Poslao: 18 Avg 2015 14:47
- Ljilja Hnovi
- Prijatelj foruma
- Pridružio: 14 Okt 2012
- Poruke: 3611
- Gde živiš: Herceg Novi
Dobar dan doktori!
Mogli ste lako bez mene danas, nego ja ne mogu bez vas.
U toku rada na jednom "projektu" za MyCity, fotošop mi je tražio ažuriranje koje sam prihvatila. Poslije toga mi se činilo da je laptop usporeniji i uključila sam RogueKiller koji je takođe tražio ažuriranje. Kada sam htjela da preuzmem noviju verziju, vidjela sam da mi je ponuđen komercijalni program i izašla iz toga, a čišćenje sam uradila sa starijom besplatnom verzijom. U obadva slučaja sam bila na sajtu Softonic-a.
Zbog preuzimanja fotošopa i čišćenja, restartovala sam laptop i poslije toga je ekran bio taman kao kad je isključen. Kad sam pritisla dugme za pokretanje, odmah se pojavio plav ekran sa tekstom. Nešto sam prevodila i razumjela da traži prilikom podizanja sistama da pritisnem F8. To sam uradila i dovoljno od mene, dalje ne znam ništa.
Mislila sam da ovo ima veze sa Windiws update i kad sam htjela da pokrenem program, vidim da se za nekoliko dana dosta pokupilo za instalaciju, a pominje se maliciozni softver. Što se tiče rada laptopa, čini mi se da je u redu, a nema ni plavog ekrana sa bilo kakvim tekstom.
Evo FRST64 izvještaj:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015
Ran by Ljilja (administrator) on LJILJA-PC (18-08-2015 12:58:56)
Running from C:\Users\Ljilja\Desktop
Loaded Profiles: Ljilja (Available Profiles: Ljilja)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmtray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Threat Expert Ltd.) C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2014-12-15] ()
HKLM-x32\...\Run: [cmsc] => c:\program files (x86)\cmcm\Clean Master\cmtray.exe [468328 2015-08-08] (Kingsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.me/
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000 - PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000 -> {35D572E1-74D8-4E8C-9B9C-9DBE726E62CC} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-31] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-31] (Oracle Corporation)
BHO-x32: PC Tools Browser Guard BHO -> {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} -> C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-10-23] (Threat Expert Ltd.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-10-23] (Threat Expert Ltd.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553530000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: localhost
Tcpip\Parameters: [DhcpNameServer]
Tcpip\..\Interfaces\{9023283C-7551-42FD-961C-22362109F770}: [DhcpNameServer]
Tcpip\..\Interfaces\{E812A994-7905-489D-87B7-484EE28B9B28}: [DhcpNameServer]
FF ProfilePath: C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default
FF SelectedSearchEngine: sweet-page
FF Homepage: www.google.me
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-31] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-23] (Apple Inc.)
FF Extension: EHTip - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\ehtip@robertkatic [2015-05-31]
FF Extension: Easy Translate - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\jid1-f7dnBeTj8ElpWQ@jetpack.xpi [2015-04-04]
FF Extension: Video DownloadHelper - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-08-10]
FF Extension: Google Privacy - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2015-03-31]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF HKLM-x32\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox
FF Extension: Browser Guard Toolbar - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox [2015-04-20]
CHR Profile: C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-08-14]
CHR Extension: (Translate Language) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehihmefpkkchenckklpjmfaaobbfacij [2015-08-14]
CHR Extension: (Adblock Super) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-08-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-09]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-08-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-08-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-01] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1212048 2015-08-01] (Avira Operations GmbH & Co. KG)
R2 Browser Defender Update Service; C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [580728 2012-10-23] (Threat Expert Ltd.)
R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315240 2015-08-08] (Kingsoft Corporation)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2015-06-23] (CHENGDU YIWO Tech Development Co., Ltd)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2013-12-18] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-08-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-08-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-12-18] (Bytemobile, Inc.) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
R3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2015-08-08] (Kingsoft Corporation)
S3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [77144 2012-10-23] (PC Tools)
R1 QbikHkVista; C:\Windows\System32\DRIVERS\QbikHkVistaamd64.sys [243904 2013-03-07] ()
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-12-18] (Bytemobile, Inc.) [File not signed]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
U4 vsserv; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-18 12:58 - 2015-08-18 12:59 - 00016572 _____ C:\Users\Ljilja\Desktop\FRST.txt
2015-08-18 12:58 - 2015-08-18 12:58 - 00000000 ____D C:\FRST
2015-08-18 12:55 - 2015-08-18 12:55 - 02173440 _____ (Farbar) C:\Users\Ljilja\Desktop\FRST64.exe
2015-08-18 12:54 - 2015-08-18 12:54 - 00000000 ____D C:\Users\Ljilja\Desktop\Za abulantu
2015-08-18 12:38 - 2015-08-18 12:38 - 00000056 _____ C:\Windows\setupact.log
