Ne mogu nista da instaliram i downloadujem [TeslaCrypt 3]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 01 Feb 2016 12:37

Pri pokretanju firefoxa izlazi gomila explorer prozora sa svakakvim glupostima...da napomenem da nisam imao nikakvu zastitu...a klinac i zena nemam pojma sta su sve otvarali itd. ...sad kad hocu da instaliram avast na pr. nece da ga pokrene...takodje pokusam da skinem nesta sa fille hippo ..izbacuje me...da li je komp zarazen necim..ili sta vec...kako to da sredim!


Dopuna: 01 Feb 2016 13:13

maha ::Pri pokretanju firefoxa izlazi gomila explorer prozora sa svakakvim glupostima...da napomenem da nisam imao nikakvu zastitu...a klinac i zena nemam pojma sta su sve otvarali itd. ...sad kad hocu da instaliram avast na pr. nece da ga pokrene...takodje pokusam da skinem nesta sa fille hippo ..izbacuje me...da li je komp zarazen necim..ili sta vec...kako to da sredim!

takodje ne otvara ni slike...nece da odradi windows update..!


Dopuna: 01 Feb 2016 13:18

eto sad probao...nece ni dokumenta da otvara...ne radi acrobat reader...

Dopuna: 01 Feb 2016 14:28

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

• 1Ovo se svidja korisniku: SlobaBgd
  
  Registruj se da bi pohvalio/la poruku!

Pozdrav maha,

Lose vesti. Tvoj sistem je inficiran sa TeslaCrypt 3.0 varijantom ransomware, najopasnijom infekciom danasnjice. Za ovaj azurirani ransom (koji pravi .xxx, .ttt, .micro extenzije po izvrsenoj kripciji), trenutno, dekripcija (force brutal metoda) ne postoji jer ova varijanta koristi drugaciji algoritam kriptovanja od predhodne varijante.

http://www.mycity.rs/MyCity-Laboratorija/TeslaCrypt-Decrypted.html
http://www.mycity.rs/MyCity-Laboratorija/Informaci.....ima-P.html

Za informacije koje ti je prosledio sam malware, slobodno pogledaj i otvori jednu od sledecih fajlova.
U zagradi je datum kreiranja tih fajlova.

Citat:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+cfw.html [2016-01-31]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+cfw.txt [2016-01-31]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+ece.html [2016-01-30]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+ece.txt [2016-01-30]
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+cfw.html [2016-01-31]
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+cfw.txt [2016-01-31]
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+ece.html [2016-01-30]
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+ece.txt [2016-01-30]



Ono sto ti mogu reci jeste da pratis MyCity lab i ako se pojavi neko resenje, bicete obavesteni u tom forumu. Za to vreme, zapakuj sve kriptovane fajlove u jednu arhivu i cekaj ...nemas sta drugo.

Nego, ja tebe moram onako posteno da izgrdim i da te pitam. Je li moguce da si ovo sebi dozvolio i nisi instalirao neki zastitini softver? Imas toliko besplatnih resenja, zasto si ovo sebi uradio? AV je obavezan na sistemu, vecina poznatijih ce ovaj malware spreciti od izvrsenja, svaki AM bi ovo trebali da uspesno ciljaju i uklanjaju.
Vidim ja da si ti pokusao da instaliras avast, ali danas... a to je trebalo davno instlairati.

Znas li ti da ti nemas samo ransomware, vec i dobri starti aktivan Necurs rootkit? Sve posledice nemanja aktivne zastite sistema.

I je li ovo sveza instalacija sistema?


--- --- --- --- ---


Ono sto mozes(mo) da uradis(mo) jeste sledece, no odmah da ti kazem, ja ovde preporucujem kompletnu reinstalaciju sistema.

Ukoliko se odlucis da pratis dalje korake, obavezno izvrsi sam backup kriptovanih fajlova.


Da deaktiviramo sam ransomware od izvrsenja koristeci FRST i njegov FixList;






1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

Start
CreateRestorePoint:

CloseProcesses:
HKU\S-1-5-21-2921931512-397226605-597601975-1000\...\Run: [srv-2016] => C:\Users\PC\AppData\Roaming\ewkbahe45.exe
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-01-27] [not signed]

Hosts:
C:\Users\PC\AppData\Roaming\ewkbahe45.exe
C:\Users\PC\AppData\Local\28500

RemoveProxy:
Task: {D9CE120B-5E62-4252-BC7F-9D15C4576BC4} - System32\Tasks\AmiUpdXp => C:\Users\PC\AppData\Local\28500\Updater.exe [2016-01-10] () <==== ATTENTION
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\PC\AppData\Local\28500\Updater.exe <==== ATTENTION

EmptyTemp:
End

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.






.






Da ciljamo RootKit i ostale maliciozne kofiguracione stavke, i pokusamo da popravimo sta se popraviti moze. Obavezno izvrsi fixdamage.exe;



Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

• 1Ovo se svidja korisniku: Eyes
  
  Registruj se da bi pohvalio/la poruku!

Da li ce kompletna reinstalacija sistema resiti problem...da obrisem 7 i nanovo instaliram?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Problem sa kriptovanim datotekama nece.

Problem sa infekciom (ransom & rootkit) kao i sa samim operativnim sistemom Windows hoce, naravno.

Zato sam ti i dao linkove da procitas i shvatis ovo o cemu pricam.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 02 Feb 2016 12:06

Jesu li to slike i dox ( i ostalo ne znam vec sta) kriptovane datoteke koje se nece resiti?
Ako ga pregazim tj. reinstaliram hocu li moci da ubacim antivirus itd...
a sad da krenem sa onim sto mi je predlozeno za pokusaj spasavanja....

Dopuna: 02 Feb 2016 12:07

Citat:I je li ovo sveza instalacija sistema?


--- --- --- --- ---


Citat:Ono sto mozes(mo) da uradis(mo) jeste sledece, no odmah da ti kazem, ja ovde preporucujem kompletnu reinstalaciju sistema.

Dopuna: 02 Feb 2016 12:09

relativno je sveza reinstalacija sistema....par meseci
odradicu je opet nakon ovog sto pokusamo ovde...
ono sto mi je preporuceno ..da sve kriptovane fajlove skupim na jedno mesto i sacuvam..ne mogu...to je na par HD/a plus jedan externi pa mislim da ostane tako a da ja nista ne diram...

Dopuna: 02 Feb 2016 12:16



Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by PC (2016-02-02 12:10:01) Run:1
Running from C:\Users\PC\Desktop
Loaded Profiles: PC (Available Profiles: PC)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:

CloseProcesses:
HKU\S-1-5-21-2921931512-397226605-597601975-1000\...\Run: [srv-2016] => C:\Users\PC\AppData\Roaming\ewkbahe45.exe
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-01-27] [not signed]

Hosts:
C:\Users\PC\AppData\Roaming\ewkbahe45.exe
C:\Users\PC\AppData\Local\28500

RemoveProxy:
Task: {D9CE120B-5E62-4252-BC7F-9D15C4576BC4} - System32\Tasks\AmiUpdXp => C:\Users\PC\AppData\Local\28500\Updater.exe [2016-01-10] () <==== ATTENTION
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\PC\AppData\Local\28500\Updater.exe <==== ATTENTION

EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2921931512-397226605-597601975-1000\Software\Microsoft\Windows\CurrentVersion\Run\\srv-2016 => value removed successfully
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi => moved successfully
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi => path removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
"C:\Users\PC\AppData\Roaming\ewkbahe45.exe" => not found.
C:\Users\PC\AppData\Local\28500 => moved successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2921931512-397226605-597601975-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2921931512-397226605-597601975-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D9CE120B-5E62-4252-BC7F-9D15C4576BC4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9CE120B-5E62-4252-BC7F-9D15C4576BC4}" => key removed successfully
C:\Windows\System32\Tasks\AmiUpdXp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp" => key removed successfully
C:\Windows\Tasks\AmiUpdXp.job => moved successfully
EmptyTemp: => 196.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 12:10:31 ====



https://www.mycity.rs/must-login.png

Dopuna: 02 Feb 2016 12:53

Citat:Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program.
sve sam ovo odradio...malware je detektovan i uradio sam clean up

Citat:U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.
ne znam gde su ti izvestaji...a u mbar folderu na desku imam samo ovo...




Citat:Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt,,
ja nemam te izvestaje...kako da ih nadjem?



[edit by magna86: sredjena poruka]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 02 Feb 2016 13:47

hvala slobo...stizu fajlovi...




Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2016.02.02.01
rootkit: v2016.01.20.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
PC :: PC-PC [administrator]

2/2/2016 12:21:29 PM
mbar-log-2016-02-02 (12-21-29).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 347938
Time elapsed: 11 minute(s), 11 second(s)

Memory Processes Detected: 1
c:\windows\installer\{61a77068-053d-d68f-9349-7aa272f94941}\syshost.exe (Trojan.Necurs.DR) -> 1448 -> Delete on reboot. [b930baa107922115a54023b8cf32748c]

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSHOST32 (Trojan.Agent) -> Delete on reboot. [638629325c3d1d19aaf64249a55e57a9]

Registry Values Detected: 2
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|srv-2016 (Ransom.TeslaCrypt) -> Data: C:\Users\PC\AppData\Roaming\ewkbahe45.exe -> Delete on reboot. [5c8dd487980165d1baecba90fe064bb5]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSHOST32|ImagePath (Trojan.Agent) -> Data: "C:\Windows\Installer\{61A77068-053D-D68F-9349-7AA272F94941}\syshost.exe" /service -> Delete on reboot. [638629325c3d1d19aaf64249a55e57a9]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\WINDOWS\SYSTEM32\drivers\4ba183c5a6025a52.sys (Rootkit.Necurs.R.64) -> Delete on reboot. [868227192c47ba80c2d145f77a1f2e9f]
c:\windows\installer\{61a77068-053d-d68f-9349-7aa272f94941}\syshost.exe (Trojan.Necurs.DR) -> Delete on reboot. [b930baa107922115a54023b8cf32748c]

Physical Sectors Detected: 0
(No malicious items detected)

(end)





https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Dopuna: 02 Feb 2016 13:49

dozvolio mi da instaliram avast....uradio scan ..cistio nesta...ali slike i dalje ne otvara...u stvari to mi i najbitnije zbog klinca...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

A gde je FixLog? Receno je da FRST i njegov FixList budu izvrseni pre MBAR-a. Redosled izvrsenja je bitan ...

