youtv.link hijacker

1

youtv.link hijacker

offline
  • Pridružio: 03 Mar 2004
  • Poruke: 27

Napisano: 14 Sep 2016 12:53

Potrebna mi je pomoc za uklanjanje gore navedenog.Uvukao mi se u racunar koji je poceo da brlja. U brozerima postavlja kao prvu stranu svoj link, zacrni mi ceo ekran i ko zna sta jos.
Probao sam da ga sklonim sa nekoliko programa (UVK, Malwarebytes, a jedino ga je prepoznavao JRT , i sklanjao ga do prvog restarta a sada vise ni on ge ne izbacuje u log-u. , uvek se posle negog vremena vrati, cak i bez restarta.
Sa kablovskim internetom racunar je sa ruterom spojen kablom a brzina je 40 Mbit/s.
Pozdrav
P.S. Probao sam prikacim fajl.Nadam se da sam uspeo, jer nisam dobio potvrdu.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version 12-09-2016
Ran by Duca (administrator) on DUSAN (14-09-2016 124012)
Running from C\Users\Duca\Downloads
Loaded Profiles Duca (Available Profiles Duca & Gost)
Platform Microsoft Windows 10 Pro Version 1511 (X86) Language English (United States)
Internet Explorer Version 11 (Default browser Chrome)
Boot Mode Normal
Tutorial for Farbar Recovery Scan Tool http//www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C\Windows\System32\atiesrxx.exe
(AMD) C\Windows\System32\atieclxx.exe
(ABBYY) C\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
(Advanced Micro Devices, Inc.) C\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Microsoft Corporation) C\Program Files\Windows Defender\MsMpEng.exe
(DEVGURU Co., LTD.) C\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C\Program Files\Windows Defender\NisSrv.exe
(AVG Technologies CZ, s.r.o.) C\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(Google Inc.) C\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Realtek Semiconductor) C\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Adobe Systems Inc.) C\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(CANON INC.) C\Windows\System32\CNAB4RPK.EXE
(SEIKO EPSON CORPORATION) C\Program Files\Epson Software\Event Manager\EEventManager.exe
(Vodafone) C\Program Files\Vodafone\Vodafone Mobile Wi-Fi\Launcher.exe
(Power Software Ltd) C\Program Files\PowerISO\PWRISOVM.EXE
(AVG Technologies CZ, s.r.o.) C\Program Files\AVG\Framework\Common\avguix.exe
(A.E.T. Europe B.V.) C\Windows\System32\aetcrss1.exe
(Microsoft Corporation) C\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
() C\Users\Duca\AppData\Roaming\Microsoft\Windows\Preserve.exe
() C\ProgramData\dxb\dxb.exe
() C\Program Files\BancaIntesaTokenManager\BancaIntesaUser32.exe
() C\Program Files\BancaIntesaTokenManager\IntesaCertificateRemoval.exe
(Microsoft Corporation) C\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run [RTHDVCPL] => C\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12214528 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run [StartCCC] => C\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run [AdobeAAMUpdater-1.0] => C\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run [SwitchBoard] => C\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run [AdobeCS6ServiceManager] => C\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run [Bonus.SSR.FR10] => C\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe [939272 2009-10-07] (ABBYY.)
HKLM\...\Run [Adobe Acrobat Speed Launcher] => C\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run [Acrobat Assistant 8.0] => C\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run [jswtrayutil] => C\Program Files\TP-LINK\TP-LINK Wireless N Client Utility\jswtrayutil.exe [41045 2008-01-11] (TP-LINK TECHNOLOGIES CO., LTD.)
HKLM\...\Run [SunJavaUpdateSched] => "C\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\...\Run [EEventManager] => C\Program Files\Epson Software\Event Manager\EEventManager.exe [1065024 2014-06-10] (SEIKO EPSON CORPORATION)
HKLM\...\Run [VodafoneMobileWiFi] => C\Program Files\Vodafone\Vodafone Mobile Wi-Fi\Launcher.exe [145920 2014-03-11] (Vodafone)
HKLM\...\Run [PWRISOVM.EXE] => C\Program Files\PowerISO\PWRISOVM.EXE [418952 2016-02-10] (Power Software Ltd)
HKLM\...\Run [AvgUi] => C\Program Files\AVG\Framework\Common\avguirnx.exe [187152 2016-09-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run [CertificateRegistration] => C\WINDOWS\system32\aetcrss1.exe [151552 2011-11-10] (A.E.T. Europe B.V.)
HKLM\...\Run [Windows Mobile-based device management] => C\WINDOWS\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation)
Winlogon\Notify\ScCertProp wlnotify.dll [X]
Winlogon\Notify\SDWinLogon SDWinLogon.dll [X]
HKLM\...\Policies\Explorer [RestrictRun] 0
HKU\S-1-5-21-2887090629-3565977415-1312580217-1001\...\Run [OfficeSyncProcess] => C\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKU\S-1-5-21-2887090629-3565977415-1312580217-1001\...\Run [Win7Svc] => C\Users\Duca\AppData\Roaming\Microsoft\Windows\Preserve.exe [145112 2016-05-11] ()
HKU\S-1-5-21-2887090629-3565977415-1312580217-1001\...\Run [Kies3PDLR.exe] => C\Program Files\Samsung\Kies3\FirmwareUpdate\Kies3PDLR.exe [1023664 2016-03-25] (Samsung)
HKU\S-1-5-21-2887090629-3565977415-1312580217-1001\...\Run [dxb.exe] => C\ProgramData\dxb\dxb.exe [203619736 2016-06-23] ()
HKU\S-1-5-21-2887090629-3565977415-1312580217-1001\...\Policies\Explorer [RestrictRun] 0
HKU\S-1-5-21-2887090629-3565977415-1312580217-1001\...\MountPoints2 {dae29893-f02a-11e5-97ac-1c6f65878a2b} - "E\SetupWi-Fi.exe"
Startup C\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BancaIntesaUser32.lnk [2016-09-13]
ShortcutTarget BancaIntesaUser32.lnk -> C\Windows\Installer\{ABE1C302-7F4F-4FD4-9338-44B6CD5335AA}\_DA88A3036964794A23392E.exe ()
Startup C\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP2900 Status Window.lnk [2016-09-13]
ShortcutTarget Canon LBP2900 Status Window.lnk -> C\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE (CANON INC.)
Startup C\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IntesaCertificateRemoval.lnk [2016-09-13]
ShortcutTarget IntesaCertificateRemoval.lnk -> C\Windows\Installer\{ABE1C302-7F4F-4FD4-9338-44B6CD5335AA}\_68CB93303E0009434CEF6E.exe ()
Startup C\Users\Duca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Duca.lnk [2016-09-13]
ShortcutTarget Duca.lnk -> C\ProgramData\dxb\dxb.exe ()
CHR HKU\S-1-5-21-2887090629-3565977415-1312580217-1001\SOFTWARE\Policies\Google Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer [S-1-5-21-2887090629-3565977415-1312580217-1001] => http=;ftp=;https=;
AutoConfigURL [S-1-5-21-2887090629-3565977415-1312580217-1001] => http=;ftp=;https=;
Tcpip\Parameters [DhcpNameServer] 192.168.3.1
Tcpip\..\Interfaces\{33aea1dc-c2db-4194-8ec1-5f6c1edf6b1d} [DhcpNameServer] 192.168.3.1
Tcpip\..\Interfaces\{6ddcecfc-836e-4743-acc5-74f5b690a0f5} [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{7a83ca4d-c3c8-4bf9-a417-8f9b2581aad4} [DhcpNameServer] 192.168.3.1
Tcpip\..\Interfaces\{85cfe3a3-5b76-4d40-bc01-8c090cfa89fd} [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9d0139cc-4319-421a-8b50-803f74e6f177} [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{e0f428b9-746e-421d-b947-5d905a02dd7c} [DhcpNameServer] 192.168.0.1

