MyCity » Ambulanta -> Arhiva Ambulante » Maliciozni softver ili nešto drugo

Maliciozni softver ili nešto drugo

Napisano na dan: 18.8.2015

Strana:
1
2

Maliciozni softver ili nešto drugo

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Ljilja Hnovi Poslao: 18 Avg 2015 14:47 Idi na vrh
offline Ljilja Hnovi Prijatelj foruma Pridružio: 14 Okt 2012 Poruke: 3611 Gde živiš: Herceg Novi	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Dobar dan doktori! Mogli ste lako bez mene danas, nego ja ne mogu bez vas. U toku rada na jednom "projektu" za MyCity, fotošop mi je tražio ažuriranje koje sam prihvatila. Poslije toga mi se činilo da je laptop usporeniji i uključila sam RogueKiller koji je takođe tražio ažuriranje. Kada sam htjela da preuzmem noviju verziju, vidjela sam da mi je ponuđen komercijalni program i izašla iz toga, a čišćenje sam uradila sa starijom besplatnom verzijom. U obadva slučaja sam bila na sajtu Softonic-a. Zbog preuzimanja fotošopa i čišćenja, restartovala sam laptop i poslije toga je ekran bio taman kao kad je isključen. Kad sam pritisla dugme za pokretanje, odmah se pojavio plav ekran sa tekstom. Nešto sam prevodila i razumjela da traži prilikom podizanja sistama da pritisnem F8. To sam uradila i dovoljno od mene, dalje ne znam ništa. Mislila sam da ovo ima veze sa Windiws update i kad sam htjela da pokrenem program, vidim da se za nekoliko dana dosta pokupilo za instalaciju, a pominje se maliciozni softver. Što se tiče rada laptopa, čini mi se da je u redu, a nema ni plavog ekrana sa bilo kakvim tekstom. Evo FRST64 izvještaj: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015 Ran by Ljilja (administrator) on LJILJA-PC (18-08-2015 12:58:56) Running from C:\Users\Ljilja\Desktop Loaded Profiles: Ljilja (Available Profiles: Ljilja) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmtray.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Threat Expert Ltd.) C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe () C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-01] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2014-12-15] () HKLM-x32\...\Run: [cmsc] => c:\program files (x86)\cmcm\Clean Master\cmtray.exe [468328 2015-08-08] (Kingsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity) HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd) HKU\S-1-5-18\...\Run: [] => [X] HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.me/ HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp URLSearchHook: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000 - PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000 -> {35D572E1-74D8-4E8C-9B9C-9DBE726E62CC} URL = hxxps://www.google.com/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-31] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-31] (Oracle Corporation) BHO-x32: PC Tools Browser Guard BHO -> {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} -> C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-10-23] (Threat Expert Ltd.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-10-23] (Threat Expert Ltd.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553530000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{9023283C-7551-42FD-961C-22362109F770}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{E812A994-7905-489D-87B7-484EE28B9B28}: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default FF SelectedSearchEngine: sweet-page FF Homepage: www.google.me FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-31] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-31] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-23] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-23] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-23] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-23] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-23] (Apple Inc.) FF Extension: EHTip - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\ehtip@robertkatic [2015-05-31] FF Extension: Easy Translate - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\jid1-f7dnBeTj8ElpWQ@jetpack.xpi [2015-04-04] FF Extension: Video DownloadHelper - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-08-10] FF Extension: Google Privacy - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2015-03-31] FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon FF HKLM-x32\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox FF Extension: Browser Guard Toolbar - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox [2015-04-20] Chrome: ======= CHR Profile: C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Translate) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-08-14] CHR Extension: (Translate Language) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehihmefpkkchenckklpjmfaaobbfacij [2015-08-14] CHR Extension: (Adblock Super) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-08-14] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-09] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-08-01] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-08-01] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-01] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1212048 2015-08-01] (Avira Operations GmbH & Co. KG) R2 Browser Defender Update Service; C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [580728 2012-10-23] (Threat Expert Ltd.) R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.) R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315240 2015-08-08] (Kingsoft Corporation) R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2015-06-23] (CHENGDU YIWO Tech Development Co., Ltd) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2013-12-18] () R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-08-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-08-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG) R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-12-18] (Bytemobile, Inc.) [File not signed] R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] () R3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2015-08-08] (Kingsoft Corporation) S3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [77144 2012-10-23] (PC Tools) R1 QbikHkVista; C:\Windows\System32\DRIVERS\QbikHkVistaamd64.sys [243904 2013-03-07] () R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation ) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.) R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-12-18] (Bytemobile, Inc.) [File not signed] S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X] U4 vsserv; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-18 12:58 - 2015-08-18 12:59 - 00016572 _____ C:\Users\Ljilja\Desktop\FRST.txt 2015-08-18 12:58 - 2015-08-18 12:58 - 00000000 ____D C:\FRST 2015-08-18 12:55 - 2015-08-18 12:55 - 02173440 _____ (Farbar) C:\Users\Ljilja\Desktop\FRST64.exe 2015-08-18 12:54 - 2015-08-18 12:54 - 00000000 ____D C:\Users\Ljilja\Desktop\Za abulantu 2015-08-18 12:38 - 2015-08-18 12:38 - 00000056 _____ C:\Windows\setupact.log 2015-08-18 12:38 - 2015-08-18 12:38 - 00000000 _____ C:\Windows\setuperr.log 2015-08-17 19:15 - 2015-08-18 11:11 - 00000000 ____D C:\Windows\Minidump 2015-08-17 17:30 - 2015-08-17 17:30 - 00071450 _____ C:\Users\Ljilja\AppData\Local\recently-used.xbel 2015-08-16 22:07 - 2015-08-16 22:07 - 00000000 ____D C:\Users\Ljilja\Documents\Updater 2015-08-16 18:10 - 2015-08-16 18:10 - 00175424 _____ C:\Users\Ljilja\AppData\Local\GDIPFONTCACHEV1.DAT 2015-08-16 18:06 - 2015-08-16 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape 2015-08-16 18:05 - 2015-08-16 18:05 - 18376624 _____ (Mooii) C:\Users\Ljilja\Downloads\PhotoScape_V3.6.2 (1).exe 2015-08-16 18:01 - 2015-08-16 18:01 - 05456896 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-16 17:59 - 2015-08-18 12:42 - 00091248 _____ C:\Windows\WindowsUpdate.log 2015-08-16 17:55 - 2015-08-16 17:55 - 00001110 _____ C:\AdwCleaner[C8].txt 2015-08-16 17:40 - 2015-08-16 17:41 - 00000950 _____ C:\AdwCleaner[S9].txt 2015-08-16 17:39 - 2015-08-16 17:39 - 00001298 _____ C:\Users\Ljilja\Desktop\AdwCleaner[C7].txt 2015-08-16 17:32 - 2015-08-16 17:32 - 00001298 _____ C:\AdwCleaner[C7].txt 2015-08-16 17:29 - 2015-08-16 17:31 - 00001119 _____ C:\AdwCleaner[S8].txt 2015-08-16 17:22 - 2015-08-16 17:22 - 01563648 _____ C:\Users\Ljilja\Downloads\adwcleaner_5.000.exe 2015-08-15 23:01 - 2015-08-15 23:01 - 00019666 _____ C:\Users\Ljilja\Desktop\Hellraiser---Pinhead--C10040177.jpeg 2015-08-15 20:47 - 2015-08-15 20:47 - 00018759 _____ C:\Users\Ljilja\Downloads\animstack (1).zip 2015-08-15 11:03 - 2015-08-15 11:03 - 01367267 _____ C:\Users\Ljilja\Desktop\aleksandar.xcf 2015-08-14 15:49 - 2015-08-14 15:49 - 02074670 _____ C:\Users\Ljilja\Downloads\FSResizer34.zip 2015-08-12 22:53 - 2015-08-12 22:53 - 00032768 _____ C:\Users\Ljilja\Desktop\video.VSP 2015-08-12 13:25 - 2015-08-16 20:03 - 00000000 ____D C:\Users\Ljilja\Desktop\2009 2015-08-12 13:10 - 2015-08-12 13:10 - 00000000 ____D C:\Program Files\Common Files\Adobe 2015-08-10 15:03 - 2015-08-10 15:03 - 00000000 ____D C:\ProgramData\Free YouTube Downloader 2015-08-10 14:47 - 2015-08-16 23:55 - 00000000 ___RD C:\Users\Ljilja\Desktop\youtube 2015-08-10 14:41 - 2015-08-10 14:57 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Free YouTube Downloader 2015-08-10 14:41 - 2015-08-10 14:41 - 00001260 _____ C:\Users\Public\Desktop\Free YouTube Downloader.lnk 2015-08-10 14:41 - 2015-08-10 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader 2015-08-10 14:41 - 2015-08-10 14:41 - 00000000 ____D C:\Program Files (x86)\Free YouTube Downloader 2015-08-10 14:38 - 2015-08-10 14:41 - 14299248 _____ (HOW Inc. ) C:\Users\Ljilja\Downloads\FYTDSetup.exe 2015-08-10 14:37 - 2015-08-10 14:37 - 01179136 _____ (How, Inc) C:\Users\Ljilja\Downloads\FreeYouTubeDownloaderOC.exe 2015-08-10 13:49 - 2015-08-17 17:09 - 00000000 ____D C:\Users\Ljilja\Desktop\Originals 2015-08-10 12:22 - 2015-08-10 12:22 - 00000000 ____D C:\Program Files (x86)\ConvertHelper 2015-08-09 16:04 - 2015-08-16 17:32 - 00000000 ____D C:\AdwCleaner 2015-08-09 13:14 - 2015-08-09 13:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-08-08 17:28 - 2015-08-08 17:28 - 00001037 _____ C:\Users\Public\Desktop\Clean Master.lnk 2015-08-08 17:28 - 2015-08-08 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clean Master 2015-08-08 17:27 - 2015-08-08 17:27 - 05767600 _____ (Kingsoft Corporation) C:\Users\Ljilja\Downloads\cleanmaster_12_1.exe 2015-08-07 22:14 - 2015-08-14 18:41 - 00000000 ____D C:\Users\Ljilja\Desktop\ct 2015-08-06 14:55 - 2015-08-06 14:55 - 01234432 _____ C:\Users\Ljilja\Downloads\ImageResizer-2.1_x86 (1).msi 2015-08-06 14:49 - 2015-08-06 14:49 - 01234432 _____ C:\Users\Ljilja\Downloads\ImageResizer-2.1_x86.msi 2015-08-06 14:44 - 2015-08-06 14:44 - 00000000 ____D C:\Program Files\Image Resizer for Windows 2015-08-06 14:44 - 2015-08-06 14:44 - 00000000 ____D C:\Program Files (x86)\Image Resizer for Windows 2015-08-06 14:04 - 2015-08-06 14:04 - 00000000 ____D C:\Windows\en 2015-08-06 14:03 - 2015-08-06 14:03 - 00001272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2015-08-06 14:03 - 2015-08-06 14:03 - 00000000 ____D C:\Windows\sr-latn-cs 2015-08-06 14:02 - 2015-08-06 14:02 - 00001425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2015-08-06 14:01 - 2015-08-06 14:01 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk 2015-08-06 14:00 - 2015-08-06 14:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2015-08-06 13:57 - 2015-08-08 10:55 - 00000000 ___RD C:\Users\Ljilja\OneDrive 2015-08-06 13:57 - 2015-08-06 13:57 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive 2015-08-06 13:15 - 2015-08-06 13:15 - 00023544 _____ C:\Users\Ljilja\Downloads\Dropresize013b.zip 2015-08-06 12:58 - 2015-08-06 12:59 - 00000000 ____D C:\ProgramData\nWinManPron 2015-08-06 12:57 - 2015-08-06 12:57 - 00000000 ____D C:\Program Files (x86)\pictureresizer_setup 2015-08-05 14:57 - 2015-08-05 14:57 - 05233880 _____ (X.M.Y International LLC ) C:\Users\Ljilja\Downloads\regopt461.exe 2015-08-04 19:04 - 2015-08-04 19:04 - 05058840 _____ (JAM Software ) C:\Users\Ljilja\Downloads\TreeSizeFreeSetup.exe 2015-08-04 19:00 - 2015-08-04 19:00 - 01402251 _____ C:\Users\Ljilja\Downloads\spacesniffer_1_2_0_2.zip 2015-08-04 15:23 - 2015-06-09 14:49 - 57667584 _____ C:\Users\Ljilja\Desktop\Emergencydisk.iso 2015-08-02 18:35 - 2015-08-02 18:35 - 00004096 ___SH C:\{7B029527-FA48-4C35-8F91-E8D99C7BBDB9}.CBM 2015-08-02 17:05 - 2015-08-02 17:50 - 00400384 ___SH C:\EUMONBMP.SYS 2015-08-02 17:05 - 2015-08-02 17:50 - 00000000 ____D C:\Windows\system32\config\regsave 2015-08-02 14:35 - 2015-08-02 15:40 - 00000000 ___RD C:\Users\Ljilja\Desktop\Nero_Info_Tool 2015-08-02 14:19 - 2015-08-02 14:19 - 00002096 _____ C:\Users\Public\Desktop\EaseUS Todo Backup Free 8.5 .lnk 2015-08-02 14:19 - 2015-08-02 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Free 8.5 2015-08-02 14:17 - 2014-12-15 01:03 - 00024104 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\fbnative.exe 2015-08-02 14:05 - 2015-08-02 14:09 - 109014792 _____ (CHENGDU YIWO Tech Development Co., Ltd ) C:\Users\Ljilja\Downloads\tb_free.exe 2015-08-02 13:26 - 2014-12-15 00:59 - 00192040 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EuFdDisk.sys 2015-08-02 13:26 - 2014-12-15 00:59 - 00060968 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eubakup.sys 2015-08-02 13:26 - 2014-12-15 00:59 - 00018472 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eudskacs.sys 2015-08-02 13:25 - 2014-12-15 00:59 - 00048168 _____ C:\Windows\system32\Drivers\EUBKMON.sys 2015-08-02 13:23 - 2015-08-02 13:23 - 00000000 ____D C:\Program Files (x86)\EaseUS 2015-08-01 18:17 - 2015-08-01 18:17 - 00000000 ____D C:\Users\Ljilja\AppData\Local\CEF 2015-08-01 12:54 - 2015-08-01 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-07-30 22:38 - 2015-07-30 22:38 - 00035662 _____ C:\Users\Ljilja\Downloads\wcmd_loc_srl.zip 2015-07-30 22:35 - 2015-07-30 22:35 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\GHISLER 2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\UC.PIF 2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\RAR.PIF 2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\PKZIP.PIF 2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\PKUNZIP.PIF 2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\NOCLOSE.PIF 2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\LHA.PIF 2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\ARJ.PIF 2015-07-30 22:23 - 2015-07-30 22:23 - 03280704 _____ (Ghisler Software GmbH) C:\Users\Ljilja\Downloads\tcmd756a.exe 2015-07-30 22:03 - 2015-07-30 22:03 - 00034559 _____ C:\Users\Ljilja\Downloads\tc2usb.zip 2015-07-28 21:23 - 2015-07-25 20:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-07-28 21:23 - 2015-07-25 20:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-07-28 21:23 - 2015-07-25 20:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-07-28 21:23 - 2015-07-25 20:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-07-28 21:23 - 2015-07-25 20:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-07-28 21:23 - 2015-07-25 20:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-07-28 21:23 - 2015-07-25 20:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-07-28 