Virus

1

Virus

offline
  • Pridružio: 10 Jan 2015
  • Poruke: 192
  • Gde živiš: Novi Sad

Napisano: 16 Mar 2016 22:07

Imam virus sve mi menja skin windowsa i u My Computer kad udjem drugacije je.Redirektuje me na neke druge stranice na browseru lokacija jednog je C:/ProgramData/cb7a8f7c/9664e7ea.dll.uradio sam skeniranje avastom boot scan ali nisam skroz jer predugo traje.nisam palio kompjuter par dana i danas kad sam ga upalio hteo sam na fb i odjednom virus je poceo da radi svoje.


mycity.rs/must-login.png

mycity.rs/must-login.png

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Dezika (administrator) on DEZIKA-PC (16-03-2016 21:52:52)
Running from C:\Users\Dezika\Desktop
Loaded Profiles: Dezika (Available Profiles: Dezika)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Popcorn Time) C:\Program Files\Popcorn Time\Updater.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Windows\System32\UMonit.exe
(Skillbrains) C:\Program Files\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avBugReport.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7137664 2016-03-12] (AVAST Software)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe
HKLM\...\Run: [UMonit] => C:\Windows\System32\UMonit.exe [53832 2015-07-09] ()
HKLM\...\Run: [Lightshot] => C:\Program Files\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-10-13] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597040 2015-12-22] (Oracle Corporation)
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\...\MountPoints2: {030dcc60-bb49-11e4-a925-0015831080cf} - G:\setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-02-11] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BlueSoleil.lnk [2015-02-09]
ShortcutTarget: BlueSoleil.lnk -> C:\Program Files\IVT Corporation\BlueSoleil\gprs.exe (IVT Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 89.216.1.40 89.216.1.50
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{2CD06948-3AC5-400C-A27A-D1047A13D5B0}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{2CD06948-3AC5-400C-A27A-D1047A13D5B0}: [DhcpNameServer] 89.216.1.40 89.216.1.50
Tcpip\..\Interfaces\{81F9879A-E5E5-45FA-B450-CA1DA5B3A68E}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{81F9879A-E5E5-45FA-B450-CA1DA5B3A68E}: [DhcpNameServer] 82.163.142.7

Internet Explorer:
==================
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11433&guid={2848FFAA-2AB5-4572-B941-ED2647408E5E}&i=
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11433&guid={2848FFAA-2AB5-4572-B941-ED2647408E5E}&i=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3609390036-2450797130-3040472919-1000 -> DefaultScope {4F55141A-0CA4-49E3-B089-4B06C118FABA} URL = hxxp://search.eshield.com/serp?guid={2848FFAA-2AB5-4572-B941-ED2647408E5E}&action=default_search&k={searchTerms}
SearchScopes: HKU\S-1-5-21-3609390036-2450797130-3040472919-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3609390036-2450797130-3040472919-1000 -> {1E0CDCD2-259B-4129-91EF-F40BC2A4DD5B} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11433
SearchScopes: HKU\S-1-5-21-3609390036-2450797130-3040472919-1000 -> {4F55141A-0CA4-49E3-B089-4B06C118FABA} URL = hxxp://search.eshield.com/serp?guid={2848FFAA-2AB5-4572-B941-ED2647408E5E}&action=default_search&k={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_72\bin\ssv.dll [2016-01-30] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-11] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_72\bin\jp2ssv.dll [2016-01-30] (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: WSISVCUchrome - No CLSID Value -