Internet Explorer
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = aboutblank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com
HKU\S-1-5-21-2887090629-3565977415-1312580217-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com
HKU\S-1-5-21-2887090629-3565977415-1312580217-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com
HKU\S-1-5-21-2887090629-3565977415-1312580217-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//yourtv.link
SearchScopes HKU\S-1-5-21-2887090629-3565977415-1312580217-1001 -> DefaultScope {3} URL = hxxp//www.google.com/cse?cx=partner-pub-8036109189802438%3A7790813904&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.link%2F
SearchScopes HKU\S-1-5-21-2887090629-3565977415-1312580217-1001 -> {3} URL = hxxp//www.google.com/cse?cx=partner-pub-8036109189802438%3A7790813904&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.link%2F

FireFox
========
FF ProfilePath C\Users\Duca\AppData\Roaming\Mozilla\Firefox\Profiles\3jmsvjxa.default
FF SelectedSearchEngine Google
FF Homepage hxxp//yourtv.link
FF Plugin @adobe.com/FlashPlayer -> C\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-18] ()
FF Plugin @Google.com/GoogleEarthPlugin -> C\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin @google.com/npPicasa3,version=3.0.0 -> C\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin @java.com/DTPlugin,version=11.71.2 -> C\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-02-01] (Oracle Corporation)
FF Plugin @java.com/JavaPlugin,version=11.71.2 -> C\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-02-01] (Oracle Corporation)
FF Plugin @microsoft.com/OfficeAuthz,version=14.0 -> C\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin @microsoft.com/SharePoint,version=14.0 -> C\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin @microsoft.com/WLPG,version=16.4.3528.0331 -> C\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin @tools.google.com/Google Update;version=3 -> C\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin @tools.google.com/Google Update;version=9 -> C\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF SearchPlugin C\Users\Duca\AppData\Roaming\Mozilla\Firefox\Profiles\3jmsvjxa.default\searchplugins\Google .xml [2016-09-14]