21:23 - 2015-07-25 19:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-07-28 21:02 - 2015-07-28 21:02 - 00302011 _____ C:\Users\Ljilja\Downloads\WindowsUpdateDiagnostic.diagcab 2015-07-28 20:06 - 2015-08-12 22:48 - 00000000 ___RD C:\Users\Ljilja\Desktop\video pro 2015-07-25 10:13 - 2015-07-25 10:14 - 29654131 _____ (DownloadHelper ) C:\Users\Ljilja\Downloads\ConvertHelper3Setup.exe 2015-07-24 22:58 - 2015-08-15 10:41 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\ViberPC 2015-07-24 22:58 - 2015-07-24 23:24 - 00000970 _____ C:\Users\Ljilja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk 2015-07-24 22:58 - 2015-07-24 23:24 - 00000962 _____ C:\Users\Ljilja\Desktop\Viber.lnk 2015-07-24 22:54 - 2015-07-24 23:24 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Viber 2015-07-24 22:49 - 2015-07-24 22:52 - 67701008 _____ (Viber Media Inc) C:\Users\Ljilja\Downloads\ViberSetup.exe 2015-07-22 22:54 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-07-22 22:54 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-07-22 22:54 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-07-22 22:54 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-07-22 22:54 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-07-22 22:54 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-07-22 22:54 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-07-22 22:54 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-07-22 22:54 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-07-22 22:54 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-07-20 16:36 - 2015-08-12 13:20 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\Adobe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-18 12:58 - 2012-12-23 23:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-18 12:48 - 2013-01-31 19:36 - 00000000 ____D C:\ProgramData\Temp 2015-08-18 12:47 - 2009-07-14 06:45 - 00023824 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-18 12:47 - 2009-07-14 06:45 - 00023824 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-18 12:39 - 2013-08-19 19:16 - 00000000 ____D C:\ProgramData\MCShield 2015-08-18 12:38 - 2015-02-08 23:15 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-18 12:38 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-18 12:33 - 2015-02-08 23:15 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-18 11:11 - 2013-01-06 19:12 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\PhotoScape 2015-08-18 10:17 - 2015-02-17 00:26 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1FD0BBB3-F82C-4D61-ADB8-2F3A4AD35621} 2015-08-17 17:54 - 2015-02-06 19:50 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys 2015-08-17 17:44 - 2015-02-15 21:17 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Adobe 2015-08-17 17:31 - 2014-04-22 11:02 - 00000000 ____D C:\Users\Ljilja\.gimp-2.8 2015-08-17 17:30 - 2013-07-28 13:39 - 00000000 ____D C:\Users\Ljilja\AppData\Local\gtk-2.0 2015-08-17 17:10 - 2015-05-26 10:13 - 00103424 ____H C:\Users\Ljilja\Desktop\photothumb.db 2015-08-16 21:23 - 2013-01-09 23:06 - 00000069 _____ C:\Windows\NeroDigital.ini 2015-08-16 20:08 - 2012-12-22 19:05 - 00000000 ____D C:\Users\Ljilja 2015-08-16 18:06 - 2013-01-07 00:51 - 00000000 ____D C:\Program Files (x86)\PhotoScape 2015-08-16 18:01 - 2009-07-14 07:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-08-16 15:22 - 2009-07-14 07:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-15 23:15 - 2012-12-22 21:11 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\Skype 2015-08-15 20:57 - 2013-10-28 15:17 - 00000000 ___RD C:\Users\Ljilja\Desktop\gimp-painter 2015-08-12 22:49 - 2015-01-29 01:37 - 00000000 ___RD C:\Users\Ljilja\Desktop\gifovi 2015-08-12 22:48 - 2015-07-03 20:40 - 00000000 ___RD C:\Users\Ljilja\Desktop\New folder 2015-08-12 22:45 - 2015-02-04 23:54 - 00000000 ___RD C:\Users\Ljilja\Desktop\fotošop 2015-08-12 19:28 - 2013-08-01 10:05 - 00024064 _____ C:\Users\Ljilja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-08-12 13:10 - 2015-02-21 13:17 - 00000000 ____D C:\ProgramData\Adobe 2015-08-11 23:58 - 2012-12-23 23:09 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-08-11 23:58 - 2012-12-23 23:09 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-08-11 23:58 - 2012-12-23 23:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-08-10 20:43 - 2015-03-11 19:08 - 00000000 ____D C:\Users\Ljilja\dwhelper 2015-08-10 10:59 - 2012-12-23 08:34 - 00000000 ____D C:\ProgramData\Mozilla 2015-08-09 21:22 - 2015-04-23 15:32 - 00000000 ___RD C:\Users\Ljilja\Desktop\gif 2015-08-09 17:22 - 2015-03-26 21:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-08-09 16:45 - 2014-05-29 20:48 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-09 16:43 - 2014-05-29 20:47 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-08-09 16:42 - 2013-09-20 16:27 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\uTorrent 2015-08-09 16:12 - 2015-01-31 21:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-08-09 12:55 - 2015-02-27 21:48 - 00000000 ___RD C:\Users\Ljilja\Desktop\br 2015-08-08 17:28 - 2015-05-11 21:23 - 00081768 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys 2015-08-08 17:28 - 2015-05-11 21:23 - 00056680 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys 2015-08-06 14:44 - 2014-11-04 17:57 - 00000000 ____D C:\ProgramData\Package Cache 2015-08-06 14:09 - 2015-05-25 20:08 - 00000000 ____D C:\Users\Ljilja\Tracing 2015-08-06 14:09 - 2013-01-28 23:05 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Windows Live 2015-08-06 14:02 - 2013-01-28 23:15 - 00001341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2015-08-06 14:00 - 2013-01-28 23:12 - 00000000 ____D C:\Program Files (x86)\Windows Live 2015-08-06 13:59 - 2013-01-28 23:12 - 00000000 ____D C:\Program Files\Windows Live 2015-08-06 11:49 - 2014-02-23 21:19 - 00000000 ____D C:\Users\Ljilja\AppData\Local\CrashDumps 2015-08-02 15:43 - 2015-02-07 17:20 - 00000000 ___RD C:\Users\Ljilja\Desktop\PDR9 2015-08-01 21:53 - 2013-01-06 19:55 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\vlc 2015-08-01 14:18 - 2014-04-24 20:07 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\Audacity 2015-08-01 12:51 - 2013-09-16 22:13 - 00162528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-08-01 12:51 - 2013-09-16 22:13 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-07-30 23:24 - 2013-12-28 02:23 - 00000000 ____D C:\Program Files (x86)\SpeedFan 2015-07-30 21:21 - 2012-12-22 21:03 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Google 2015-07-28 21:23 - 2015-04-15 14:13 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-07-28 18:15 - 2012-12-23 04:02 - 00000000 ____D C:\Windows\softwaredistribution.old 2015-07-28 11:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2015-07-24 18:16 - 2012-12-22 21:08 - 00000000 ____D C:\ProgramData\Skype ==================== Files in the root of some directories ======= 2015-02-25 19:01 - 2015-02-25 19:01 - 0000000 _____ () C:\Users\Ljilja\AppData\Roaming\3C79.tmp 2013-08-01 10:05 - 2015-08-12 19:28 - 0024064 _____ () C:\Users\Ljilja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-08-17 17:30 - 2015-08-17 17:30 - 0071450 _____ () C:\Users\Ljilja\AppData\Local\recently-used.xbel 2015-03-22 12:20 - 2015-03-22 12:23 - 0007597 _____ () C:\Users\Ljilja\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== C:\Users\Ljilja\AppData\Local\Temp\avgnt.exe C:\Users\Ljilja\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-17 18:16 ==================== End of log ============================ https://www.mycity.rs/must-login.png