2015-08-18 12:38 - 2015-08-18 12:38 - 00000000 _____ C:\Windows\setuperr.log
2015-08-17 19:15 - 2015-08-18 11:11 - 00000000 ____D C:\Windows\Minidump
2015-08-17 17:30 - 2015-08-17 17:30 - 00071450 _____ C:\Users\Ljilja\AppData\Local\recently-used.xbel
2015-08-16 22:07 - 2015-08-16 22:07 - 00000000 ____D C:\Users\Ljilja\Documents\Updater
2015-08-16 18:10 - 2015-08-16 18:10 - 00175424 _____ C:\Users\Ljilja\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-16 18:06 - 2015-08-16 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2015-08-16 18:05 - 2015-08-16 18:05 - 18376624 _____ (Mooii) C:\Users\Ljilja\Downloads\PhotoScape_V3.6.2 (1).exe
2015-08-16 18:01 - 2015-08-16 18:01 - 05456896 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-16 17:59 - 2015-08-18 12:42 - 00091248 _____ C:\Windows\WindowsUpdate.log
2015-08-16 17:55 - 2015-08-16 17:55 - 00001110 _____ C:\AdwCleaner[C8].txt
2015-08-16 17:40 - 2015-08-16 17:41 - 00000950 _____ C:\AdwCleaner[S9].txt
2015-08-16 17:39 - 2015-08-16 17:39 - 00001298 _____ C:\Users\Ljilja\Desktop\AdwCleaner[C7].txt
2015-08-16 17:32 - 2015-08-16 17:32 - 00001298 _____ C:\AdwCleaner[C7].txt
2015-08-16 17:29 - 2015-08-16 17:31 - 00001119 _____ C:\AdwCleaner[S8].txt
2015-08-16 17:22 - 2015-08-16 17:22 - 01563648 _____ C:\Users\Ljilja\Downloads\adwcleaner_5.000.exe
2015-08-15 23:01 - 2015-08-15 23:01 - 00019666 _____ C:\Users\Ljilja\Desktop\Hellraiser---Pinhead--C10040177.jpeg
2015-08-15 20:47 - 2015-08-15 20:47 - 00018759 _____ C:\Users\Ljilja\Downloads\animstack (1).zip
2015-08-15 11:03 - 2015-08-15 11:03 - 01367267 _____ C:\Users\Ljilja\Desktop\aleksandar.xcf
2015-08-14 15:49 - 2015-08-14 15:49 - 02074670 _____ C:\Users\Ljilja\Downloads\FSResizer34.zip
2015-08-12 22:53 - 2015-08-12 22:53 - 00032768 _____ C:\Users\Ljilja\Desktop\video.VSP
2015-08-12 13:25 - 2015-08-16 20:03 - 00000000 ____D C:\Users\Ljilja\Desktop\2009
2015-08-12 13:10 - 2015-08-12 13:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-08-10 15:03 - 2015-08-10 15:03 - 00000000 ____D C:\ProgramData\Free YouTube Downloader
2015-08-10 14:47 - 2015-08-16 23:55 - 00000000 ___RD C:\Users\Ljilja\Desktop\youtube
2015-08-10 14:41 - 2015-08-10 14:57 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Free YouTube Downloader
2015-08-10 14:41 - 2015-08-10 14:41 - 00001260 _____ C:\Users\Public\Desktop\Free YouTube Downloader.lnk
2015-08-10 14:41 - 2015-08-10 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader
2015-08-10 14:41 - 2015-08-10 14:41 - 00000000 ____D C:\Program Files (x86)\Free YouTube Downloader
2015-08-10 14:38 - 2015-08-10 14:41 - 14299248 _____ (HOW Inc. ) C:\Users\Ljilja\Downloads\FYTDSetup.exe
2015-08-10 14:37 - 2015-08-10 14:37 - 01179136 _____ (How, Inc) C:\Users\Ljilja\Downloads\FreeYouTubeDownloaderOC.exe
2015-08-10 13:49 - 2015-08-17 17:09 - 00000000 ____D C:\Users\Ljilja\Desktop\Originals
2015-08-10 12:22 - 2015-08-10 12:22 - 00000000 ____D C:\Program Files (x86)\ConvertHelper
2015-08-09 16:04 - 2015-08-16 17:32 - 00000000 ____D C:\AdwCleaner
2015-08-09 13:14 - 2015-08-09 13:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-08 17:28 - 2015-08-08 17:28 - 00001037 _____ C:\Users\Public\Desktop\Clean Master.lnk
2015-08-08 17:28 - 2015-08-08 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clean Master
2015-08-08 17:27 - 2015-08-08 17:27 - 05767600 _____ (Kingsoft Corporation) C:\Users\Ljilja\Downloads\cleanmaster_12_1.exe
2015-08-07 22:14 - 2015-08-14 18:41 - 00000000 ____D C:\Users\Ljilja\Desktop\ct
2015-08-06 14:55 - 2015-08-06 14:55 - 01234432 _____ C:\Users\Ljilja\Downloads\ImageResizer-2.1_x86 (1).msi
2015-08-06 14:49 - 2015-08-06 14:49 - 01234432 _____ C:\Users\Ljilja\Downloads\ImageResizer-2.1_x86.msi
2015-08-06 14:44 - 2015-08-06 14:44 - 00000000 ____D C:\Program Files\Image Resizer for Windows
2015-08-06 14:44 - 2015-08-06 14:44 - 00000000 ____D C:\Program Files (x86)\Image Resizer for Windows
2015-08-06 14:04 - 2015-08-06 14:04 - 00000000 ____D C:\Windows\en
2015-08-06 14:03 - 2015-08-06 14:03 - 00001272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-08-06 14:03 - 2015-08-06 14:03 - 00000000 ____D C:\Windows\sr-latn-cs
2015-08-06 14:02 - 2015-08-06 14:02 - 00001425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-08-06 14:01 - 2015-08-06 14:01 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-08-06 14:00 - 2015-08-06 14:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-08-06 13:57 - 2015-08-08 10:55 - 00000000 ___RD C:\Users\Ljilja\OneDrive
2015-08-06 13:57 - 2015-08-06 13:57 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2015-08-06 13:15 - 2015-08-06 13:15 - 00023544 _____ C:\Users\Ljilja\Downloads\Dropresize013b.zip
2015-08-06 12:58 - 2015-08-06 12:59 - 00000000 ____D C:\ProgramData\nWinManPron
2015-08-06 12:57 - 2015-08-06 12:57 - 00000000 ____D C:\Program Files (x86)\pictureresizer_setup
2015-08-05 14:57 - 2015-08-05 14:57 - 05233880 _____ (X.M.Y International LLC ) C:\Users\Ljilja\Downloads\regopt461.exe
2015-08-04 19:04 - 2015-08-04 19:04 - 05058840 _____ (JAM Software ) C:\Users\Ljilja\Downloads\TreeSizeFreeSetup.exe
2015-08-04 19:00 - 2015-08-04 19:00 - 01402251 _____ C:\Users\Ljilja\Downloads\spacesniffer_1_2_0_2.zip
2015-08-04 15:23 - 2015-06-09 14:49 - 57667584 _____ C:\Users\Ljilja\Desktop\Emergencydisk.iso
2015-08-02 18:35 - 2015-08-02 18:35 - 00004096 ___SH C:\{7B029527-FA48-4C35-8F91-E8D99C7BBDB9}.CBM
2015-08-02 17:05 - 2015-08-02 17:50 - 00400384 ___SH C:\EUMONBMP.SYS
2015-08-02 17:05 - 2015-08-02 17:50 - 00000000 ____D C:\Windows\system32\config\regsave
2015-08-02 14:35 - 2015-08-02 15:40 - 00000000 ___RD C:\Users\Ljilja\Desktop\Nero_Info_Tool
2015-08-02 14:19 - 2015-08-02 14:19 - 00002096 _____ C:\Users\Public\Desktop\EaseUS Todo Backup Free 8.5 .lnk