Citat:...ali slike i dalje ne otvara...u stvari to mi i najbitnije zbog klinca...

Ok, da pokusam jos jednom na Srpskom da ti objasnim.
Maliciozni softver iliti malware tipa Ransomware (u narodu zvan kao opasni virus) po instalaciji pokrece se, pretrazuje disk sa fajlovima (slike, muzika ...) i kriptuje ih (zakljucava) koristeci mocan algoritam (iliti hebeno dobar kljuc kojeg je tesko = nemoguce provaliti).

Maliciozni softver se moze dezinfikovati (obrisati, ukloniti) i to nije problem. Svaki bolji AM program bi ga verovatno ciljao, svaki bolji AV sprecio od izvrsenja (pokretanja).
Problem je sto ti fajlovi (slike, muzka, dokumenti...) ostaju zakljucani, nije ih moguce otkljucati...

Vec sam ti dao linkove da procitas, da si ih procitao, shvatio bi o cemu pricam;

http://www.mycity.rs/MyCity-Laboratorija/TeslaCrypt-Decrypted.html

http://www.mycity.rs/MyCity-Laboratorija/Informaci.....ima-P.html



Znam da ti je zeznuta situacija, ali nemas mnogo opcija. Privatne fajlove smesti na jedno mesto, cuvaj ih pa jednog lepog dana, dace Bog da ih ponovo ugledas...




Hajde postavi mi FixList izvestaj od FRST-a pa da krenemo dalje. Nismo mi jos gotovi, ima ovde jos posla.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 02 Feb 2016 14:07