Chrome
=======
CHR Profile C\Users\Duca\AppData\Local\Google\Chrome\User Data\Default
CHR Extension (Плаћања у Chrome веб-продавници) - C\Users\Duca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-13]
CHR Extension (Chrome Media Router) - C\Users\Duca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Professional.10.0; C\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [809736 2009-09-29] (ABBYY)
R2 AMD FUEL Service; C\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 avgsvc; C\Program Files\AVG\Framework\Common\avgsvcx.exe [911120 2016-09-07] (AVG Technologies CZ, s.r.o.)
S2 ES lite Service; C\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
S3 FLEXnet Licensing Service; C\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2015-04-01] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 jswpsapi; C\Program Files\TP-LINK\TP-LINK Wireless N Client Utility\jswpsapi.exe [937984 2008-01-11] (TP-LINK TECHNOLOGIES CO., LTD.) [File not signed]
S2 KMSServerService; C\Windows\KMSServerService\KMS Server Service.exe [211968 2015-07-25] (My Digital Life Forums) [File not signed]
R2 ss_conn_service; C\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 SwitchBoard; C\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TuneUp.UtilitiesSvc; C\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [3941648 2016-08-19] (AVG Technologies CZ, s.r.o.)
R3 WdNisSvc; C\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C\Program Files\Windows Defender\MsMpEng.exe [23264 2016-07-01] (Microsoft Corporation)
S3 WsAppService; C\Program Files\Wondershare\WAF\WsAppService.exe [252816 2015-04-30] (Wondershare)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
S3 arusb_win7; C\WINDOWS\system32\DRIVERS\arusb_win7.sys [612352 2010-02-23] (Atheros Communications, Inc.)
R3 athr; C\WINDOWS\System32\drivers\athwn.sys [3205632 2015-10-30] (Qualcomm Atheros Communications, Inc.)
S3 athur; C\WINDOWS\System32\drivers\athur.sys [1500160 2010-01-05] (Atheros Communications, Inc.)
R3 cxbu0wdm; C\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [125048 2014-05-14] (HID Global Corporation)
S3 dg_ssudbus; C\WINDOWS\system32\DRIVERS\ssudbus.sys [108032 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 gdrv; C\Windows\gdrv.sys [17488 2016-09-14] (Windows (R) 2000 DDK provider)
R3 i8042HDR; C\WINDOWS\system32\DRIVERS\i8042HDR.sys [13224 2006-10-20] (Chicony)
R1 MpKslc335dd3a; C\ProgramData\Microsoft\Windows Defender\Definition Updates\{E849D84E-ADEF-4EAA-AEAD-BAECE0432C48}\MpKslc335dd3a.sys [39168 2016-09-14] (Microsoft Corporation)
R0 PxHelp20; C\WINDOWS\System32\DRIVERS\PxHelp20.sys [20016 2004-05-07] (Sonic Solutions) [File not signed]
R3 rt640x86; C\WINDOWS\System32\drivers\rt640x86.sys [494080 2015-10-30] (Realtek )
R1 SCDEmu; C\WINDOWS\system32\Drivers\SCDEmu.sys [123952 2016-02-10] (Power Software Ltd)
S3 ssudmdm; C\WINDOWS\system32\DRIVERS\ssudmdm.sys [199936 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 TuneUpUtilitiesDrv; C\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [31792 2016-03-29] (AVG Netherlands B.V.)
S3 usbrndis6; C\WINDOWS\System32\drivers\usb80236.sys [16384 2015-10-30] (Microsoft Corporation)
S0 WdBoot; C\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C\WINDOWS\System32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
S3 WUDFWpdMtp; C\WINDOWS\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-14 1240 - 2016-09-14 1240 - 00016653 _____ C\Users\Duca\Downloads\FRST.txt
2016-09-14 1239 - 2016-09-14 1240 - 00000000 ____D C\FRST
2016-09-14 1238 - 2016-09-14 1239 - 01748992 _____ (Farbar) C\Users\Duca\Downloads\FRST.exe
2016-09-14 1223 - 2016-09-14 1223 - 00000618 _____ C\Users\Duca\Desktop\JRT 2.txt
2016-09-14 1152 - 2016-09-14 1204 - 00000000 ____D C\Program Files\Plumbytes Software
2016-09-14 1152 - 2016-09-14 1202 - 00000000 ____D C\Users\Duca\AppData\Local\{698D0BA5-6E4B-44BD-9F9A-AA32F2E98D9A}
2016-09-14 1151 - 2016-09-14 1152 - 00582416 _____ (Plumbytes Software) C\Users\Duca\Downloads\pb-remover.exe
2016-09-14 0921 - 2016-09-14 0921 - 00002088 _____ C\Users\Duca\Downloads\Sertifikati_Banke.zip
2016-09-13 2230 - 2016-09-13 2230 - 00017053 _____ C\Users\Duca\Downloads\[limetorrents.cc]Star.Trek.Beyond.2016.HDTS.HC.x264.AAC-iidvd.torrent
2016-09-13 2215 - 2016-09-13 2215 - 00023270 _____ C\Users\Duca\Downloads\92E8A3ABD9BB3FE95350C88705F1450DE18C5407.torrent
2016-09-13 2215 - 2016-09-13 2215 - 00023017 _____ C\Users\Duca\Downloads\The Raid 2 (2014) [720p] [YTS.AG].torrent
2016-09-13 2207 - 2016-09-13 2207 - 00011343 _____ C\Users\Duca\Downloads\[rutor.is]H0Bye.PyCCk1e.2015.WEB-DLRip-AVC.by.White_Smoke.torrent
2016-09-13 2205 - 2016-09-13 2205 - 00019182 _____ C\Users\Duca\Downloads\[rutor.is]Barmen.2015.DVDRip.Kaztorrents.mp4.torrent
2016-09-13 2203 - 2016-09-13 2203 - 00015669 _____ C\Users\Duca\Downloads\[rutor.is]Mafiya.Igra.na.vyzhivanie.2016.RUS.BDRip.XviD.A.torrent
2016-09-13 2202 - 2016-09-13 2202 - 00015579 _____ C\Users\Duca\Downloads\[new-rutor.org]Bez.granic.2015.WEB.DLRip.ot.Scarabey.iTunes.torrent
2016-09-13 2200 - 2016-09-13 2200 - 00015447 _____ C\Users\Duca\Downloads\[rutracker.org].t5158527.torrent
2016-09-13 2145 - 2016-09-13 2145 - 00000000 ____D C\ProgramData\FLEXnet
2016-09-13 1815 - 2016-09-13 1819 - 00000000 ____D C\AdwCleaner
2016-09-13 1805 - 2016-09-13 1805 - 00256476 _____ C\TDSSKiller.3.1.0.11_13.09.2016_18.05.12_log.txt
2016-09-13 1804 - 2016-09-13 1804 - 00000364 _____ C\TDSSKiller.3.1.0.9_13.09.2016_18.04.30_log.txt
2016-09-13 1804 - 2016-09-13 1804 - 00000364 _____ C\TDSSKiller.3.1.0.9_13.09.2016_18.04.15_log.txt
2016-09-13 1759 - 2016-09-13 1759 - 00000000 ____D C\ProgramData\Microsoft\Windows\Start Menu\Programs\UVK - Ultra Virus Killer
2016-09-13 1450 - 2016-09-13 1450 - 00000262 _____ C\Users\Duca\Desktop\YOURTV.LINK.txt
2016-09-13 1449 - 2016-09-14 0908 - 00170200 _____ (Malwarebytes) C\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-13 1449 - 2016-09-13 1449 - 00000000 ____D C\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-13 1449 - 2016-09-13 1449 - 00000000 ____D C\ProgramData\Malwarebytes
