Provjera laptopa

Provjera laptopa

offline
  • Pridružio: 14 Okt 2012
  • Poruke: 3611
  • Gde živiš: Herceg Novi

Imala sam problem sa laptopom Toshiba Satellite C660, Windows 7 / 64-bit. Temu sam otvorila + ovde i zahvaljujući Slobu, laptop sada radi super. Kako moram ispoštovati sve njegove preporuke, evo me kod vas. smešak

Samo da napomenem da sam koristila MBAM (nije ništa našao), a Avira jeste jednu bubicu.



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Ljilja (administrator) on LJILJA-PC on 25-03-2015 17:54:50
Running from C:\Users\Ljilja\Desktop
Loaded Profiles: Ljilja & (Available profiles: Ljilja)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-1503208027-2844097221-2948931502-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000 -> DefaultScope {35D572E1-74D8-4E8C-9B9C-9DBE726E62CC} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000 -> {35D572E1-74D8-4E8C-9B9C-9DBE726E62CC} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {35D572E1-74D8-4E8C-9B9C-9DBE726E62CC} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {35D572E1-74D8-4E8C-9B9C-9DBE726E62CC} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-31] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-31] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553530000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default
FF Homepage: https://www.google.me/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-22] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-31] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-22] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-23] (Apple Inc.)
FF Extension: EHTip - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\ehtip@robertkatic [2014-05-02]
FF Extension: Reader - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\{20068ab2-1901-4140-9f3c-81207d4dacc4}.xpi [2015-03-21]
FF Extension: Video DownloadHelper - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-11]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon

Chrome:
=======
CHR HomePage: Default -> hxxp://google.me/
CHR StartupUrls: Default -> "hxxp://google.me/", "hxxp://www.default-search.net?sid=476&aid=104&itype=n&ver=11471&tm=262&src=hmp"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll ()
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 8.0.310.13) - C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 8 U31) - C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll ()
CHR Profile: C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-01-31]
CHR Extension: (Google+) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2014-02-21]
CHR Extension: (Translate Selected Text) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbimffnjoeobhjhochngikepgfejjmgj [2015-01-31]
CHR Extension: (AdBlock) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (EHTip) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbkkdecpgcebkfblliledlcinoeeing [2014-01-22]
CHR Extension: (Google Wallet) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kfejhbidgehdoaglokpfddkmiepmhcck] - No Path Or update_url value