Profil

TwinHeadedEagle Poslao: 18 Avg 2015 14:58 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, Pomalo mi je sumnjiv ovaj program Browser Guard 4.0, pa cemo ga zato ukloniti. Prvo ga deinstaliraj putem Control Panel-a. 1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod: closeprocesses: emptytemp: createrestorepoint: Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Task: {EC4EC398-8143-4121-A1C9-F45BBD4A8F2C} - System32\Tasks\Grand Panda Updater => C:\Program Files (x86)\PrivateVPN\gpup.exe <==== ATTENTION C:\Program Files (x86)\PrivateVPN AlternateDataStreams: C:\ProgramData\Temp:1AAB2E68 AlternateDataStreams: C:\ProgramData\Temp:430C6D84 AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2 C:\Program Files (x86)\PC Tools KLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.me/ HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp URLSearchHook: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000 - PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000 -> {35D572E1-74D8-4E8C-9B9C-9DBE726E62CC} URL = hxxps://www.google.com/search?q={searchTerms} BHO-x32: PC Tools Browser Guard BHO -> {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} -> C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-10-23] (Threat Expert Ltd.) Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-10-23] (Threat Expert Ltd.) FF HKLM-x32\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox FF Extension: Browser Guard Toolbar - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox [2015-04-20] R2 Browser Defender Update Service; C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [580728 2012-10-23] (Threat Expert Ltd.) S3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [77144 2012-10-23] (PC Tools) C:\Windows\System32\Drivers\PCTBD64.sys 2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi. 3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj. Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema. Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku. Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Profil

