Provera Laptopa

Provera Laptopa

offline
  • Pridružio: 16 Avg 2007
  • Poruke: 315
  • Gde živiš: Srbija

Kako sam imaonogo virusa na desktop racunaru, da proverim da li mi je zarazen laptop posto cesto kopiram programe sa jednog na drugi.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-10-2014 01
Ran by Boban (administrator) on THE_RAIN on 08-10-2014 21:07:48
Running from C:\Users\Boban\Desktop
Loaded Profiles: Boban & postgres (Available profiles: Boban & postgres)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(InterVideo Inc.) C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
(Megaify Software Co., Ltd.) C:\Program Files\DriverToolkit\DriverToolkit.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Windows\vsnpstd3.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(BitTorrent Inc.) C:\Users\Boban\AppData\Roaming\uTorrent\uTorrent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [4899552 2013-01-05] (Realtek semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [8000560 2012-03-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\Utility.exe [5936984 2012-03-09] (Lenovo(beijing) Limited)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-21] (Intel Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2248080 2013-03-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\btvstack.exe [877184 2012-10-16] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\athbttray.exe [696448 2012-10-16] (Atheros Commnucations)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5110672 2013-09-12] (ESET)
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM\...\Run: [Format USB Or Flash Drive Software.exe] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [UVS11 Preload] => C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [341232 2007-07-23] (InterVideo Digital Technology Corporation)
HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\...\Run: [uTorrent] => C:\Users\Boban\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-08] (BitTorrent Inc.)
HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\...\MountPoints2: {35632f69-56c7-11e3-a021-48d22498a097} - F:\SETUP.EXE
HKU\S-1-5-21-1993937917-1451754262-3973385152-1000\...\MountPoints2: {d1906cc6-fd68-11e3-b0e4-48d22498a097} - G:\LaunchU3.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update ESET's license.lnk
ShortcutTarget: Update ESET's license.lnk -> C:\Program Files\ESET\MiNODLogin\launcher.exe (No File)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA1BE6937F82BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Boban\AppData\Roaming\Mozilla\Firefox\Profiles\kinlniph.default
FF SearchEngineOrder.3: Bing
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Boban\AppData\Roaming\Mozilla\Firefox\Profiles\kinlniph.default\searchplugins\pogodakrs.xml
FF Extension: Flash Video Downloader - YouTube Full HD Download - C:\Users\Boban\AppData\Roaming\Mozilla\Firefox\Profiles\kinlniph.default\Extensions\artur.dubovoy@gmail.com [2014-08-02]
FF Extension: NetVideoHunter - C:\Users\Boban\AppData\Roaming\Mozilla\Firefox\Profiles\kinlniph.default\Extensions\netvideohunter@netvideohunter.com [2014-07-29]
FF Extension: ImTranslator - C:\Users\Boban\AppData\Roaming\Mozilla\Firefox\Profiles\kinlniph.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013-10-13]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-25]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-12-02]
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [Not Found]

