spor vrlo, štuca dok otvara sajt po dva-tri minuta

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Komp je Tošiba satelit L300 sa pristojnim procesorom (duocore) i memorijom (4Gb), a ipak veoma sporo otvara sajtove, predugo vrti, a na miša reaguje sa zakašnjenjem kao da štucne, ali opet nastavi da vrti-otvara.
Internet je kablovski SBB oko 18 mb-sec.
Može li neko da pomogne?


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by Mara (administrator) on TOSHIBA (05-07-2016 23:12:50)
Running from C:\Users\Mara\Desktop
Loaded Profiles: Mara (Available Profiles: Mara)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Megaify Software Co., Ltd.) C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
() C:\Program Files\Free Desktop Clock\FreeDesktopClock.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
() C:\Program Files\Free Desktop Clock\timeserv.exe
() C:\Program Files (x86)\Everything\Everything.exe
(WebProtection) C:\Program Files (x86)\HPGuard\HPGuardSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\qBittorrent\qbittorrent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avcenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-06-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-04-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\AllMyTube\DelayPluginI.exe [1960248 2015-12-24] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3334688709-3011888730-4064908090-1000\...\Run: [AtomicAlarmClock6] => C:\Program Files\Free Desktop Clock\FreeDesktopClock.exe [4652544 2013-06-27] ()
HKU\S-1-5-21-3334688709-3011888730-4064908090-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-3334688709-3011888730-4064908090-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd)
HKU\S-1-5-21-3334688709-3011888730-4064908090-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
ShellExecuteHooks: - {6710C780-E20E-4C49-A87D-321850ED3D7C} - No File [ ]

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 89.216.1.30 89.216.1.50
Tcpip\..\Interfaces\{48443C4B-381C-463F-AC22-7937E846B580}: [DhcpNameServer] 89.216.1.30 89.216.1.50
Tcpip\..\Interfaces\{7B655F8E-5CA7-47D6-A9DA-1A4C183ABA71}: [DhcpNameServer] 89.216.1.30 89.216.1.50

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3334688709-3011888730-4064908090-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-10] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-10] (Oracle Corporation)
BHO-x32: Wondershare AllMyTube 4.7.0 -> {067DF9EC-26B7-40DC-8DB8-CD8BE85AE367} -> C:\ProgramData\Wondershare\AllMyTube\WSBrowserAppMgr.dll [2015-12-24] ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-10] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-10] (Oracle Corporation)
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 - No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Mara\AppData\Roaming\Profiles\gaq9a1o8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-07-10] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-07-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Extension: No Name - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com_xpi\ [not found]
FF Extension: Wondershare AllMyTube - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com [2016-06-28] [not signed]
FF Extension: Avira Browser Safety - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\gsd4emw8.default\Extensions\abs@avira.com [2016-06-17]
FF Extension: Avira Browser Safety - C:\Users\Mara\AppData\Roaming\Profiles\gaq9a1o8.default\Extensions\abs@avira.com [2016-07-03]
FF HKLM-x32\...\Firefox\Extensions: [AllMyTube@Wondershare.com] - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com
FF HKLM-x32\...\Firefox\Extensions: [{8B1E27AE-119E-456b-B22E-08C61FACB097}] - C:\Program Files (x86)\Tomabo\MP4 Downloader\MP4D_FF.xpi
FF Extension: MP4 Downloader Extension - C:\Program Files (x86)\Tomabo\MP4 Downloader\MP4D_FF.xpi [2015-12-30]