FireFox:
========
FF ProfilePath: C:\Users\Dezika\AppData\Roaming\Mozilla\Firefox\Profiles\yy0bgpfp.default-1433615665144
FF NewTab:
FF DefaultSearchEngine: eShield Safe Web
FF Homepage: hxxps://www.google.rs/?gws_rd=cr&ei=0T1zVZDJCsqTsgGP-oCICQ
about:preferences
FF Keyword.URL: hxxp://search.eshield.com/serp?guid={2848FFAA-2AB5-4572-B941-ED2647408E5E}&action=default_search&k=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-13] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.72.2 -> C:\Program Files\Java\jre1.8.0_72\bin\dtplugin\npDeployJava1.dll [2016-01-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.72.2 -> C:\Program Files\Java\jre1.8.0_72\bin\plugin2\npjp2.dll [2016-01-30] (Oracle Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3609390036-2450797130-3040472919-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dezika\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Dezika\AppData\Roaming\Mozilla\Firefox\Profiles\yy0bgpfp.default-1433615665144\user.js [2016-02-24]
FF SearchPlugin: C:\Users\Dezika\AppData\Roaming\Mozilla\Firefox\Profiles\yy0bgpfp.default-1433615665144\searchplugins\facebook.xml [2016-02-15]
FF Extension: Adblock Plus - C:\Users\Dezika\AppData\Roaming\Mozilla\Firefox\Profiles\yy0bgpfp.default-1433615665144\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF Extension: YouTube Flash Video Player - C:\Users\Dezika\AppData\Roaming\Mozilla\Firefox\Profiles\yy0bgpfp.default-1433615665144\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2016-03-13]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-13] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-12]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-12]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-11]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-11] (AVAST Software)
S4 BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [166520 2007-12-27] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2015-10-13] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-10-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19775632 2015-10-13] (NVIDIA Corporation)
S4 Start BT in service; C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [51816 2007-12-27] ()
R2 Update service; C:\Program Files\Popcorn Time\Updater.exe [339968 2015-07-17] (Popcorn Time) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-02-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-03-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-02-11] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-02-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-03-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-02-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [127432 2016-02-11] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [38984 2015-02-12] (The OpenVPN Project)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221240 2016-02-11] (AVAST Software)
R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [34312 2007-06-24] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [27656 2007-06-24] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [38920 2007-06-24] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2015-02-23] (Disc Soft Ltd)
R3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [105392 2015-07-09] (GenesysLogic)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2015-10-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2015-10-13] (NVIDIA Corporation)
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-16 21:52 - 2016-03-16 21:53 - 00014074 _____ C:\Users\Dezika\Desktop\FRST.txt
2016-03-16 21:52 - 2016-03-16 21:52 - 00000000 ____D C:\FRST
2016-03-16 21:51 - 2016-03-16 21:51 - 01725440 _____ (Farbar) C:\Users\Dezika\Desktop\FRST.exe
2016-03-16 18:59 - 2016-03-16 18:59 - 00000000 ____D C:\ProgramData\eccebb83-6dc3-0
2016-03-16 18:59 - 2016-03-16 18:59 - 00000000 ____D C:\ProgramData\cb7a8f7c
2016-03-16 18:59 - 2016-03-16 18:59 - 00000000 ____D C:\ProgramData\{254fb608-212c-1}
2016-03-16 18:59 - 2016-03-16 18:59 - 00000000 ____D C:\ProgramData\{202938bc-412c-1}
2016-03-16 18:59 - 2016-03-16 18:59 - 00000000 ____D C:\ProgramData\{1c052d84-312c-0}
2016-03-16 18:59 - 2016-03-16 18:59 - 00000000 ____D C:\ProgramData\{02fa7eb7-112c-0}
2016-03-16 18:57 - 2016-03-16 18:57 - 00057960 _____ C:\Users\Dezika\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-16 18:55 - 2016-03-16 18:55 - 00266272 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-13 10:29 - 2016-03-13 16:38 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-13 00:17 - 2016-03-16 21:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-13 00:17 - 2016-03-13 00:19 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-03-13 00:17 - 2016-03-13 00:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-03-12 16:28 - 2016-02-19 19:50 - 00034240 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-12 16:28 - 2016-02-19 19:41 - 00958464 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-12 16:28 - 2016-02-19 15:07 - 01206784 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-12 16:28 - 2016-02-11 15:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-12 16:28 - 2016-02-05 15:07 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-12 16:28 - 2016-02-05 15:07 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-12 16:28 - 2016-02-05 15:07 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-12 16:28 - 2016-02-03 18:59 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-12 16:27 - 2016-02-12 19:39 - 02956288 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-12 16:27 - 2016-02-12 19:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-12 16:27 - 2016-02-12 