:42 - 2013-09-20 16:27 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\uTorrent
2015-08-09 16:12 - 2015-01-31 21:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-08 17:28 - 2015-05-11 21:23 - 00081768 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2015-08-08 17:28 - 2015-05-11 21:23 - 00056680 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys
2015-08-06 14:44 - 2014-11-04 17:57 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-06 14:09 - 2015-05-25 20:08 - 00000000 ____D C:\Users\Ljilja\Tracing
2015-08-06 14:09 - 2013-01-28 23:05 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Windows Live
2015-08-06 14:02 - 2013-01-28 23:15 - 00001341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-08-06 14:00 - 2013-01-28 23:12 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-08-06 13:59 - 2013-01-28 23:12 - 00000000 ____D C:\Program Files\Windows Live
2015-08-02 15:43 - 2015-02-07 17:20 - 00000000 ___RD C:\Users\Ljilja\Desktop\PDR9
2015-08-01 21:53 - 2013-01-06 19:55 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\vlc
2015-08-01 14:18 - 2014-04-24 20:07 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\Audacity
2015-08-01 12:51 - 2013-09-16 22:13 - 00162528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-08-01 12:51 - 2013-09-16 22:13 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-07-30 23:24 - 2013-12-28 02:23 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2015-07-30 21:21 - 2012-12-22 21:03 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Google
2015-07-28 21:23 - 2015-04-15 14:13 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-28 18:15 - 2012-12-23 04:02 - 00000000 ____D C:\Windows\softwaredistribution.old
2015-07-28 11:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-24 18:16 - 2012-12-22 21:08 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2015-02-25 19:01 - 2015-02-25 19:01 - 0000000 _____ () C:\Users\Ljilja\AppData\Roaming\3C79.tmp
2013-08-01 10:05 - 2015-08-12 19:28 - 0024064 _____ () C:\Users\Ljilja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-18 19:49 - 2015-08-18 19:49 - 0072252 _____ () C:\Users\Ljilja\AppData\Local\recently-used.xbel
2015-03-22 12:20 - 2015-03-22 12:23 - 0007597 _____ () C:\Users\Ljilja\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Ljilja\AppData\Local\Temp\avgnt.exe
C:\Users\Ljilja\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-17 18:16

==================== End of log ============================


https://www.mycity.rs/must-login.png

Dopuna: 19 Avg 2015 19:31

Ne znam smeta li što sam jučešnje izveštaje stavila u fascikli na dsktopu (vjerovatno bi imali isti naziv kao ovi sada).
Laptop se nije restartovao poslije pokretanja FRST-a, pa sam ja za svaki slučaj sačuvala izveštaje na desktopu i dala im naziv kao prethodni što su imali (poslije restarta nije formiran nijedan izveštaj kao juče).

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Racunar sada izgleda cisto. Ono sto me interesuje jeste da li je sve u redu sa hard diskom. Zato bih voleo da pokrenemo Check Disk.

Reci mi kako stojis sa engleskim, posto imam detaljno uputstvo na engleskom, da ne bih sada prevodio.

offline
  • Pridružio: 14 Okt 2012
  • Poruke: 3611
  • Gde živiš: Herceg Novi

TwinHeadedEagle ::Racunar sada izgleda cisto. Ono sto me interesuje jeste da li je sve u redu sa hard diskom. Zato bih voleo da pokrenemo Check Disk.

Reci mi kako stojis sa engleskim, posto imam detaljno uputstvo na engleskom, da ne bih sada prevodio.

Meni se ponovo pojavi ovo kad hoću da uradim Windows Update, a što se tiče engleskog, tu me ne diraj Smile, pojma nemam. Embarassed
Ako je to uputstvo sa slikama, možda se i snađem, to mi bolje ide. smešak

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

U redu onda Very Happy


U isto vreme zadrzi Windows dugme + R, kada se otvori prozor ukucaj CMD
Sada je potrebno da upises chkdsk C: /r, pa onda lupi Enter
Ukoliko se pojavi neka poruka, upisi Y i opet lupi Enter
Restartuj racunar i sacekaj da se proces zavrsi.

offline
  • Pridružio: 14 Okt 2012
  • Poruke: 3611
  • Gde živiš: Herceg Novi

Ja sam ovo uradila, ali nema nikakav izveštaj, gdje da ga tražim? smešak

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Sada cemo ovako:


U isto vreme zadrzi Windows dugme + R, kada se otvori prozor ukucaj eventvwr
Na desnoj strani treba da prosiris Windows Logs, a zatim klikni na Applications
Zatim na levoj strani klikni na Filter Current Log, a zatim pod Event Sources, cekiraj samo Wininit. Klikni na OK.
Sada ce ti se gore pojaviti Wininit izvestaj, a njegov sadrzaj kopiraj ovde.

Ko je trenutno na forumu
 

Ukupno su 635 korisnika na forumu :: 21 registrovanih, 7 sakrivenih i 607 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, awathorn, branko7, djo97, DonRumataEstorski, dragoljub11987, Klecaviks, mane123, moonshine, mushroom, nuke92, Petar35, raykan, scimitar19, Srki98, Taso, Toni, Vlada1389, vrlenija, zlaya011, Živković