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992504 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2013-12-18] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-12-18] (Bytemobile, Inc.) [File not signed]
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-01-02] (GFI Software)
R1 QbikHkVista; C:\Windows\System32\DRIVERS\QbikHkVistaamd64.sys [243904 2013-03-07] ()
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-12-18] (Bytemobile, Inc.) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-20] ()
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
U4 vsserv; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 17:54 - 2015-03-25 17:55 - 00020538 _____ () C:\Users\Ljilja\Desktop\FRST.txt
2015-03-25 17:54 - 2015-03-25 17:54 - 00000000 ____D () C:\FRST
2015-03-25 17:50 - 2015-03-25 17:51 - 02095616 _____ (Farbar) C:\Users\Ljilja\Desktop\FRST64.exe
2015-03-25 12:33 - 2015-03-25 14:18 - 00019969 _____ () C:\Windows\WindowsUpdate.log
2015-03-23 20:39 - 2015-03-23 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-23 17:18 - 2015-03-23 17:18 - 00003700 _____ () C:\Windows\System32\Tasks\{7DCFE1CB-8A16-4E99-828A-764137AB2E00}
2015-03-23 16:41 - 2015-03-23 16:41 - 00000000 ____D () C:\Users\Public\Documents\Adobe PDF
2015-03-23 16:19 - 2015-03-23 16:19 - 00000000 ____D () C:\Users\Ljilja\Documents\My Palettes
2015-03-23 16:18 - 2015-03-23 16:18 - 00000000 ____D () C:\Users\Ljilja\Documents\Corel
2015-03-22 20:54 - 2015-03-22 20:54 - 00862492 _____ () C:\Users\Ljilja\Desktop\hn.mp4
2015-03-22 17:57 - 2015-03-22 17:57 - 00000000 ____D () C:\Program Files\Hitman Pro 3.5
2015-03-22 14:18 - 2015-03-22 14:18 - 00000000 ____D () C:\Users\Ljilja\Documents\Simply Super Software
2015-03-22 11:20 - 2015-03-22 11:23 - 00007597 _____ () C:\Users\Ljilja\AppData\Local\Resmon.ResmonCfg
2015-03-22 09:48 - 2015-03-22 09:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-22 09:08 - 2015-03-22 09:08 - 00033184 _____ () C:\Users\Ljilja\AppData\Local\recently-used.xbel
2015-03-21 18:12 - 2015-03-21 18:12 - 04499622 _____ () C:\Users\Ljilja\Desktop\Pufosenia Facebook.mp4
2015-03-21 15:50 - 2015-03-21 15:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-20 16:10 - 2015-03-20 16:11 - 11802408 _____ () C:\Users\Ljilja\Downloads\SAS_41157.COM
2015-03-20 13:08 - 2015-03-20 13:48 - 00000000 ____D () C:\AdwCleaner
2015-03-19 20:37 - 2015-03-19 20:38 - 07358040 _____ () C:\Users\Ljilja\Downloads\14288_1176447642_HDDRegenerator (1).zip
2015-03-19 18:01 - 2015-03-19 18:02 - 07358040 _____ () C:\Users\Ljilja\Downloads\14288_1176447642_HDDRegenerator.zip
2015-03-19 17:46 - 2015-03-22 19:35 - 00000000 ____D () C:\Users\Ljilja\Desktop\program c
2015-03-14 23:52 - 2015-03-14 23:52 - 03356560 _____ () C:\Users\Ljilja\Downloads\14288_1164542721_Nero_Info_Tool.zip
2015-03-14 01:05 - 2015-03-14 01:05 - 00000000 ____D () C:\ProgramData\Hitman Pro
2015-03-14 00:43 - 2015-03-20 12:09 - 00000000 ____D () C:\Program Files\HitmanPro
2015-03-13 10:10 - 2015-03-21 16:13 - 00000000 ____D () C:\Users\Ljilja\AppData\Local\Lenovo
2015-03-13 10:09 - 2015-03-21 16:12 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2015-03-13 10:09 - 2015-03-13 10:09 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2015-03-12 17:12 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 17:12 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-12 17:12 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-12 17:12 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-12 17:12 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-12 17:12 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-12 17:12 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-12 17:12 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-12 17:12 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-12 17:12 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-12 17:12 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-12 17:12 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-12 17:12 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-12 17:12 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-12 17:12 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-12 17:12 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-12 17:12 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-12 17:12 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-12 17:12 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-12 17:12 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-12 17:12 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-12 17:12 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-12 17:12 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-12 17:12 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-12 17:12 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-12 17:12 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-12 17:12 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-12 17:12 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-12 17:12 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-12 17:12 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-12 17:12 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-12 17:12 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-12 17:12 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-12 17:12 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-12 17:12 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-12 17:12 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-12 17:12 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-12 17:12 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-12 17:12 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-12 17:12 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-12 17:12 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-12 17:12 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-12 17:12 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-12 17:12 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-12 17:12 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-12 17:11 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-12 17:11 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-12 17:11 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-12 