Chrome:
=======
CHR CustomProfile: C:\Users\Boban\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Boban\AppData\Local\Google\Chrome\User Data\Default\Extensions\fojfflomljfbdfdcfmiihnijjfnnakdn [2014-09-24]
CHR Extension: (Skype Click to Call) - C:\Users\Boban\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-03]
CHR Extension: (TotalPlus01-3.1V20.09) - C:\Users\Boban\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljefoakgfhcoeobgicjgejglnpfpemgb [2014-09-20]
CHR Extension: (Google Wallet) - C:\Users\Boban\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-03]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277616 2012-12-14] (Intel Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1337752 2013-09-12] (ESET)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-04-02] (Nero AG)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462088 2012-06-20] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 w7Svc; C:\Program Files\webcam 7\wService.exe [5259584 2013-11-19] (Moonware Studios) [File not signed]
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-10-16] (Atheros)
R2 postgresql-8.4; C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w [X]
S2 Update GreyGray; "C:\Program Files\GreyGray\updateGreyGray.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [24672 2011-12-15] (Lenovo Corporation)
R3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [35968 2012-10-16] (Atheros)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3097600 2013-01-23] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [299648 2012-10-16] (Atheros)
R3 btath_avdt; C:\Windows\System32\drivers\btath_avdt.sys [98432 2012-10-16] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [25728 2012-10-16] (Atheros)
R3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [148096 2012-10-16] (Atheros)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [60544 2012-10-16] (Atheros)
R3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [264704 2012-10-16] (Atheros)
R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [469632 2012-10-16] (Atheros)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [37416 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [49240 2013-09-17] (ESET)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [311696 2013-03-06] (ELAN Microelectronics Corp.)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16440 2012-12-05] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [351288 2012-12-05] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [796216 2012-12-05] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [100504 2012-11-20] (Qualcomm Atheros Co., Ltd.)
R0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-16] (Lenovo.)
R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-02] (Intel Corporation)
R0 oem-drv86; C:\Windows\System32\DRIVERS\oem-drv86.sys [28160 2014-10-08] (secr9tos) [File not signed]
S3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [242760 2013-01-16] (Realtek Semiconductor Corp.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [6367072 2013-01-05] (Realtek Semiconductor Corp.)
S3 SMIGrabber3C; C:\Windows\System32\Drivers\SmiUsbGrabber3C.sys [799232 2010-04-27] (Windows (R) Win 7 DDK provider)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10252544 2007-03-27] (Sonix Co. Ltd.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2013-11-26] (Duplex Secure Ltd.)
S3 ProcObsrv; \??\C:\Program Files\Glary Utilities 3\ProcObsrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-08 21:02 - 2014-10-08 21:02 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-10-08 20:58 - 2014-10-08 21:08 - 00017291 _____ () C:\Users\Boban\Desktop\FRST.txt
2014-10-08 20:58 - 2014-10-08 21:07 - 00000000 ____D () C:\FRST
2014-10-08 20:57 - 2014-10-08 20:57 - 01101312 _____ (Farbar) C:\Users\Boban\Desktop\FRST.exe
2014-10-07 19:33 - 2014-10-07 19:33 - 00001121 _____ () C:\Users\Public\Desktop\WebSite X5 Professional 10.lnk
2014-10-07 19:33 - 2014-10-07 19:33 - 00000000 ____D () C:\Users\Boban\AppData\Local\Incomedia
2014-10-07 19:33 - 2014-10-07 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebSite X5 v10 - Professional
2014-10-07 19:31 - 2014-10-07 19:33 - 00000000 ____D () C:\Program Files\WebSite X5 v10 - Professional
2014-10-06 20:17 - 2014-10-06 20:17 - 01721685 _____ () C:\Users\Boban\Desktop\SJ4000_Firmware_Jan-12-2014.zip
2014-10-06 20:15 - 2014-10-06 20:15 - 01745875 _____ () C:\Users\Boban\Desktop\SJ4000-FW96650A-Fix-Blank-Screen.zip
2014-10-04 18:06 - 2014-10-04 18:15 - 00000000 ____D () C:\Users\Boban\Downloads\Incomedia WebSite X5 Evolution Professional 10.1.2.42 + Template Packs
2014-10-03 19:58 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-03 19:58 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-10-03 19:28 - 2014-10-03 19:28 - 00000000 ____D () C:\Users\Boban\Desktop\thumbs
2014-10-03 19:27 - 2014-10-08 19:43 - 00000840 _____ () C:\Windows\setupact.log
2014-10-03 19:27 - 2014-10-03 19:27 - 00010910 _____ () C:\Windows\PFRO.log