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by PC (administrator) on PC-PC (02-02-2016 14:02:28)
Running from C:\Users\PC\Desktop
Loaded Profiles: PC (Available Profiles: PC)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\EagleGet\EGMonitor.exe
() C:\Program Files (x86)\EagleGet\EGMonitor.exe
(EagleGet.com) C:\Program Files (x86)\EagleGet\EagleGet.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-02-02] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-12-22] (Oracle Corporation)
HKU\S-1-5-21-2921931512-397226605-597601975-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-2921931512-397226605-597601975-1000\...\Run: [EagleGet] => C:\Program Files (x86)\EagleGet\Eagleget.exe [1907712 2016-01-07] (EagleGet.com)
HKU\S-1-5-21-2921931512-397226605-597601975-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2921931512-397226605-597601975-1000\...\MountPoints2: {27a7abc8-6dd1-11e5-b3d4-00158315a310} - M:\AutoRun.exe
HKU\S-1-5-21-2921931512-397226605-597601975-1000\...\MountPoints2: {8662f257-6f8c-11e5-a6de-00158315a310} - N:\Setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-02] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+cfw.html [2016-01-31] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+cfw.txt [2016-01-31] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+ece.html [2016-01-30] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+ece.txt [2016-01-30] ()
Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+cfw.html [2016-01-31] ()
Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+cfw.txt [2016-01-31] ()
Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+ece.html [2016-01-30] ()
Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+ece.txt [2016-01-30] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{001BCB55-4665-4220-87F8-B5D7E5AD731C}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{72DA6058-7DA2-42C0-AE7C-DAB067732416}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{978161CF-1C5D-4120-BB8B-BE0C87357DD0}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{988EC85E-62E2-488E-9D82-5B2643005675}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{A8BBF693-82B9-4337-96DB-2718CB058D95}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{B0A2DB64-4E1B-4393-9B14-36C4BA15424E}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:
==================
URLSearchHook: [S-1-5-21-2921931512-397226605-597601975-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2921931512-397226605-597601975-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2921931512-397226605-597601975-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-02] (AVAST Software)
BHO-x32: EGet Class -> {1E871FF8-029C-4732-8AA7-39E3D3872057} -> C:\Program Files (x86)\EagleGet\eagleSniffer.dll [2016-01-07] (EagleGet.com)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_72\bin\ssv.dll [2016-02-02] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-02] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_72\bin\jp2ssv.dll [2016-02-02] (Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\fhrs4jei.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-02-02] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-02-02] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.72.2 -> C:\Program Files (x86)\Java\jre1.8.0_72\bin\dtplugin\npDeployJava1.dll [2016-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.72.2 -> C:\Program Files (x86)\Java\jre1.8.0_72\bin\plugin2\npjp2.dll [2016-02-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2921931512-397226605-597601975-1000: eagleget.com/EagleGet32 -> C:\Program Files (x86)\EagleGet\npEagleget.dll [2016-01-07] (EagleGet)
FF Plugin HKU\S-1-5-21-2921931512-397226605-597601975-1000: eagleget.com/EagleGet64 -> C:\Program Files (x86)\EagleGet\npEagleget64.dll [2016-01-07] (EagleGet)
FF SearchPlugin: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\fhrs4jei.default\searchplugins\help_recover_instructions+cfw.html [2016-01-31]
FF SearchPlugin: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\fhrs4jei.default\searchplugins\help_recover_instructions+cfw.txt [2016-01-31]
FF SearchPlugin: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\fhrs4jei.default\searchplugins\help_recover_instructions+ece.html [2016-01-30]
FF SearchPlugin: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\fhrs4jei.default\searchplugins\help_recover_instructions+ece.txt [2016-01-30]
FF Extension: Multi-process Firefox A/B Test 45.1 - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\fhrs4jei.default\Extensions\e10s-beta45-withaddons@experiments.mozilla.org.xpi [2016-01-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-02]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-02]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-02]
CHR Extension: (EagleGet Free Downloader) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo [2016-02-02]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-02]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-02-02] (AVAST Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2015-10-08] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-10-08] (Creative Labs) [File not signed]
R2 egGetSvc; C:\Program Files (x86)\EagleGet\EGMonitor.exe [238080 2016-01-07] () [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)
S3 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [20992 2015-01-21] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] (LG Electronics Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-02-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-02-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-02-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-02-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-02-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-02-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-02-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-02-02] (AVAST Software)
U5 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [66384 2009-06-10] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-10-10] (Disc Soft Ltd)
R3 eagleGet; C:\Windows\System32\Drivers\eagleGet.sys [77624 2016-01-06] (eagleGet)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-11-19] (REALiX(tm))
S3 PortTalk; C:\Windows\SysWOW64\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic hxxp://www.beyondlogic.org) [File not signed]
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows (R) Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-12-02] (wisecleaner.com)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\PC\Desktop\OpenHardwareMonitor\OpenHardwareMonitor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-02 14:02 - 2016-02-02 14:02 - 00014098 _____ C:\Users\PC\Desktop\FRST.txt
2016-02-02 13:35 - 2016-02-02 13:36 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-02-02 13:33 - 2016-02-02 14:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-02 13:33 - 2016-02-02 13:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-02 12:55 - 2016-02-02 12:55 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-02 12:55 - 2016-02-02 12:55 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-02-02 12:55 - 2016-02-02 12:55 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-02-02 12:55 - 2016-02-02 12:55 - 00000000 ____D C:\Users\PC\AppData\Roaming\AVAST Software
2016-02-02 12:55 - 2016-02-02 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-02-02 12:55 - 2016-02-02 12:55 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-02 12:54 - 2016-02-02 12:55 - 01065208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-02-02 12:54 - 2016-02-02 12:55 - 00464256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-02-02 12:54 - 2016-02-02 12:55 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-02-02 12:54 - 2016-02-02 12:54 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-02-02 12:54 - 2016-02-02 12:54 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-02-02 12:54 - 2016-02-02 12:54 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-02-02 12:54 - 2016-02-02 12:54 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-02-02 12:54 - 2016-02-02 12:54 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-02-02 12:54 - 2016-02-02 12:54 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-02-02 12:54 - 2016-02-02 12:54 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-02-02 12:53 - 2016-02-02 12:53 - 00000000 ____D C:\Program Files\AVAST Software
2016-02-02 12:21 - 2016-02-02 12:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-02 12:19 - 2016-02-02 13:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-02-02 12:18 - 2016-02-02 12:21 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-02 12:17 - 2016-02-02 12:17 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-02 12:16 - 2016-02-02 12:32 - 00000000 ____D C:\Users\PC\Desktop\mbar
2016-02-02 12:15 - 2016-02-02 12:15 - 16563352 _____ (Malwarebytes Corp.) C:\Users\PC\Desktop\mbar-1.09.3.1001.exe
2016-02-01 14:23 - 2016-01-27 19:21 - 02370560 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2016-02-01 13:08 - 2016-02-01 13:08 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\ukspzswr.sys
2016-02-01 12:46 - 2016-02-01 12:46 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\gmcrcqji.sys
2016-02-01 12:27 - 2016-02-01 12:27 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\rvvnsvba.sys
2016-02-01 12:24 - 2016-02-01 12:24 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\mtlmszsf.sys
2016-02-01 12:24 - 2016-02-01 12:24 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-01 12:24 - 2016-02-01 12:24 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-02-01 12:24 - 2016-02-01 12:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-01 12:24 - 2016-02-01 12:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-01 12:21 - 2016-01-29 04:02 - 43462152 _____ C:\Users\PC\Downloads\Firefox Setup 45.0b1.exe
2016-01-31 13:23 - 2016-01-31 13:23 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\nfxldmzn.sys
2016-01-31 09:52 - 2016-01-31 09:52 - 00007530 _____ C:\Users\Public\help_recover_instructions+cfw.html
2016-01-31 09:52 - 2016-01-31 09:52 - 00007530 _____ C:\Users\Public\Downloads\help_recover_instructions+cfw.html
2016-01-31 09:52 - 2016-01-31 09:52 - 00007530 _____ C:\Users\PC\help_recover_instructions+cfw.html
2016-01-31 09:52 - 2016-01-31 09:52 - 00007530 _____ C:\Users\PC\Documents\help_recover_instructions+cfw.html
2016-01-31 09:52 - 2016-01-31 09:52 - 00007530 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\help_recover_instructions+cfw.html
2016-01-31 09:52 - 2016-01-31 09:52 - 00007530 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\help_recover_instructions+cfw.html
2016-01-31 09:52 - 2016-01-31 09:52 - 00007530 _____ C:\Users\PC\AppData\Roaming\help_recover_instructions+cfw.html
2016-01-31 09:52 - 2016-01-31 09:52 - 00007530 _____ C:\Users\PC\AppData\LocalLow\help_recover_instructions+cfw.html
2016-01-31 09:52 - 2016-01-31 09:52 - 00007530 _____ C:\Users\PC\AppData\help_recover_instructions+cfw.html
2016-01-31 09:52 - 2016-01-31 09:52 - 00002200 _____ C:\Users\Public\help_recover_instructions+cfw.txt
2016-01-31 09:52 - 2016-01-31 09:52 - 00002200 _____ C:\Users\Public\Downloads\help_recover_instructions+cfw.txt
2016-01-31 09:52 - 2016-01-31 09:52 - 00002200 _____ C:\Users\PC\help_recover_instructions+cfw.txt
2016-01-31 09:52 - 2016-01-31 09:52 - 00002200 _____ C:\Users\PC\Documents\help_recover_instructions+cfw.txt
2016-01-31 09:52 - 2016-01-31 09:52 - 00002200 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\help_recover_instructions+cfw.txt
2016-01-31 09:52 - 2016-01-31 09:52 - 00002200 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\help_recover_instructions+cfw.txt
2016-01-31 09:52 - 2016-01-31 09:52 - 00002200 _____ C:\Users\PC\AppData\Roaming\help_recover_instructions+cfw.txt
2016-01-31 09:52 - 2016-01-31 09:52 - 00002200 _____ C:\Users\PC\AppData\LocalLow\help_recover_instructions+cfw.txt
2016-01-31 09:52 - 2016-01-31 09:52 - 00002200 _____ C:\Users\PC\AppData\help_recover_instructions+cfw.txt
2016-01-31 09:51 - 2016-01-31 09:52 - 00007530 _____ C:\Users\Public\Documents\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:52 - 00007530 _____ C:\Users\PC\AppData\Local\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:52 - 00007530 _____ C:\Users\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:52 - 00002200 _____ C:\Users\Public\Documents\help_recover_instructions+cfw.txt
2016-01-31 09:51 - 2016-01-31 09:52 - 00002200 _____ C:\Users\PC\AppData\Local\help_recover_instructions+cfw.txt
2016-01-31 09:51 - 2016-01-31 09:52 - 00002200 _____ C:\Users\help_recover_instructions+cfw.txt
2016-01-31 09:51 - 2016-01-31 09:51 - 00007530 _____ C:\Users\Default\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:51 - 00007530 _____ C:\Users\Default\Downloads\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:51 - 00007530 _____ C:\Users\Default\Documents\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:51 - 00007530 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:51 - 00007530 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:51 - 00007530 _____ C:\Users\Default\AppData\Roaming\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:51 - 00007530 _____ C:\Users\Default\AppData\Local\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:51 - 00007530 _____ C:\Users\Default\AppData\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:51 - 00007530 _____ C:\Users\Default User\Downloads\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:51 - 00007530 _____ C:\Users\Default User\Documents\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:51 - 00007530 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:51 - 00007530 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:51 - 00007530 _____ C:\Users\Default User\AppData\Roaming\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:51 - 00007530 _____ C:\Users\Default User\AppData\Local\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:51 - 00007530 _____ C:\Users\Default User\AppData\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:51 - 00007530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:51 - 00007530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:51 - 00007530 _____ C:\ProgramData\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:51 - 00007530 _____ C:\Program Files\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:51 - 00007530 _____ C:\Program Files\Common Files\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:51 - 00002200 _____ C:\Users\Default\help_recover_instructions+cfw.txt