17:11 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-12 17:11 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-12 17:11 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-12 17:11 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-12 17:11 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-12 17:11 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-12 17:11 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-12 17:11 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-12 17:11 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-12 17:11 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-12 17:11 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-12 17:11 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 17:11 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-12 17:11 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-12 17:11 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-12 17:11 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 17:11 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-12 17:11 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-12 17:11 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-12 17:11 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-12 17:11 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-12 17:11 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-12 17:11 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-12 17:11 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-12 17:11 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-12 17:11 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-12 17:11 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-12 17:11 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-12 17:11 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-12 17:11 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-12 17:11 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-12 17:11 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-12 17:11 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-12 17:11 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-12 17:11 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-12 17:11 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-12 17:11 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-12 17:11 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-12 17:11 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-12 17:11 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-12 17:11 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-12 17:11 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-12 17:10 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-12 17:10 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-12 17:10 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-12 17:10 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-12 17:10 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 17:10 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-12 17:10 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-12 17:10 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-12 17:10 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-12 17:10 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-12 17:10 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-12 17:10 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-12 17:10 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-12 17:10 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-12 17:10 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-12 17:10 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-12 17:10 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-12 17:10 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-12 17:10 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-12 17:10 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-12 17:10 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-12 17:10 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-12 17:10 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-12 17:10 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-12 17:10 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-12 17:10 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-12 17:10 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-12 17:10 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-12 17:10 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-12 17:10 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-12 17:10 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-12 17:10 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-12 17:10 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-12 17:10 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 17:10 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-12 17:10 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-12 17:10 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-12 17:10 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-12 17:10 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-12 17:10 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 17:10 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-12 17:10 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-12 17:10 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-12 17:10 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 17:10 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-12 17:10 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-12 17:10 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-12 17:10 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-12 17:10 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-12 17:10 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-12 17:10 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-12 17:10 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 17:10 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-12 17:09 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 17:09 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-12 17:09 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-12 17:09 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 17:09 