2014-10-03 19:27 - 2014-10-03 19:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-03 19:27 - 2014-10-03 19:27 - 00000000 _____ () C:\asc_rdflag
2014-10-03 18:45 - 2014-10-03 18:45 - 04916224 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-03 18:45 - 2014-10-03 18:45 - 01048064 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-03 18:45 - 2014-10-03 18:45 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-10-03 18:45 - 2014-10-03 18:45 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-03 18:45 - 2014-10-03 18:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-10-03 18:45 - 2014-10-03 18:45 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-10-03 18:45 - 2014-10-03 18:45 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-10-03 18:45 - 2014-10-03 18:45 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-10-03 18:45 - 2014-10-03 18:45 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-10-03 18:45 - 2014-10-03 18:45 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-03 18:45 - 2014-10-03 18:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-10-03 18:45 - 2014-10-03 18:45 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-10-03 18:45 - 2014-10-03 18:45 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\terminpt.sys
2014-10-03 18:45 - 2014-10-03 18:45 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-10-03 18:45 - 2014-10-03 18:45 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-10-03 18:45 - 2014-10-03 18:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-10-03 18:45 - 2014-10-03 18:45 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-10-03 18:43 - 2014-02-17 13:41 - 00024384 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe
2014-10-03 18:27 - 2014-10-03 18:27 - 50708480 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2014-10-03 18:27 - 2014-10-03 18:27 - 00229376 _____ () C:\Windows\system32\config\DEFAULT.iobit
2014-10-03 18:27 - 2014-10-03 18:27 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iobit
2014-10-03 18:27 - 2014-10-03 18:27 - 00028672 _____ () C:\Windows\system32\config\SAM.iobit
2014-10-02 20:25 - 2014-10-02 20:25 - 00000000 ____D () C:\Users\Boban\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\aSc Timetables
2014-10-02 20:24 - 2014-10-03 18:10 - 00000000 ____D () C:\TimeTables
2014-10-01 15:25 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-27 10:07 - 2014-09-27 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-27 10:07 - 2014-09-27 10:07 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-25 17:35 - 2014-09-25 17:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-25 16:11 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-25 16:10 - 2014-09-26 13:23 - 00000000 ____D () C:\AdwCleaner
2014-09-24 20:33 - 2014-09-25 19:11 - 00020128 _____ () C:\podaci.xlsx
2014-09-23 21:09 - 2014-09-09 23:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 14:51 - 2014-09-23 15:30 - 00000000 ____D () C:\Users\Boban\Downloads\Adobe Photoshop CC 2014 15.1 Rus Portable by Valx
2014-09-23 14:48 - 2014-09-23 15:24 - 00000000 ____D () C:\Users\Boban\Downloads\AirSlax 5 Basic
2014-09-23 14:41 - 2014-09-23 15:52 - 00000000 ____D () C:\Users\Boban\Downloads\WebSite X5 Evolution& Professional 10.1.12.57 Final
2014-09-23 14:35 - 2014-09-23 14:35 - 00000000 ____D () C:\Users\Boban\Downloads\adwcleaner_3.310
2014-09-23 14:34 - 2014-09-23 14:35 - 00000000 ____D () C:\Users\Boban\Downloads\ProgDVB 7.06.08 Professional Edition
2014-09-23 14:33 - 2014-09-23 14:33 - 00000000 ____D () C:\Users\Boban\Downloads\SUPERAntiSPro.6.0.1146
2014-09-23 14:32 - 2014-09-23 14:32 - 00000000 ____D () C:\Users\Boban\Downloads\KMSAuto Net 2014 1.3.0 Portable
2014-09-23 14:30 - 2014-09-23 14:35 - 00000000 ____D () C:\Users\Boban\Downloads\ABBYY FineReader 12.0.101.382 Professional RePack by KpoJIuK
2014-09-23 14:29 - 2014-09-23 14:30 - 00000000 ____D () C:\Users\Boban\Downloads\Nero Burning ROM & Nero Express 2015 v.16.0.11000 RePack (& Portable) by D!akov
2014-09-22 11:55 - 2014-09-22 11:55 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit
2014-09-22 11:55 - 2014-09-22 11:55 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit
2014-09-21 22:07 - 2014-09-21 22:10 - 20761408 _____ () C:\Users\Boban\Downloads\ASC.TimeTables.2015.5.5-blox.RAR
2014-09-21 17:40 - 2014-10-05 16:21 - 00000000 ____D () C:\Raspored1
2014-09-21 17:40 - 2014-09-21 17:40 - 00000000 ____D () C:\Users\Boban\AppData\Roaming\ProductData
2014-09-21 17:37 - 2014-09-21 17:37 - 00000000 ____D () C:\Users\Boban\Downloads\aSc.TimeTables.2015.5.5
2014-09-21 17:09 - 2014-10-08 21:02 - 00000000 ____D () C:\Program Files\IObit
2014-09-21 17:09 - 2014-09-21 17:25 - 00000000 ____D () C:\ProgramData\IObit
2014-09-21 17:09 - 2014-09-21 17:09 - 00001190 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-09-21 17:09 - 2014-09-21 17:09 - 00000000 ____D () C:\ProgramData\ProductData