2016-09-13 1449 - 2016-09-13 1449 - 00000000 ____D C\Program Files\Malwarebytes Anti-Malware
2016-09-13 1449 - 2016-03-10 1409 - 00053120 _____ (Malwarebytes Corporation) C\WINDOWS\system32\Drivers\mwac.sys
2016-09-13 1449 - 2016-03-10 1408 - 00126336 _____ (Malwarebytes) C\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-13 1449 - 2016-03-10 1408 - 00024448 _____ (Malwarebytes) C\WINDOWS\system32\Drivers\mbam.sys
2016-09-13 1447 - 2016-09-13 1447 - 03516080 _____ (Enigma Software Group USA, LLC.) C\Users\Duca\Downloads\SpyHunter-Installer.exe
2016-09-13 1405 - 2016-09-13 1405 - 02030536 _____ (Bleeping Computer, LLC) C\Users\Duca\Downloads\rkill.com
2016-09-13 1356 - 2016-09-13 1357 - 66721408 _____ C\Users\Duca\Downloads\gsam-3.0.55-setup.exe
2016-09-13 1247 - 2016-09-13 1247 - 01104336 _____ C\Users\Duca\Downloads\Setup-GSAntiMal-VRGC.exe
2016-09-13 1245 - 2016-09-13 1245 - 00000000 ____D C\ProgramData\GridinSoft
2016-09-13 1244 - 2016-09-13 1509 - 00000000 ____D C\Program Files\GridinSoft Anti-Malware
2016-09-13 1244 - 2016-09-13 1244 - 01291216 _____ (GridinSoft LLC) C\Users\Duca\Downloads\setup-antimalware.exe
2016-09-13 1234 - 2016-09-13 1234 - 01104336 _____ C\Users\Duca\Downloads\3B70.tmp
2016-09-13 1213 - 2016-09-13 1214 - 00258336 _____ C\TDSSKiller.3.1.0.11_13.09.2016_12.13.53_log.txt
2016-09-13 1211 - 2016-09-13 1212 - 00000364 _____ C\TDSSKiller.3.1.0.9_13.09.2016_12.11.58_log.txt
2016-09-13 1211 - 2016-09-13 1211 - 00000364 _____ C\TDSSKiller.3.1.0.9_13.09.2016_12.11.29_log.txt
2016-09-13 1159 - 2016-09-13 1159 - 00000000 ____D C\searchplugins
2016-09-11 2257 - 2016-09-11 2257 - 08227032 _____ (Piriform Ltd) C\Users\Duca\Downloads\ccsetup521.exe
2016-09-11 0954 - 2016-09-11 0954 - 00972009 _____ C\Users\Duca\Downloads\1191020_KonkursnaDokumentacija.pdf
2016-09-10 1226 - 2016-09-10 1226 - 00000000 ____D C\Users\Duca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-09-09 1809 - 2016-09-09 1809 - 00972009 _____ C\Users\Duca\Downloads\1540-8 KONKURSNA DOKUMENTACIJA ULAZNICE ZA KULTRUNE DOGADJAJE Portal Javnih nabavki .pdf
2016-09-09 1710 - 2016-09-12 1441 - 00000000 ____D C\Users\Duca\Desktop\JN
2016-09-08 1648 - 2016-09-08 1648 - 00576753 _____ C\Users\Duca\Downloads\1187500_ObavestenjeOPokretanjuPregovarackogPostupkuBezPoziva.pdf
2016-09-08 1110 - 2016-09-08 1110 - 01349790 _____ C\Users\Duca\Downloads\1163623_DodelaUgovora.pdf
2016-09-07 2246 - 2016-09-07 2246 - 00681126 _____ C\Users\Duca\Downloads\20160902144914.pdf
2016-09-07 0952 - 2016-09-07 0952 - 01077472 _____ C\Users\Duca\Downloads\1174744_DodelaUgovora (2).pdf
2016-09-07 0951 - 2016-09-07 0951 - 02071540 _____ C\Users\Duca\Downloads\1184645_ObavestenjeOZakljucenomUgovoru.pdf
2016-09-07 0951 - 2016-09-07 0951 - 01286284 _____ C\Users\Duca\Downloads\1184646_ObavestenjeOZakljucenomUgovoru.pdf
2016-09-06 1004 - 2016-09-06 1004 - 01077472 _____ C\Users\Duca\Downloads\1174744_DodelaUgovora (1).pdf
2016-09-06 1004 - 2016-09-06 1004 - 00217575 _____ C\Users\Duca\Downloads\1182880_OdlukaOObustaviPostupka.pdf
2016-09-05 1348 - 2016-09-05 1348 - 00097370 _____ C\Users\Duca\Downloads\rPlanJnIzob (1).pdf
2016-09-05 1030 - 2016-09-05 1030 - 00389864 _____ C\Users\Duca\Downloads\Potvrda o izvrsenoj registraciji Balkan Art.pdf
2016-09-04 1250 - 2016-09-04 1250 - 00012418 _____ C\Users\Duca\Downloads\B194C6C2CB05B298ACB3A06D2EBA00068DA8FBED.torrent
2016-09-04 1246 - 2016-09-04 1246 - 00020293 _____ C\Users\Duca\Downloads\4859F69B48A44593E4BFDB8436B8C4AEED67D068.torrent
2016-09-03 1240 - 2016-09-03 1240 - 01945757 _____ C\Users\Duca\Downloads\1180999_ObavestenjeOZakljucenomUgovoru.pdf
2016-09-03 1238 - 2016-09-03 1238 - 00601376 _____ C\Users\Duca\Downloads\1159193_DodelaUgovora (2).pdf
2016-09-03 1234 - 2016-09-03 1234 - 00658735 _____ C\Users\Duca\Downloads\1163135_DodelaUgovora (1).pdf
2016-09-03 1234 - 2016-09-03 1234 - 00601376 _____ C\Users\Duca\Downloads\1159193_DodelaUgovora (1).pdf
2016-09-02 1623 - 2016-09-02 1623 - 00015731 _____ C\Users\Duca\Downloads\A65B23ED8FBDFE87AAE2782546EB19B4383A31DA.torrent
2016-09-02 1537 - 2016-09-02 1538 - 00022347 _____ C\Users\Duca\Downloads\Captain America- Civil War (2016) [720p] [YTS.AG].torrent
2016-09-02 1211 - 2016-09-02 1211 - 01737227 _____ C\Users\Duca\Downloads\Hor RTS ugovor Negotin Mokranjcevi dani.pdf
2016-09-02 1210 - 2016-09-02 1210 - 01760680 _____ C\Users\Duca\Downloads\1177611_ObavestenjeOZakljucenomUgovoru.pdf
2016-09-02 1209 - 2016-09-02 1209 - 00550060 _____ C\Users\Duca\Downloads\1170412_ObavestenjeOZakljucenomUgovoru.pdf
2016-09-02 1209 - 2016-09-02 1209 - 00550058 _____ C\Users\Duca\Downloads\1170407_ObavestenjeOZakljucenomUgovoru.pdf
2016-09-02 1209 - 2016-09-02 1209 - 00549546 _____ C\Users\Duca\Downloads\1170408_ObavestenjeOZakljucenomUgovoru.pdf
2016-09-02 1209 - 2016-09-02 1209 - 00548294 _____ C\Users\Duca\Downloads\1170413_ObavestenjeOZakljucenomUgovoru.pdf
2016-09-02 1209 - 2016-09-02 1209 - 00548127 _____ C\Users\Duca\Downloads\1170409_ObavestenjeOZakljucenomUgovoru.pdf
2016-09-02 1209 - 2016-09-02 1209 - 00547932 _____ C\Users\Duca\Downloads\1170411_ObavestenjeOZakljucenomUgovoru.pdf
2016-09-02 1209 - 2016-09-02 1209 - 00547931 _____ C\Users\Duca\Downloads\1170410_ObavestenjeOZakljucenomUgovoru.pdf
2016-09-02 1126 - 2016-09-02 1126 - 00000000 ____D C\Users\Duca\AppData\Local\A.E.T. Europe B.V
2016-09-02 1125 - 2016-09-02 1125 - 00000000 ____D C\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeSign Standard
2016-09-02 1125 - 2016-09-02 1125 - 00000000 ____D C\ProgramData\A.E.T. Europe B.V
2016-09-02 1125 - 2016-09-02 1125 - 00000000 ____D C\Program Files\A.E.T. Europe B.V
2016-09-02 1121 - 2016-09-02 1121 - 00000000 ____D C\Users\Duca\AppData\Roaming\TeamViewer
2016-09-02 1120 - 2016-09-02 1120 - 10883912 _____ (TeamViewer GmbH) C\Users\Duca\Downloads\TeamViewer_Setup_sr.exe