19:26 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-12 16:27 - 2016-02-12 19:07 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-12 16:27 - 2016-02-12 19:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-12 16:27 - 2016-02-12 19:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-12 16:27 - 2016-02-12 19:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-12 16:27 - 2016-02-12 19:05 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-12 16:27 - 2016-02-12 19:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-12 16:27 - 2016-02-12 19:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-12 16:27 - 2016-02-12 19:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-12 16:27 - 2016-02-11 19:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-03-12 16:27 - 2016-02-11 19:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-12 16:27 - 2016-02-11 19:44 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-12 16:27 - 2016-02-11 19:44 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-12 16:27 - 2016-02-11 19:41 - 01310232 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-12 16:27 - 2016-02-11 19:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-12 16:27 - 2016-02-11 19:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-12 16:27 - 2016-02-11 19:37 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-12 16:27 - 2016-02-11 19:37 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-12 16:27 - 2016-02-11 19:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-12 16:27 - 2016-02-11 19:37 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-12 16:27 - 2016-02-11 19:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-12 16:27 - 2016-02-11 19:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-12 16:27 - 2016-02-11 19:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-12 16:27 - 2016-02-11 19:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-12 16:27 - 2016-02-11 19:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-12 16:27 - 2016-02-11 19:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-12 16:27 - 2016-02-11 19:33 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-12 16:27 - 2016-02-11 19:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-12 16:27 - 2016-02-11 19:31 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-12 16:27 - 2016-02-11 19:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-12 16:27 - 2016-02-11 19:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-12 16:27 - 2016-02-11 19:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-12 16:27 - 2016-02-11 19:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-12 16:27 - 2016-02-11 18:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-12 16:27 - 2016-02-11 18:37 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-12 16:27 - 2016-02-11 18:32 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-12 16:27 - 2016-02-11 18:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-12 16:27 - 2016-02-11 18:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-12 16:27 - 2016-02-11 18:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-12 16:27 - 2016-02-11 18:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-12 16:27 - 2016-02-11 18:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-12 16:27 - 2016-02-11 18:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-12 16:27 - 2016-02-09 10:50 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-12 16:27 - 2016-02-05 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-12 16:27 - 2016-02-05 19:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-12 16:27 - 2016-02-05 19:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-12 16:27 - 2016-02-05 18:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-12 16:27 - 2016-02-05 18:43 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-12 16:27 - 2016-02-04 19:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-12 16:27 - 2016-02-04 18:46 - 02387456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-12 16:25 - 2016-02-03 19:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-12 16:25 - 2016-02-03 19:49 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2016-03-12 16:25 - 2016-02-03 19:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-12 16:16 - 2016-02-09 07:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-12 16:16 - 2016-02-08 22:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-12 16:16 - 2016-02-08 21:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-12 16:16 - 2016-02-08 21:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-12 16:16 - 2016-02-08 21:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-12 16:16 - 2016-02-08 21:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-12 16:16 - 2016-02-08 21:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-12 16:16 - 2016-02-08 21:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-12 16:16 - 2016-02-08 21:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-12 16:16 - 2016-02-08 21:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-12 16:16 - 2016-02-08 21:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-12 16:16 - 2016-02-08 21:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-12 16:16 - 2016-02-08 21:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-12 16:16 - 2016-02-08 21:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-12 16:16 - 2016-02-08 21:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-12 16:16 - 2016-02-08 21:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-12 16:16 - 2016-02-08 21:28 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-12 16:16 - 2016-02-08 21:23 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-12 