2015-08-02 14:19 - 2015-08-02 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Free 8.5
2015-08-02 14:17 - 2014-12-15 01:03 - 00024104 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\fbnative.exe
2015-08-02 14:05 - 2015-08-02 14:09 - 109014792 _____ (CHENGDU YIWO Tech Development Co., Ltd ) C:\Users\Ljilja\Downloads\tb_free.exe
2015-08-02 13:26 - 2014-12-15 00:59 - 00192040 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EuFdDisk.sys
2015-08-02 13:26 - 2014-12-15 00:59 - 00060968 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eubakup.sys
2015-08-02 13:26 - 2014-12-15 00:59 - 00018472 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eudskacs.sys
2015-08-02 13:25 - 2014-12-15 00:59 - 00048168 _____ C:\Windows\system32\Drivers\EUBKMON.sys
2015-08-02 13:23 - 2015-08-02 13:23 - 00000000 ____D C:\Program Files (x86)\EaseUS
2015-08-01 18:17 - 2015-08-01 18:17 - 00000000 ____D C:\Users\Ljilja\AppData\Local\CEF
2015-08-01 12:54 - 2015-08-01 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-30 22:38 - 2015-07-30 22:38 - 00035662 _____ C:\Users\Ljilja\Downloads\wcmd_loc_srl.zip
2015-07-30 22:35 - 2015-07-30 22:35 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\GHISLER
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\UC.PIF
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\RAR.PIF
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\PKZIP.PIF
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\PKUNZIP.PIF
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\NOCLOSE.PIF
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\LHA.PIF
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\ARJ.PIF
2015-07-30 22:23 - 2015-07-30 22:23 - 03280704 _____ (Ghisler Software GmbH) C:\Users\Ljilja\Downloads\tcmd756a.exe
2015-07-30 22:03 - 2015-07-30 22:03 - 00034559 _____ C:\Users\Ljilja\Downloads\tc2usb.zip
2015-07-28 21:23 - 2015-07-25 20:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 21:23 - 2015-07-25 20:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 21:23 - 2015-07-25 20:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 21:23 - 2015-07-25 20:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 21:23 - 2015-07-25 20:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 21:23 - 2015-07-25 20:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 21:23 - 2015-07-25 20:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 21:23 - 2015-07-25 19:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-28 21:02 - 2015-07-28 21:02 - 00302011 _____ C:\Users\Ljilja\Downloads\WindowsUpdateDiagnostic.diagcab
2015-07-28 20:06 - 2015-08-12 22:48 - 00000000 ___RD C:\Users\Ljilja\Desktop\video pro
2015-07-25 10:13 - 2015-07-25 10:14 - 29654131 _____ (DownloadHelper ) C:\Users\Ljilja\Downloads\ConvertHelper3Setup.exe
2015-07-24 22:58 - 2015-08-15 10:41 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\ViberPC
2015-07-24 22:58 - 2015-07-24 23:24 - 00000970 _____ C:\Users\Ljilja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2015-07-24 22:58 - 2015-07-24 23:24 - 00000962 _____ C:\Users\Ljilja\Desktop\Viber.lnk
2015-07-24 22:54 - 2015-07-24 23:24 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Viber
2015-07-24 22:49 - 2015-07-24 22:52 - 67701008 _____ (Viber Media Inc) C:\Users\Ljilja\Downloads\ViberSetup.exe
2015-07-22 22:54 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-22 22:54 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-22 22:54 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-22 22:54 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-22 22:54 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-22 22:54 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-22 22:54 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-22 22:54 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-22 22:54 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-22 22:54 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 16:36 - 2015-08-12 13:20 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\Adobe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-18 12:58 - 2012-12-23 23:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-18 12:48 - 2013-01-31 19:36 - 00000000 ____D C:\ProgramData\Temp
2015-08-18 12:47 - 2009-07-14 06:45 - 00023824 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-18 12:47 - 2009-07-14 06:45 - 00023824 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-18 12:39 - 2013-08-19 19:16 - 00000000 ____D C:\ProgramData\MCShield
2015-08-18 12:38 - 2015-02-08 23:15 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-18 12:38 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-18 12:33 - 2015-02-08 23:15 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-18 11:11 - 2013-01-06 19:12 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\PhotoScape
2015-08-18 10:17 - 2015-02-17 00:26 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1FD0BBB3-F82C-4D61-ADB8-2F3A4AD35621}
2015-08-17 17:54 - 2015-02-06 19:50 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-08-17 17:44 - 2015-02-15 21:17 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Adobe
2015-08-17 17:31 - 2014-04-22 11:02 - 00000000 ____D C:\Users\Ljilja\.gimp-2.8
2015-08-17 17:30 - 2013-07-28 13:39 - 00000000 ____D C:\Users\Ljilja\AppData\Local\gtk-2.0
2015-08-17 17:10 - 2015-05-26 10:13 - 00103424 ____H C:\Users\Ljilja\Desktop\photothumb.db
2015-08-16 21:23 - 2013-01-09 23:06 - 00000069 _____ C:\Windows\NeroDigital.ini
2015-08-16 20:08 - 2012-12-22 19:05 - 00000000 ____D C:\Users\Ljilja
2015-08-16 18:06 - 2013-01-07 00:51 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2015-08-16 18:01 - 2009-07-14 07:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-16 15:22 - 2009-07-14 07:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-15 23:15 - 2012-12-22 21:11 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\Skype