2016-09-01 2259 - 2016-09-01 2259 - 00051550 _____ C\Users\Duca\Downloads\B58A67FB7872A0540E929C17C45662FD07CAA672.torrent
2016-09-01 1444 - 2016-09-01 1444 - 01876606 _____ C\Users\Duca\Downloads\tim_yvonne_com_mikemercury_ramps2_htm.pdf
2016-09-01 1444 - 2016-09-01 1444 - 01876606 _____ C\Users\Duca\Downloads\tim_yvonne_com_mikemercury_ramps2_htm (1).pdf
2016-09-01 1406 - 2016-09-01 1406 - 01077472 _____ C\Users\Duca\Downloads\1174744_DodelaUgovora.pdf
2016-09-01 1325 - 2016-09-01 1325 - 00214777 _____ C\Users\Duca\Downloads\www_pinterest_com_pin_399201954447802427.pdf
2016-09-01 1325 - 2016-09-01 1325 - 00214103 _____ C\Users\Duca\Downloads\www_pinterest_com_pin_3992019ll54447802427.pdf
2016-09-01 1137 - 2016-09-01 1137 - 00744250 _____ C\Users\Duca\Downloads\inhabitat_com_fakros_innovative_windows_transform_into_an_ai.pdf
2016-09-01 1042 - 2016-09-01 1042 - 03769252 _____ C\Users\Duca\Downloads\tinyhouseblog_com_timber_frame_seattles_timber_frame_fabcab.pdf
2016-08-29 1540 - 2016-08-29 1540 - 00009885 _____ C\Users\Duca\Downloads\Snowpiercer (2013) [720p] [YTS.AG].torrent
2016-08-29 1537 - 2016-08-29 1537 - 00008247 _____ C\Users\Duca\Downloads\Blue Jasmine (2013) [720p] [YTS.AG].torrent
2016-08-29 1536 - 2016-08-29 1536 - 00009923 _____ C\Users\Duca\Downloads\The Butler (2013) [720p] [YTS.AG].torrent
2016-08-29 1536 - 2016-08-29 1536 - 00008745 _____ C\Users\Duca\Downloads\Last Vegas (2013) [720p] [YTS.AG].torrent
2016-08-29 1504 - 2016-08-29 1504 - 00008185 _____ C\Users\Duca\Downloads\The Croods (2013) [720p] [YTS.AG].torrent
2016-08-29 1235 - 2016-08-29 1235 - 00014443 _____ C\Users\Duca\Downloads\The Secret World of Arrietty (2010) [720p] [YTS.AG].torrent
2016-08-27 1346 - 2016-08-27 1346 - 01192911 _____ C\Users\Duca\Downloads\Blace zdravko Colic.pdf
2016-08-27 1345 - 2016-08-27 1345 - 01189407 _____ C\Users\Duca\Downloads\1131872_DodelaUgovora.pdf
2016-08-27 1345 - 2016-08-27 1345 - 01189407 _____ C\Users\Duca\Downloads\1131872_DodelaUgovora (1).pdf
2016-08-27 1345 - 2016-08-27 1345 - 00353192 _____ C\Users\Duca\Downloads\1163621_ObavestenjeOPokretanjuPregovarackogPostupkuBezPoziva.pdf
2016-08-27 1344 - 2016-08-27 1344 - 00603277 _____ C\Users\Duca\Downloads\Partija 2 DodelaUgovora PTT.pdf
2016-08-27 1341 - 2016-08-27 1341 - 00658735 _____ C\Users\Duca\Downloads\1163135_DodelaUgovora.pdf
2016-08-27 1341 - 2016-08-27 1341 - 00601376 _____ C\Users\Duca\Downloads\1159193_DodelaUgovora.pdf
2016-08-25 1526 - 2016-08-25 1526 - 00144455 _____ C\Users\Duca\Downloads\received_10208651139650839.jpeg
2016-08-24 1638 - 2016-08-24 1638 - 01019129 _____ C\Users\Duca\Downloads\treehouses_com_joomla_index_php_construction_treehouse_platf.pdf
2016-08-24 1636 - 2016-08-24 1636 - 01048433 _____ C\Users\Duca\Downloads\treehouses_com_joomla_index_php_construction_garnier_limb_pa.pdf
2016-08-24 1633 - 2016-08-24 1633 - 00547000 _____ C\Users\Duca\Downloads\minimalissimo_com_little_house_big_terrace.pdf
2016-08-24 1352 - 2016-08-24 1352 - 00386615 _____ C\Users\Duca\Downloads\1156749_DodelaUgovora.pdf
2016-08-23 1830 - 2016-08-23 1830 - 01227865 _____ C\Users\Duca\Downloads\Veliko Gospojinski dani - Novi Becej.pdf
2016-08-23 1829 - 2016-08-23 1829 - 01223819 _____ C\Users\Duca\Downloads\1138501_DodelaUgovora.pdf
2016-08-22 1529 - 2016-08-22 1529 - 00013862 _____ C\Users\Duca\Downloads\Year One (2009) [720p] [YTS.AG].torrent
2016-08-22 1019 - 2016-08-22 1019 - 00618855 _____ C\Users\Duca\Downloads\1153946_ObavestenjeOZakljucenomUgovoru.pdf
2016-08-19 0017 - 2016-08-19 0017 - 02651076 _____ C\Users\Duca\Downloads\PH Ranger.pdf
2016-08-19 0016 - 2016-08-19 0016 - 01671525 _____ C\Users\Duca\Downloads\Ford-Ranger-22Mar2016-eBrochure.pdf
2016-08-19 0006 - 2016-08-19 0006 - 01849584 _____ C\Users\Duca\Downloads\Ford-Everest-20Jan2016-eBrochure (1).pdf
2016-08-19 0004 - 2016-08-19 0004 - 01849584 _____ C\Users\Duca\Downloads\Ford-Everest-20Jan2016-eBrochure.pdf
2016-08-18 1259 - 2016-08-18 1259 - 00534326 _____ C\Users\Duca\Downloads\1149729_DodelaUgovora.pdf
2016-08-18 0859 - 2016-08-18 0859 - 00000000 ____D C\Users\Gost\AppData\Roaming\Skype
2016-08-17 2121 - 2016-09-13 1510 - 00001064 _____ C\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-08-17 2121 - 2016-08-21 1015 - 00000000 ____D C\Users\Duca\AppData\Roaming\Audacity
2016-08-17 2120 - 2016-08-17 2121 - 00000000 ____D C\Program Files\Audacity
2016-08-17 1227 - 2016-08-17 1227 - 00371297 _____ C\Users\Duca\Downloads\1146611_DodelaUgovora.pdf
2016-08-17 1226 - 2016-08-17 1226 - 00284436 _____ C\Users\Duca\Downloads\Ja pevam svoj bluz - Pozega.PDF
2016-08-16 1219 - 2016-08-16 1219 - 00166289 _____ C\Users\Duca\Downloads\uredba pau alci.pdf
2016-08-15 2344 - 2016-08-15 2345 - 12917099 _____ C\Users\Duca\Downloads\Monografija_24._kl_VA_KoV_-_komplet_klas.pdf
2016-08-15 1634 - 2016-08-15 1634 - 00528568 _____ C\Users\Duca\Downloads\1142328_DodelaUgovora.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-14 1235 - 2015-10-30 0739 - 00000000 ____D C\WINDOWS\CbsTemp
2016-09-14 1234 - 2015-10-30 0748 - 00000000 ____D C\WINDOWS\system32\appraiser
2016-09-14 1233 - 2015-02-16 2207 - 00000000 ____D C\WINDOWS\system32\MRT
2016-09-14 1228 - 2015-10-30 0858 - 00000000 ____D C\WINDOWS\ShellNew
2016-09-14 1228 - 2015-02-16 2207 - 141747376 ____C (Microsoft Corporation) C\WINDOWS\system32\MRT.exe
2016-09-14 1227 - 2015-10-30 0747 - 00000000 ____D C\WINDOWS\INF
2016-09-14 1158 - 2015-02-16 2113 - 00000896 _____ C\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-14 1139 - 2016-08-03 1125 - 00002822 __RSH C\Users\Duca\ntuser.pol
2016-09-14 1139 - 2015-11-30 1005 - 00000000 ____D C\Users\Duca
2016-09-14 1139 - 2015-02-17 1258 - 00000000 __SHD C\ProgramData\Mozilla
2016-09-14 1026 - 2015-08-06 1248 - 00879220 _____ C\WINDOWS\system32\PerfStringBackup.INI
2016-09-14 1025 - 2015-10-30 0748 - 00000000 ____D C\WINDOWS\AppReadiness
2016-09-14 0923 - 2015-11-30 1307 - 00000000 ____D C\Users\Duca\AppData\Local\Deployment