2014-09-21 17:09 - 2014-09-21 17:09 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-09-21 17:07 - 2014-09-21 17:09 - 00000000 ____D () C:\Users\Boban\AppData\Roaming\IObit
2014-09-21 17:04 - 2014-09-21 17:05 - 00000000 ____D () C:\Users\Boban\Downloads\Advanced SystemCare Pro 7.4.0.474 [ChingLiu]
2014-09-21 17:01 - 2014-09-21 17:01 - 00000000 ____D () C:\Users\Boban\AppData\Roaming\EMCO
2014-09-21 17:01 - 2014-09-21 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMCO
2014-09-21 17:01 - 2014-09-21 17:01 - 00000000 ____D () C:\Program Files\EMCO
2014-09-21 14:27 - 2014-09-21 14:29 - 20766461 _____ () C:\Users\Boban\Desktop\aSc.TimeTables.2015.5.5._-D.H.Crew.rar
2014-09-21 14:00 - 2014-09-21 15:01 - 00140423 _____ () C:\Users\Boban\Documents\gimnazija.roz
2014-09-20 19:35 - 2014-09-20 19:35 - 01518488 _____ (esc) C:\Users\Boban\AppData\Roaming\QHQERR.exe
2014-09-20 19:35 - 2014-09-20 19:35 - 00001338 _____ () C:\Windows\Tasks\QHQERR.job
2014-09-20 19:34 - 2014-09-20 19:35 - 23855104 _____ () C:\Users\Boban\Documents\aSc Timetables 2015 3.1 Multilingual.rar
2014-09-20 19:34 - 2014-09-20 19:34 - 01965464 _____ (esc) C:\Users\Boban\AppData\Roaming\IVISI.exe
2014-09-20 19:34 - 2014-09-20 19:34 - 00001336 _____ () C:\Windows\Tasks\IVISI.job
2014-09-20 19:12 - 2014-09-20 19:12 - 00000000 ____D () C:\Users\Boban\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ras TT 2013 Demo
2014-09-20 19:12 - 2014-09-20 19:12 - 00000000 ____D () C:\Ras TT 2013 Demo
2014-09-20 18:59 - 2014-10-03 18:10 - 00000000 ____D () C:\Users\Boban\Desktop\Dokumenta
2014-09-18 19:24 - 2014-09-18 19:24 - 00000000 ____D () C:\Program Files\Somagic
2014-09-18 19:24 - 2014-09-18 19:24 - 00000000 ____D () C:\Program Files\Common Files\Somagic
2014-09-18 19:24 - 2010-04-27 14:52 - 00799232 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\SmiUsbGrabber3C.sys
2014-09-16 23:07 - 2014-09-16 23:10 - 00000000 ____D () C:\Users\Boban\AppData\Roaming\Ulead Systems
2014-09-16 23:07 - 2014-09-16 23:07 - 00000000 ____D () C:\Users\Boban\Documents\Ulead VideoStudio
2014-09-16 23:05 - 2014-09-18 19:23 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-09-16 23:05 - 2014-09-16 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead VideoStudio 11
2014-09-16 23:05 - 2014-09-16 23:05 - 00000000 ____D () C:\ProgramData\InterVideo
2014-09-16 23:05 - 2014-09-16 23:05 - 00000000 ____D () C:\Program Files\Common Files\InterVideo
2014-09-16 23:05 - 2007-03-06 11:58 - 00210456 _____ () C:\Windows\system32\IVIresizeW7.dll
2014-09-16 23:05 - 2007-03-06 11:58 - 00206360 _____ () C:\Windows\system32\IVIresizeA6.dll
2014-09-16 23:05 - 2007-03-06 11:58 - 00198168 _____ () C:\Windows\system32\IVIresizeP6.dll
2014-09-16 23:05 - 2007-03-06 11:58 - 00198168 _____ () C:\Windows\system32\IVIresizeM6.dll
2014-09-16 23:05 - 2007-03-06 11:58 - 00194072 _____ () C:\Windows\system32\IVIresizePX.dll
2014-09-16 23:05 - 2007-03-06 11:58 - 00026136 _____ () C:\Windows\system32\IVIresize.dll
2014-09-16 23:04 - 2014-09-16 23:07 - 00000000 ____D () C:\ProgramData\Ulead Systems
2014-09-16 23:04 - 2014-09-16 23:05 - 00000000 ____D () C:\Program Files\Common Files\Ulead Systems
2014-09-16 23:04 - 2014-09-16 23:04 - 00000000 ____D () C:\Program Files\Ulead Systems
2014-09-16 22:49 - 2014-09-16 22:50 - 00000000 ____D () C:\Users\Boban\Downloads\Ulead VideoStudio Plus 11.5 + Keygen & Dolby Digital PowerPack
2014-09-16 19:02 - 2014-09-16 19:04 - 148573530 _____ () C:\Users\Boban\Downloads\Corel.Ulead.Video.Studio.11.Plus.zip
2014-09-15 20:30 - 2014-09-15 20:31 - 00000000 ____D () C:\Users\Boban\Downloads\ArcSoft ShowBiz DVD v2.1.9.67
2014-09-13 19:27 - 2014-09-13 19:27 - 00000000 ____D () C:\Users\Boban\Downloads\Ailt All Document to HTML Converter
2014-09-13 15:10 - 2014-09-13 15:10 - 00000000 ____D () C:\Program Files\GTWorks
2014-09-12 13:14 - 2014-09-21 17:49 - 00209631 _____ () C:\Users\Boban\Documents\document1.roz
2014-09-10 23:28 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 23:28 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 23:28 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 23:28 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 23:28 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 23:28 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 23:28 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 23:28 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 23:28 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 23:28 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 23:28 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 23:28 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 23:28 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 23:28 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 23:28 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 23:28 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 23:28 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 23:28 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 23:28 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 