2015-08-15 20:57 - 2013-10-28 15:17 - 00000000 ___RD C:\Users\Ljilja\Desktop\gimp-painter
2015-08-12 22:49 - 2015-01-29 01:37 - 00000000 ___RD C:\Users\Ljilja\Desktop\gifovi
2015-08-12 22:48 - 2015-07-03 20:40 - 00000000 ___RD C:\Users\Ljilja\Desktop\New folder
2015-08-12 22:45 - 2015-02-04 23:54 - 00000000 ___RD C:\Users\Ljilja\Desktop\fotošop
2015-08-12 19:28 - 2013-08-01 10:05 - 00024064 _____ C:\Users\Ljilja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-12 13:10 - 2015-02-21 13:17 - 00000000 ____D C:\ProgramData\Adobe
2015-08-11 23:58 - 2012-12-23 23:09 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 23:58 - 2012-12-23 23:09 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-11 23:58 - 2012-12-23 23:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-10 20:43 - 2015-03-11 19:08 - 00000000 ____D C:\Users\Ljilja\dwhelper
2015-08-10 10:59 - 2012-12-23 08:34 - 00000000 ____D C:\ProgramData\Mozilla
2015-08-09 21:22 - 2015-04-23 15:32 - 00000000 ___RD C:\Users\Ljilja\Desktop\gif
2015-08-09 17:22 - 2015-03-26 21:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-09 16:45 - 2014-05-29 20:48 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-09 16:43 - 2014-05-29 20:47 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-09 16:42 - 2013-09-20 16:27 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\uTorrent
2015-08-09 16:12 - 2015-01-31 21:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-09 12:55 - 2015-02-27 21:48 - 00000000 ___RD C:\Users\Ljilja\Desktop\br
2015-08-08 17:28 - 2015-05-11 21:23 - 00081768 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2015-08-08 17:28 - 2015-05-11 21:23 - 00056680 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys
2015-08-06 14:44 - 2014-11-04 17:57 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-06 14:09 - 2015-05-25 20:08 - 00000000 ____D C:\Users\Ljilja\Tracing
2015-08-06 14:09 - 2013-01-28 23:05 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Windows Live
2015-08-06 14:02 - 2013-01-28 23:15 - 00001341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-08-06 14:00 - 2013-01-28 23:12 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-08-06 13:59 - 2013-01-28 23:12 - 00000000 ____D C:\Program Files\Windows Live
2015-08-06 11:49 - 2014-02-23 21:19 - 00000000 ____D C:\Users\Ljilja\AppData\Local\CrashDumps
2015-08-02 15:43 - 2015-02-07 17:20 - 00000000 ___RD C:\Users\Ljilja\Desktop\PDR9
2015-08-01 21:53 - 2013-01-06 19:55 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\vlc
2015-08-01 14:18 - 2014-04-24 20:07 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\Audacity
2015-08-01 12:51 - 2013-09-16 22:13 - 00162528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-08-01 12:51 - 2013-09-16 22:13 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-07-30 23:24 - 2013-12-28 02:23 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2015-07-30 21:21 - 2012-12-22 21:03 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Google
2015-07-28 21:23 - 2015-04-15 14:13 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-28 18:15 - 2012-12-23 04:02 - 00000000 ____D C:\Windows\softwaredistribution.old
2015-07-28 11:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-24 18:16 - 2012-12-22 21:08 - 00000000 ____D C:\ProgramData\Skype
==================== Files in the root of some directories =======
2015-02-25 19:01 - 2015-02-25 19:01 - 0000000 _____ () C:\Users\Ljilja\AppData\Roaming\3C79.tmp
2013-08-01 10:05 - 2015-08-12 19:28 - 0024064 _____ () C:\Users\Ljilja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-17 17:30 - 2015-08-17 17:30 - 0071450 _____ () C:\Users\Ljilja\AppData\Local\recently-used.xbel
2015-03-22 12:20 - 2015-03-22 12:23 - 0007597 _____ () C:\Users\Ljilja\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-08-17 18:16
==================== End of log ============================
Poslao: 18 Avg 2015 14:58
- TwinHeadedEagle
- Anti Malware Fighter
Rank 2
- Pridružio: 09 Avg 2011
- Poruke: 15879
- Gde živiš: Beograd
Pomalo mi je sumnjiv ovaj program Browser Guard 4.0, pa cemo ga zato ukloniti.
Prvo ga deinstaliraj putem Control Panel-a.
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Task: {EC4EC398-8143-4121-A1C9-F45BBD4A8F2C} - System32\Tasks\Grand Panda Updater => C:\Program Files (x86)\PrivateVPN\gpup.exe <==== ATTENTION
C:\Program Files (x86)\PrivateVPN
AlternateDataStreams: C:\ProgramData\Temp:1AAB2E68
AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
C:\Program Files (x86)\PC Tools
KLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.me/
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000 - PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000 -> {35D572E1-74D8-4E8C-9B9C-9DBE726E62CC} URL = hxxps://www.google.com/search?q={searchTerms}
BHO-x32: PC Tools Browser Guard BHO -> {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} -> C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-10-23] (Threat Expert Ltd.)
Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-10-23] (Threat Expert Ltd.)
FF HKLM-x32\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox
FF Extension: Browser Guard Toolbar - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox [2015-04-20]
R2 Browser Defender Update Service; C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [580728 2012-10-23] (Threat Expert Ltd.)
S3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [77144 2012-10-23] (PC Tools)
2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.
3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.
Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.