2016-09-14 0917 - 2015-02-16 2113 - 00000892 _____ C\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-14 0916 - 2015-11-30 1011 - 00000006 ____H C\WINDOWS\Tasks\SA.DAT
2016-09-14 0916 - 2015-10-30 0713 - 00524288 ___SH C\WINDOWS\system32\config\BBI
2016-09-14 0916 - 2015-02-17 1550 - 00017488 _____ (Windows (R) 2000 DDK provider) C\WINDOWS\gdrv.sys
2016-09-14 0904 - 2015-03-16 2113 - 00000000 ____D C\Users\Duca\Desktop\Win alarm kopija podaci
2016-09-14 0859 - 2015-03-17 0820 - 00002234 _____ C\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-13 2218 - 2015-03-15 1657 - 00000000 ____D C\Users\Duca\AppData\Local\Microsoft Help
2016-09-13 2132 - 2015-02-17 1028 - 00000000 ____D C\Users\Duca\AppData\Roaming\MPC-HC
2016-09-13 1759 - 2016-06-01 2105 - 00000000 ____D C\Program Files\UVK - Ultra Virus Killer
2016-09-13 1516 - 2015-10-30 0748 - 00000000 ___HD C\Program Files\WindowsApps
2016-09-13 1510 - 2016-07-11 2009 - 00000907 _____ C\Users\Public\Desktop\AVG.lnk
2016-09-13 1510 - 2016-06-10 1949 - 00002219 _____ C\Users\Duca\Desktop\Minecraft.lnk
2016-09-13 1510 - 2016-06-10 1146 - 00001247 _____ C\Users\Duca\Desktop\Format Factory.lnk
2016-09-13 1510 - 2016-05-20 2109 - 00002476 _____ C\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2016-09-13 1510 - 2015-12-31 1703 - 00001076 _____ C\Users\Duca\Desktop\CDisplayEx.lnk
2016-09-13 1510 - 2015-12-26 2205 - 00001052 _____ C\Users\Duca\Desktop\GonVisor.lnk
2016-09-13 1510 - 2015-11-30 1008 - 00001544 _____ C\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-13 1510 - 2015-11-15 2245 - 00002034 _____ C\ProgramData\Microsoft\Windows\Start Menu\Program Updates.lnk
2016-09-13 1510 - 2015-08-06 1317 - 00001041 _____ C\Users\Duca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opcionalne funkcije.lnk
2016-09-13 1510 - 2015-08-06 1255 - 00002413 _____ C\Users\Duca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-13 1510 - 2015-06-02 1030 - 00002148 _____ C\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-09-13 1510 - 2015-04-02 1707 - 00000678 _____ C\Users\Duca\Desktop\Desk top.lnk
2016-09-13 1510 - 2015-04-01 1044 - 00002481 _____ C\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
2016-09-13 1510 - 2015-04-01 1044 - 00002469 _____ C\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Pro.lnk
2016-09-13 1510 - 2015-04-01 1044 - 00002175 _____ C\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle Designer ES 8.2.lnk
2016-09-13 1510 - 2015-03-22 1726 - 00000766 _____ C\Users\Duca\Desktop\Alati - prečica.lnk
2016-09-13 1510 - 2015-03-22 1417 - 00000691 _____ C\Users\Duca\Desktop\Pokupljeno - prečica.lnk
2016-09-13 1510 - 2015-03-22 1408 - 00001434 _____ C\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-09-13 1510 - 2015-03-22 1408 - 00001350 _____ C\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-09-13 1510 - 2015-03-22 1408 - 00001281 _____ C\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-09-13 1510 - 2015-03-17 1859 - 00000436 _____ C\Users\Duca\Desktop\Računar.lnk
2016-09-13 1510 - 2015-03-15 2157 - 00000652 _____ C\Users\Duca\Desktop\Vesna - 1.lnk
2016-09-13 1510 - 2015-03-15 1907 - 00001839 _____ C\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2016-09-13 1510 - 2015-03-15 1903 - 00001169 _____ C\ProgramData\Microsoft\Windows\Start Menu\RadiAnt DICOM Viewer (32-bit).lnk
2016-09-13 1510 - 2015-02-17 1258 - 00001133 _____ C\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-09-13 1510 - 2015-02-17 1232 - 00000639 _____ C\Users\Duca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
2016-09-13 1510 - 2015-02-16 2035 - 00001185 _____ C\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
2016-09-13 1510 - 2015-02-16 2035 - 00001147 _____ C\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2016-09-13 1510 - 2015-02-16 2034 - 00001501 _____ C\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2016-09-13 1510 - 2015-02-16 2034 - 00001331 _____ C\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2016-09-13 1507 - 2015-03-22 1408 - 00000000 ____D C\Users\Duca\Desktop\Pozivi programa
2016-09-13 1314 - 2016-01-30 1057 - 00000000 ____D C\WINDOWS\WindowsMobile
2016-09-13 1314 - 2015-03-15 1808 - 00000000 ____D C\WINDOWS\system32\appmgmt
2016-09-13 1243 - 2016-06-10 1828 - 00000000 ____D C\Users\Duca\AppData\Roaming\dvdcss
2016-09-13 1243 - 2015-03-25 1416 - 00000000 ____D C\Users\Duca\.dvdcss
2016-09-13 1243 - 2015-03-17 1858 - 00000000 ____D C\Users\Duca\AppData\Roaming\ClassicShell
2016-09-13 1243 - 2015-03-17 1858 - 00000000 ____D C\ProgramData\ClassicShell
2016-09-13 1243 - 2015-02-17 1048 - 00000000 ____D C\Users\Duca\AppData\Roaming\Skype
2016-09-13 1242 - 2016-05-15 2115 - 00000000 ____D C\$WINDOWS.~BT
2016-09-13 0921 - 2016-04-19 2010 - 00000000 ____D C\Users\Gost\AppData\Local\Packages
2016-09-12 1356 - 2015-05-15 2200 - 00000000 ____D C\Users\Duca\Downloads\Documents\Datoteke programa Outlook
2016-09-10 1226 - 2016-06-10 1949 - 00000000 ____D C\Users\Duca\AppData\Roaming\.minecraft
2016-09-07 0300 - 2015-10-30 0749 - 00828408 _____ (Adobe Systems Incorporated) C\WINDOWS\system32\FlashPlayerApp.exe
2016-09-07 0300 - 2015-10-30 0749 - 00176632 _____ (Adobe Systems Incorporated) C\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-09-04 1351 - 2016-04-19 2010 - 00000000 ____D C\Users\Gost\AppData\Local\Google
2016-08-19 1636 - 2016-05-20 2109 - 00049936 _____ (AVG Technologies CZ, s.r.o.) C\WINDOWS\system32\TURegOpt.exe
2016-08-18 1250 - 2015-04-03 1946 - 00000000 ___RD C\Users\Duca\OneDrive
2016-08-18 0900 - 2016-04-19 2011 - 00002425 _____ C\Users\Gost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-18 0900 - 2016-04-19 2011 - 00000000 ___RD C\Users\Gost\OneDrive
2016-08-17 2218 - 2016-07-27 2154 - 00000000 ____D C\Users\Duca\Desktop\Adobe Premiere Pro CS6
2016-08-17 2152 - 2015-12-31 1703 - 00000000 ____D C\Users\Duca\AppData\Roaming\CDisplayEx
2016-08-16 1245 - 2016-07-24 1006 - 00000000 ____D C\Users\Duca\Desktop\Grcka 2016
2016-08-15 2322 - 2016-06-11 1008 - 00000495 _____ C\Users\Gost\Desktop\Ljubica muyika rodj.txt