23:28 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 23:28 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 23:28 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 23:28 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 23:28 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 23:28 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 23:28 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 23:28 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 23:28 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 23:28 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 23:28 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 23:27 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 22:59 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 22:59 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 22:59 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 22:59 - 2014-07-07 03:40 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 22:59 - 2014-07-07 03:40 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 22:59 - 2014-07-07 03:40 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-10 22:59 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-08 21:07 - 2013-10-12 10:01 - 00000000 ____D () C:\Program Files\ESET
2014-10-08 21:06 - 2013-10-13 06:49 - 00000000 ____D () C:\Users\Boban\AppData\Roaming\uTorrent
2014-10-08 21:04 - 2014-06-20 13:34 - 00000000 ____D () C:\Program Files\Garmin
2014-10-08 21:03 - 2014-06-20 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-10-08 20:48 - 2013-10-12 10:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-08 19:50 - 2009-07-14 06:34 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-08 19:50 - 2009-07-14 06:34 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-08 19:46 - 2013-10-12 07:27 - 01421529 _____ () C:\Windows\WindowsUpdate.log
2014-10-08 19:44 - 2014-09-02 10:56 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-10-08 19:44 - 2014-07-30 11:23 - 00000000 ____D () C:\Users\Boban\AppData\Local\HTC MediaHub
2014-10-08 19:44 - 2014-07-28 19:27 - 00000346 _____ () C:\Windows\Tasks\DriverToolkit Autorun.job
2014-10-08 19:43 - 2013-10-12 08:23 - 00028160 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv86.sys
2014-10-08 19:43 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-08 17:08 - 2013-10-16 19:50 - 00000000 ____D () C:\ProgramData\Temp
2014-10-06 19:57 - 2009-07-14 06:53 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-06 16:56 - 2013-10-13 00:34 - 00000000 ____D () C:\Users\Boban\AppData\Roaming\vlc
2014-10-03 20:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-10-03 19:28 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-03 19:27 - 2014-03-19 20:54 - 00000000 ____D () C:\Users\postgres
2014-10-03 19:27 - 2013-10-12 07:31 - 00000000 ____D () C:\Users\Boban
2014-09-28 20:09 - 2013-10-13 11:57 - 00000000 ____D () C:\Users\Boban\AppData\Roaming\Skype
2014-09-27 10:07 - 2013-10-13 11:57 - 00000000 ___RD () C:\Program Files\Skype
2014-09-27 10:07 - 2013-10-13 11:57 - 00000000 ____D () C:\ProgramData\Skype
2014-09-26 11:43 - 2013-10-12 10:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 19:02 - 2010-11-20 23:01 - 00785794 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-23 20:10 - 2014-06-24 17:06 - 00000000 ____D () C:\Program Files\Google
2014-09-21 21:46 - 2009-07-14 06:33 - 00434048 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-21 17:25 - 2013-10-12 09:40 - 00121816 _____ () C:\Users\Boban\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-21 17:22 - 2014-02-17 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passware
2014-09-21 17:21 - 2013-10-12 08:24 - 00000000 ____D () C:\Windows\Panther
2014-09-21 17:09 - 2014-07-30 11:23 - 00000000 ____D () C:\Users\Boban\AppData\Roaming\Apple Computer
2014-09-21 16:10 - 2013-11-26 20:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-20 19:02 - 2014-08-05 15:12 - 00000000 ____D () C:\Users\Boban\Desktop\Razni Programi
2014-09-18 19:24 - 2013-10-12 09:01 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-16 22:59 - 2013-12-25 20:31 - 00000000 ____D () C:\dos
2014-09-16 18:59 - 2014-09-03 22:45 - 434432883 _____ (Incomedia s.r.l.) C:\Users\Boban\Documents\WebSite X5 Professional 10.exe
2014-09-15 09:06 - 2013-10-12 10:08 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-13 06:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-09-12 12:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-10 23:27 - 2013-10-18 18:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 23:21 - 2014-05-07 10:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 23:21 - 2013-10-18 18:00 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 21:07 - 2013-12-30 16:23 - 12902863 _____ () C:\Users\Boban\Downloads\movconverter.rar
2014-09-09 20:45 - 2013-10-12 10:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-09 20:45 - 2013-10-12 10:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-08 20:05