2016-01-31 09:51 - 2016-01-31 09:51 - 00002200 _____ C:\Users\Default\Downloads\help_recover_instructions+cfw.txt
2016-01-31 09:51 - 2016-01-31 09:51 - 00002200 _____ C:\Users\Default\Documents\help_recover_instructions+cfw.txt
2016-01-31 09:51 - 2016-01-31 09:51 - 00002200 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\help_recover_instructions+cfw.txt
2016-01-31 09:51 - 2016-01-31 09:51 - 00002200 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\help_recover_instructions+cfw.txt
2016-01-31 09:51 - 2016-01-31 09:51 - 00002200 _____ C:\Users\Default\AppData\Roaming\help_recover_instructions+cfw.txt
2016-01-31 09:51 - 2016-01-31 09:51 - 00002200 _____ C:\Users\Default\AppData\Local\help_recover_instructions+cfw.txt
2016-01-31 09:51 - 2016-01-31 09:51 - 00002200 _____ C:\Users\Default\AppData\help_recover_instructions+cfw.txt
2016-01-31 09:51 - 2016-01-31 09:51 - 00002200 _____ C:\Users\Default User\Downloads\help_recover_instructions+cfw.txt
2016-01-31 09:51 - 2016-01-31 09:51 - 00002200 _____ C:\Users\Default User\Documents\help_recover_instructions+cfw.txt
2016-01-31 09:51 - 2016-01-31 09:51 - 00002200 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\help_recover_instructions+cfw.txt
2016-01-31 09:51 - 2016-01-31 09:51 - 00002200 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\help_recover_instructions+cfw.txt
2016-01-31 09:51 - 2016-01-31 09:51 - 00002200 _____ C:\Users\Default User\AppData\Roaming\help_recover_instructions+cfw.txt
2016-01-31 09:51 - 2016-01-31 09:51 - 00002200 _____ C:\Users\Default User\AppData\Local\help_recover_instructions+cfw.txt
2016-01-31 09:51 - 2016-01-31 09:51 - 00002200 _____ C:\Users\Default User\AppData\help_recover_instructions+cfw.txt
2016-01-31 09:51 - 2016-01-31 09:51 - 00002200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\help_recover_instructions+cfw.txt
2016-01-31 09:51 - 2016-01-31 09:51 - 00002200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\help_recover_instructions+cfw.txt
2016-01-31 09:51 - 2016-01-31 09:51 - 00002200 _____ C:\ProgramData\help_recover_instructions+cfw.txt
2016-01-31 09:51 - 2016-01-31 09:51 - 00002200 _____ C:\Program Files\help_recover_instructions+cfw.txt
2016-01-31 09:51 - 2016-01-31 09:51 - 00002200 _____ C:\Program Files\Common Files\help_recover_instructions+cfw.txt
2016-01-31 09:51 - 2016-01-31 09:51 - 00000254 _____ C:\Users\PC\Documents\recover_file_cphannjfw.txt
2016-01-30 11:53 - 2016-01-30 11:53 - 00007530 _____ C:\Users\Public\help_recover_instructions+ece.html
2016-01-30 11:53 - 2016-01-30 11:53 - 00007530 _____ C:\Users\Public\Downloads\help_recover_instructions+ece.html
2016-01-30 11:53 - 2016-01-30 11:53 - 00007530 _____ C:\Users\PC\help_recover_instructions+ece.html
2016-01-30 11:53 - 2016-01-30 11:53 - 00007530 _____ C:\Users\PC\Documents\help_recover_instructions+ece.html
2016-01-30 11:53 - 2016-01-30 11:53 - 00002200 _____ C:\Users\Public\help_recover_instructions+ece.txt
2016-01-30 11:53 - 2016-01-30 11:53 - 00002200 _____ C:\Users\Public\Downloads\help_recover_instructions+ece.txt
2016-01-30 11:53 - 2016-01-30 11:53 - 00002200 _____ C:\Users\PC\help_recover_instructions+ece.txt
2016-01-30 11:53 - 2016-01-30 11:53 - 00002200 _____ C:\Users\PC\Documents\help_recover_instructions+ece.txt
2016-01-30 11:51 - 2016-01-30 11:53 - 00007530 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\help_recover_instructions+ece.html
2016-01-30 11:51 - 2016-01-30 11:53 - 00002200 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\help_recover_instructions+ece.txt
2016-01-30 11:51 - 2016-01-30 11:51 - 00007530 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\help_recover_instructions+ece.html
2016-01-30 11:51 - 2016-01-30 11:51 - 00007530 _____ C:\Users\PC\AppData\Roaming\help_recover_instructions+ece.html
2016-01-30 11:51 - 2016-01-30 11:51 - 00007530 _____ C:\Users\PC\AppData\help_recover_instructions+ece.html
2016-01-30 11:51 - 2016-01-30 11:51 - 00002200 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\help_recover_instructions+ece.txt
2016-01-30 11:51 - 2016-01-30 11:51 - 00002200 _____ C:\Users\PC\AppData\Roaming\help_recover_instructions+ece.txt
2016-01-30 11:51 - 2016-01-30 11:51 - 00002200 _____ C:\Users\PC\AppData\help_recover_instructions+ece.txt
2016-01-30 11:50 - 2016-01-30 11:53 - 00007530 _____ C:\Users\PC\AppData\Local\help_recover_instructions+ece.html
2016-01-30 11:50 - 2016-01-30 11:53 - 00002200 _____ C:\Users\PC\AppData\Local\help_recover_instructions+ece.txt
2016-01-30 11:50 - 2016-01-30 11:50 - 00007530 _____ C:\Users\PC\AppData\LocalLow\help_recover_instructions+ece.html
2016-01-30 11:50 - 2016-01-30 11:50 - 00007530 _____ C:\Users\Default\help_recover_instructions+ece.html
2016-01-30 11:50 - 2016-01-30 11:50 - 00007530 _____ C:\Users\Default\Downloads\help_recover_instructions+ece.html
2016-01-30 11:50 - 2016-01-30 11:50 - 00007530 _____ C:\Users\Default\Documents\help_recover_instructions+ece.html
2016-01-30 11:50 - 2016-01-30 11:50 - 00007530 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\help_recover_instructions+ece.html
2016-01-30 11:50 - 2016-01-30 11:50 - 00007530 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\help_recover_instructions+ece.html
2016-01-30 11:50 - 2016-01-30 11:50 - 00007530 _____ C:\Users\Default\AppData\Roaming\help_recover_instructions+ece.html
2016-01-30 11:50 - 2016-01-30 11:50 - 00007530 _____ C:\Users\Default\AppData\Local\help_recover_instructions+ece.html
2016-01-30 11:50 - 2016-01-30 11:50 - 00007530 _____ C:\Users\Default\AppData\help_recover_instructions+ece.html
2016-01-30 11:50 - 2016-01-30 11:50 - 00007530 _____ C:\Users\Default User\Downloads\help_recover_instructions+ece.html
2016-01-30 11:50 - 2016-01-30 11:50 - 00007530 _____ C:\Users\Default User\Documents\help_recover_instructions+ece.html
2016-01-30 11:50 - 2016-01-30 11:50 - 00007530 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\help_recover_instructions+ece.html
2016-01-30 11:50 - 2016-01-30 11:50 - 00007530 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\help_recover_instructions+ece.html
2016-01-30 11:50 - 2016-01-30 11:50 - 00007530 _____ C:\Users\Default User\AppData\Roaming\help_recover_instructions+ece.html
2016-01-30 11:50 - 2016-01-30 11:50 - 00007530 _____ C:\Users\Default User\AppData\Local\help_recover_instructions+ece.html
2016-01-30 11:50 - 2016-01-30 11:50 - 00007530 _____ C:\Users\Default User\AppData\help_recover_instructions+ece.html
2016-01-30 11:50 - 2016-01-30 11:50 - 00002200 _____ C:\Users\PC\AppData\LocalLow\help_recover_instructions+ece.txt
2016-01-30 11:50 - 2016-01-30 11:50 - 00002200 _____ C:\Users\Default\help_recover_instructions+ece.txt
2016-01-30 11:50 - 2016-01-30 11:50 - 00002200 _____ C:\Users\Default\Downloads\help_recover_instructions+ece.txt
2016-01-30 11:50 - 2016-01-30 11:50 - 00002200 _____ C:\Users\Default\Documents\help_recover_instructions+ece.txt
2016-01-30 11:50 - 2016-01-30 11:50 - 00002200 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\help_recover_instructions+ece.txt
2016-01-30 11:50 - 2016-01-30 11:50 - 00002200 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\help_recover_instructions+ece.txt
2016-01-30 11:50 - 2016-01-30 11:50 - 00002200 _____ C:\Users\Default\AppData\Roaming\help_recover_instructions+ece.txt
2016-01-30 11:50 - 2016-01-30 11:50 - 00002200 _____ C:\Users\Default\AppData\Local\help_recover_instructions+ece.txt
2016-01-30 11:50 - 2016-01-30 11:50 - 00002200 _____ C:\Users\Default\AppData\help_recover_instructions+ece.txt
2016-01-30 11:50 - 2016-01-30 11:50 - 00002200 _____ C:\Users\Default User\Downloads\help_recover_instructions+ece.txt
2016-01-30 11:50 - 2016-01-30 11:50 - 00002200 _____ C:\Users\Default User\Documents\help_recover_instructions+ece.txt
2016-01-30 11:50 - 2016-01-30 11:50 - 00002200 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\help_recover_instructions+ece.txt
2016-01-30 11:50 - 2016-01-30 11:50 - 00002200 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\help_recover_instructions+ece.txt
2016-01-30 11:50 - 2016-01-30 11:50 - 00002200 _____ C:\Users\Default User\AppData\Roaming\help_recover_instructions+ece.txt
2016-01-30 11:50 - 2016-01-30 11:50 - 00002200 _____ C:\Users\Default User\AppData\Local\help_recover_instructions+ece.txt
2016-01-30 11:50 - 2016-01-30 11:50 - 00002200 _____ C:\Users\Default User\AppData\help_recover_instructions+ece.txt
2016-01-30 11:49 - 2016-01-30 11:53 - 00007530 _____ C:\Users\Public\Documents\help_recover_instructions+ece.html
2016-01-30 11:49 - 2016-01-30 11:53 - 00002200 _____ C:\Users\Public\Documents\help_recover_instructions+ece.txt
2016-01-30 11:49 - 2016-01-30 11:50 - 00007530 _____ C:\ProgramData\help_recover_instructions+ece.html
2016-01-30 11:49 - 2016-01-30 11:50 - 00002200 _____ C:\ProgramData\help_recover_instructions+ece.txt
2016-01-30 11:49 - 2016-01-30 11:49 - 00007530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\help_recover_instructions+ece.html
2016-01-30 11:49 - 2016-01-30 11:49 - 00007530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\help_recover_instructions+ece.html
2016-01-30 11:49 - 2016-01-30 11:49 - 00007530 _____ C:\Program Files\help_recover_instructions+ece.html
2016-01-30 11:49 - 2016-01-30 11:49 - 00002200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\help_recover_instructions+ece.txt
2016-01-30 11:49 - 2016-01-30 11:49 - 00002200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\help_recover_instructions+ece.txt
2016-01-30 11:49 - 2016-01-30 11:49 - 00002200 _____ C:\Program Files\help_recover_instructions+ece.txt
2016-01-30 11:48 - 2016-01-30 11:53 - 00007530 _____ C:\Users\help_recover_instructions+ece.html
2016-01-30 11:48 - 2016-01-30 11:53 - 00002200 _____ C:\Users\help_recover_instructions+ece.txt
2016-01-30 11:48 - 2016-01-30 11:48 - 00007530 _____ C:\Program Files\Common Files\help_recover_instructions+ece.html
2016-01-30 11:48 - 2016-01-30 11:48 - 00002200 _____ C:\Program Files\Common Files\help_recover_instructions+ece.txt
2016-01-30 11:48 - 2016-01-30 11:48 - 00000254 _____ C:\Users\PC\Documents\recover_file_qdumayqpr.txt
2016-01-29 18:20 - 2016-01-29 18:20 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\wxdjdoqt.sys
2016-01-29 18:16 - 2016-01-29 18:16 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\ylajpnkt.sys
2016-01-29 14:36 - 2016-01-19 12:53 - 161213656 _____ (AVAST Software) C:\Users\PC\Desktop\avast_free_antivirus_setup.exe
2016-01-29 14:34 - 2016-01-29 14:34 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\tnpodtrx.sys
2016-01-29 14:34 - 2016-01-29 14:34 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\mhrhhdnm.sys
2016-01-27 10:52 - 2002-01-12 16:30 - 00003567 _____ (Beyond Logic hxxp://www.beyondlogic.org) C:\Windows\SysWOW64\Drivers\PortTalk.sys
2016-01-26 15:48 - 2016-01-31 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2016-01-18 03:10 - 2016-01-18 03:14 - 00000069 _____ C:\Windows\NeroDigital.ini
2016-01-18 00:01 - 2016-01-31 09:52 - 00000000 ____D C:\Users\PC\AppData\Local\Microsoft Games
2016-01-16 13:03 - 2016-01-31 09:52 - 00000000 ____D C:\Users\PC\Downloads\USBSafelyRemove538
2016-01-16 03:12 - 2016-02-01 11:33 - 00000000 ____D C:\Users\PC\Desktop\1995.P.U.L.S.E
2016-01-16 03:11 - 2016-01-30 11:51 - 00014272 _____ C:\Users\PC\Desktop\CV LIDA.docx.micro
2016-01-14 20:41 - 2016-01-30 11:53 - 00027488 _____ C:\Users\PC\Downloads\210205-300.2006.bluray.720p.x264.yify.zip.micro
2016-01-10 22:21 - 2016-01-31 09:52 - 00000000 ____D C:\Users\PC\Documents\EGDownloads
2016-01-10 22:14 - 2016-01-31 09:52 - 00000000 ____D C:\Users\PC\AppData\Roaming\EagleGet
2016-01-10 22:14 - 2016-01-31 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EagleGet
2016-01-10 22:14 - 2016-01-31 09:51 - 00000000 ____D C:\ProgramData\EagleGet
2016-01-10 22:14 - 2016-01-10 22:14 - 00001007 _____ C:\Users\Public\Desktop\EagleGet.lnk
2016-01-10 22:14 - 2016-01-10 22:14 - 00000000 ____D C:\Program Files (x86)\EagleGet
2016-01-10 22:14 - 2016-01-06 22:37 - 00077624 _____ (eagleGet) C:\Windows\system32\Drivers\eagleGet.sys
2016-01-10 22:12 - 2016-01-10 22:12 - 06090996 _____ (EagleGet ) C:\Users\PC\Downloads\eagleget_setup.exe
2016-01-10 03:12 - 2016-02-01 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2016-01-10 03:12 - 2016-02-01 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2016-01-10 03:10 - 2016-02-02 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-01-10 03:10 - 2016-02-02 13:41 - 00000000 ____D C:\Program Files (x86)\7-Zip
2016-01-10 03:10 - 2016-02-01 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
2016-01-10 03:09 - 2016-02-01 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
2016-01-10 03:09 - 2016-01-31 09:51 - 00000000 ____D C:\ProgramData\Zoom Player
2016-01-10 03:09 - 2016-01-31 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Player
2016-01-10 03:09 - 2016-01-10 03:09 - 00001973 _____ C:\Users\Public\Desktop\Zoom Player PRO.lnk
2016-01-10 03:09 - 2016-01-10 03:09 - 00000000 ____D C:\Program Files (x86)\Zoom Player
2016-01-10 03:08 - 2016-01-31 09:52 - 00000000 ____D C:\Users\PC\Downloads\ZoomPlayerPro111
2016-01-06 17:01 - 2016-01-06 17:01 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-01-06 17:00 - 2016-02-01 12:39 - 00002892 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_PC
2016-01-06 03:43 - 2016-01-06 03:58 - 00000244 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2016-01-05 21:27 - 2016-01-05 21:27 - 00047920 _____ (Greatis Software) C:\Windows\system32\Partizan.exe
2016-01-05 21:24 - 2016-01-31 09:51 - 00000000 ____D C:\ProgramData\RegRun
2016-01-05 21:17 - 2016-01-05 21:17 - 00000002 RSHOT C:\Windows\winstart.bat
2016-01-05 21:17 - 2016-01-05 21:17 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2016-01-05 21:17 - 2016-01-05 21:17 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2016-01-05 21:16 - 2016-01-31 09:52 - 00000000 ____D C:\Users\PC\Documents\RegRun2