Poslao: 18 Avg 2015 15:25
- Ljilja Hnovi
- Prijatelj foruma
- Pridružio: 14 Okt 2012
- Poruke: 3611
- Gde živiš: Herceg Novi
Fix result of Farbar Recovery Scan Tool (x64) Version:17-08-2015
Ran by Ljilja (2015-08-18 15:17:04) Run:1
Running from C:\Users\Ljilja\Desktop
Loaded Profiles: Ljilja (Available Profiles: Ljilja)
Boot Mode: Normal
fixlist content:
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Task: {EC4EC398-8143-4121-A1C9-F45BBD4A8F2C} - System32\Tasks\Grand Panda Updater => C:\Program Files (x86)\PrivateVPN\gpup.exe <==== ATTENTION
C:\Program Files (x86)\PrivateVPN
AlternateDataStreams: C:\ProgramData\Temp:1AAB2E68
AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
C:\Program Files (x86)\PC Tools
KLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.me/
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000 - PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1503208027-2844097221-2948931502-1000 -> {35D572E1-74D8-4E8C-9B9C-9DBE726E62CC} URL = hxxps://www.google.com/search?q={searchTerms}
BHO-x32: PC Tools Browser Guard BHO -> {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} -> C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-10-23] (Threat Expert Ltd.)
Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-10-23] (Threat Expert Ltd.)
FF HKLM-x32\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox
FF Extension: Browser Guard Toolbar - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox [2015-04-20]
R2 Browser Defender Update Service; C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [580728 2012-10-23] (Threat Expert Ltd.)
S3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [77144 2012-10-23] (PC Tools)
Processes closed successfully.
Error: (0) Failed to create a restore point.
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
The operation completed successfully.
========= End of Reg: =========
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
The operation completed successfully.
========= End of Reg: =========
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC4EC398-8143-4121-A1C9-F45BBD4A8F2C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC4EC398-8143-4121-A1C9-F45BBD4A8F2C}" => key removed successfully
C:\Windows\System32\Tasks\Grand Panda Updater => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Grand Panda Updater" => key removed successfully
"C:\Program Files (x86)\PrivateVPN" => File/Folder not found.
C:\ProgramData\Temp => ":1AAB2E68" ADS removed successfully.
C:\ProgramData\Temp => ":430C6D84" ADS removed successfully.
C:\ProgramData\Temp => ":DFC5A2B2" ADS removed successfully.
C:\Program Files (x86)\PC Tools => moved successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} => value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{35D572E1-74D8-4E8C-9B9C-9DBE726E62CC}" => key removed successfully
HKCR\CLSID\{35D572E1-74D8-4E8C-9B9C-9DBE726E62CC} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} => key not found.
HKCR\Wow6432Node\CLSID\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value not found.
HKCR\Wow6432Node\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => key not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16} => value not found.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox not found.
Browser Defender Update Service => service not found.
PCTBD => service not found.
"C:\Windows\System32\Drivers\PCTBD64.sys" => File/Folder not found.
EmptyTemp: => 52.9 MB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 15:17:39 ====
Poslao: 19 Avg 2015 07:49
- TwinHeadedEagle
- Anti Malware Fighter
Rank 2
- Pridružio: 09 Avg 2011
- Poruke: 15879
- Gde živiš: Beograd
Odlicno. Sada ponovo pokreni FRST, obelezi Addition.txt, klikni na Scan i nakon zavrsetka skeniranja dostavi oba izvestaja.
Poslao: 19 Avg 2015 19:31
- Ljilja Hnovi
- Prijatelj foruma
- Pridružio: 14 Okt 2012
- Poruke: 3611
- Gde živiš: Herceg Novi
Napisano: 19 Avg 2015 19:16
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015
Ran by Ljilja (administrator) on LJILJA-PC (19-08-2015 18:58:02)
Running from C:\Users\Ljilja\Desktop
Loaded Profiles: Ljilja (Available Profiles: Ljilja)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2014-12-15] ()
HKLM-x32\...\Run: [cmsc] => c:\program files (x86)\cmcm\Clean Master\cmtray.exe [468328 2015-08-08] (Kingsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-1503208027-2844097221-2948931502-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-31] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-31] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553530000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: localhost
Tcpip\Parameters: [DhcpNameServer]
Tcpip\..\Interfaces\{9023283C-7551-42FD-961C-22362109F770}: [DhcpNameServer]
Tcpip\..\Interfaces\{E812A994-7905-489D-87B7-484EE28B9B28}: [DhcpNameServer]
FF ProfilePath: C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default
FF SelectedSearchEngine: sweet-page
FF Homepage: www.google.me
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-31] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-23] (Apple Inc.)
FF Extension: EHTip - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\ehtip@robertkatic [2015-05-31]
FF Extension: Easy Translate - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\jid1-f7dnBeTj8ElpWQ@jetpack.xpi [2015-04-04]
FF Extension: Video DownloadHelper - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-08-10]
FF Extension: Google Privacy - C:\Users\Ljilja\AppData\Roaming\Mozilla\Firefox\Profiles\rkxgpdqk.default\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2015-03-31]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
CHR Profile: C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-08-14]
CHR Extension: (Translate Language) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehihmefpkkchenckklpjmfaaobbfacij [2015-08-14]