16:16 - 2016-02-08 21:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-12 16:16 - 2016-02-08 21:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-12 16:16 - 2016-02-08 21:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-12 16:16 - 2016-02-08 21:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-12 16:16 - 2016-02-08 21:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-12 16:16 - 2016-02-08 21:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-12 16:16 - 2016-02-08 21:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-12 16:16 - 2016-02-08 21:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-12 16:16 - 2016-02-08 21:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-12 16:16 - 2016-02-08 21:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-12 16:16 - 2016-02-08 21:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-12 16:16 - 2016-02-08 21:02 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-12 16:16 - 2016-02-08 21:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-12 16:16 - 2016-02-08 21:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-12 16:16 - 2016-02-08 20:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-12 16:16 - 2016-02-08 20:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-12 16:16 - 2016-02-08 20:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-12 16:15 - 2016-02-09 10:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-12 16:15 - 2016-02-09 10:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-12 16:15 - 2016-02-09 10:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-12 16:15 - 2016-02-09 10:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-12 16:15 - 2016-02-09 10:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-12 16:15 - 2015-11-19 15:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-12 16:15 - 2015-11-19 15:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-12 16:15 - 2015-11-19 15:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-12 16:15 - 2015-11-19 15:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-12 16:15 - 2015-11-19 15:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-12 16:15 - 2015-11-19 15:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-12 16:15 - 2015-11-19 15:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-12 16:15 - 2015-11-19 15:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-12 16:15 - 2015-11-19 15:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-12 16:15 - 2015-11-19 15:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-12 16:15 - 2015-11-19 15:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-12 16:15 - 2015-11-19 15:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-12 16:15 - 2015-11-19 15:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-12 16:15 - 2015-11-19 15:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-12 16:15 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-12 16:15 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-12 16:15 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-12 16:15 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-12 16:15 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-12 16:15 - 2015-11-19 15:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-12 16:15 - 2015-11-19 15:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-12 16:15 - 2015-11-19 15:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-12 16:15 - 2015-11-19 15:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-02-28 15:31 - 2016-02-28 15:31 - 00001172 _____ C:\Users\Public\Desktop\Crysis 2.lnk
2016-02-28 15:31 - 2016-02-28 15:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\v1nt
2016-02-27 20:58 - 2016-02-27 20:58 - 00000000 ____D C:\Users\Dezika\AppData\LocalLow\uTorrent
2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-26 16:07 - 2016-02-28 15:01 - 00000000 ____D C:\Program Files\Rockstar Games
2016-02-24 23:23 - 2016-02-24 23:23 - 00000000 ____D C:\Program Files\Ubisoft
2016-02-24 19:48 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-02-24 19:48 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-02-24 19:48 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-02-24 16:04 - 2016-03-16 19:00 - 00000000 ____D C:\ProgramData\19f69ac9-6425-1
2016-02-24 16:04 - 2016-03-16 18:59 - 00000000 ____D C:\ProgramData\19f69ac9-1337-0
2016-02-24 00:59 - 2016-02-24 19:31 - 00000000 ____D C:\ProgramData\Electronic Arts
2016-02-24 00:59 - 2016-02-24 00:59 - 00000000 ____D C:\ProgramData\EA Core
2016-02-23 22:22 - 2016-02-23 22:22 - 00000000 ____D C:\Users\Dezika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serious Sam 2 Patch 2.066.00
2016-02-23 22:03 - 2016-02-23 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serious Sam 2
2016-02-23 22:03 - 2016-02-23 22:03 - 00000773 _____ C:\Users\Dezika\Desktop\Serious Sam 2.lnk
2016-02-23 22:03 - 2016-02-23 22:03 - 00000000 ____D C:\Users\Dezika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serious Sam 2
2016-02-23 21:44 - 2016-02-23 21:44 - 00000000 ____D C:\Users\Dezika\AppData\Roaming\ProductData
2016-02-23 21:43 - 2016-02-23 21:44 - 00000000 ____D C:\Users\Dezika\AppData\LocalLow\IObit
2016-02-23 21:43 - 2016-02-23 21:43 - 00000000 ____D C:\ProgramData\ProductData
2016-02-23 21:42 - 2016-02-23 21:43 - 00000000 ____D C:\Users\Dezika\AppData\Roaming\IObit
2016-02-15 21:32 - 1997-06-02 12:32 - 00314880 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2016-02-15 21:29 - 2016-02-15 21:29 - 00000000 __RSH C:\MSDOS.SYS
2016-02-15 21:29 - 2016-02-15 21:29 - 00000000 __RSH C:\IO.SYS
2016-02-15 20:31 - 2016-02-15 20:31 - 00000000 ____D C:\Users\Dezika\AppData\Local\SKIDROW