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-12 17:09 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-12 17:09 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-12 17:09 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-12 17:09 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 17:09 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-12 17:09 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 17:09 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-12 17:09 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-12 17:09 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 17:09 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-12 17:09 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 17:09 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-12 17:09 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 17:09 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-12 17:09 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-12 17:09 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-12 17:09 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-12 17:09 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-12 17:09 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 17:09 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-12 17:09 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-12 17:09 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 17:09 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-12 17:09 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-12 17:09 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-12 17:09 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-12 17:09 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-12 17:09 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-12 17:09 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 17:09 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-12 17:09 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-12 17:09 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-12 17:09 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-12 17:09 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-12 17:09 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-12 17:09 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 17:09 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-12 17:09 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-12 17:09 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 17:09 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 17:09 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-12 17:09 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-12 17:09 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-12 17:09 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 17:09 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-12 17:09 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-12 17:09 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-12 17:09 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 17:09 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-12 17:09 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-12 17:09 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-12 17:09 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-12 17:03 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 17:03 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 18:08 - 2015-03-14 00:49 - 00000000 ____D () C:\Users\Ljilja\dwhelper
2015-03-10 08:11 - 2015-03-10 08:11 - 00000000 ____D () C:\Users\Ljilja\Tracing
2015-03-07 12:28 - 2015-03-07 15:03 - 00001908 _____ () C:\Users\Ljilja\Desktop\Blender.lnk
2015-03-07 11:36 - 2015-03-07 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
2015-03-07 11:36 - 2015-03-07 11:36 - 00000000 ____D () C:\Program Files\Blender Foundation
2015-03-07 11:27 - 2015-03-07 11:29 - 64542509 _____ () C:\Users\Ljilja\Downloads\blender-2.73a-windows64.exe
2015-03-04 22:43 - 2015-03-04 22:43 - 00018759 _____ () C:\Users\Ljilja\Downloads\animstack.zip
2015-03-03 10:01 - 2009-12-31 18:38 - 04129895 _____ () C:\Gimp-GAP-2.6.0-Setup.exe
2015-03-03 09:28 - 2015-03-03 09:28 - 00003148 _____ () C:\Windows\System32\Tasks\{C1F358EC-916E-4BD3-AC69-83F2165B73B5}
2015-03-03 09:26 - 2015-03-03 09:26 - 00000000 ____D () C:\Program Files\share
2015-03-03 09:26 - 2015-03-03 09:26 - 00000000 ____D () C:\Program Files\lib
2015-03-01 10:25 - 2015-03-01 10:26 - 00000000 ____D () C:\Users\Ljilja\Downloads\Dodaci za GIMP_pluginovi
2015-02-28 00:32 - 2015-03-22 19:37 - 00000000 ____D () C:\Users\Ljilja\Desktop\suđenje karnevalu
2015-02-26 18:01 - 2015-03-19 18:01 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll
2015-02-26 12:20 - 2015-02-26 12:20 - 00002217 _____ () C:\Users\Public\Desktop\CrazyTalk v6.21 PRO.lnk
2015-02-26 12:19 - 2015-02-26 12:19 - 00000074 __RSH () C:\Windows\CT6PRET.BIN
2015-02-26 12:19 - 2015-02-26 12:19 - 00000000 ____D () C:\ProgramData\Reallusion
2015-02-26 12:19 - 2015-02-26 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reallusion
2015-02-26 12:14 - 2015-02-26 12:14 - 00000000 ____D () C:\Users\Ljilja\AppData\Roaming\InstallShield
2015-02-25 18:02 - 2015-02-25 18:02 - 00239104 _____ (AV Security Software) C:\Windows\mlwps.exe
2015-02-25 18:01 - 2015-02-25 18:01 - 00003260 _____ () C:\Windows\System32\Tasks\Grand Panda Updater
2015-02-25 18:01 - 2015-02-25 18:01 - 00000000 _____ () C:\Users\Ljilja\AppData\Roaming\3C79.tmp
2015-02-24 21:06 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-24 21:06 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-23 21:46 - 2015-03-05 10:54 - 00000000 ____D () C:\Users\Ljilja\.thumbnails
2015-02-23 19:46 - 2015-02-23 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2015-02-23 19:46 - 2015-02-23 19:46 - 00000000 ____D () C:\Program Files (x86)\Xvid
2015-02-23 19:46 - 2014-04-08 21:51 - 00706048 _____ () C:\Windows\system32\xvidcore.dll
2015-02-23 19:46 - 2014-04-08 21:51 - 00251392 _____ () C:\Windows\system32\xvidvfw.dll
2015-02-23 19:46 - 2014-04-08 21:51 - 00169984 _____ () C:\Windows\system32\xvid.ax
2015-02-23 19:46 - 2014-04-08 21:50 - 00632320 _____ () C:\Windows\SysWOW64\xvidcore.dll