CHR Extension: (Adblock Super) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-08-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ljilja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-09]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-08-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-08-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-01] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1212048 2015-08-01] (Avira Operations GmbH & Co. KG)
R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315240 2015-08-08] (Kingsoft Corporation)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2015-06-23] (CHENGDU YIWO Tech Development Co., Ltd)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2013-12-18] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-08-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-08-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-12-18] (Bytemobile, Inc.) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
R3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2015-08-08] (Kingsoft Corporation)
R1 QbikHkVista; C:\Windows\System32\DRIVERS\QbikHkVistaamd64.sys [243904 2013-03-07] ()
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-12-18] (Bytemobile, Inc.) [File not signed]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
U4 vsserv; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-18 19:49 - 2015-08-18 19:49 - 00072252 _____ C:\Users\Ljilja\AppData\Local\recently-used.xbel
2015-08-18 15:06 - 2015-08-18 15:06 - 00001938 _____ C:\Windows\PFRO.log
2015-08-18 13:00 - 2015-08-18 13:01 - 00054154 _____ C:\Users\Ljilja\Desktop\Addition.txt
2015-08-18 12:58 - 2015-08-19 18:59 - 00013967 _____ C:\Users\Ljilja\Desktop\FRST.txt
2015-08-18 12:58 - 2015-08-19 18:58 - 00000000 ____D C:\FRST
2015-08-18 12:55 - 2015-08-18 12:55 - 02173440 _____ (Farbar) C:\Users\Ljilja\Desktop\FRST64.exe
2015-08-18 12:38 - 2015-08-19 18:52 - 00000224 _____ C:\Windows\setupact.log
2015-08-18 12:38 - 2015-08-18 12:38 - 00000000 _____ C:\Windows\setuperr.log
2015-08-17 19:15 - 2015-08-18 11:11 - 00000000 ____D C:\Windows\Minidump
2015-08-16 22:07 - 2015-08-16 22:07 - 00000000 ____D C:\Users\Ljilja\Documents\Updater
2015-08-16 18:10 - 2015-08-16 18:10 - 00175424 _____ C:\Users\Ljilja\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-16 18:06 - 2015-08-16 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2015-08-16 18:05 - 2015-08-16 18:05 - 18376624 _____ (Mooii) C:\Users\Ljilja\Downloads\PhotoScape_V3.6.2 (1).exe
2015-08-16 18:01 - 2015-08-16 18:01 - 05456896 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-16 17:59 - 2015-08-19 18:56 - 00121783 _____ C:\Windows\WindowsUpdate.log
2015-08-16 17:55 - 2015-08-16 17:55 - 00001110 _____ C:\AdwCleaner[C8].txt
2015-08-16 17:40 - 2015-08-16 17:41 - 00000950 _____ C:\AdwCleaner[S9].txt
2015-08-16 17:32 - 2015-08-16 17:32 - 00001298 _____ C:\AdwCleaner[C7].txt
2015-08-16 17:29 - 2015-08-16 17:31 - 00001119 _____ C:\AdwCleaner[S8].txt
2015-08-16 17:22 - 2015-08-16 17:22 - 01563648 _____ C:\Users\Ljilja\Downloads\adwcleaner_5.000.exe
2015-08-15 20:47 - 2015-08-15 20:47 - 00018759 _____ C:\Users\Ljilja\Downloads\animstack (1).zip
2015-08-14 15:49 - 2015-08-14 15:49 - 02074670 _____ C:\Users\Ljilja\Downloads\FSResizer34.zip
2015-08-12 22:53 - 2015-08-12 22:53 - 00032768 _____ C:\Users\Ljilja\Desktop\video.VSP
2015-08-12 13:10 - 2015-08-12 13:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-08-10 15:03 - 2015-08-10 15:03 - 00000000 ____D C:\ProgramData\Free YouTube Downloader
2015-08-10 14:47 - 2015-08-18 16:52 - 00000000 ___RD C:\Users\Ljilja\Desktop\youtube
2015-08-10 14:41 - 2015-08-10 14:57 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Free YouTube Downloader
2015-08-10 14:41 - 2015-08-10 14:41 - 00001260 _____ C:\Users\Public\Desktop\Free YouTube Downloader.lnk
2015-08-10 14:41 - 2015-08-10 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader
2015-08-10 14:41 - 2015-08-10 14:41 - 00000000 ____D C:\Program Files (x86)\Free YouTube Downloader
2015-08-10 14:38 - 2015-08-10 14:41 - 14299248 _____ (HOW Inc. ) C:\Users\Ljilja\Downloads\FYTDSetup.exe
2015-08-10 14:37 - 2015-08-10 14:37 - 01179136 _____ (How, Inc) C:\Users\Ljilja\Downloads\FreeYouTubeDownloaderOC.exe
2015-08-10 12:22 - 2015-08-10 12:22 - 00000000 ____D C:\Program Files (x86)\ConvertHelper
2015-08-09 16:04 - 2015-08-16 17:32 - 00000000 ____D C:\AdwCleaner
2015-08-09 13:14 - 2015-08-09 13:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-08 17:28 - 2015-08-08 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clean Master
2015-08-08 17:27 - 2015-08-08 17:27 - 05767600 _____ (Kingsoft Corporation) C:\Users\Ljilja\Downloads\cleanmaster_12_1.exe
2015-08-06 14:55 - 2015-08-06 14:55 - 01234432 _____ C:\Users\Ljilja\Downloads\ImageResizer-2.1_x86 (1).msi
2015-08-06 14:49 - 2015-08-06 14:49 - 01234432 _____ C:\Users\Ljilja\Downloads\ImageResizer-2.1_x86.msi
2015-08-06 14:44 - 2015-08-06 14:44 - 00000000 ____D C:\Program Files\Image Resizer for Windows
2015-08-06 14:44 - 2015-08-06 14:44 - 00000000 ____D C:\Program Files (x86)\Image Resizer for Windows
2015-08-06 14:04 - 2015-08-06 14:04 - 00000000 ____D C:\Windows\en
2015-08-06 14:03 - 2015-08-06 14:03 - 00001272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-08-06 14:03 - 2015-08-06 14:03 - 00000000 ____D C:\Windows\sr-latn-cs
2015-08-06 14:02 - 2015-08-06 14:02 - 00001425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-08-06 14:01 - 2015-08-06 14:01 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-08-06 14:00 - 2015-08-06 14:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-08-06 13:57 - 2015-08-08 10:55 - 00000000 ___RD C:\Users\Ljilja\OneDrive
2015-08-06 13:57 - 2015-08-06 13:57 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2015-08-06 13:15 - 2015-08-06 13:15 - 00023544 _____ C:\Users\Ljilja\Downloads\Dropresize013b.zip
2015-08-06 12:58 - 2015-08-06 12:59 - 00000000 ____D C:\ProgramData\nWinManPron
2015-08-06 12:57 - 2015-08-06 12:57 - 00000000 ____D C:\Program Files (x86)\pictureresizer_setup