==================== Files in the root of some directories =======

2015-08-23 2033 - 2015-08-23 2033 - 0000000 _____ () C\Program Files\Spybot - Search & Destroy 2
2015-08-23 2033 - 2015-08-23 2033 - 0000000 _____ () C\Program Files\Common Files\AMD
2015-05-14 1748 - 2016-07-26 1048 - 0001291 _____ () C\Users\Duca\AppData\Roaming\burnaware.ini
2015-02-16 2217 - 2015-11-29 2226 - 0007628 _____ () C\Users\Duca\AppData\Local\resmon.resmoncfg
2015-11-30 1004 - 2015-11-30 1004 - 0000000 ____H () C\ProgramData\DP45977C.lfl
2015-03-16 1521 - 2015-03-16 1521 - 0000202 _____ () C\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP
====================
C\Users\Duca\AppData\Local\Temp\libeay32.dll
C\Users\Duca\AppData\Local\Temp\sqlite3.dll
C\Users\Duca\AppData\Local\Temp\UVK Setup.exe
C\Users\Gost\AppData\Local\Temp\avguirn_081001709888.exe
C\Users\Gost\AppData\Local\Temp\avguirn_081816598924.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C\WINDOWS\explorer.exe => File is digitally signed
C\WINDOWS\system32\winlogon.exe => File is digitally signed
C\WINDOWS\system32\wininit.exe => File is digitally signed
C\WINDOWS\system32\svchost.exe => File is digitally signed
C\WINDOWS\system32\services.exe => File is digitally signed
C\WINDOWS\system32\User32.dll => File is digitally signed
C\WINDOWS\system32\userinit.exe => File is digitally signed
C\WINDOWS\system32\rpcss.dll => File is digitally signed
C\WINDOWS\system32\dnsapi.dll => File is digitally signed
C\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack 2016-09-06 1152