2015-02-23 19:46 - 2014-04-08 21:50 - 00235520 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2015-02-23 19:46 - 2014-04-08 21:50 - 00147456 _____ () C:\Windows\SysWOW64\xvid.ax
2015-02-23 19:41 - 2015-02-23 19:41 - 11261576 _____ (Xvid Team) C:\Users\Ljilja\Downloads\Xvid-1.3.3-20140407.exe
2015-02-23 19:06 - 2015-02-23 19:06 - 00000000 ____D () C:\Users\Ljilja\AppData\Roaming\Reallusion
2015-02-23 14:41 - 2015-02-26 12:18 - 00000000 ____D () C:\Users\Public\Documents\Reallusion
2015-02-23 13:48 - 2015-02-26 12:18 - 00000000 ____D () C:\Program Files (x86)\Reallusion
2015-02-23 13:48 - 2014-05-13 08:52 - 00000147 _____ () C:\Windows\CT7PRET.BIN
2015-02-23 13:41 - 2015-02-23 13:41 - 00003308 _____ () C:\Windows\System32\Tasks\{AD766E01-230E-48FB-8E01-FA5E0343FE94}
2015-02-23 11:28 - 2015-02-23 11:28 - 00011108 _____ () C:\Users\Ljilja\Downloads\[kickass.to]crazytalk.pro.6.21.build.1921.1.(zabranjeno).torrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 17:20 - 2015-02-08 22:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-25 16:58 - 2012-12-23 22:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-25 14:30 - 2014-05-29 19:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-25 14:20 - 2012-12-23 22:09 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-25 14:20 - 2012-12-23 22:09 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-25 14:20 - 2012-12-23 22:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-25 12:38 - 2009-07-14 05:45 - 00023824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-25 12:38 - 2009-07-14 05:45 - 00023824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-25 12:30 - 2015-02-08 22:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-25 12:30 - 2013-08-19 18:16 - 00000000 ____D () C:\ProgramData\MCShield
2015-03-25 12:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-25 12:27 - 2015-02-16 23:26 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1FD0BBB3-F82C-4D61-ADB8-2F3A4AD35621}
2015-03-25 12:27 - 2013-08-29 14:07 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-03-25 12:24 - 2009-07-14 06:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-23 22:23 - 2013-01-09 22:06 - 00000069 _____ () C:\Windows\NeroDigital.ini
2015-03-23 20:42 - 2013-09-20 15:27 - 00000000 ____D () C:\Users\Ljilja\AppData\Roaming\uTorrent
2015-03-23 20:42 - 2013-01-06 18:12 - 00000000 ____D () C:\Users\Ljilja\AppData\Roaming\PhotoScape
2015-03-23 20:38 - 2012-12-22 19:33 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-03-23 20:21 - 2014-11-13 11:09 - 00000000 ____D () C:\Program Files (x86)\VITSOFT
2015-03-23 20:17 - 2014-12-04 21:30 - 00032768 ____H () C:\Users\Ljilja\Desktop\photothumb.db
2015-03-23 20:13 - 2013-02-27 13:52 - 00000000 ____D () C:\Windows\pss
2015-03-23 17:20 - 2015-02-15 20:17 - 00000000 ____D () C:\Users\Ljilja\AppData\Local\Adobe
2015-03-23 17:19 - 2015-02-19 19:30 - 00000000 ____D () C:\Users\Ljilja\AppData\Roaming\Adobe
2015-03-23 17:12 - 2014-02-23 20:19 - 00000000 ____D () C:\Users\Ljilja\AppData\Local\CrashDumps
2015-03-23 16:16 - 2014-11-15 18:27 - 00000000 ____D () C:\Users\Ljilja\AppData\Roaming\Thinstall
2015-03-23 15:54 - 2012-12-27 17:15 - 00000000 ____D () C:\Users\Ljilja\AppData\Roaming\gtk-2.0
2015-03-23 15:34 - 2015-02-04 22:54 - 00000000 ___RD () C:\Users\Ljilja\Desktop\fotošop
2015-03-22 18:16 - 2015-01-22 13:34 - 00001052 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Flash CS4 Professional.lnk
2015-03-22 18:14 - 2015-02-21 12:17 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-22 18:14 - 2015-01-22 13:32 - 00002294 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit.lnk
2015-03-22 18:12 - 2015-02-17 14:37 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-03-22 18:11 - 2015-01-22 13:29 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
2015-03-22 14:27 - 2015-01-31 20:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-22 12:47 - 2013-01-19 17:20 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-22 11:19 - 2014-04-22 10:02 - 00000000 ____D () C:\Users\Ljilja\.gimp-2.8
2015-03-22 09:08 - 2013-07-28 12:39 - 00000000 ____D () C:\Users\Ljilja\AppData\Local\gtk-2.0
2015-03-22 08:55 - 2013-10-28 14:17 - 00000000 ___RD () C:\Users\Ljilja\Desktop\gimp-painter
2015-03-21 15:49 - 2013-01-11 11:53 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-21 13:20 - 2012-12-22 20:11 - 00000000 ____D () C:\Users\Ljilja\AppData\Roaming\Skype
2015-03-20 13:22 - 2015-02-06 18:50 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-19 22:04 - 2013-01-31 18:36 - 00000000 ____D () C:\ProgramData\Temp
2015-03-16 20:16 - 2015-02-13 00:27 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-15 22:41 - 2015-02-13 00:27 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-14 02:17 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-14 00:41 - 2015-02-06 20:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-13 10:09 - 2014-03-26 17:39 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-03-13 00:45 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-12 23:29 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-12 21:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 17:47 - 2009-07-14 05:45 - 05456896 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 17:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 17:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 17:35 - 2012-12-22 20:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 17:25 - 2013-09-11 22:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 17:17 - 2013-08-10 22:47 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 18:08 - 2012-12-22 18:05 - 00000000 ____D () C:\Users\Ljilja
2015-03-10 08:08 - 2014-05-15 12:20 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-10 08:08 - 2012-12-22 20:08 - 00000000 ____D () C:\ProgramData\Skype
2015-03-05 10:08 - 2013-09-16 22:08 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-05 10:08 - 2013-09-16 21:13 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-05 10:08 - 2013-09-16 21:13 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-03 14:41 - 2013-12-17 17:09 - 00000000 ____D () C:\Program Files\GIMP 2
2015-02-28 14:50 - 2013-01-06 18:55 - 00000000 ____D () C:\Users\Ljilja\AppData\Roaming\vlc
2015-02-26 12:18 - 2012-12-22 19:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