2015-08-05 14:57 - 2015-08-05 14:57 - 05233880 _____ (X.M.Y International LLC ) C:\Users\Ljilja\Downloads\regopt461.exe
2015-08-04 19:04 - 2015-08-04 19:04 - 05058840 _____ (JAM Software ) C:\Users\Ljilja\Downloads\TreeSizeFreeSetup.exe
2015-08-04 19:00 - 2015-08-04 19:00 - 01402251 _____ C:\Users\Ljilja\Downloads\spacesniffer_1_2_0_2.zip
2015-08-02 18:35 - 2015-08-02 18:35 - 00004096 ___SH C:\{7B029527-FA48-4C35-8F91-E8D99C7BBDB9}.CBM
2015-08-02 17:05 - 2015-08-02 17:50 - 00400384 ___SH C:\EUMONBMP.SYS
2015-08-02 17:05 - 2015-08-02 17:50 - 00000000 ____D C:\Windows\system32\config\regsave
2015-08-02 14:35 - 2015-08-19 18:55 - 00000000 ___RD C:\Users\Ljilja\Desktop\folder
2015-08-02 14:19 - 2015-08-02 14:19 - 00002096 _____ C:\Users\Public\Desktop\EaseUS Todo Backup Free 8.5 .lnk
2015-08-02 14:19 - 2015-08-02 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Free 8.5
2015-08-02 14:17 - 2014-12-15 01:03 - 00024104 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\fbnative.exe
2015-08-02 14:05 - 2015-08-02 14:09 - 109014792 _____ (CHENGDU YIWO Tech Development Co., Ltd ) C:\Users\Ljilja\Downloads\tb_free.exe
2015-08-02 13:26 - 2014-12-15 00:59 - 00192040 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EuFdDisk.sys
2015-08-02 13:26 - 2014-12-15 00:59 - 00060968 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eubakup.sys
2015-08-02 13:26 - 2014-12-15 00:59 - 00018472 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eudskacs.sys
2015-08-02 13:25 - 2014-12-15 00:59 - 00048168 _____ C:\Windows\system32\Drivers\EUBKMON.sys
2015-08-02 13:23 - 2015-08-02 13:23 - 00000000 ____D C:\Program Files (x86)\EaseUS
2015-08-01 18:17 - 2015-08-01 18:17 - 00000000 ____D C:\Users\Ljilja\AppData\Local\CEF
2015-08-01 12:54 - 2015-08-01 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-30 22:38 - 2015-07-30 22:38 - 00035662 _____ C:\Users\Ljilja\Downloads\wcmd_loc_srl.zip
2015-07-30 22:35 - 2015-07-30 22:35 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\GHISLER
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\UC.PIF
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\RAR.PIF
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\PKZIP.PIF
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\PKUNZIP.PIF
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\NOCLOSE.PIF
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\LHA.PIF
2015-07-30 22:35 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\ARJ.PIF
2015-07-30 22:23 - 2015-07-30 22:23 - 03280704 _____ (Ghisler Software GmbH) C:\Users\Ljilja\Downloads\tcmd756a.exe
2015-07-30 22:03 - 2015-07-30 22:03 - 00034559 _____ C:\Users\Ljilja\Downloads\tc2usb.zip
2015-07-28 21:23 - 2015-07-25 20:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 21:23 - 2015-07-25 20:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 21:23 - 2015-07-25 20:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 21:23 - 2015-07-25 20:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 21:23 - 2015-07-25 20:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 21:23 - 2015-07-25 20:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 21:23 - 2015-07-25 20:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 21:23 - 2015-07-25 19:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-28 21:02 - 2015-07-28 21:02 - 00302011 _____ C:\Users\Ljilja\Downloads\WindowsUpdateDiagnostic.diagcab
2015-07-28 20:06 - 2015-08-12 22:48 - 00000000 ___RD C:\Users\Ljilja\Desktop\video pro
2015-07-25 10:13 - 2015-07-25 10:14 - 29654131 _____ (DownloadHelper ) C:\Users\Ljilja\Downloads\ConvertHelper3Setup.exe
2015-07-24 22:58 - 2015-08-15 10:41 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\ViberPC
2015-07-24 22:58 - 2015-07-24 23:24 - 00000970 _____ C:\Users\Ljilja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2015-07-24 22:58 - 2015-07-24 23:24 - 00000962 _____ C:\Users\Ljilja\Desktop\Viber.lnk
2015-07-24 22:54 - 2015-07-24 23:24 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Viber
2015-07-24 22:49 - 2015-07-24 22:52 - 67701008 _____ (Viber Media Inc) C:\Users\Ljilja\Downloads\ViberSetup.exe
2015-07-22 22:54 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-22 22:54 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-22 22:54 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-22 22:54 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-22 22:54 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-22 22:54 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-22 22:54 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-22 22:54 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-22 22:54 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-22 22:54 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 16:36 - 2015-08-12 13:20 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\Adobe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-19 18:58 - 2012-12-23 23:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-19 18:55 - 2015-02-27 21:48 - 00000000 ___RD C:\Users\Ljilja\Desktop\br
2015-08-19 18:55 - 2015-02-17 00:26 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1FD0BBB3-F82C-4D61-ADB8-2F3A4AD35621}
2015-08-19 18:53 - 2013-08-19 19:16 - 00000000 ____D C:\ProgramData\MCShield
2015-08-19 18:52 - 2015-02-08 23:15 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-19 18:52 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-18 23:29 - 2012-12-22 21:11 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\Skype
2015-08-18 22:33 - 2015-02-08 23:15 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-18 19:50 - 2014-04-22 11:02 - 00000000 ____D C:\Users\Ljilja\.gimp-2.8
2015-08-18 19:49 - 2013-07-28 13:39 - 00000000 ____D C:\Users\Ljilja\AppData\Local\gtk-2.0
2015-08-18 19:42 - 2014-02-23 21:19 - 00000000 ____D C:\Users\Ljilja\AppData\Local\CrashDumps
2015-08-18 18:22 - 2015-02-15 21:17 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Adobe