==================== End of FRST.txt ============================

http//fotkica.com/uploads2N/1175_657700004_JRT%202.txt

http//fotkica.com/uploads2N/1175_1379416303_Addition.txt

http//fotkica.com/uploads2N/1175_1913731275_JRT%202.txt

Dopuna: 14 Sep 2016 12:56

Zaboravih da zakacim i prvi scan od JRT -a.
Smile

Dopuna: 14 Sep 2016 12:56

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10519
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Možeš li da prikačiš uz poruku FRST.txt jer u FRST izvještaju nedostaju određeni simboli?

offline
  • Pridružio: 03 Mar 2004
  • Poruke: 27

Naravno...izvoli...
mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10519
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

CreateRestorePoint:
() C:\Users\Duca\AppData\Roaming\Microsoft\Windows\Preserve.exe
() C:\ProgramData\dxb\dxb.exe
Startup: C:\Users\Duca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Duca.lnk [2016-09-13]
ShortcutTarget: Duca.lnk -> C:\ProgramData\dxb\dxb.exe ()
HKU\S-1-5-21-2887090629-3565977415-1312580217-1001\...\Run: [dxb.exe] => C:\ProgramData\dxb\dxb.exe [203619736 2016-06-23] ()
CHR HKU\S-1-5-21-2887090629-3565977415-1312580217-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Homepage: hxxp://yourtv.link
FF SearchPlugin: C:\Users\Duca\AppData\Roaming\Mozilla\Firefox\Profiles\3jmsvjxa.default\searchplugins\Google .xml [2016-09-14]
C:\Users\Duca\AppData\Roaming\Microsoft\Windows\Preserve.exe
C:\ProgramData\dxb
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

offline
  • Pridružio: 03 Mar 2004
  • Poruke: 27

Fix result of Farbar Recovery Scan Tool (x86) Version: 16-09-2016
Ran by Duca (16-09-2016 10:42:11) Run:1
Running from C:\Users\Duca\Desktop
Loaded Profiles: Duca (Available Profiles: Duca & Gost)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
() C:\Users\Duca\AppData\Roaming\Microsoft\Windows\Preserve.exe
() C:\ProgramData\dxb\dxb.exe
Startup: C:\Users\Duca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Duca.lnk [2016-09-13]
ShortcutTarget: Duca.lnk -> C:\ProgramData\dxb\dxb.exe ()
HKU\S-1-5-21-2887090629-3565977415-1312580217-1001\...\Run: [dxb.exe] => C:\ProgramData\dxb\dxb.exe [203619736 2016-06-23] ()
CHR HKU\S-1-5-21-2887090629-3565977415-1312580217-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Homepage: hxxp://yourtv.link
FF SearchPlugin: C:\Users\Duca\AppData\Roaming\Mozilla\Firefox\Profiles\3jmsvjxa.default\searchplugins\Google .xml [2016-09-14]
C:\Users\Duca\AppData\Roaming\Microsoft\Windows\Preserve.exe
C:\ProgramData\dxb
EmptyTemp:
*****************

Restore point was successfully created.
C:\Users\Duca\AppData\Roaming\Microsoft\Windows\Preserve.exe
[1052] C:\Users\Duca\AppData\Roaming\Microsoft\Windows\Preserve.exe => process closed successfully.
C:\ProgramData\dxb\dxb.exe
[5984] C:\ProgramData\dxb\dxb.exe => process closed successfully.
C:\Users\Duca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Duca.lnk => moved successfully
C:\ProgramData\dxb\dxb.exe => moved successfully
HKU\S-1-5-21-2887090629-3565977415-1312580217-1001\Software\Microsoft\Windows\CurrentVersion\Run\\dxb.exe => value removed successfully.
"HKU\S-1-5-21-2887090629-3565977415-1312580217-1001\SOFTWARE\Policies\Google" => key removed successfully.
Firefox "homepage" removed successfully.
C:\Users\Duca\AppData\Roaming\Mozilla\Firefox\Profiles\3jmsvjxa.default\searchplugins\Google .xml => moved successfully
C:\Users\Duca\AppData\Roaming\Microsoft\Windows\Preserve.exe => moved successfully
C:\ProgramData\dxb => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11599132 B
Java, Flash, Steam htmlcache => 535 B
Windows/system/drivers => 1323337 B
Edge => 7613825 B
Chrome => 465308382 B
Firefox => 14162647 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 29815 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 8466 B
Duca => 1708952534 B
Gost => 40384008 B

RecycleBin => 312154 B
EmptyTemp: => 2.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:42:26 ====

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10519
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Spakuj u ZIP, RAR ili 7Z arhivu sljedeći folder:

C:\FRST\Quarantine

i pošalji ga preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php


Javi kada to uradiš i sačekaj dalja uputstva.

offline
  • Pridružio: 03 Mar 2004
  • Poruke: 27

Poslato!
Pozdrav.

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10519
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Fajl si poslao preko linka kojeg sam ti dao ili ne?

offline
  • Pridružio: 03 Mar 2004
  • Poruke: 27

Poslao sam preko tog linka. Jedino sto je zipovan "tezak" 68.5 MB. - a "otvoren 174 MB.
Na dobijenom linku pise da je Max 10 MB. tako da je to po sredi.
Pitanje je kako da ga posaljem. Da probam preko Wetransfera?

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10519
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Nema veze. Idemo dalje.



Preuzmi TDSSKiller sa sljedeće adrese na Desktop:

TDSSKiller


Kad preuzimanje bude završeno:

Preimenuj TDSSKiller.exe u MyCity.exe.

Pokreni MyCity.exe.

U End user Licence Agreement dijalogu klikni na Accept.
Takođe, u KSN Statement dijalogu klikni na Accept.

Klikni na Change parametres.

U dijelu Additional options štrikliraj opcije Verify driver signatures i Detect TDLFS file system, a zatim klikni na OK.

Klikni na Start scan.

Kad završi prikazaće ti rezultate skeniranja i tu nemoj ništa da mijenjaš već samo klikni na Continue.

Ukoliko program bude zatražio restart sistema dozvoli mu to.

Prikači uz poruku izvještaj koji se nalazi na sljedećoj lokaciji:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vrijeme kada je log napravljen)

Ko je trenutno na forumu
 

Ukupno su 595 korisnika na forumu :: 10 registrovanih, 1 sakriven i 584 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _commandos_, brundo65, darios, doloress, dragoljub11987, jovan.simovic97, Kiki2004, saputnik plavetnila, VASTE2, zlaya011