Chrome:
=======
CHR HomePage: ferhghtatupisecoahick -> hxxps://www.google.com/
CHR StartupUrls: ferhghtatupisecoahick -> "hxxp://www.google.com/","hxxp://www.sweet-page.com/?type=hp&ts=1441146624&z=f93cec7ccc7f9865b5a5adag8z1z0gfg3z7q1q4caz&from=cor&uid=INTELXSSDSC2CW120A3_CVCV43020676120BGN","hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=A91B30EDC6AB47CF21CCEDD5AD6C52E3&v=20160114&ts=AHEpAnAnAH0pB0..","hxxp://www.mysites123.com/?type=hp&ts=1453570226&z=30496c5325ddbe647942aadg4z7w1ccw4m8e6oboeq&from=amt&uid=intelxssdsc2cw120a3_cvcv43020676120bgn","hxxp://www.youndoo.com/?z=770cde6a139c6ee09a5fca9g5zdq6m2w9qco2t1b1g&from=wak&uid=WDCXWD2500BEVS-26UST0_WD-WXE808AV0644V0644&type=hp"
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3334688709-3011888730-4064908090-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 AtomicAlarmClock; C:\Program Files\Free Desktop Clock\timeserv.exe [2007040 2013-04-24] () [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [302680 2016-06-01] (Avira Operations GmbH & Co. KG)
R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-06] () [File not signed] <==== ATTENTION
R2 HPGuard Service; C:\Program Files (x86)\HPGuard\HPGuardSrv.exe [479920 2016-07-01] (WebProtection)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-04-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141920 2016-04-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-04-04] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation )
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-10 12:43 - 2016-07-10 12:43 - 00015256 _____ C:\Windows\system32\results.xml
2016-07-10 12:40 - 2016-07-10 12:40 - 00000000 ____D C:\Windows\SysWOW64\x64
2016-07-10 12:40 - 2016-07-10 12:40 - 00000000 ____D C:\Windows\SysWOW64\Lang
2016-07-10 12:40 - 2016-07-10 12:40 - 00000000 ____D C:\Users\Mara\AppData\Roaming\WinBatch
2016-07-10 12:40 - 2016-07-10 12:40 - 00000000 ____D C:\Intel
2016-07-10 12:40 - 2009-09-02 14:27 - 01002008 _____ (Intel Corporation) C:\Windows\SysWOW64\igxpun.exe
2016-07-10 12:39 - 2016-07-10 12:39 - 28380762 _____ C:\Users\Mara\Downloads\display-20091027134451.zip
2016-07-10 12:39 - 2016-07-10 12:39 - 00000000 ____D C:\Users\Mara\Downloads\display-20091027134451
2016-07-10 12:39 - 2016-06-29 17:52 - 00000000 ____D C:\Users\Mara\AppData\Roaming\WinRAR
2016-07-10 12:38 - 2016-07-10 12:38 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-10 12:38 - 2016-07-10 12:38 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-10 12:38 - 2016-07-10 12:38 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-10 12:38 - 2016-07-10 12:38 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-10 12:14 - 2016-07-10 12:14 - 00000450 _____ C:\Users\Mara\Desktop\Data (D).lnk
2016-07-10 11:42 - 2016-07-10 11:42 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2016-07-10 11:33 - 2016-06-17 00:35 - 00109240 _____ C:\Users\Mara\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-10 11:32 - 2016-07-05 23:11 - 00000000 ____D C:\Users\Mara\AppData\Roaming\Skype
2016-07-10 11:31 - 2016-06-12 10:43 - 00000000 ____D C:\Users\Mara\AppData\Local\Google
2016-07-05 23:12 - 2016-07-05 23:13 - 00013191 _____ C:\Users\Mara\Desktop\FRST.txt
2016-07-05 23:12 - 2016-07-05 23:12 - 02390016 _____ (Farbar) C:\Users\Mara\Desktop\FRST64.exe
2016-07-05 23:12 - 2016-07-05 23:12 - 00000000 ____D C:\FRST
2016-07-05 21:58 - 2016-07-05 21:59 - 00000356 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2016-07-05 21:58 - 2016-07-05 21:58 - 00002708 _____ C:\Windows\System32\Tasks\DriverToolkit Autorun
2016-07-05 21:48 - 2016-07-05 21:48 - 00001071 _____ C:\Users\Public\Desktop\DriverToolkit.lnk
2016-07-05 21:48 - 2016-07-05 21:48 - 00000000 ____D C:\Users\Mara\AppData\Local\DriverToolkit
2016-07-05 21:48 - 2016-07-05 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
2016-07-05 21:48 - 2016-07-05 21:48 - 00000000 ____D C:\Program Files (x86)\DriverToolkit
2016-07-03 19:36 - 2016-07-03 19:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-03 19:13 - 2016-07-03 19:53 - 00000000 ____D C:\AdwCleaner
2016-07-03 18:53 - 2016-07-03 18:53 - 00000000 ____D C:\Program Files\Synaptics
2016-07-03 18:51 - 2016-07-03 18:51 - 00000000 ____D C:\Program Files (x86)\Intel
2016-07-03 18:51 - 2013-07-30 15:53 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2016-07-03 18:24 - 2016-07-03 18:24 - 00001826 _____ C:\Users\Mara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