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-16 21:47 - 2015-05-15 21:28 - 00663768 _____ C:\Windows\system32\perfh01D.dat
2016-03-16 21:47 - 2015-05-15 21:28 - 00142582 _____ C:\Windows\system32\perfc01D.dat
2016-03-16 21:47 - 2015-05-15 21:10 - 00428472 _____ C:\Windows\system32\perfh012.dat
2016-03-16 21:47 - 2015-05-15 21:10 - 00120492 _____ C:\Windows\system32\perfc012.dat
2016-03-16 21:47 - 2015-05-15 18:05 - 00416826 _____ C:\Windows\system32\perfh011.dat
2016-03-16 21:47 - 2015-05-15 18:05 - 00122208 _____ C:\Windows\system32\perfc011.dat
2016-03-16 21:47 - 2015-05-15 17:29 - 00481550 _____ C:\Windows\system32\perfh00B.dat
2016-03-16 21:47 - 2015-05-15 17:29 - 00101628 _____ C:\Windows\system32\perfc00B.dat
2016-03-16 21:47 - 2015-05-15 16:58 - 00743546 _____ C:\Windows\system32\perfh013.dat
2016-03-16 21:47 - 2015-05-15 16:58 - 00153210 _____ C:\Windows\system32\perfc013.dat
2016-03-16 21:47 - 2015-05-15 16:46 - 00494562 _____ C:\Windows\system32\perfh014.dat
2016-03-16 21:47 - 2015-05-15 16:46 - 00095512 _____ C:\Windows\system32\perfc014.dat
2016-03-16 21:47 - 2015-05-15 16:17 - 00607036 _____ C:\Windows\system32\perfh008.dat
2016-03-16 21:47 - 2015-05-15 16:17 - 00111236 _____ C:\Windows\system32\perfc008.dat
2016-03-16 21:47 - 2015-05-15 15:59 - 00740094 _____ C:\Windows\system32\perfh010.dat
2016-03-16 21:47 - 2015-05-15 15:59 - 00146954 _____ C:\Windows\system32\perfc010.dat
2016-03-16 21:47 - 2015-05-15 15:49 - 00668888 _____ C:\Windows\system32\perfh005.dat
2016-03-16 21:47 - 2015-05-15 15:49 - 00141534 _____ C:\Windows\system32\perfc005.dat
2016-03-16 21:47 - 2015-05-15 15:40 - 00479062 _____ C:\Windows\system32\perfh001.dat
2016-03-16 21:47 - 2015-05-15 15:40 - 00094880 _____ C:\Windows\system32\perfc001.dat
2016-03-16 21:47 - 2015-05-15 15:26 - 00745764 _____ C:\Windows\system32\perfh00C.dat
2016-03-16 21:47 - 2015-05-15 15:26 - 00149688 _____ C:\Windows\system32\perfc00C.dat
2016-03-16 21:47 - 2015-05-15 15:14 - 00729066 _____ C:\Windows\system32\prfh0816.dat
2016-03-16 21:47 - 2015-05-15 15:14 - 00153014 _____ C:\Windows\system32\prfc0816.dat
2016-03-16 21:47 - 2015-05-15 15:03 - 00509462 _____ C:\Windows\system32\perfh006.dat
2016-03-16 21:47 - 2015-05-15 15:03 - 00098766 _____ C:\Windows\system32\perfc006.dat
2016-03-16 21:47 - 2015-05-15 14:52 - 00745504 _____ C:\Windows\system32\perfh00A.dat
2016-03-16 21:47 - 2015-05-15 14:52 - 00158582 _____ C:\Windows\system32\perfc00A.dat
2016-03-16 21:47 - 2015-05-15 14:39 - 00398390 _____ C:\Windows\system32\prfh0404.dat
2016-03-16 21:47 - 2015-05-15 14:39 - 00115198 _____ C:\Windows\system32\prfc0404.dat
2016-03-16 21:47 - 2015-05-15 14:30 - 00740406 _____ C:\Windows\system32\perfh015.dat
2016-03-16 21:47 - 2015-05-15 14:30 - 00155980 _____ C:\Windows\system32\perfc015.dat
2016-03-16 21:47 - 2015-04-22 12:34 - 00713928 _____ C:\Windows\system32\prfh0416.dat
2016-03-16 21:47 - 2015-04-22 12:34 - 00147764 _____ C:\Windows\system32\prfc0416.dat
2016-03-16 21:47 - 2015-04-22 12:22 - 00697256 _____ C:\Windows\system32\perfh007.dat
2016-03-16 21:47 - 2015-04-22 12:22 - 00149224 _____ C:\Windows\system32\perfc007.dat
2016-03-16 21:47 - 2015-04-22 12:09 - 00656730 _____ C:\Windows\system32\perfh01F.dat
2016-03-16 21:47 - 2015-04-22 12:09 - 00140108 _____ C:\Windows\system32\perfc01F.dat