Ljilja Hnovi Poslao: 18 Avg 2015 15:25 Idi na vrh
offline Ljilja Hnovi Prijatelj foruma Pridružio: 14 Okt 2012 Poruke: 3611 Gde živiš: Herceg Novi	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Fix result of Farbar Recovery Scan Tool (x64) Version:17-08-2015 Ran by Ljilja (2015-08-18 15:17:04) Run:1 Running from C:\Users\Ljilja\Desktop Loaded Profiles: Ljilja (Available Profiles: Ljilja) Boot Mode: Normal ============================================== fixlist content: *************** closeprocesses: emptytemp: createrestorepoint: Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Task: {EC4EC398-8143-4121-A1C9-F45BBD4A8F2C} - System32\Tasks\Grand Panda Updater => C:\Program Files (x86)\PrivateVPN\gpup.exe <==== ATTENTION C:\Program Files (x86)\PrivateVPN AlternateDataStreams: C:\ProgramData\Temp:1AAB2E68 AlternateDataStreams: C:\ProgramData\Temp:430C6D84 AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2 C:\Program Files (x86)\PC Tools KLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.me/ HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp URLSearchHook: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000 - PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000 -> {35D572E1-74D8-4E8C-9B9C-9DBE726E62CC} URL = hxxps://www.google.com/search?q={searchTerms} BHO-x32: PC Tools Browser Guard BHO -> {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} -> C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-10-23] (Threat Expert Ltd.) Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-10-23] (Threat Expert Ltd.) FF HKLM-x32\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox FF Extension: Browser Guard Toolbar - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox [2015-04-20] R2 Browser Defender Update Service; C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [580728 2012-10-23] (Threat Expert Ltd.) S3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [77144 2012-10-23] (PC Tools) C:\Windows\System32\Drivers\PCTBD64.sys *************** Processes closed successfully. Error: (0) Failed to create a restore point. ========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F ========= The operation completed successfully. ========= End of Reg: ========= ========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F ========= The operation completed successfully. ========= End of Reg: ========= "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC4EC398-8143-4121-A1C9-F45BBD4A8F2C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC4EC398-8143-4121-A1C9-F45BBD4A8F2C}" => key removed successfully C:\Windows\System32\Tasks\Grand Panda Updater => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Grand Panda Updater" => key removed successfully "C:\Program Files (x86)\PrivateVPN" => File/Folder not found. C:\ProgramData\Temp => ":1AAB2E68" ADS removed successfully. C:\ProgramData\Temp => ":430C6D84" ADS removed successfully. C:\ProgramData\Temp => ":DFC5A2B2" ADS removed successfully. C:\Program Files (x86)\PC Tools => moved successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} => value not found. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully "HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{35D572E1-74D8-4E8C-9B9C-9DBE726E62CC}" => key removed successfully HKCR\CLSID\{35D572E1-74D8-4E8C-9B9C-9DBE726E62CC} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} => key not found. HKCR\Wow6432Node\CLSID\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value not found. HKCR\Wow6432Node\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => key not found. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16} => value not found. C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox not found. Browser Defender Update Service => service not found. PCTBD => service not found. "C:\Windows\System32\Drivers\PCTBD64.sys" => File/Folder not found. EmptyTemp: => 52.9 MB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 15:17:39 ====

Profil

TwinHeadedEagle Poslao: 19 Avg 2015 07:49 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Odlicno. Sada ponovo pokreni FRST, obelezi Addition.txt, klikni na Scan i nakon zavrsetka skeniranja dostavi oba izvestaja.