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-02 14:02 - 2015-10-16 16:50 - 00000000 ____D C:\FRST
2016-02-02 13:41 - 2015-10-10 12:39 - 00000000 ____D C:\Users\PC\.oracle_jre_usage
2016-02-02 13:41 - 2015-10-10 12:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-02 13:40 - 2015-10-10 12:38 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-02-02 13:40 - 2015-10-10 12:38 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-02 13:37 - 2015-10-07 20:07 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-02 13:37 - 2015-10-07 20:07 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-02 13:36 - 2015-10-07 20:05 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-02 13:30 - 2009-07-14 05:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-02 13:30 - 2009-07-14 05:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-02 13:29 - 2009-07-14 06:13 - 00784956 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-02 13:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-02-02 13:26 - 2015-11-29 18:47 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-02 13:24 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-02 13:01 - 2015-11-29 18:47 - 00000000 ____D C:\Users\PC\AppData\Local\Google
2016-02-02 12:53 - 2015-11-29 18:45 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-02 12:32 - 2015-10-08 17:22 - 00061256 _____ C:\Windows\system32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx
2016-02-02 12:32 - 2015-10-08 17:22 - 00061256 _____ C:\Windows\system32\BMXState-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx
2016-02-02 12:32 - 2015-10-08 17:22 - 00000788 _____ C:\Windows\system32\DVCState-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx
2016-02-01 13:07 - 2015-11-11 07:19 - 00000000 ____D C:\ProgramData\ProductData
2016-02-01 13:06 - 2015-10-07 20:07 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2016-02-01 13:05 - 2015-10-10 20:12 - 00000000 ____D C:\Users\PC\AppData\Roaming\uTorrent
2016-02-01 11:33 - 2015-12-06 23:10 - 00000000 ____D C:\Users\PC\AppData\LocalLow\uTorrent
2016-02-01 03:26 - 2015-10-10 21:19 - 00000000 ____D C:\KMPlayer
2016-01-31 21:32 - 2015-10-10 12:35 - 00000000 ____D C:\Users\PC\AppData\Roaming\.minecraft
2016-01-31 09:52 - 2016-01-02 14:07 - 00000000 ____D C:\Users\PC\AppData\Roaming\AbstractCurves
2016-01-31 09:52 - 2015-12-30 23:19 - 00000000 ____D C:\Users\PC\AppData\Roaming\ApkInstaller
2016-01-31 09:52 - 2015-12-25 19:18 - 00000000 ___SD C:\Users\PC\Documents\Sticky Passwords
2016-01-31 09:52 - 2015-12-25 18:55 - 00000000 ____D C:\Users\PC\decrypt
2016-01-31 09:52 - 2015-12-25 18:55 - 00000000 ____D C:\Users\PC\AppData\Roaming\.Ultimate
2016-01-31 09:52 - 2015-12-25 18:55 - 00000000 ____D C:\Users\PC\AppData\Roaming\.decrypter
2016-01-31 09:52 - 2015-12-25 18:10 - 00000000 ____D C:\Users\PC\Documents\CDRWIN 9
2016-01-31 09:52 - 2015-12-25 18:04 - 00000000 ____D C:\Users\PC\Documents\WonderFox Soft
2016-01-31 09:52 - 2015-12-25 18:04 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WonderFox Soft
2016-01-31 09:52 - 2015-12-20 20:53 - 00000000 ____D C:\Users\PC\AppData\Roaming\PicPick
2016-01-31 09:52 - 2015-12-17 07:00 - 00000000 ____D C:\Users\PC\Documents\My Drivers
2016-01-31 09:52 - 2015-12-13 21:03 - 00000000 ____D C:\Users\PC\AppData\Local\WindowsContactPictures
2016-01-31 09:52 - 2015-12-13 20:53 - 00000000 ____D C:\Users\PC\AppData\Roaming\LG Electronics
2016-01-31 09:52 - 2015-12-08 23:15 - 00000000 ____D C:\Users\PC\AppData\Roaming\Downloaded Installations
2016-01-31 09:52 - 2015-12-06 17:31 - 00000000 ____D C:\Users\PC\AppData\Roaming\LimundoGradMessages
2016-01-31 09:52 - 2015-12-06 17:30 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Limundo
2016-01-31 09:52 - 2015-12-05 20:43 - 00000000 ____D C:\Users\PC\AppData\Roaming\Software Informer
2016-01-31 09:52 - 2015-11-25 16:56 - 00000000 ____D C:\Users\PC\TapinRadio
2016-01-31 09:52 - 2015-11-11 07:20 - 00000000 ____D C:\Users\PC\AppData\Roaming\Apple Computer
2016-01-31 09:52 - 2015-11-11 07:19 - 00000000 ____D C:\Users\PC\AppData\Roaming\ProductData
2016-01-31 09:52 - 2015-11-11 07:19 - 00000000 ____D C:\Users\PC\AppData\Roaming\IObit
2016-01-31 09:52 - 2015-11-11 07:19 - 00000000 ____D C:\Users\PC\AppData\LocalLow\IObit
2016-01-31 09:52 - 2015-11-09 22:38 - 00000000 ____D C:\Users\PC\AppData\Roaming\calibre
2016-01-31 09:52 - 2015-11-01 11:09 - 00000000 ____D C:\Users\PC\AppData\Roaming\Geek Uninstaller
2016-01-31 09:52 - 2015-10-16 17:43 - 00000000 ____D C:\Users\PC\AppData\Roaming\WinRAR
2016-01-31 09:52 - 2015-10-16 17:30 - 00000000 ____D C:\Users\PC\AppData\Local\VirtualStore
2016-01-31 09:52 - 2015-10-10 21:54 - 00000000 ____D C:\Users\PC\AppData\Roaming\DAEMON Tools Lite
2016-01-31 09:52 - 2015-10-10 21:47 - 00000000 ____D C:\Users\PC\AppData\Roaming\Lavasoft
2016-01-31 09:52 - 2015-10-10 21:44 - 00000000 ____D C:\Users\PC\AppData\Roaming\Opera Software
2016-01-31 09:52 - 2015-10-10 21:44 - 00000000 ____D C:\Users\PC\AppData\Local\Opera Software
2016-01-31 09:52 - 2015-10-10 21:32 - 00000000 ____D C:\Users\PC\AppData\Local\Slimjet
2016-01-31 09:52 - 2015-10-10 21:27 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-01-31 09:52 - 2015-10-10 21:22 - 00000000 ____D C:\Users\PC\AppData\Roaming\MAGIX
2016-01-31 09:52 - 2015-10-10 21:20 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2016-01-31 09:52 - 2015-10-10 21:13 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2016-01-31 09:52 - 2015-10-10 20:04 - 00000000 ____D C:\Users\PC\AppData\Local\VS Revo Group
2016-01-31 09:52 - 2015-10-10 12:39 - 00000000 ____D C:\Users\PC\AppData\Roaming\Sun
2016-01-31 09:52 - 2015-10-10 12:39 - 00000000 ____D C:\Users\PC\AppData\Roaming\NVIDIA
2016-01-31 09:52 - 2015-10-10 12:39 - 00000000 ____D C:\Users\PC\AppData\LocalLow\Sun
2016-01-31 09:52 - 2015-10-10 12:36 - 00000000 ____D C:\Users\PC\AppData\LocalLow\Oracle
2016-01-31 09:52 - 2015-10-10 12:35 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-01-31 09:52 - 2015-10-08 08:20 - 00000000 ____D C:\Users\PC\AppData\Roaming\ESET
2016-01-31 09:52 - 2015-10-07 20:23 - 00000000 ____D C:\Users\PC\AppData\Roaming\CyberLink
2016-01-31 09:52 - 2015-10-07 20:18 - 00000000 ____D C:\Users\PC\AppData\Local\NVIDIA
2016-01-31 09:52 - 2015-10-07 20:10 - 00000000 ____D C:\Users\PC\AppData\Roaming\Macromedia
2016-01-31 09:52 - 2015-10-07 20:08 - 00000000 ____D C:\Users\PC\AppData\Roaming\Winamp
2016-01-31 09:52 - 2015-10-07 20:06 - 00000000 ____D C:\Users\PC\AppData\Roaming\Mozilla
2016-01-31 09:52 - 2015-10-07 20:06 - 00000000 ____D C:\Users\PC\AppData\Roaming\FastStone
2016-01-31 09:52 - 2015-10-07 20:06 - 00000000 ____D C:\Users\PC\AppData\Local\Mozilla
2016-01-31 09:52 - 2015-10-07 20:05 - 00000000 ____D C:\Users\PC\AppData\Roaming\Adobe
2016-01-31 09:52 - 2015-10-07 20:05 - 00000000 ____D C:\Users\PC\AppData\LocalLow\Adobe
2016-01-31 09:52 - 2015-10-07 20:04 - 00000000 ____D C:\Users\PC\AppData\Roaming\Nero
2016-01-31 09:52 - 2015-10-07 19:26 - 00000000 ____D C:\Users\PC\AppData\Local\Microsoft Help
2016-01-31 09:52 - 2015-10-07 19:25 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-01-31 09:52 - 2015-10-07 19:11 - 00000000 ____D C:\Users\PC\AppData\Roaming\Media Center Programs
2016-01-31 09:52 - 2015-10-07 19:11 - 00000000 ____D C:\Users\PC
2016-01-31 09:52 - 2009-07-14 08:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-01-31 09:52 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-01-31 09:51 - 2015-12-25 19:14 - 00000000 ____D C:\ProgramData\Caphyon
2016-01-31 09:51 - 2015-12-25 19:04 - 00000000 ____D C:\ProgramData\fpr
2016-01-31 09:51 - 2015-12-25 19:04 - 00000000 ____D C:\ProgramData\Animation Editor
2016-01-31 09:51 - 2015-12-25 19:02 - 00000000 ____D C:\ProgramData\A-PDF
2016-01-31 09:51 - 2015-12-20 21:49 - 00000000 ____D C:\ProgramData\Origin
2016-01-31 09:51 - 2015-12-20 20:53 - 00000000 ____D C:\ProgramData\PicPick
2016-01-31 09:51 - 2015-12-17 07:00 - 00000000 ____D C:\Users\PC\AppData\Local\Innovative Solutions
2016-01-31 09:51 - 2015-12-17 05:45 - 00000000 ____D C:\ProgramData\Auslogics
2016-01-31 09:51 - 2015-12-13 18:37 - 00000000 ____D C:\Users\PC\AppData\Local\LG Electronics
2016-01-31 09:51 - 2015-12-13 18:14 - 00000000 ____D C:\Users\PC\.android
2016-01-31 09:51 - 2015-12-11 22:31 - 00000000 ____D C:\Users\PC\AppData\Local\Engelmann_Media
2016-01-31 09:51 - 2015-12-11 22:31 - 00000000 ____D C:\ProgramData\Licenses
2016-01-31 09:51 - 2015-12-11 22:30 - 00000000 ____D C:\Program Files\Engelmann Media
2016-01-31 09:51 - 2015-12-08 23:21 - 00000000 ____D C:\Users\PC\AppData\Local\BinaryNow
2016-01-31 09:51 - 2015-12-05 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoMedia
2016-01-31 09:51 - 2015-12-05 21:21 - 00000000 ____D C:\Program Files\DVDVideoMedia
2016-01-31 09:51 - 2015-12-05 20:43 - 00000000 ____D C:\ProgramData\Informer Technologies, Inc
2016-01-31 09:51 - 2015-12-02 17:30 - 00000000 ____D C:\Users\PC\AppData\Local\ashampoo
2016-01-31 09:51 - 2015-12-02 17:30 - 00000000 ____D C:\ProgramData\Ashampoo
2016-01-31 09:51 - 2015-12-02 10:32 - 00000000 ____D C:\Users\PC\AppData\Local\fontconfig
2016-01-31 09:51 - 2015-12-01 22:15 - 00000000 ____D C:\Users\PC\.smplayer