2016-03-16 21:47 - 2010-11-20 22:01 - 14771376 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-16 21:47 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-03-16 21:45 - 2009-07-14 05:34 - 00028704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-16 21:45 - 2009-07-14 05:34 - 00028704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-16 21:41 - 2015-02-06 17:15 - 00000000 ____D C:\ProgramData\MCShield
2016-03-16 21:40 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-16 18:51 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\lt-LT
2016-03-16 18:51 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\et-EE
2016-03-14 00:02 - 2015-02-04 02:06 - 00000000 ____D C:\Users\Dezika\AppData\Roaming\Skype
2016-03-13 23:00 - 2015-02-04 00:29 - 00000000 ____D C:\ProgramData\Skype
2016-03-13 19:39 - 2015-02-23 17:58 - 00000000 ____D C:\Users\Dezika\AppData\Roaming\DAEMON Tools Lite
2016-03-13 19:39 - 2015-02-18 21:23 - 00000000 ____D C:\Users\Dezika\AppData\Roaming\uTorrent
2016-03-13 16:38 - 2016-01-24 17:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-03-13 10:12 - 2015-02-04 02:33 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-13 00:19 - 2015-02-07 20:31 - 00000000 ____D C:\Users\Dezika\AppData\Local\Adobe
2016-03-13 00:05 - 2015-04-09 00:17 - 00000000 ____D C:\Windows\system32\Adobe
2016-03-12 13:25 - 2015-08-22 12:04 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-12 13:25 - 2015-03-14 23:27 - 00816304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-03-12 13:25 - 2015-03-14 23:27 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-03-04 19:24 - 2015-08-15 18:04 - 00000000 ____D C:\Users\Dezika\Downloads\PopcornTime
2016-02-26 16:17 - 2015-04-04 14:49 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-24 23:23 - 2015-04-09 00:48 - 00000000 ____D C:\Users\Dezika\AppData\Local\Ubisoft Game Launcher
2016-02-24 23:23 - 2009-07-14 05:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-02-24 02:13 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\ModemLogs
2016-02-24 02:09 - 2015-02-04 00:34 - 00000000 ____D C:\Program Files\TeamViewer
2016-02-24 02:08 - 2015-02-13 19:33 - 00000000 ____D C:\Users\Dezika\AppData\Local\TeamSpeak 3 Client
2016-02-24 02:08 - 2015-02-05 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-02-23 22:13 - 2015-02-04 03:12 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-23 21:50 - 2015-06-24 09:19 - 00000000 ___RD C:\Users\Dezika\Documents\Scanned Documents
2016-02-23 21:50 - 2015-03-29 15:48 - 00000000 ____D C:\Users\Dezika\Documents\My Games
2016-02-23 15:49 - 2015-03-14 23:27 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-02-19 21:43 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2016-02-18 16:00 - 2015-11-15 21:24 - 00000000 ____D C:\Windows\rescache
2016-02-17 21:19 - 2015-02-12 11:15 - 00000000 ____D C:\Users\Dezika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-02-15 17:10 - 2009-07-14 05:53 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-08-07 21:16 - 2015-08-07 21:16 - 13545694 _____ () C:\Users\Dezika\AppData\Local\package.nw.new
2015-03-29 13:10 - 2015-03-29 13:10 - 0000017 _____ () C:\Users\Dezika\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-18 15:44