Profil

Ljilja Hnovi Poslao: 19 Avg 2015 19:31 Idi na vrh
offline Ljilja Hnovi Prijatelj foruma Pridružio: 14 Okt 2012 Poruke: 3611 Gde živiš: Herceg Novi	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 19 Avg 2015 19:16 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015 Ran by Ljilja (administrator) on LJILJA-PC (19-08-2015 18:58:02) Running from C:\Users\Ljilja\Desktop Loaded Profiles: Ljilja (Available Profiles: Ljilja) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe () C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-01] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2014-12-15] () HKLM-x32\...\Run: [cmsc] => c:\program files (x86)\cmcm\Clean Master\cmtray.exe [468328 2015-08-08] (Kingsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity) HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd) HKU\S-1-5-18\...\Run: [] => [X] HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-31] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-31] (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553530000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{9023283C-7551-42FD-961C-22362109F770}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{E812A994-7905-489D-87B7-484EE28B9B28}: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default FF SelectedSearchEngine: sweet-page FF Homepage: www.google.me FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-31] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-31] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-23] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-23] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-23] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-23] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-23] (Apple Inc.) FF Extension: EHTip - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\ehtip@robertkatic [2015-05-31] FF Extension: Easy Translate - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\jid1-f7dnBeTj8ElpWQ@jetpack.xpi [2015-04-04] FF Extension: Video DownloadHelper - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-08-10] FF Extension: Google Privacy - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2015-03-31] FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon Chrome: ======= CHR Profile: C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Translate) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-08-14] CHR Extension: (Translate Language) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehihmefpkkchenckklpjmfaaobbfacij [2015-08-14] CHR Extension: (Adblock Super) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-08-14] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-09] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-08-01] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-08-01] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-01] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1212048 2015-08-01] (Avira Operations GmbH & Co. KG) R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.) R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315240 2015-08-08] (Kingsoft Corporation) R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2015-06-23] (CHENGDU YIWO Tech Development Co., Ltd) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2013-12-18] () R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-08-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-08-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG) R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-12-18] (Bytemobile, Inc.) [File not signed] R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] () R3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2015-08-08] (Kingsoft Corporation) R1 QbikHkVista; C:\Windows\System32\DRIVERS\QbikHkVistaamd64.sys [243904 2013-03-07] () R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation ) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.) R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-12-18] (Bytemobile, Inc.) [File not signed] S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X] U4 vsserv; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-18 19:49 - 2015-08-18 19:49 - 00072252 _____ C:\Users\Ljilja\AppData\Local\recently-used.xbel 2015-08-18 15:06 - 2015-08-18 15:06 - 00001938 _____ C:\Windows\PFRO.log 2015-08-18 13:00 - 2015-08-18 13:01 - 00054154 _____ C:\Users\Ljilja\Desktop\Addition.txt 2015-08-18 12:58 - 2015-08-19 18:59 - 00013967 _____ C:\Users\Ljilja\Desktop\FRST.txt 2015-08-18 12:58 - 2015-08-19 18:58 - 00000000 ____D C:\FRST 2015-08-18 12:55 - 2015-08-18 12:55 - 02173440 _____ (Farbar) C:\Users\Ljilja\Desktop\FRST64.exe 2015-08-18 12:38 - 2015-08-19 18:52 - 00000224 _____ C:\Windows\setupact.log 2015-08-18 12:38 - 2015-08-18 12:38 - 00000000 _____ C:\Windows\setuperr.log 2015-08-17 19:15 - 2015-08-18 11:11 - 00000000 ____D C:\Windows\Minidump 2015-08-16 22:07 - 2015-08-16 22:07 - 00000000 ____D C:\Users\Ljilja\Documents\Updater 2015-08-16 18:10 - 2015-08-16 18:10 - 00175424 _____ C:\Users\Ljilja\AppData\Local\GDIPFONTCACHEV1.DAT 2015-08-16 18:06 - 2015-08-16 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape 2015-08-16 18:05 - 2015-08-16 18:05 - 18376624 _____ (Mooii) C:\Users\Ljilja\Downloads\PhotoScape_V3.6.2 (1).exe 2015-08-16 18:01 - 2015-08-16 18:01 - 05456896 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-16 17:59 - 2015-08-19 18:56 - 00121783 _____ C:\Windows\WindowsUpdate.log 2015-08-16 17:55 - 2015-08-16 17:55 - 00001110 _____ C:\AdwCleaner[C8].txt 2015-08-16 17:40 - 2015-08-16 17:41 - 00000950 _____ C:\AdwCleaner[S9].txt 2015-08-16 17:32 - 2015-08-16 17:32 - 00001298 _____ C:\AdwCleaner[C7].txt 2015-08-16 17:29 - 2015-08-16 17:31 - 00001119 _____ C:\AdwCleaner[S8].txt 2015-08-16 17:22 - 2015-08-16 17:22 - 01563648 _____ C:\Users\Ljilja\Downloads\adwcleaner_5.000.exe 2015-08-15 20:47 - 2015-08-15 20:47 - 00018759 _____ C:\Users\Ljilja\Downloads\animstack (1).zip 2015-08-14 15:49 - 2015-08-14 15:49 - 02074670 _____ C:\Users\Ljilja\Downloads\FSResizer34.zip 2015-08-12 22:53 - 2015-08-12 22:53 - 00032768 _____ C:\Users\Ljilja\Desktop\video.VSP 2015-08-12 13:10 - 2015-08-12 13:10 - 00000000 ____D C:\Program Files\Common Files\Adobe 2015-08-10 15:03 - 2015-08-10 15:03 - 00000000 ____D C:\ProgramData\Free YouTube Downloader 2015-08-10 14:47 - 2015-08-18 16:52 - 00000000 ___RD C:\Users\Ljilja\Desktop\youtube 2015-08-10 14:41 - 2015-08-10 14:57 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Free YouTube Downloader 2015-08-10 14:41 - 2015-08-10 14:41 - 00001260 _____ C:\Users\Public\Desktop\Free YouTube Downloader.lnk 2015-08-10 14:41 - 2015-08-10 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader 2015-08-10 14:41 - 2015-08-10 14:41 - 00000000 ____D C:\Program Files (x86)\Free YouTube Downloader 2015-08-10 14:38 - 2015-08-10 14:41 - 14299248 _____ (HOW Inc. ) C:\Users\Ljilja\Downloads\FYTDSetup.exe 2015-08-10 14:37 - 2015-08-10 14:37 - 01179136 _____ (How, Inc) C:\Users\Ljilja\Downloads\FreeYouTubeDownloaderOC.exe 2015-08-10 12:22 - 2015-08-10 12:22 - 00000000 ____D C:\Program Files (x86)\ConvertHelper 2015-08-09 16:04 - 2015-08-16 17:32 - 00000000 ____D C:\AdwCleaner 2015-08-09 13:14 - 2015-08-09 13:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-08-08 17:28 - 2015-08-08 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clean Master 2015-08-08 17:27 - 2015-08-08 17:27 - 05767600 _____ (Kingsoft Corporation) C:\Users\Ljilja\Downloads\cleanmaster_12_1.exe 2015-08-06 14:55 - 2015-08-06 14:55 - 01234432 _____ C:\Users\Ljilja\Downloads\ImageResizer-2.1_x86 (1).msi 2015-08-06 14:49 - 2015-08-06 14:49 - 01234432 _____ C:\Users\Ljilja\Downloads\ImageResizer-2.1_x86.msi 2015-08-06 14:44 - 2015-08-06 14:44 - 00000000 ____D C:\Program Files\Image Resizer for Windows 2015-08-06 14:44 - 2015-08-06 14:44 - 00000000 ____D C:\Program Files (x86)\Image Resizer for Windows 2015-08-06 14:04 - 2015-08-06 14:04 - 00000000 ____D C:\Windows\en 2015-08-06 14:03 - 2015-08-06 14:03 - 00001272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2015-08-06 14:03 - 2015-08-06 14:03 - 00000000 ____D C:\Windows\sr-latn-cs 2015-08-06 14:02 - 2015-08-06 14:02 - 00001425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2015-08-06 14:01 - 2015-08-06 14:01 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk 2015-08-06 14:00 - 2015-08-06 14:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2015-08-06 13:57 - 2015-08-08 10:55 - 00000000 ___RD C:\Users\Ljilja\OneDrive 2015-08-06 13:57 - 2015-08-06 13:57 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive 2015-08-06 13:15 - 2015-08-06 13:15 - 00023544 _____ C:\Users\Ljilja\Downloads\Dropresize013b.zip 2015-08-06 12:58 - 2015-08-06 12:59 - 00000000 ____D C:\ProgramData\nWinManPron 2015-08-06 12:57 - 2015-08-06 12:57 - 00000000 ____D C:\Program Files (x86)\pictureresizer_setup 2015-08-05 14:57 - 2015-08-05 14:57 - 05233880 _____ (X.M.Y International LLC ) C:\Users\Ljilja\Downloads\regopt461.exe 2015-08-04 19:04 - 2015-08-04 19:04 - 05058840 _____ (JAM Software ) C:\Users\Ljilja\Downloads\TreeSizeFreeSetup.exe 2015-08-04 19:00 - 2015-08-04 19:00 - 01402251 _____ C:\Users\Ljilja\Downloads\spacesniffer_1_2_0_2.zip 2015-08-02 18:35 - 2015-08-02 18:35 - 00004096 ___SH C:\{7B029527-FA48-4C35-8F91-E8D99C7BBDB9}.CBM 2015-08-02 17:05 - 2015-08-02 17:50 - 00400384 ___SH C:\EUMONBMP.SYS 2015-08-02 17:05 - 2015-08-02 17:50 - 00000000 ____D C:\Windows\system32\config\regsave 2015-08-02 14:35 - 2015-08-19 18:55 - 00000000 ___RD C:\Users\Ljilja\Desktop\folder 2015-08-02 14:19 - 2015-08-02 14:19 - 00002096 _____ C:\Users\Public\Desktop\EaseUS Todo Backup Free 8.5 .lnk 2015-08-02 14:19 - 2015-08-02 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Free 8.5 2015-08-02 14:17 - 2014-12-15 01:03 - 00024104 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\fbnative.exe 2015-08-02 14:05 - 2015-08-02 14:09 - 109014792 _____ (CHENGDU YIWO Tech Development Co., Ltd ) C:\Users\Ljilja\Downloads\tb_free.exe 2015-08-02 13:26 - 2014-12-15 00:59 - 00192040 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EuFdDisk.sys 2015-08-02 13:26 - 2014-12-15 00:59 - 00060968 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eubakup.sys 2015-08-02 13:26 - 2014-12-15 00:59 - 00018472 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eudskacs.sys 2015-08-02 13:25 - 2014-12-15 00:59 - 00048168 _____ C:\Windows\system32\Drivers\EUBKMON.sys 2015-08-02 13:23 - 2015-08-02 13:23 - 00000000 ____D C:\Program Files (x86)\EaseUS 2015-08-01 18:17 - 2015-08-01 18:17 - 00000000 ____D C:\Users\Ljilja\AppData\Local\CEF 2015-08-01 12:54 - 2015-08-01 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-07-30 22:38 - 2015-07-30 22:38 - 00035662 _____ C:\Users\Ljilja\Downloads\wcmd_loc_srl.zip 2015-07-30 22:35 - 2015-07-30 22:35 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\GHISLER 2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\UC.PIF 2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\RAR.PIF 2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\PKZIP.PIF 2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\PKUNZIP.PIF 2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\NOCLOSE.PIF 2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\LHA.PIF 2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\ARJ.PIF 2015-07-30 22:23 - 2015-07-30 22:23 - 03280704 _____ (Ghisler Software GmbH) C:\Users\Ljilja\Downloads\tcmd756a.exe 2015-07-30 22:03 - 2015-07-30 22:03 - 00034559 _____ C:\Users\Ljilja\Downloads\tc2usb.zip 2015-07-28 21:23 - 2015-07-25 20:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-07-28 21:23 - 2015-07-25 20:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-07-28 21:23 - 2015-07-25 20:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-07-28 21:23 - 2015-07-25 20:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-07-28 21:23 - 2015-07-25 20:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-07-28 21:23 - 2015-07-25 20:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-07-28 21:23 - 2015-07-25 20:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-07-28 21:23 - 2015-07-25 19:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-07-28 21:02 - 2015-07-28 21:02 - 00302011 _____ C:\Users\Ljilja\Downloads\WindowsUpdateDiagnostic.diagcab 2015-07-28 20:06 - 2015-08-12 22:48 - 00000000 ___RD C:\Users\Ljilja\Desktop\video pro 2015-07-25 10:13 - 2015-07-25 10:14 - 29654131 _____ (DownloadHelper ) C:\Users\Ljilja\Downloads\ConvertHelper3Setup.exe 2015-07-24 22:58 - 2015-08-15 10:41 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\ViberPC 2015-07-24 22:58 - 2015-07-24 23:24 - 00000970 _____ C:\Users\Ljilja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk 2015-07-24 22:58 - 2015-07-24 23:24 - 00000962 _____ C:\Users\Ljilja\Desktop\Viber.lnk 2015-07-24 22:54 - 2015-07-24 23:24 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Viber 2015-07-24 22:49 - 2015-07-24 22:52 - 67701008 _____ (Viber Media Inc) C:\Users\Ljilja\Downloads\ViberSetup.exe 2015-07-22 22:54 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-07-22 22:54 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-07-22 22:54 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-07-22 22:54 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-07-22 22:54 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-07-22 22:54 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-07-22 22:54 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-07-22 22:54 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-07-22 22:54 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-07-22 22:54 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-07-20 16:36 - 2015-08-12 13:20 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\Adobe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-19 18:58 - 2012-12-23 23:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-19 18:55 - 2015-02-27 21:48 - 00000000 ___RD C:\Users\Ljilja\Desktop\br 2015-08-19 18:55 - 2015-02-17 00:26 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1FD0BBB3-F82C-4D61-ADB8-2F3A4AD35621} 2015-08-19 18:53 - 2013-08-19 19:16 - 00000000 ____D C:\ProgramData\MCShield 2015-08-19 18:52 - 2015-02-08 23:15 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-19 18:52 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-18 23:29 - 2012-12-22 21:11 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\Skype 2015-08-18 22:33 - 2015-02-08 23:15 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-18 19:50 - 2014-04-22 11:02 - 00000000 ____D C:\Users\Ljilja\.gimp-2.8 2015-08-18 19:49 - 2013-07-28 13:39 - 00000000 ____D C:\Users\Ljilja\AppData\Local\gtk-2.0 2015-08-18 19:42 - 2014-02-23 21:19 - 00000000 ____D C:\Users\Ljilja\AppData\Local\CrashDumps 2015-08-18 18:22 - 2015-02-15 21:17 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Adobe 2015-08-18 15:28 - 2009-07-14 06:45 - 00023824 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-18 15:28 - 2009-07-14 06:45 - 00023824 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-18 15:05 - 2013-01-31 19:36 - 00000000 ____D C:\ProgramData\Temp 2015-08-18 13:49 - 2013-01-06 19:12 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\PhotoScape 2015-08-18 13:48 - 2015-05-26 10:13 - 00113664 ____H C:\Users\Ljilja\Desktop\photothumb.db 2015-08-17 17:54 - 2015-02-06 19:50 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys 2015-08-16 21:23 - 2013-01-09 23:06 - 00000069 _____ C:\Windows\NeroDigital.ini 2015-08-16 20:08 - 2012-12-22 19:05 - 00000000 ____D C:\Users\Ljilja 2015-08-16 18:06 - 2013-01-07 00:51 - 00000000 ____D C:\Program Files (x86)\PhotoScape 2015-08-16 18:01 - 2009-07-14 07:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-08-16 15:22 - 2009-07-14 07:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-15 20:57 - 2013-10-28 15:17 - 00000000 ___RD C:\Users\Ljilja\Desktop\gimp-painter 2015-08-12 22:49 - 2015-01-29 01:37 - 00000000 ___RD C:\Users\Ljilja\Desktop\gifovi 2015-08-12 22:48 - 2015-07-03 20:40 - 00000000 ___RD C:\Users\Ljilja\Desktop\New folder 2015-08-12 22:45 - 2015-02-04 23:54 - 00000000 ___RD C:\Users\Ljilja\Desktop\fotošop 2015-08-12 19:28 - 2013-08-01 10:05 - 00024064 _____ C:\Users\Ljilja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-08-12 13:10 - 2015-02-21 13:17 - 00000000 ____D C:\ProgramData\Adobe 2015-08-11 23:58 - 2012-12-23 23:09 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-08-11 23:58 - 2012-12-23 23:09 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-08-11 23:58 - 2012-12-23 23:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-08-10 20:43 - 2015-03-11 19:08 - 00000000 ____D C:\Users\Ljilja\dwhelper 2015-08-10 10:59 - 2012-12-23 08:34 - 00000000 ____D C:\ProgramData\Mozilla 2015-08-09 21:22 - 2015-04-23 15:32 - 00000000 ___RD C:\Users\Ljilja\Desktop\gif 2015-08-09 17:22 - 2015-03-26 21:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-08-09 16:45 - 2014-05-29 20:48 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-09 16:43 - 2014-05-29 20:47 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-08-09 16:42 - 2013-09-20 16:27 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\uTorrent 2015-08-09 16:12 - 2015-01-31 21:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-08-08 17:28 - 2015-05-11 21:23 - 00081768 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys 2015-08-08 17:28 - 2015-05-11 21:23 - 00056680 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys 2015-08-06 14:44 - 2014-11-04 17:57 - 00000000 ____D C:\ProgramData\Package Cache 2015-08-06 14:09 - 2015-05-25 20:08 - 00000000 ____D C:\Users\Ljilja\Tracing 2015-08-06 14:09 - 2013-01-28 23:05 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Windows Live 2015-08-06 14:02 - 2013-01-28 23:15 - 00001341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2015-08-06 14:00 - 2013-01-28 23:12 - 00000000 ____D C:\Program Files (x86)\Windows Live 2015-08-06 13:59 - 2013-01-28 23:12 - 00000000 ____D C:\Program Files\Windows Live 2015-08-02 15:43 - 2015-02-07 17:20 - 00000000 ___RD C:\Users\Ljilja\Desktop\PDR9 2015-08-01 21:53 - 2013-01-06 19:55 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\vlc 2015-08-01 14:18 - 2014-04-24 20:07 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\Audacity 2015-08-01 12:51 - 2013-09-16 22:13 - 00162528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-08-01 12:51 - 2013-09-16 22:13 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-07-30 23:24 - 2013-12-28 02:23 - 00000000 ____D C:\Program Files (x86)\SpeedFan 2015-07-30 21:21 - 2012-12-22 21:03 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Google 2015-07-28 21:23 - 2015-04-15 14:13 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-07-28 18:15 - 2012-12-23 04:02 - 00000000 ____D C:\Windows\softwaredistribution.old 2015-07-28 11:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2015-07-24 18:16 - 2012-12-22 21:08 - 00000000 ____D C:\ProgramData\Skype ==================== Files in the root of some directories ======= 2015-02-25 19:01 - 2015-02-25 19:01 - 0000000 _____ () C:\Users\Ljilja\AppData\Roaming\3C79.tmp 2013-08-01 10:05 - 2015-08-12 19:28 - 0024064 _____ () C:\Users\Ljilja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-08-18 19:49 - 2015-08-18 19:49 - 0072252 _____ () C:\Users\Ljilja\AppData\Local\recently-used.xbel 2015-03-22 12:20 - 2015-03-22 12:23 - 0007597 _____ () C:\Users\Ljilja\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== C:\Users\Ljilja\AppData\Local\Temp\avgnt.exe C:\Users\Ljilja\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-17 18:16 ==================== End of log ============================ https://www.mycity.rs/must-login.png Dopuna: 19 Avg 2015 19:31 Ne znam smeta li što sam jučešnje izveštaje stavila u fascikli na dsktopu (vjerovatno bi imali isti naziv kao ovi sada). Laptop se nije restartovao poslije pokretanja FRST-a, pa sam ja za svaki slučaj sačuvala izveštaje na desktopu i dala im naziv kao prethodni što su imali (poslije restarta nije formiran nijedan izveštaj kao juče).