2016-01-31 09:51 - 2015-12-01 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMPlayer
2016-01-31 09:51 - 2015-12-01 22:15 - 00000000 ____D C:\Program Files\SMPlayer
2016-01-31 09:51 - 2015-11-29 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-01-31 09:51 - 2015-11-29 19:52 - 00000000 ____D C:\Program Files\VS Revo Group
2016-01-31 09:51 - 2015-11-29 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-01-31 09:51 - 2015-11-19 23:04 - 00000000 ____D C:\ProgramData\MobileBrServ
2016-01-31 09:51 - 2015-11-18 22:39 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-01-31 09:51 - 2015-11-18 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TapinRadio
2016-01-31 09:51 - 2015-11-18 22:35 - 00000000 ____D C:\Program Files\TapinRadio
2016-01-31 09:51 - 2015-11-11 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
2016-01-31 09:51 - 2015-11-11 07:20 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2016-01-31 09:51 - 2015-11-11 07:19 - 00000000 ____D C:\Users\PC\AppData\IObit
2016-01-31 09:51 - 2015-11-11 07:19 - 00000000 ____D C:\ProgramData\IObit
2016-01-31 09:51 - 2015-11-09 22:40 - 00000000 ____D C:\Users\PC\AppData\Local\calibre-cache
2016-01-31 09:51 - 2015-10-30 19:49 - 00000000 ____D C:\ProgramData\PopCap Games
2016-01-31 09:51 - 2015-10-25 22:14 - 00000000 ____D C:\ESD
2016-01-31 09:51 - 2015-10-25 20:01 - 00000000 ___HD C:\$Windows.~WS
2016-01-31 09:51 - 2015-10-10 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2016-01-31 09:51 - 2015-10-10 21:53 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-01-31 09:51 - 2015-10-10 21:47 - 00000000 ____D C:\Users\PC\AppData\Local\Lavasoft
2016-01-31 09:51 - 2015-10-10 21:44 - 00000000 ____D C:\ProgramData\Lavasoft
2016-01-31 09:51 - 2015-10-10 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPeak Slimjet
2016-01-31 09:51 - 2015-10-10 21:22 - 00000000 ____D C:\ProgramData\MAGIX
2016-01-31 09:51 - 2015-10-10 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-01-31 09:51 - 2015-10-10 21:15 - 00000000 ____D C:\Program Files\CCleaner
2016-01-31 09:51 - 2015-10-10 21:13 - 00000000 ____D C:\Program Files\Unlocker
2016-01-31 09:51 - 2015-10-10 20:04 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-01-31 09:51 - 2015-10-10 12:38 - 00000000 ____D C:\ProgramData\Oracle
2016-01-31 09:51 - 2015-10-08 16:47 - 00000000 ____D C:\Users\PC\AppData\Local\Macromedia
2016-01-31 09:51 - 2015-10-08 16:38 - 00000000 ____D C:\Users\PC\AppData\Local\ElevatedDiagnostics
2016-01-31 09:51 - 2015-10-08 08:20 - 00000000 ____D C:\Users\PC\AppData\Local\ESET
2016-01-31 09:51 - 2015-10-07 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2016-01-31 09:51 - 2015-10-07 21:05 - 00000000 ____D C:\ProgramData\Creative
2016-01-31 09:51 - 2015-10-07 21:05 - 00000000 ____D C:\Program Files\Creative
2016-01-31 09:51 - 2015-10-07 20:33 - 00000000 ____D C:\Users\PC\AppData\Local\CEF
2016-01-31 09:51 - 2015-10-07 20:21 - 00000000 ____D C:\Users\PC\AppData\Local\MediaServer
2016-01-31 09:51 - 2015-10-07 20:21 - 00000000 ____D C:\ProgramData\PDVD
2016-01-31 09:51 - 2015-10-07 20:21 - 00000000 ____D C:\ProgramData\CyberLink
2016-01-31 09:51 - 2015-10-07 20:20 - 00000000 ____D C:\ProgramData\Temp
2016-01-31 09:51 - 2015-10-07 20:20 - 00000000 ____D C:\ProgramData\install_clap
2016-01-31 09:51 - 2015-10-07 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-01-31 09:51 - 2015-10-07 20:14 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-31 09:51 - 2015-10-07 20:14 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-31 09:51 - 2015-10-07 20:14 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-01-31 09:51 - 2015-10-07 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2016-01-31 09:51 - 2015-10-07 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-01-31 09:51 - 2015-10-07 20:06 - 00000000 ____D C:\ProgramData\Mozilla
2016-01-31 09:51 - 2015-10-07 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
2016-01-31 09:51 - 2015-10-07 20:05 - 00000000 ____D C:\Users\PC\AppData\Local\Adobe
2016-01-31 09:51 - 2015-10-07 20:04 - 00000000 ____D C:\ProgramData\Adobe
2016-01-31 09:51 - 2015-10-07 20:01 - 00000000 ____D C:\Users\PC\AppData\Local\Ahead
2016-01-31 09:51 - 2015-10-07 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
2016-01-31 09:51 - 2015-10-07 19:48 - 00000000 ____D C:\ProgramData\Nero
2016-01-31 09:51 - 2015-10-07 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2016-01-31 09:51 - 2015-10-07 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-01-31 09:51 - 2015-10-07 19:26 - 00000000 __RHD C:\MSOCache
2016-01-31 09:51 - 2015-10-07 19:26 - 00000000 ____D C:\Program Files\Microsoft Office
2016-01-31 09:51 - 2015-10-07 19:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-01-31 09:51 - 2009-07-14 08:46 - 00000000 ____D C:\Program Files\Windows Journal
2016-01-31 09:51 - 2009-07-14 08:45 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2016-01-31 09:51 - 2009-07-14 08:45 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2016-01-31 09:51 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-31 09:51 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-01-31 09:51 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-01-31 09:51 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-01-31 09:51 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-01-31 09:51 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-01-31 09:51 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\MSBuild
2016-01-31 09:51 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Microsoft Games
2016-01-31 09:51 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-01-31 09:51 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Windows NT
2016-01-31 09:51 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-01-31 09:51 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-01-31 09:51 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Services
2016-01-31 09:51 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-31 09:51 - 2009-07-14 04:20 - 00000000 ____D C:\PerfLogs
2016-01-30 11:53 - 2015-12-20 15:56 - 00000000 ____D C:\Users\PC\Desktop\Lada 1200 combi
2016-01-30 11:52 - 2015-12-08 23:28 - 00000000 ____D C:\Users\PC\Desktop\Folderi
2016-01-19 14:02 - 2009-07-14 06:08 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-15 18:25 - 2015-10-07 19:19 - 00789706 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2016-01-31 09:51 - 2016-01-31 09:51 - 0007530 _____ () C:\Program Files\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:51 - 0002200 _____ () C:\Program Files\help_recover_instructions+cfw.txt
2016-01-30 11:49 - 2016-01-30 11:49 - 0007530 _____ () C:\Program Files\help_recover_instructions+ece.html
2016-01-30 11:49 - 2016-01-30 11:49 - 0002200 _____ () C:\Program Files\help_recover_instructions+ece.txt
2016-01-31 09:51 - 2016-01-31 09:51 - 0007530 _____ () C:\Program Files\Common Files\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:51 - 0002200 _____ () C:\Program Files\Common Files\help_recover_instructions+cfw.txt
2016-01-30 11:48 - 2016-01-30 11:48 - 0007530 _____ () C:\Program Files\Common Files\help_recover_instructions+ece.html
2016-01-30 11:48 - 2016-01-30 11:48 - 0002200 _____ () C:\Program Files\Common Files\help_recover_instructions+ece.txt
2015-11-11 19:45 - 2015-12-31 02:21 - 0000375 _____ () C:\Users\PC\AppData\Roaming\burnaware.ini
2016-01-31 09:52 - 2016-01-31 09:52 - 0007530 _____ () C:\Users\PC\AppData\Roaming\help_recover_instructions+cfw.html
2016-01-31 09:52 - 2016-01-31 09:52 - 0002200 _____ () C:\Users\PC\AppData\Roaming\help_recover_instructions+cfw.txt
2016-01-30 11:51 - 2016-01-30 11:51 - 0007530 _____ () C:\Users\PC\AppData\Roaming\help_recover_instructions+ece.html
2016-01-30 11:51 - 2016-01-30 11:51 - 0002200 _____ () C:\Users\PC\AppData\Roaming\help_recover_instructions+ece.txt
2016-01-31 09:52 - 2016-01-31 09:52 - 0007530 _____ () C:\Users\PC\AppData\Roaming\Microsoft\help_recover_instructions+cfw.html
2016-01-31 09:52 - 2016-01-31 09:52 - 0002200 _____ () C:\Users\PC\AppData\Roaming\Microsoft\help_recover_instructions+cfw.txt
2016-01-30 11:51 - 2016-01-30 11:51 - 0007530 _____ () C:\Users\PC\AppData\Roaming\Microsoft\help_recover_instructions+ece.html
2016-01-30 11:51 - 2016-01-30 11:51 - 0002200 _____ () C:\Users\PC\AppData\Roaming\Microsoft\help_recover_instructions+ece.txt
2016-01-31 09:51 - 2016-01-31 09:52 - 0007530 _____ () C:\Users\PC\AppData\Local\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:52 - 0002200 _____ () C:\Users\PC\AppData\Local\help_recover_instructions+cfw.txt
2016-01-30 11:50 - 2016-01-30 11:53 - 0007530 _____ () C:\Users\PC\AppData\Local\help_recover_instructions+ece.html
2016-01-30 11:50 - 2016-01-30 11:53 - 0002200 _____ () C:\Users\PC\AppData\Local\help_recover_instructions+ece.txt
2016-01-31 09:51 - 2016-01-31 09:51 - 0007530 _____ () C:\ProgramData\help_recover_instructions+cfw.html
2016-01-31 09:51 - 2016-01-31 09:51 - 0002200 _____ () C:\ProgramData\help_recover_instructions+cfw.txt
2016-01-30 11:49 - 2016-01-30 11:50 - 0007530 _____ () C:\ProgramData\help_recover_instructions+ece.html
2016-01-30 11:49 - 2016-01-30 11:50 - 0002200 _____ () C:\ProgramData\help_recover_instructions+ece.txt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-10 14:07