==================== End of FRST.txt ============================

Dopuna: 16 Mar 2016 22:07

Ako moze da se proveri da li ima jos sem ovog

Dopuna: 16 Mar 2016 22:12

Vec se nalazi u Kovcegu od avasta ovaj virus sto sam dao lokaciju

Dopuna: 16 Mar 2016 22:21

vidi se i da je taskbar drugaciji a win 7 je

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10616
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

CreateRestorePoint:

HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11433&guid={2848FFAA-2AB5-4572-B941-ED2647408E5E}&i=
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11433&guid={2848FFAA-2AB5-4572-B941-ED2647408E5E}&i=
SearchScopes: HKU\S-1-5-21-3609390036-2450797130-3040472919-1000 -> DefaultScope {4F55141A-0CA4-49E3-B089-4B06C118FABA} URL = hxxp://search.eshield.com/serp?guid={2848FFAA-2AB5-4572-B941-ED2647408E5E}&action=default_search&k={searchTerms}
SearchScopes: HKU\S-1-5-21-3609390036-2450797130-3040472919-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3609390036-2450797130-3040472919-1000 -> {1E0CDCD2-259B-4129-91EF-F40BC2A4DD5B} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11433
SearchScopes: HKU\S-1-5-21-3609390036-2450797130-3040472919-1000 -> {4F55141A-0CA4-49E3-B089-4B06C118FABA} URL = hxxp://search.eshield.com/serp?guid={2848FFAA-2AB5-4572-B941-ED2647408E5E}&action=default_search&k={searchTerms}
FF DefaultSearchEngine: eShield Safe Web
FF Homepage: hxxps://www.google.rs/?gws_rd=cr&ei=0T1zVZDJCsqTsgGP-oCICQ
FF user.js: detected! => C:\Users\Dezika\AppData\Roaming\Mozilla\Firefox\Profiles\yy0bgpfp.default-1433615665144\user.js [2016-02-24]
FF SearchPlugin: C:\Users\Dezika\AppData\Roaming\Mozilla\Firefox\Profiles\yy0bgpfp.default-1433615665144\searchplugins\facebook.xml [2016-02-15]
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-12]
CHR HKLM\...\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp] - hxxps://clients2.google.com/service/update2/crx
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{2CD06948-3AC5-400C-A27A-D1047A13D5B0}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{81F9879A-E5E5-45FA-B450-CA1DA5B3A68E}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{81F9879A-E5E5-45FA-B450-CA1DA5B3A68E}: [DhcpNameServer] 82.163.142.7

C:\ProgramData\eccebb83-6dc3-0
C:\ProgramData\cb7a8f7c
C:\ProgramData\{254fb608-212c-1}
C:\ProgramData\{202938bc-412c-1}
C:\ProgramData\{1c052d84-312c-0}
C:\ProgramData\{02fa7eb7-112c-0}
C:\ProgramData\19f69ac9-6425-1
C:\ProgramData\19f69ac9-1337-0

HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\...\MountPoints2: {030dcc60-bb49-11e4-a925-0015831080cf} - G:\setup.exe
Task: {13F3553E-684A-4293-8E8A-49AD520D84B5} - System32\Tasks\{5CAF338A-5C56-4FA4-994D-215A00CC60FB} => Firefox.exe
Task: {B1BA6301-13F2-4E2E-AFBF-176A744F4A33} - System32\Tasks\{86B81BE9-8A68-439F-9C4E-A9A38DB1A874} => Firefox.exe
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [135]

EmptyTemp:



U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Arrow Korak 2

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

offline
  • Pridružio: 10 Jan 2015
  • Poruke: 192
  • Gde živiš: Novi Sad

Napisano: 17 Mar 2016 0:03

zeznuo sam sa adwcleanerom nisam ga sacuvao izvestaj,a skinuo sam ga na desktop.i kad pokusam da pronadjem txt fajl nema ga u C
mycity.rs/must-login.png

Dopuna: 17 Mar 2016 0:04

i dalje mi izbacuje reklame na mozzili

Dopuna: 17 Mar 2016 0:18

nasao
mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10616
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

Tcpip\..\Interfaces\{2CD06948-3AC5-400C-A27A-D1047A13D5B0}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{81F9879A-E5E5-45FA-B450-CA1DA5B3A68E}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{81F9879A-E5E5-45FA-B450-CA1DA5B3A68E}: [DhcpNameServer] 82.163.142.7
cmd: ipconfig /flushdns


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

offline
  • Pridružio: 10 Jan 2015
  • Poruke: 192
  • Gde živiš: Novi Sad

Napisano: 17 Mar 2016 15:48

mycity.rs/must-login.png

Dopuna: 17 Mar 2016 15:56

ove reklame su bas uporne Smile i dalje izlaze

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10616
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Daj mi nove FRST.txt i Addition.txt izvještaje.

offline
  • Pridružio: 10 Jan 2015
  • Poruke: 192
  • Gde živiš: Novi Sad

Napisano: 17 Mar 2016 18:07

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 17 Mar 2016 18:28

Izbacuje mi u Mozzili nesto kao pop-ups zuto uokvireno kao da otvara nekoliko stranica ali mi izbacuje neku reimagerepair i ovo non stop



Dopuna: 17 Mar 2016 18:33

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10616
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

http://windows.microsoft.com/en-us/windows/change-tcp-ip-settings#1TC=windows-7

Isprati ovo i otvori prozor gdje se podešava DNS serveri odaberi opciju "Obtain DNS server address automatically" sem u slučaju da si ranije podesio specifičan DNS server. Nakon toga restartuj računar i javi da li ti se reklame i dalje prikazuju. Ako ti se nakon toga ne budu otvarale web stranice, kao DNS stavi Google DNS koji je na 8.8.8.8

offline
  • Pridružio: 10 Jan 2015
  • Poruke: 192
  • Gde živiš: Novi Sad

Napisano: 17 Mar 2016 19:14

opet isto stoji mi na automatic nisam ranije nista podesavao niti znam.ali ne kontam gde pisem to dns 8.8.8.8 ako moze neka slika ? ili nesto

Dopuna: 17 Mar 2016 19:18

ovako ?i da li to treba na protocolu 4 i 6 ?

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10616
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Na IP v4. Ukoliko ti u gornja tri polja nije ništa bilo podešeno ranije, postavi ovako kako je kod mene na slici:


Ko je trenutno na forumu
 

Ukupno su 551 korisnika na forumu :: 10 registrovanih, 0 sakrivenih i 541 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: djboj, Dukelander, Gama, hyla, ibssa, ljiljana.todorovic64, samsung, Tamo neko, uruk, VJ