==================== End Of Log ============================
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow

Deinstaliraj ESET SS.



Arrow

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [Not Found]
CHR Extension: (TotalPlus01-3.1V20.09) - C:\Users\Boban\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljefoakgfhcoeobgicjgejglnpfpemgb [2014-09-20]
S2 Update GreyGray; "C:\Program Files\GreyGray\updateGreyGray.exe" [X]
C:\Program Files\GreyGray
Task: {61D3C420-B28F-4B97-B1D3-05D9773C72C7} - System32\Tasks\QHQERR => C:\Users\Boban\AppData\Roaming\QHQERR.exe [2014-09-20] (esc)
Task: {83D4851C-7E32-44F9-A984-9E64650440D1} - System32\Tasks\IVISI => C:\Users\Boban\AppData\Roaming\IVISI.exe [2014-09-20] (esc)
C:\Users\Boban\AppData\Roaming\QHQERR.exe
C:\Users\Boban\AppData\Roaming\IVISI.exe
Task: {195F4858-927A-4D7E-8200-D7BEEA90DF16} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-22] (IObit)
Task: {F9222510-234E-4DC0-8185-86AC5623BF5F} - System32\Tasks\temp_3a95060c-d465-4dba-b0b7-1ae99b53ec09-6 => C:\Program Files\TheTorntv V10\3a95060c-d465-4dba-b0b7-1ae99b53ec09-6.exe <==== ATTENTION
C:\Program Files\TheTorntv V10
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files\DriverToolkit\DriverToolkit.exe
Task: C:\Windows\Tasks\IVISI.job => C:\Users\Boban\AppData\Roaming\IVISI.exe
Task: C:\Windows\Tasks\QHQERR.job => C:\Users\Boban\AppData\Roaming\QHQERR.exe
AlternateDataStreams: C:\ProgramData\Temp:8834911E
AlternateDataStreams: C:\ProgramData\Temp:A5C00DEE
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt). Potrebno je da sadržaj fixlog.txt kopiraš na forum