2016-07-03 18:24 - 2016-07-03 18:24 - 00000000 ____D C:\Program Files (x86)\HPGuard
2016-07-03 18:23 - 2016-07-03 19:51 - 00000000 ____D C:\Program Files (x86)\Tolisykerroward
2016-07-03 18:23 - 2016-07-03 18:23 - 00000000 ____D C:\Users\Mara\AppData\Local\pruputiongriqeringanererpy
2016-07-03 17:46 - 2016-07-03 17:46 - 00000000 ____D C:\Users\Mara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Manager
2016-07-03 17:46 - 2016-07-03 17:46 - 00000000 ____D C:\Program Files\YamicSoft
2016-06-29 17:56 - 2016-06-29 17:57 - 00000000 ____D C:\ProgramData\WinZip
2016-06-29 17:56 - 2016-06-29 17:56 - 00002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2016-06-29 17:56 - 2016-06-29 17:56 - 00000000 ____D C:\Users\Mara\AppData\Local\WinZip
2016-06-29 17:56 - 2016-06-29 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-06-29 17:56 - 2016-06-29 17:56 - 00000000 ____D C:\Program Files (x86)\WinZip
2016-06-28 21:20 - 2016-06-28 21:20 - 00000000 ____D C:\Users\Mara\AppData\Roaming\Wondershare
2016-06-28 21:17 - 2016-06-28 21:17 - 00000000 ____D C:\ProgramData\Wondershare
2016-06-28 21:17 - 2016-06-28 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-06-28 21:17 - 2016-06-28 21:17 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-06-28 20:28 - 2016-06-28 20:28 - 00000000 ____D C:\Users\Mara\AppData\Roaming\SoftCDN
2016-06-28 20:28 - 2016-06-28 20:28 - 00000000 ____D C:\Program Files (x86)\Vitzo
2016-06-28 20:17 - 2016-06-28 21:01 - 00000000 ____D C:\Users\Mara\AppData\Roaming\Tomabo
2016-06-28 20:16 - 2016-06-28 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4 Downloader
2016-06-28 20:16 - 2016-06-28 20:16 - 00000000 ____D C:\Program Files (x86)\Tomabo
2016-06-28 19:53 - 2016-06-28 19:53 - 00000000 ____D C:\Users\Mara\AppData\Roaming\Wondershare AllMyTube
2016-06-28 19:52 - 2016-06-28 21:18 - 00000000 ____D C:\ProgramData\Wondershare AllMyTube
2016-06-28 19:52 - 2016-06-28 19:52 - 00000000 ____D C:\Users\Mara\AppData\Local\Wondershare
2016-06-28 19:52 - 2016-06-28 19:52 - 00000000 ____D C:\ProgramData\Wondershare Application Common Data
2016-06-27 21:45 - 2016-06-27 21:45 - 00001219 _____ C:\Users\Mara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Luxor 3.lnk
2016-06-27 21:44 - 2016-06-27 21:44 - 00003070 _____ C:\Windows\System32\Tasks\{FA1244EB-A15B-4695-97B1-41E3D4A60244}
2016-06-27 20:57 - 2016-06-27 21:45 - 00001189 _____ C:\Users\Mara\Desktop\Luxor 3.lnk
2016-06-27 20:57 - 2016-06-27 20:57 - 00000000 ____D C:\ProgramData\MumboJumbo
2016-06-27 20:56 - 2016-06-27 21:44 - 00000000 ____D C:\Program Files (x86)\RealArcade Games
2016-06-26 18:38 - 2016-06-26 18:38 - 00001806 _____ C:\Users\Public\Desktop\The Rise of Atlantis.lnk
2016-06-26 18:38 - 2016-06-26 18:38 - 00000000 ____D C:\ProgramData\TERMINAL Studio
2016-06-26 18:38 - 2016-06-26 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Rise of Atlantis
2016-06-26 18:38 - 2016-06-26 18:38 - 00000000 ____D C:\Games
2016-06-26 18:18 - 2016-06-28 23:07 - 00001121 _____ C:\Users\Mara\Desktop\Revo Uninstaller Pro.lnk
2016-06-26 15:07 - 2016-06-26 15:12 - 00000000 ____D C:\Program Files\CCleaner
2016-06-26 15:07 - 2016-06-26 15:07 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-06-26 15:07 - 2016-06-26 15:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-06-26 00:41 - 2016-06-26 00:41 - 00000000 ____D C:\Windows\pss
2016-06-26 00:33 - 2016-06-26 00:33 - 00000000 ____D C:\Users\Mara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.4
2016-06-26 00:32 - 2016-06-26 00:32 - 00001047 _____ C:\Users\Public\Desktop\qBittorrent.lnk
2016-06-26 00:32 - 2016-06-26 00:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2016-06-26 00:07 - 2016-06-26 00:32 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2016-06-17 00:36 - 2016-06-17 00:36 - 00000000 ____D C:\Users\Mara\AppData\Local\Avira
2016-06-17 00:35 - 2016-06-17 00:35 - 00000000 ____D C:\Users\Mara\AppData\Local\AviraSpeedup
2016-06-17 00:19 - 2016-06-17 00:19 - 00000000 ____D C:\Users\Mara\AppData\Roaming\Avira
2016-06-17 00:11 - 2016-04-04 17:07 - 00154816 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-06-17 00:11 - 2016-04-04 17:07 - 00141920 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-06-17 00:11 - 2016-04-04 17:07 - 00079696 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-06-17 00:11 - 2016-04-04 17:07 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-06-17 00:07 - 2016-06-25 23:23 - 00000000 ____D C:\Program Files (x86)\Avira