2015-08-18 15:28 - 2009-07-14 06:45 - 00023824 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-18 15:28 - 2009-07-14 06:45 - 00023824 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-18 15:05 - 2013-01-31 19:36 - 00000000 ____D C:\ProgramData\Temp
2015-08-18 13:49 - 2013-01-06 19:12 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\PhotoScape
2015-08-18 13:48 - 2015-05-26 10:13 - 00113664 ____H C:\Users\Ljilja\Desktop\photothumb.db
2015-08-17 17:54 - 2015-02-06 19:50 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-08-16 21:23 - 2013-01-09 23:06 - 00000069 _____ C:\Windows\NeroDigital.ini
2015-08-16 20:08 - 2012-12-22 19:05 - 00000000 ____D C:\Users\Ljilja
2015-08-16 18:06 - 2013-01-07 00:51 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2015-08-16 18:01 - 2009-07-14 07:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-16 15:22 - 2009-07-14 07:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-15 20:57 - 2013-10-28 15:17 - 00000000 ___RD C:\Users\Ljilja\Desktop\gimp-painter
2015-08-12 22:49 - 2015-01-29 01:37 - 00000000 ___RD C:\Users\Ljilja\Desktop\gifovi
2015-08-12 22:48 - 2015-07-03 20:40 - 00000000 ___RD C:\Users\Ljilja\Desktop\New folder
2015-08-12 22:45 - 2015-02-04 23:54 - 00000000 ___RD C:\Users\Ljilja\Desktop\fotošop
2015-08-12 19:28 - 2013-08-01 10:05 - 00024064 _____ C:\Users\Ljilja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-12 13:10 - 2015-02-21 13:17 - 00000000 ____D C:\ProgramData\Adobe
2015-08-11 23:58 - 2012-12-23 23:09 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 23:58 - 2012-12-23 23:09 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-11 23:58 - 2012-12-23 23:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-10 20:43 - 2015-03-11 19:08 - 00000000 ____D C:\Users\Ljilja\dwhelper
2015-08-10 10:59 - 2012-12-23 08:34 - 00000000 ____D C:\ProgramData\Mozilla
2015-08-09 21:22 - 2015-04-23 15:32 - 00000000 ___RD C:\Users\Ljilja\Desktop\gif
2015-08-09 17:22 - 2015-03-26 21:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-09 16:45 - 2014-05-29 20:48 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-09 16:43 - 2014-05-29 20:47 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-09 16:42 - 2013-09-20 16:27 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\uTorrent
2015-08-09 16:12 - 2015-01-31 21:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-08 17:28 - 2015-05-11 21:23 - 00081768 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2015-08-08 17:28 - 2015-05-11 21:23 - 00056680 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys
2015-08-06 14:44 - 2014-11-04 17:57 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-06 14:09 - 2015-05-25 20:08 - 00000000 ____D C:\Users\Ljilja\Tracing
2015-08-06 14:09 - 2013-01-28 23:05 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Windows Live
2015-08-06 14:02 - 2013-01-28 23:15 - 00001341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-08-06 14:00 - 2013-01-28 23:12 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-08-06 13:59 - 2013-01-28 23:12 - 00000000 ____D C:\Program Files\Windows Live
2015-08-02 15:43 - 2015-02-07 17:20 - 00000000 ___RD C:\Users\Ljilja\Desktop\PDR9
2015-08-01 21:53 - 2013-01-06 19:55 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\vlc
2015-08-01 14:18 - 2014-04-24 20:07 - 00000000 ____D C:\Users\Ljilja\AppData\Roaming\Audacity
2015-08-01 12:51 - 2013-09-16 22:13 - 00162528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-08-01 12:51 - 2013-09-16 22:13 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-07-30 23:24 - 2013-12-28 02:23 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2015-07-30 21:21 - 2012-12-22 21:03 - 00000000 ____D C:\Users\Ljilja\AppData\Local\Google
2015-07-28 21:23 - 2015-04-15 14:13 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-28 18:15 - 2012-12-23 04:02 - 00000000 ____D C:\Windows\softwaredistribution.old
2015-07-28 11:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-24 18:16 - 2012-12-22 21:08 - 00000000 ____D C:\ProgramData\Skype
==================== Files in the root of some directories =======
2015-02-25 19:01 - 2015-02-25 19:01 - 0000000 _____ () C:\Users\Ljilja\AppData\Roaming\3C79.tmp
2013-08-01 10:05 - 2015-08-12 19:28 - 0024064 _____ () C:\Users\Ljilja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-18 19:49 - 2015-08-18 19:49 - 0072252 _____ () C:\Users\Ljilja\AppData\Local\recently-used.xbel
2015-03-22 12:20 - 2015-03-22 12:23 - 0007597 _____ () C:\Users\Ljilja\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-08-17 18:16
==================== End of log ============================
Dopuna: 19 Avg 2015 19:31
Ne znam smeta li što sam jučešnje izveštaje stavila u fascikli na dsktopu (vjerovatno bi imali isti naziv kao ovi sada).
Laptop se nije restartovao poslije pokretanja FRST-a, pa sam ja za svaki slučaj sačuvala izveštaje na desktopu i dala im naziv kao prethodni što su imali (poslije restarta nije formiran nijedan izveštaj kao juče).
Poslao: 20 Avg 2015 11:30
- TwinHeadedEagle
- Anti Malware Fighter
Rank 2
- Pridružio: 09 Avg 2011
- Poruke: 15879
- Gde živiš: Beograd
Racunar sada izgleda cisto. Ono sto me interesuje jeste da li je sve u redu sa hard diskom. Zato bih voleo da pokrenemo Check Disk.
Reci mi kako stojis sa engleskim, posto imam detaljno uputstvo na engleskom, da ne bih sada prevodio.
Poslao: 20 Avg 2015 20:08
- Ljilja Hnovi
- Prijatelj foruma
- Pridružio: 14 Okt 2012
- Poruke: 3611
- Gde živiš: Herceg Novi
Ja sam ovo uradila, ali nema nikakav izveštaj, gdje da ga tražim?
Poslao: 20 Avg 2015 21:18
- TwinHeadedEagle
- Anti Malware Fighter
Rank 2
- Pridružio: 09 Avg 2011
- Poruke: 15879
- Gde živiš: Beograd
Sada cemo ovako:
U isto vreme zadrzi Windows dugme + R, kada se otvori prozor ukucaj eventvwr
Na desnoj strani treba da prosiris Windows Logs, a zatim klikni na Applications
Zatim na levoj strani klikni na Filter Current Log, a zatim pod Event Sources, cekiraj samo Wininit. Klikni na OK.
Sada ce ti se gore pojaviti Wininit izvestaj, a njegov sadrzaj kopiraj ovde.