Arrow Korak 3

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt



Arrow Korak 4

Preuzmi Junkware Removal Tool (JRT) i sačuvaj ga na Desktop.

Zatvori browser i ostale pokrenute programe

Privremeno deaktiviraj zaštitni softver (Uputstvo);

Dvoklikom na ikonicu () pokreni program JRT;

Kod obavještenja "Press any key" pritisnuti bilo koji taster i alat ce započeti skeniranje.
Napomena: u ovisnosti od hardvera račuanra vreme skeniranja u nekim slučajevima moze da potraje.

Kada završi otvorice se Notepad sa izvještajem koji ce biti sačuvan na Desktopu pod nazivom JRT.txt


Arrow Kopiraj sadržaj tog loga u temu.

offline
  • Pridružio: 16 Avg 2007
  • Poruke: 315
  • Gde živiš: Srbija

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-10-2014 01
Ran by Boban at 2014-10-09 14:56:43 Run:2
Running from C:\Users\Boban\Desktop
Loaded Profiles: Boban & postgres (Available profiles: Boban & postgres)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [Not Found]
CHR Extension: (TotalPlus01-3.1V20.09) - C:\Users\Boban\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljefoakgfhcoeobgicjgejglnpfpemgb [2014-09-20]
S2 Update GreyGray; "C:\Program Files\GreyGray\updateGreyGray.exe" [X]
C:\Program Files\GreyGray
Task: {61D3C420-B28F-4B97-B1D3-05D9773C72C7} - System32\Tasks\QHQERR => C:\Users\Boban\AppData\Roaming\QHQERR.exe [2014-09-20] (esc)
Task: {83D4851C-7E32-44F9-A984-9E64650440D1} - System32\Tasks\IVISI => C:\Users\Boban\AppData\Roaming\IVISI.exe [2014-09-20] (esc)
C:\Users\Boban\AppData\Roaming\QHQERR.exe
C:\Users\Boban\AppData\Roaming\IVISI.exe
Task: {195F4858-927A-4D7E-8200-D7BEEA90DF16} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-22] (IObit)
Task: {F9222510-234E-4DC0-8185-86AC5623BF5F} - System32\Tasks\temp_3a95060c-d465-4dba-b0b7-1ae99b53ec09-6 => C:\Program Files\TheTorntv V10\3a95060c-d465-4dba-b0b7-1ae99b53ec09-6.exe <==== ATTENTION
C:\Program Files\TheTorntv V10
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files\DriverToolkit\DriverToolkit.exe
Task: C:\Windows\Tasks\IVISI.job => C:\Users\Boban\AppData\Roaming\IVISI.exe
Task: C:\Windows\Tasks\QHQERR.job => C:\Users\Boban\AppData\Roaming\QHQERR.exe
AlternateDataStreams: C:\ProgramData\Temp:8834911E
AlternateDataStreams: C:\ProgramData\Temp:A5C00DEE
EmptyTemp:
*****************