2016-06-17 00:07 - 2016-06-25 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-06-17 00:07 - 2016-06-17 00:34 - 00000000 ____D C:\ProgramData\Avira
2016-06-17 00:07 - 2016-06-17 00:07 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-16 20:22 - 2016-06-16 20:22 - 00000000 ____D C:\$WINDOWS.~BT
2016-06-15 21:43 - 2016-06-15 21:43 - 00000000 ____D C:\233e4c21b1f7805dfb3cdffe
2016-06-13 07:46 - 2016-07-05 22:00 - 00001940 __RSH C:\ProgramData\ntuser.pol
2016-06-12 21:28 - 2016-07-05 22:50 - 00000000 ____D C:\Users\Mara\AppData\Roaming\vlc
2016-06-12 21:27 - 2016-06-12 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-06-12 21:27 - 2016-06-12 21:27 - 00000000 ____D C:\Program Files\VideoLAN
2016-06-12 21:23 - 2016-06-12 21:23 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-06-12 21:14 - 2016-06-12 21:14 - 00000000 ____D C:\Users\Mara\AppData\LocalLow\Adobe
2016-06-12 21:12 - 2016-06-12 21:23 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-06-12 18:27 - 2016-06-16 23:10 - 00001908 _____ C:\Windows\diagwrn.xml
2016-06-12 18:27 - 2016-06-16 23:10 - 00001908 _____ C:\Windows\diagerr.xml
2016-06-12 17:28 - 2016-06-15 23:00 - 00000184 _____ C:\Windows\MyDrivers.ini
2016-06-12 17:23 - 2016-06-12 17:37 - 00000000 ____D C:\ProgramData\inf
2016-06-12 17:15 - 2016-06-17 00:22 - 00001945 _____ C:\Windows\epplauncher.mif
2016-06-12 16:49 - 2016-06-12 16:49 - 00003380 _____ C:\Windows\System32\Tasks\DriverMaxAgent
2016-06-12 16:46 - 2016-06-12 16:46 - 00000000 ____D C:\Users\Mara\AppData\Roaming\Innovative Solutions
2016-06-12 16:46 - 2016-06-12 16:46 - 00000000 ____D C:\Users\Mara\AppData\Local\Innovative Solutions
2016-06-12 16:46 - 2016-06-12 16:46 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions
2016-06-12 14:23 - 2016-06-12 14:23 - 00000000 ____D C:\ProgramData\TEMP
2016-06-12 14:08 - 2016-06-12 14:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire
2016-06-12 14:08 - 2016-06-12 14:34 - 00000000 ____D C:\Program Files (x86)\FinalWire
2016-06-12 13:59 - 2016-06-12 13:59 - 00000000 ____D C:\Users\Mara\AppData\Local\VS Revo Group
2016-06-12 13:59 - 2016-06-12 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-06-12 13:59 - 2016-06-12 13:59 - 00000000 ____D C:\Program Files\VS Revo Group
2016-06-12 13:59 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-06-12 13:49 - 2016-06-17 00:26 - 00762196 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-06-11 22:24 - 2016-06-17 20:49 - 00000000 ____D C:\Users\Mara\AppData\Local\pip
2016-06-11 22:23 - 2016-06-26 00:33 - 00000000 ____D C:\Python34
2016-06-11 22:17 - 2016-07-05 23:02 - 00000000 ____D C:\Users\Mara\AppData\Roaming\qBittorrent
2016-06-11 22:17 - 2016-06-26 00:33 - 00000000 ____D C:\Users\Mara\AppData\Local\qBittorrent
2016-06-10 20:43 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-06-10 20:43 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-06-10 20:43 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-06-10 20:43 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-06-10 20:43 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-06-10 20:43 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-06-10 20:43 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-06-10 20:43 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-06-10 20:43 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-06-10 20:43 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-06-10 20:43 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-06-10 20:43 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-06-10 20:43 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-06-10 20:43 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-06-10 20:40 - 2016-07-05 23:05 - 00007632 _____ C:\Users\Mara\AppData\Local\resmon.resmoncfg
2016-06-10 20:32 - 2016-07-03 17:25 - 00000000 ____D C:\Users\Mara\AppData\Local\ElevatedDiagnostics
2016-06-10 20:27 - 2016-07-05 22:35 - 00000000 ____D C:\Users\Mara\Desktop\ShortCuts
2016-06-10 18:00 - 2016-07-05 21:58 - 00000000 ____D C:\Users\Mara\AppData\Roaming\Everything
2016-06-10 18:00 - 2016-06-10 18:00 - 00000000 ____D C:\Users\Mara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2016-06-10 18:00 - 2016-06-10 18:00 - 00000000 ____D C:\Program Files (x86)\Everything