==================== End of FRST.txt ============================




https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png






Dopuna: 02 Feb 2016 14:09

kad sam laik u ovome...trudim se da idem korak po korak ali eto ispustio sam redosled...izvini...pokusacu da se to ne desava.

a ove moje fajlove nemam gde...pa neka ih tu gde su ..nece niko dirati...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Izvini ti, gornja poruka ti je bila sva izmesana, nisam video da si vec postavio FixList log.
Molim, koristi citat za citiranje, jasnije je.

Da odg. na propustena pitanja.

Citat:Ako ga pregazim tj. reinstaliram hocu li moci da ubacim antivirus itd...
Da.

Citat:odradicu je opet nakon ovog sto pokusamo ovde...
Kada zavrsim sa tobom u Ambulanti, reinstalaciju sistema neces morati raditi. Ako je planiras raditi svakako kada zavrsimo, onda bolje je radi odmah, ja nemam nesto preterano slobodnog vremena...

Citat:ono sto mi je preporuceno ..da sve kriptovane fajlove skupim na jedno mesto i sacuvam..ne mogu...to je na par HD/a plus jedan externi pa mislim da ostane tako a da ja nista ne diram...
Spakuj u jedan folder, to bar mozes. Neka stoje na jednom mestu dok se mozda neki lek ne pojavi.



--------------------------------------------------------------------------------


Ovo sada izgleda vrlo dobro. No, voleo bih da odradis sledece. Idemo ...






1. Preuzmi sUBs-ov ComboFix () sa ovog linka i sačuvaj alat na Desktop.
• Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
• Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.

------------------------------------------------------------
2. Privremeno deaktiviraj AntiVirus program, u većini slučajeva preko desnog klika na ikonu programa u system tray. Oni mogu ometati alat tokom rada.
Ukoliko nisi siguran kako to da uradiš, isprati ovo uputstvo.

------------------------------------------------------------
3. Dvoklikom na ikonicu pokreni ComboFix. Potom, na disclaimer prozoru klikni dugme I Agree!

• ComboFix će proveriti da li je dostupna nova verzija alata.
Klikni Yes ako je zatrazeno preuzimanje.
• Ukoliko Recovery Console nije instaliran, ComboFix će ponuditi preuzimanje i instalaciju.
Klikni Yes da bi dozvolio alatu da preuzme i instalira Recovery Console
• ComboFix će skenirati računar po fazama (Stage_#) ukupno 50 faza.
Ne kliktati okolo dok ComboFix ispituje sistem.
• Ukoliko je malware detektovan, ComboFix će zapoceti njegovo uklanjanje.
Iz tog razloga, alat će po potrebi restartovati Windows (nekad i više puta);
Napomena: Ako nakon rada alata dobiješ grešku (Illegal operation attempted on a registry key that has been marked for deletion) prilikom startovanja programa, restartovati računar i to ce rešiti problem.

------------------------------------------------------------
4. Kada alat završi, formiraće i otvoriti izveštaj (tipična lokacija: C:\ComboFix.txt)
Iskopiraj sadržaj ComboFix.txt izveštaja u poruku.

ComboFix će takođe formirati i dodatan izveštaj (tipicna lokacija: C:\Qoobox\ComboFix-quarantined-files.txt)
Okači ComboFix-quarantined-files.txt izveštaj uz poruku koristeći opciju Prikači fajl