C:\Program Files\IObit Apps Toolbar\FF => not found.
C:\Users\Boban\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljefoakgfhcoeobgicjgejglnpfpemgb directory not found.
Update GreyGray => Service not found.
"C:\Program Files\GreyGray" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61D3C420-B28F-4B97-B1D3-05D9773C72C7}" => Key not found.
C:\Windows\System32\Tasks\QHQERR not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QHQERR" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83D4851C-7E32-44F9-A984-9E64650440D1}" => Key not found.
C:\Windows\System32\Tasks\IVISI not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IVISI" => Key not found.
"C:\Users\Boban\AppData\Roaming\QHQERR.exe" => File/Directory not found.
"C:\Users\Boban\AppData\Roaming\IVISI.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{195F4858-927A-4D7E-8200-D7BEEA90DF16}" => Key not found.
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Administrator" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9222510-234E-4DC0-8185-86AC5623BF5F}" => Key not found.
C:\Windows\System32\Tasks\temp_3a95060c-d465-4dba-b0b7-1ae99b53ec09-6 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\temp_3a95060c-d465-4dba-b0b7-1ae99b53ec09-6" => Key not found.
"C:\Program Files\TheTorntv V10" => File/Directory not found.
C:\Windows\Tasks\DriverToolkit Autorun.job => Moved successfully.
C:\Windows\Tasks\IVISI.job not found.
C:\Windows\Tasks\QHQERR.job not found.
"C:\ProgramData\Temp" => ":8834911E" ADS not found.
"C:\ProgramData\Temp" => ":A5C00DEE" ADS not found.
EmptyTemp: => Removed 15.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Ultimate x86
Ran by Boban on Thu 10/09/2014 at 15:08:53.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update greygray
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateGreyGray_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateGreyGray_RASMANCS



~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\DriverToolkit Autorun
Successfully deleted: [File] C:\Windows\Tasks\DriverToolkit Autorun.job



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Boban\AppData\Roaming\mozilla\firefox\profiles\kinlniph.default\prefs.js

user_pref("extensions.gophoto@gophoto.it.install-event-fired", true);
Emptied folder: C:\Users\Boban\AppData\Roaming\mozilla\firefox\profiles\kinlniph.default\minidumps [212 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/09/2014 at 15:10:31.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 16 Avg 2007
  • Poruke: 315
  • Gde živiš: Srbija

nasao malware


Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.10.09.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17280
Boban :: THE_RAIN [administrator]

10/9/2014 6:09:22 PM
mbar-log-2014-10-09 (18-09-22).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 323113
Time elapsed: 7 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Default\Desktop\IMP Software\idm 6.17 build 11\Patch + Keygen.exe (RiskWare.Tool.CK) -> Delete on reboot. [fe4ad83a3a42b3831b6efe29ba4bec14]
C:\Users\postgres\Desktop\IMP Software\idm 6.17 build 11\Patch + Keygen.exe (RiskWare.Tool.CK) -> Delete on reboot. [f751e929710bfc3ac7c265c20afba25e]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.




Arrow

Instaliraj neki AV program. Ukoliko nemaš novaca ili ne želiš da ga izdvojiš za neki komercijalni AV program, na raspolaganju ti se nalaze kvalitetni besplatni AV programi poput Avast Free, AVG Free, Avira Free, Microsoft Security Essentials, Panda Cloud AV, itd.
Nemoj koristiti piratske verzije AV programa!!!

offline
  • Pridružio: 16 Avg 2007
  • Poruke: 315
  • Gde živiš: Srbija

Hvala, sve sredjeno.
Pozdrav

Ko je trenutno na forumu
 

Ukupno su 1378 korisnika na forumu :: 39 registrovanih, 9 sakrivenih i 1330 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Ageofloneliness, Boris BM, Brana01, CikaKURE, darkangel, draganca, Dukelander, dzoni19, Excalibur13, Georgius, gmlale, hyla, janbo, Kibice, kolle.the.kid, ladro, Lošmi, Luka Blažević, marsovac 2, Mcdado, mercedesamg, Metanoja, milimoj, Milometer, Misirac, Mixelotti, Nemanja.M, raptorsi, Smajser, Stanlio, stegonosa, Toper, Vlada1389, vladulns, voja64, yrraf, zbazin, zlaya011