==================== Files in the root of some directories =======

2015-02-25 18:01 - 2015-02-25 18:01 - 0000000 _____ () C:\Users\Ljilja\AppData\Roaming\3C79.tmp
2013-08-01 09:05 - 2014-09-16 16:02 - 0003584 _____ () C:\Users\Ljilja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-22 09:08 - 2015-03-22 09:08 - 0033184 _____ () C:\Users\Ljilja\AppData\Local\recently-used.xbel
2015-03-22 11:20 - 2015-03-22 11:23 - 0007597 _____ () C:\Users\Ljilja\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Ljilja\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 13:15

==================== End Of Log ============================


https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Sudeći po ekstenziji, Avira je detektovala fajl smješten u nečiji karantin te stoga pusti Aviru da obavi svoje.



Arrow Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
CHR HKLM-x32\...\Chrome\Extension: [kfejhbidgehdoaglokpfddkmiepmhcck] - No Path Or update_url value
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-01-02] (GFI Software)
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

offline
  • Pridružio: 14 Okt 2012
  • Poruke: 3611
  • Gde živiš: Herceg Novi

Pozdrav, Sass Drake!

Avira je završila, i ja sam kliknula na Apply now.
Evo fixlog.txt.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Ljilja at 2015-03-26 18:31:46 Run:1
Running from C:\Users\Ljilja\Desktop
Loaded Profiles: Ljilja (Available profiles: Ljilja)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
CHR HKLM-x32\...\Chrome\Extension: [kfejhbidgehdoaglokpfddkmiepmhcck] - No Path Or update_url value
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-01-02] (GFI Software)
EmptyTemp:
*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value deleted successfully.
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => Key not found.
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000-{{472734EA-242A-422B-ADF8-83D1E48CC825} => Value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000-{{472734EA-242A-422B-ADF8-83D1E48CC825} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kfejhbidgehdoaglokpfddkmiepmhcck" => Key deleted successfully.
gfibto => Service stopped successfully.
gfibto => Service deleted successfully.
EmptyTemp: => Removed 224.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 18:31:49 ====

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Kakvo je sada stanje?


Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 14 Okt 2012
  • Poruke: 3611
  • Gde živiš: Herceg Novi

Napisano: 26 Mar 2015 20:52

Laptop radi fino, ne koči i brzo otvara stranice.
Nije detektovan malware, i evo izvještaja.

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2015.03.26.06
rootkit: v2015.02.25.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17691
Ljilja :: LJILJA-PC [administrator]

26.3.2015 20:08:50
mbar-log-2015-03-26 (20-08-50).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 388584
Time elapsed: 31 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



https://www.mycity.rs/must-login.png

Dopuna: 30 Mar 2015 22:16

@Sass Drake

Jesi li zaboravio na moju temu? smešak
Ako si, neka si, dovoljno si uradio, laptop radi dobro. Samo mi kaži mogu li ovo što sam preuzimala izbrisati (FRST64, Fixlog...) i da li mogu da ostavim ovaj MBAR i da ga povremeno koristim (imam onaj drugi), ili i njega da izbrišem?

Hvala ti puno! Ziveli

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Izvini.

To bi bilo to. Sada je sistem čist.


Arrow

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.




Idea

Možeš koristiti Malwarebytes Anti-Malware Free za periodičnu provjeru sistema umjesto MBARa.

Ko je trenutno na forumu
 

Ukupno su 623 korisnika na forumu :: 21 registrovanih, 4 sakrivenih i 598 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: ALBION101, Altay, amstel2, bojank, branko7, darios, djo97, dragoljub11987, Fog of War, ILGromovnik, Ilija Cvorovic, Klecaviks, kybonacci, moonshine, mushroom, scimitar19, Vezista2, Vlada1389, vrlenija, zlaya011, Živković