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 02 Feb 2016 14:50


ComboFix 16-01-31.01 - PC 02/02/2016 14:39:10.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.4094.2553 [GMT 1:00]
Running from: c:\users\PC\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.CAT
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.CHS
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.CHT
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.CZE
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.DAN
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.DEU
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.ESP
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.EUQ
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.FRA
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.HRV
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.HUN
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.ITA
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.JPN
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.KOR
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.NLD
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.NOR
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.POL
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.PTB
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.RUM
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.RUS
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.SKY
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.SLV
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.SUO
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.SVE
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.TUR
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.UKR
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.CAT
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.CHS
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.CHT
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.CZE
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.DAN
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.DEU
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.ESP
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.EUQ
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.FRA
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.HRV
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.HUN
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.ITA
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.JPN
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.KOR
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.NLD
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.NOR
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.POL
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.PTB
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.RUM
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.RUS
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.SKY
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.SLV
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.SUO
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.SVE
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.TUR
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.UKR
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\ca_ES\Annots.CAT
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\ca_ES\DigSig.CAT
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\ca_ES\PPKLite.CAT
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\ca_ES\ReadOutLoud.CAT
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\cs_CZ\Annots.CZE
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\cs_CZ\DigSig.CZE
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\da_DK\Annots.DAN
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\da_DK\DigSig.DAN
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\da_DK\DVA.DAN
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\de_DE\accessibility.DEU
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\de_DE\Acroform.DEU
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\de_DE\Annots.DEU
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\de_DE\Checkers.DEU
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\de_DE\DigSig.DEU
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\de_DE\DropboxStorage.DEU
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\de_DE\makeaccessible.DEU
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\de_DE\Multimedia.DEU
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\de_DE\pddom.DEU
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\de_DE\PPKLITE.DEU
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\de_DE\ReadOutLoud.DEU
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\de_DE\SaveAsRTF.DEU
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\es_ES\Annots.ESP
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\es_ES\DigSig.ESP
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\eu_ES\Annots.EUQ
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\eu_ES\DigSig.EUQ
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\eu_ES\DropboxStorage.EUQ
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\fi_FI\accessibility.SUO
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\fi_FI\Annots.SUO
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\fi_FI\DigSig.SUO
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\fi_FI\eBook.SUO
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\fi_FI\EScript.SUO
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\fi_FI\Search.SUO
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\fr_FR\Annots.FRA
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\fr_FR\DigSig.FRA
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\hr_HR\Annots.HRV
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\hr_HR\DigSig.HRV
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\hu_HU\Annots.HUN
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\hu_HU\DigSig.HUN
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\it_IT\Annots.ITA
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\it_IT\DigSig.ITA
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\it_IT\PPKLITE.ITA
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\ja_JP\Annots.JPN
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\ja_JP\DigSig.JPN
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\ja_JP\EScript.JPN
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\ko_KR\Annots.KOR
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\ko_KR\DigSig.KOR
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\nb_NO\Annots.NOR
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\nb_NO\DigSig.NOR
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\nl_NL\Annots.NLD
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\nl_NL\DigSig.NLD
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\pl_PL\Annots.POL
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\pl_PL\DigSig.POL
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\pt_BR\Annots.PTB
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\pt_BR\DigSig.PTB
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\ro_RO\Annots.RUM
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\ro_RO\DigSig.RUM
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\ru_RU\Annots.RUS
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\ru_RU\DigSig.RUS
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\ru_RU\PPKLITE.RUS
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\sk_SK\Annots.SKY
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\sk_SK\DigSig.SKY
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\sl_SI\Annots.SLV
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\sl_SI\DigSig.SLV
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\sl_SI\SaveAsRTF.SLV
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\sv_SE\Annots.SVE
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\sv_SE\DigSig.SVE
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\tr_TR\Annots.TUR
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\tr_TR\DigSig.TUR
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\tr_TR\eBook.TUR
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\uk_UA\Annots.UKR
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\uk_UA\DigSig.UKR
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\zh_CN\Annots.CHS
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\zh_CN\DigSig.CHS
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\zh_TW\Annots.CHT
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\zh_TW\DigSig.CHT
c:\users\Default\Favorites\help_recover_instructions+cfw.html
c:\users\Default\Favorites\help_recover_instructions+ece.html
c:\users\PC\Favorites\help_recover_instructions+cfw.html
c:\users\PC\Favorites\help_recover_instructions+ece.html
c:\users\Public\Favorites\help_recover_instructions+cfw.html
c:\users\Public\Favorites\help_recover_instructions+ece.html
.
.
((((((((((((((((((((((((( Files Created from 2016-01-02 to 2016-02-02 )))))))))))))))))))))))))))))))
.
.
2016-02-02 13:43 . 2016-02-02 13:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-02-02 12:41 . 2016-02-02 12:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2016-02-02 12:37 . 2016-02-02 12:37 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74C9177C-6608-4D31-8E88-061FD6B425C2}\offreg.2640.dll
2016-02-02 11:56 . 2016-02-02 11:56 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74C9177C-6608-4D31-8E88-061FD6B425C2}\offreg.2088.dll
2016-02-02 11:55 . 2016-02-02 11:55 -------- d-----w- c:\users\PC\AppData\Roaming\AVAST Software
2016-02-02 11:55 . 2016-02-02 11:55 -------- d-----w- c:\program files\Common Files\AV
2016-02-02 11:55 . 2016-02-02 11:55 -------- d-----w- c:\program files (x86)\Common Files\AV
2016-02-02 11:54 . 2016-02-02 11:54 273784 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-02-02 11:54 . 2016-02-02 11:54 155304 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-02-02 11:54 . 2016-02-02 11:55 464256 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-02-02 11:54 . 2016-02-02 11:54 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-02-02 11:54 . 2016-02-02 11:55 97648 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2016-02-02 11:54 . 2016-02-02 11:54 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-02-02 11:54 . 2016-02-02 11:54 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-02-02 11:54 . 2016-02-02 11:55 1065208 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-02-02 11:54 . 2016-02-02 11:54 386096 ----a-w- c:\windows\system32\aswBoot.exe
2016-02-02 11:54 . 2016-02-02 11:54 43112 ----a-w- c:\windows\avastSS.scr
2016-02-02 11:53 . 2016-02-02 11:53 -------- d-----w- c:\program files\AVAST Software
2016-02-02 11:21 . 2016-02-02 11:21 -------- d-----w- c:\programdata\Malwarebytes
2016-02-02 11:19 . 2016-02-02 12:01 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2016-02-02 11:18 . 2016-02-02 11:21 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-02 11:17 . 2016-02-02 11:17 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-02-01 12:08 . 2016-02-01 12:08 450504 ----a-w- c:\windows\system32\drivers\ukspzswr.sys
2016-02-01 11:46 . 2016-02-01 11:46 450504 ----a-w- c:\windows\system32\drivers\gmcrcqji.sys
2016-02-01 11:27 . 2016-02-01 11:27 450504 ----a-w- c:\windows\system32\drivers\rvvnsvba.sys
2016-02-01 11:24 . 2016-02-01 11:24 450504 ----a-w- c:\windows\system32\drivers\mtlmszsf.sys
2016-02-01 11:24 . 2016-02-01 11:24 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2016-01-31 12:23 . 2016-01-31 12:23 450504 ----a-w- c:\windows\system32\drivers\nfxldmzn.sys
2016-01-29 17:20 . 2016-01-29 17:20 450504 ----a-w- c:\windows\system32\drivers\wxdjdoqt.sys
2016-01-29 17:16 . 2016-01-29 17:16 450504 ----a-w- c:\windows\system32\drivers\ylajpnkt.sys
2016-01-29 13:34 . 2016-01-29 13:34 450504 ----a-w- c:\windows\system32\drivers\tnpodtrx.sys
2016-01-29 13:34 . 2016-01-29 13:34 450504 ----a-w- c:\windows\system32\drivers\mhrhhdnm.sys
2016-01-27 09:52 . 2002-01-12 15:30 3567 ----a-w- c:\windows\SysWow64\drivers\PortTalk.sys
2016-01-26 14:47 . 2016-01-26 14:47 -------- d-----w- c:\windows\system32\wbem\Framework
2016-01-17 23:01 . 2016-01-31 08:52 -------- d-----w- c:\users\PC\AppData\Local\Microsoft Games
2016-01-13 08:56 . 2015-11-25 11:02 11154520 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74C9177C-6608-4D31-8E88-061FD6B425C2}\mpengine.dll
2016-01-10 21:14 . 2016-01-06 21:37 77624 ----a-w- c:\windows\system32\drivers\eagleGet.sys
2016-01-10 21:14 . 2016-01-31 08:52 -------- d-----w- c:\users\PC\AppData\Roaming\EagleGet
2016-01-10 21:14 . 2016-01-31 08:51 -------- d-----w- c:\programdata\EagleGet
2016-01-10 21:14 . 2016-01-10 21:14 -------- d-----w- c:\program files (x86)\EagleGet
2016-01-10 02:10 . 2016-02-02 12:41 -------- d-----w- c:\program files (x86)\7-Zip
2016-01-10 02:09 . 2016-01-31 08:51 -------- d-----w- c:\programdata\Zoom Player
2016-01-10 02:09 . 2016-01-10 02:09 -------- d-----w- c:\program files (x86)\Zoom Player
2016-01-05 20:27 . 2016-01-05 20:27 47920 ----a-w- c:\windows\system32\Partizan.exe
2016-01-05 20:24 . 2016-01-31 08:51 -------- d-----w- c:\programdata\RegRun
2016-01-05 20:17 . 2016-01-05 20:17 2 --shatr- c:\windows\winstart.bat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-02 12:40 . 2015-10-10 11:38 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-02-02 12:37 . 2015-10-07 19:07 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-02-02 12:37 . 2015-10-07 19:07 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-02 12:40 . 2015-12-02 12:40 14800 ----a-w- c:\windows\WiseHDInfo64.dll
2015-12-02 12:18 . 2015-10-07 19:37 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-11-19 22:12 . 2015-11-19 22:12 92312 ----a-w- c:\windows\system32\drivers\AmUStor.sys
2015-11-19 22:12 . 2015-11-19 22:12 8 ----a-w- c:\windows\system32\CardDetect.bin
2015-11-19 22:12 . 2015-11-19 22:12 640 ----a-w- c:\windows\system32\VendorCmd0.bin
2015-11-19 22:12 . 2015-11-19 22:12 20632 ----a-w- c:\windows\system32\AmUStor.dll
2015-11-19 22:12 . 2015-11-19 22:12 1077248 ----a-w- c:\windows\system32\AmRdrIco.icl
2015-11-19 21:55 . 2015-11-19 21:55 26528 ----a-w- c:\windows\SysWow64\drivers\HWiNFO64A.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-09-16 8461224]
"EagleGet"="c:\program files (x86)\EagleGet\Eagleget.exe" [2016-01-07 1907712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-02-02 7021880]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-12-22 597040]
.
c:\users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
help_recover_instructions+cfw.html [2016-1-31 7530]
help_recover_instructions+cfw.txt [2016-1-31 2200]
help_recover_instructions+ece.html [2016-1-30 7530]
help_recover_instructions+ece.txt [2016-1-30 2200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
help_recover_instructions+cfw.html [2016-1-31 7530]
help_recover_instructions+cfw.txt [2016-1-31 2200]
help_recover_instructions+ece.html [2016-1-30 7530]
help_recover_instructions+ece.txt [2016-1-30 2200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R3 AndnetBus;LGE Mobile USB Composite Device;c:\windows\system32\DRIVERS\lgandnetbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetbus64.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe;c:\programdata\MobileBrServ\mbbservice.exe [x]
R3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys;c:\windows\SYSNATIVE\Drivers\PortTalk.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\PC\Desktop\OpenHardwareMonitor\OpenHardwareMonitor.sys;c:\users\PC\Desktop\OpenHardwareMonitor\OpenHardwareMonitor.sys [x]
R3 WiseHDInfo;WiseHDInfo;c:\windows\WiseHDInfo64.dll;c:\windows\WiseHDInfo64.dll [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 egGetSvc;egGetSvc;c:\program files (x86)\EagleGet\EGMonitor.exe;c:\program files (x86)\EagleGet\EGMonitor.exe [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
S3 eagleGet;eagleGet;c:\windows\system32\Drivers\eagleGet.sys;c:\windows\SYSNATIVE\Drivers\eagleGet.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2016-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-07 12:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-02-02 11:54 873304 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with EagleGet - c:\program files (x86)\EagleGet\IEGraberBHO.dll/202
IE: Download with EagleGet - c:\program files (x86)\EagleGet\IEGraberBHO.dll/201
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\fhrs4jei.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} - c:\users\PC\AppData\Local\28500\Updater.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-02-02 14:46:04
ComboFix-quarantined-files.txt 2016-02-02 13:46
.
Pre-Run: 69,142,560,768 bytes free
Post-Run: 69,083,930,624 bytes free
.
- - End Of File - - 75113F8984BE993A8028FEB952C12FF4
8F558EB6672622401DA993E1E865C861








https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Dopuna: 02 Feb 2016 15:00

eto da prebacim sve na jedno mesto...ali neke video snimke pokazuje...tako da je ok...ostalo ima toliko pa sad dok se snadjem...trebace vremena...bar neke video snimke da mu sacuvam..pa posle sve na diskove..