2016-06-10 17:04 - 2016-06-10 17:04 - 00000000 ____D C:\Users\Mara\AppData\Roaming\Free Desktop Clock 3
2016-06-10 17:04 - 2016-06-10 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Desktop Clock
2016-06-10 17:04 - 2016-06-10 17:04 - 00000000 ____D C:\Program Files\Free Desktop Clock
2016-06-10 16:54 - 2016-06-10 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8GadgetPack
2016-06-10 16:54 - 2016-06-10 16:54 - 00000000 ____D C:\Users\Mara\AppData\Local\Sidebar7
2016-06-10 16:06 - 2016-06-10 16:06 - 00000000 ____D C:\Users\Mara\Tracing
2016-06-10 13:51 - 2016-06-10 13:51 - 00307200 _____ (Secure By Design Inc.) C:\Users\Mara\Downloads\Ninite Air Shockwave Installer.exe
2016-06-10 11:08 - 2016-06-10 11:08 - 00002693 _____ C:\Users\Mara\Desktop\Microsoft Office Word 2007.lnk
2016-06-10 11:05 - 2016-06-10 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-06-10 11:04 - 2016-06-10 11:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-06-10 11:03 - 2016-06-10 11:03 - 00000000 ____D C:\Windows\PCHEALTH
2016-06-10 11:03 - 2016-06-10 11:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2016-06-10 11:02 - 2016-06-10 11:02 - 00000000 ____D C:\Program Files\Microsoft Office
2016-06-10 11:01 - 2016-06-10 11:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-10 11:01 - 2016-06-10 11:01 - 00000000 ____D C:\Users\Mara\AppData\Local\Microsoft Help
2016-06-10 11:01 - 2016-06-10 11:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2016-06-10 11:00 - 2016-06-10 11:00 - 00000000 __RHD C:\MSOCache
2016-06-10 10:59 - 2016-06-10 10:59 - 00000000 ____D C:\ProgramData\Nero
2016-06-10 10:59 - 2016-06-10 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2016-06-10 10:59 - 2016-06-10 10:59 - 00000000 ____D C:\Program Files (x86)\Nero
2016-06-10 10:59 - 2006-03-17 15:49 - 00368640 _____ (Pegasus Imaging Corporation) C:\Windows\SysWOW64\TwnLib4.dll
2016-06-10 10:59 - 2006-03-17 12:45 - 01757184 _____ (Pegasus Imaging Corp.) C:\Windows\SysWOW64\imagX7.dll
2016-06-10 10:59 - 2006-03-17 12:45 - 00802816 _____ (Pegasus Imaging Corp.) C:\Windows\SysWOW64\imagXRA7.dll
2016-06-10 10:59 - 2006-03-17 12:45 - 00497296 _____ (Pegasus Imaging Corp.) C:\Windows\SysWOW64\imagXpr7.dll
2016-06-10 10:59 - 2006-03-17 12:45 - 00258048 _____ (Pegasus Imaging Corp.) C:\Windows\SysWOW64\imagXR7.dll
2016-06-10 09:56 - 2016-07-03 15:50 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-10 09:56 - 2016-07-03 15:50 - 00000000 ____D C:\ProgramData\Skype
2016-06-10 09:56 - 2016-06-10 09:56 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-06-10 09:56 - 2016-06-10 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-06-10 09:55 - 2016-06-29 20:59 - 00000000 ____D C:\Users\Mara\AppData\Roaming\AIMP
2016-06-10 09:55 - 2016-06-25 23:24 - 00000000 ____D C:\Program Files (x86)\GRETECH
2016-06-10 09:55 - 2016-06-10 09:55 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-06-10 09:55 - 2016-06-10 09:55 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2016-06-10 09:55 - 2016-06-10 09:55 - 00000000 ____D C:\Users\Mara\AppData\Roaming\TeamViewer
2016-06-10 09:55 - 2016-06-10 09:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP
2016-06-10 09:55 - 2016-06-10 09:55 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-06-10 09:55 - 2016-06-10 09:55 - 00000000 ____D C:\Program Files (x86)\AIMP3
2016-06-10 09:54 - 2016-06-10 09:54 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-06-10 09:54 - 2016-06-10 09:54 - 00000000 ____D C:\Program Files\Java
2016-06-10 09:52 - 2016-06-26 00:27 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-10 09:52 - 2016-06-26 00:27 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-10 09:52 - 2016-06-12 21:15 - 00000000 ____D C:\ProgramData\Adobe
2016-06-10 09:52 - 2016-06-12 21:14 - 00000000 ____D C:\Users\Mara\AppData\Roaming\Adobe
2016-06-10 09:52 - 2016-06-12 21:14 - 00000000 ____D C:\Users\Mara\AppData\Local\Adobe
2016-06-10 09:52 - 2016-06-12 21:12 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-06-10 09:52 - 2016-06-10 09:54 - 00000000 ____D C:\Users\Mara\.oracle_jre_usage
2016-06-10 09:52 - 2016-06-10 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-10 09:52 - 2016-06-10 09:52 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-06-10 09:52 - 2016-06-10 09:52 - 00000000 ____D C:\Users\Mara\AppData\Roaming\Sun