Profil

TwinHeadedEagle Poslao: 20 Avg 2015 11:30 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Racunar sada izgleda cisto. Ono sto me interesuje jeste da li je sve u redu sa hard diskom. Zato bih voleo da pokrenemo Check Disk. Reci mi kako stojis sa engleskim, posto imam detaljno uputstvo na engleskom, da ne bih sada prevodio.

Profil

Ljilja Hnovi Poslao: 20 Avg 2015 12:06 Idi na vrh
offline Ljilja Hnovi Prijatelj foruma Pridružio: 14 Okt 2012 Poruke: 3611 Gde živiš: Herceg Novi	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! TwinHeadedEagle ::Racunar sada izgleda cisto. Ono sto me interesuje jeste da li je sve u redu sa hard diskom. Zato bih voleo da pokrenemo Check Disk. Reci mi kako stojis sa engleskim, posto imam detaljno uputstvo na engleskom, da ne bih sada prevodio. Meni se ponovo pojavi ovo kad hoću da uradim Windows Update, a što se tiče engleskog, tu me ne diraj , pojma nemam. Ako je to uputstvo sa slikama, možda se i snađem, to mi bolje ide.

Profil

TwinHeadedEagle Poslao: 20 Avg 2015 16:31 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	1Ovo se svidja korisniku: Ljilja Hnovi Registruj se da bi pohvalio/la poruku! U redu onda U isto vreme zadrzi Windows dugme + R, kada se otvori prozor ukucaj CMD Sada je potrebno da upises chkdsk C: /r, pa onda lupi Enter Ukoliko se pojavi neka poruka, upisi Y i opet lupi Enter Restartuj racunar i sacekaj da se proces zavrsi.

Profil

Ljilja Hnovi Poslao: 20 Avg 2015 20:08 Idi na vrh
offline Ljilja Hnovi Prijatelj foruma Pridružio: 14 Okt 2012 Poruke: 3611 Gde živiš: Herceg Novi	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ja sam ovo uradila, ali nema nikakav izveštaj, gdje da ga tražim?

Profil

TwinHeadedEagle Poslao: 20 Avg 2015 21:18 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sada cemo ovako: U isto vreme zadrzi Windows dugme + R, kada se otvori prozor ukucaj eventvwr Na desnoj strani treba da prosiris Windows Logs, a zatim klikni na Applications Zatim na levoj strani klikni na Filter Current Log, a zatim pod Event Sources, cekiraj samo Wininit. Klikni na OK. Sada ce ti se gore pojaviti Wininit izvestaj, a njegov sadrzaj kopiraj ovde.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Maliciozni softver ili nešto drugo

Ko je trenutno na forumu

Ukupno su 653 korisnika na forumu :: 28 registrovanih, 5 sakrivenih i 620 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., bbogdan, Boris BM, cemix, Dannyboy, GandorCC, jackreacher011011, janezek67, loon123, MB120mm, mb1213, Mi lao shu, Milos ZA, milutin134, Mixelotti, mnn2, Nemanja.M, novator, nuke92, repac, RiV, Rogan33, stagezin, Sumadija34, Trpe Grozni, W123, wolf431, zastavnik

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by