2016-06-10 09:52 - 2016-06-10 09:52 - 00000000 ____D C:\Users\Mara\AppData\Roaming\Macromedia
2016-06-10 09:52 - 2016-06-10 09:52 - 00000000 ____D C:\Users\Mara\AppData\LocalLow\Sun
2016-06-10 09:52 - 2016-06-10 09:52 - 00000000 ____D C:\Users\Mara\AppData\LocalLow\Oracle
2016-06-10 09:52 - 2016-06-10 09:52 - 00000000 ____D C:\ProgramData\Oracle
2016-06-10 09:52 - 2016-06-10 09:52 - 00000000 ____D C:\Program Files (x86)\Java
2016-06-10 09:51 - 2016-07-05 22:56 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-10 09:51 - 2016-07-05 21:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-10 09:51 - 2016-06-10 09:51 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-06-10 09:51 - 2016-06-10 09:51 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-06-10 09:51 - 2016-06-10 09:51 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-10 09:50 - 2016-06-10 09:50 - 00307200 _____ (Secure By Design Inc.) C:\Users\Mara\Downloads\Ninite AIMP Air Avira Chrome GOM Java 8 Installer.exe
2016-06-10 09:47 - 2016-06-10 09:53 - 00000000 ____D C:\Users\Mara\AppData\Local\Mozilla
2016-06-10 09:47 - 2016-06-10 09:47 - 00000000 ____D C:\Users\Mara\AppData\Roaming\Mozilla
2016-06-10 04:51 - 2016-06-17 00:37 - 00000000 ____D C:\Windows\Panther
2016-06-10 03:55 - 2016-06-10 03:55 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-06-10 03:55 - 2016-06-10 03:55 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-06-10 03:53 - 2016-06-10 03:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-06-09 18:02 - 2016-06-09 18:02 - 00000000 ____D C:\Users\Mara\AppData\Local\VirtualStore
2016-06-09 18:01 - 2016-06-10 16:06 - 00000000 ____D C:\Users\Mara
2016-06-09 18:01 - 2016-06-09 18:01 - 00000020 ___SH C:\Users\Mara\ntuser.ini
2016-06-09 18:01 - 2016-06-09 18:01 - 00000000 _SHDL C:\Users\Mara\My Documents
2016-06-09 18:01 - 2016-06-09 18:01 - 00000000 _SHDL C:\Users\Mara\Documents\My Videos
2016-06-09 18:01 - 2016-06-09 18:01 - 00000000 _SHDL C:\Users\Mara\Documents\My Pictures
2016-06-09 18:01 - 2016-06-09 18:01 - 00000000 _SHDL C:\Users\Mara\Documents\My Music
2016-06-09 18:01 - 2010-11-21 09:16 - 00000000 ____D C:\Users\Mara\AppData\Roaming\Media Center Programs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-05 22:54 - 2009-07-14 07:13 - 00785366 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-05 22:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-07-05 21:59 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-03 17:49 - 2009-07-14 05:20 - 00000000 ____D C:\PerfLogs
2016-06-26 18:38 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-26 15:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-06-25 18:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-06-18 11:41 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-18 11:41 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-17 20:22 - 2009-07-14 06:45 - 00420112 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-17 00:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Msdtc
2016-06-13 19:31 - 2010-11-21 05:27 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-13 07:42 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-06-10 16:56 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-06-10 16:54 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-06-10 11:04 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-06-10 11:03 - 2010-11-21 09:16 - 00000000 ____D C:\Windows\ShellNew
2016-06-10 11:02 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-06-10 11:01 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2016-06-10 04:50 - 2009-07-14 07:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-06-10 04:50 - 2009-07-14 06:45 - 00000000 ____D C:\Windows\Setup
2016-06-10 03:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\oobe
2016-06-10 03:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-06-10 03:52 - 2010-11-21 09:16 - 00000000 ____D C:\Windows\CSC
2016-06-09 18:00 - 2010-11-21 05:24 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-06-09 18:00 - 2010-11-21 05:24 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-06-09 18:00 - 2010-11-21 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2016-06-09 18:00 - 2010-11-21 05:24 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2016-06-09 18:00 - 2010-11-21 05:23 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll

==================== Files in the root of some directories =======

2016-06-10 20:40 - 2016-07-05 23:05 - 0007632 _____ () C:\Users\Mara\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\Mara\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 05:24] - [2016-06-09 18:00] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-21 05:24] - [2016-06-09 18:00] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-10 13:06

==================== End of FRST.txt ============================

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Korak 1

Deinstaliraj:

Everything 1.3.4.686




Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

CHR StartupUrls: ferhghtatupisecoahick -> "hxxp://www.google.com/","hxxp://www.sweet-page.com/?type=hp&ts=1441146624&z=f93cec7ccc7f9865b5a5adag8z1z0gfg3z7q1q4caz&from=cor&uid=INTELXSSDSC2CW120A3_CVCV43020676120BGN","hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=A91B30EDC6AB47CF21CCEDD5AD6C52E3&v=20160114&ts=AHEpAnAnAH0pB0..","hxxp://www.mysites123.com/?type=hp&ts=1453570226&z=30496c5325ddbe647942aadg4z7w1ccw4m8e6oboeq&from=amt&uid=intelxssdsc2cw120a3_cvcv43020676120bgn","hxxp://www.youndoo.com/?z=770cde6a139c6ee09a5fca9g5zdq6m2w9qco2t1b1g&from=wak&uid=WDCXWD2500BEVS-26UST0_WD-WXE808AV0644V0644&type=hp"
R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-06] () [File not signed] <==== ATTENTION
C:\Program Files (x86)\Everything
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Korak 3

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Mara (2016-07-06 19:38:31) Run:1
Running from C:\Users\Mara\Desktop
Loaded Profiles: Mara (Available Profiles: Mara)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CHR StartupUrls: ferhghtatupisecoahick -> "hxxp://www.google.com/","hxxp://www.sweet-page.com/?type=hp&ts=1441146624&z=f93cec7ccc7f9865b5a5adag8z1z0gfg3z7q1q4caz&from=cor&uid=INTELXSSDSC2CW120A3_CVCV43020676120BGN","hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=A91B30EDC6AB47CF21CCEDD5AD6C52E3&v=20160114&ts=AHEpAnAnAH0pB0..","hxxp://www.mysites123.com/?type=hp&ts=1453570226&z=30496c5325ddbe647942aadg4z7w1ccw4m8e6oboeq&from=amt&uid=intelxssdsc2cw120a3_cvcv43020676120bgn","hxxp://www.youndoo.com/?z=770cde6a139c6ee09a5fca9g5zdq6m2w9qco2t1b1g&from=wak&uid=WDCXWD2500BEVS-26UST0_WD-WXE808AV0644V0644&type=hp"
R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-06] () [File not signed] <==== ATTENTION
C:\Program Files (x86)\Everything
EmptyTemp:
*****************

Chrome StartupUrls => removed successfully
Everything => service not found.
"C:\Program Files (x86)\Everything" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4488188 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 192118532 B
Edge => 0 B
Chrome => 1407013 B
Firefox => 9174717 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 82684 B
systemprofile32 => 148952 B
LocalService => 66228 B
NetworkService => 67476 B
Mara => 387777065 B

RecycleBin => 1089976162 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:39:10 ====
mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sada stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 07 Jul 2016 20:02

Čini mi se nešto bolje, mada i dalje na pojedinim sajtovima kao što je npr. Blic.rs i dalje dugo vrti, posluša komandu preko miša sa zakašnjenjem i takođe štuca (sa odlaganjem preskoči po pola stanice nadole ili nagore).
Zar je Blic.rs toliko zahtevan sajt da ovaj hardver ne može da ga prati? Ranije je mogao.

Dopuna: 07 Jul 2016 20:12

Kad je podignut samo Chrome, MyCity i Resource monitor, procesor je opterećen 30-60 odsto, a memorija 38 odsto. Da to nije malo mnogo? Tj. da ne radi nešto u pozadini?
Windows Update je isključen.

• 2Ovo se svidja korisnicima: cika_cajko, SlobaBgd
  
  Registruj se da bi pohvalio/la poruku!

Da se ubacim i ja, kad vidim da si spomenuo sajt Blica. Ni meni vec danima nece da ovori normalno. Vec stalno baguje, preskace, nekad ne otvara uopste. Ne znam sta je. Tako da nije samo kod tebe problem sa sajtom Blica.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pa oni se hvale da su laki i za telefone, a kako to da se muči na Win 7?!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi instalaciju za Malwarebytes Anti-Malware (MBAM) ver.2.0 i instaliraj aplikaciju.
Dvoklik na mbam-setup.exe i prati uputstva za instalaciju. Instalacija je klasicna, "Next > I Agree . . > Next > Install" princip. Po zavrsenoj instalaciji, klikni Finish.
Napomena: 14 dana besplatna trail verzija je pre-selektovana. Mozes decekirati ovu opciju ako zelis.

- Po prvom pokretanju, MBAM ce zapoceti "Update" u nameri da preuzme najsvezije definicije.
Ili ... klik na 'Update Now >>' link ili dugme radi preuzimanja svezih definicija.

• Konfigurisati skener; Na 'Settings' tabu, Detection and Protection podesiti sledece opcije:
1. pod-tab Detection Options, cekirati kucicu za 'Scan for rootkits';
2. pod-tab Non-Malware Protection, za 'PUP detections', prostarati se da je selektovana 'Threat detections as malware' opcija.



• Izvrsiti 'Threat Scan';
Klik na Scan tab, zatim na 'Scan Now >>' da bi izvrsio skeniranje.
Ukoliko MBAM prijavi da je 'update' dostupan, klik na 'Update Now' a potom nastaviti do skeniranja.
Obavestenje: kod nekih teskih infekcija, moguce je dobiti sledecu poruku "Could not load DDA driver". U tom slucaju, klik Yes na tu poruku, dopustiti ucitavanje drajvera po restartu racunara, dozvoliti restart.
Potom, nastaviti sa ostatkom instrukcija.

• Po zavrsenom skeniranju, klik na Apply Action dugme ukoliko je pretnja detektovana. Sacekati da program zatrazi restart!
- Klik na Yes na poruku koja govori da ce se sistem restartovati.



• Postaviti izvestaj (export-ovati logfile) na uvid;
Ponovo pokrenuti MBAM, klik na History tab > Application Logs. Dvoklik na 'Scan Log' koji pokazuje vreme i datum upravo izvrsenog skeniranja.
1. U novom prozoru klik na 'Export' dugme, pa izabrati 'Text file (*.txt)';
2. Kada se pojavi Save File dialog, izabrati da se log sacuva na Desktop.
U tom istom prozoru, dole pod File name: upisi 'mbam' kao naziv izvestaja i klikni dugme Save.

- Po dobijenoj poruci ("Your file has been successfully exported") izvestaj koji si nazvao kao 'mbam' bice sacuvan na Desktop.



Okaci mbam.txt uz poruku koristeci opciju Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

SIStem ti je čist. Ostaje ti još ovo da uradiš i to bi bilo to.




• Sledeća procedura će implementirati završno čišćenje.

Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.