MyCity » Ambulanta » Cini mi se da je problem veoma ozbiljan

Cini mi se da je problem veoma ozbiljan

Napisano na dan: 25.11.2023

Strana:
1
2
3

Cini mi se da je problem veoma ozbiljan

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

Rocky I Poslao: 25 Nov 2023 09:52 Idi na vrh
offline Rocky I Građanin Pridružio: 26 Dec 2007 Poruke: 132	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 25 Nov 2023 2:20 I zezancije volim da kazem da su virusi mit i jednom sam na Win7 u system restore-u imao virus. Davno bese. Do nedavno kada mi je trebala neka pro aplikacija samo da proba da mi povrati neki .txt fajl. Sa piratske luke, gde ima puno seedera i peerova sam skinuo app. Krenuo da instaliram i tu je cudno pocelo da se desava... Instalacija je za nesto od par 10MB jako dugo trajala, usput nudio da instalira neke druge aplikacije... Prekinuo sam i obrisao sve sto sam skinuo. Reko nije bitno, da se ne zezam bespotrebno. 1. na koji način se ispoljava problem oko koga tražite pomoć Prvo je Windows defender detektovao Trojan:Win32/Redline.LDR!MTB. Kada sam izguglao zvuci opasno ali se nista nije desavalo.... Stvar sam shvatio ozbiljno kada sam video da mi je provaljen nebitan linkedin nalog na kom je promenjen e-mail (dobio u svom e-mailu na koga glasi), zatim pokusaj na moj zvanican, posle je bilo i za privremen Facebook nalog... Palim se sada gomilu drugih naloga pa je verovatno i ovaj ugrozen ako se pribojavan da je ono sto mislim. 2. kada se taj problem počeo ispoljavati Za par sati od detekcije Win defendera. 3. ukoliko zaštitni softver koji koristite nešto detektuje, a ne može da ukloni, napišite/iskopirajte nazive detektovanih datoteka u poruku Takodje sam instalirao Malwerbytes gde je on sledece nasao: 4. na koji način ste pokušali rešiti problem Sa Win defender-om kao i da pokrenem u offline tj. pre bootovanja windows 11. Kao i Malwerbytes, takodje sam pokrenuo i Windows-om MRT koji nije nasao nista. 5. kakvom internet konekcijom raspolažete (tip i brzina konekcije) 400Mbit 6. bilo kakve dodatne informacije koje bi mogle pobliže opisati stanje na vašem računaru. Ne primecujem neke velike promene i ako mi deluje da mi malo trokira u Operi. Ono sto mene plasi zbog ovih upada na drustvene mreze. Pa nije valjda da mi je taj trojanac kopirao sve snimljene naloge iz Chrome-a, Opere, Edge-a? Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-11-2023 02 Ran by dejan (administrator) on BATTLESHIP4 (Micro-Star International Co., Ltd MS-7C02) (25-11-2023 01:49:42) Running from C:\Users\dejan\AppData\Local\Temp\scoped_dir5140_271023001\FRST64.exe Loaded Profiles: dejan Platform: Microsoft Windows 11 Pro Version 23H2 22631.2715 (X64) Language: English (United States) Default browser: Opera Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe (C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe (C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe (C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.29700.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\118.0.2088.46\msedgewebview2.exe <6> (C:\Users\dejan\AppData\Local\Programs\Opera\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\dejan\AppData\Local\Programs\Opera\104.0.4944.72\opera_crashreporter.exe (C:\Windows\ImmersiveControlPanel\SystemSettings.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2> (cmd.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe (cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe (DriverStore\FileRepository\u0396906.inf_amd64_85a7dd2e12f92c85\B396804\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0396906.inf_amd64_85a7dd2e12f92c85\B396804\atieclxx.exe (explorer.exe ->) () [File not signed] C:\Users\dejan\AppData\Local\Temp\is-260H7.tmp\a6.exe <2> (explorer.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <16> (explorer.exe ->) (The qBittorrent Project) [File not signed] C:\Program Files\qBittorrent\qbittorrent.exe (Kilonova LLC -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10> (Open Source Developer, Noriyuki Miyazaki -> Crystal Dew World) C:\Program Files\CrystalDiskInfo\DiskInfo64.exe (Opera Norway AS -> Opera Software) C:\Users\dejan\AppData\Local\Programs\Opera\opera.exe <42> (services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0396906.inf_amd64_85a7dd2e12f92c85\B396804\atiesrxx.exe (services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe (services.exe ->) (HP Inc.) [File not signed] C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\dejan\AppData\Local\Microsoft\OneDrive\23.226.1031.0003\FileCoAuth.exe (svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.29700.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => "C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_0c755fff65745edd\RtkAudUService64.exe" -background (No File) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-06-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-21] (Kilonova LLC -> ) HKLM-x32\...\Run: [HDD Regenerator] => "C:\Program Files (x86)\HDD Regenerator\Shell.exe" /1 (No File) HKLM-x32\...\Run: [Genshin Impact_launcher_pcseaepic_1_3] => [X] HKU\S-1-5-21-3742737895-398362341-1790896251-1001\...\Run: [MicrosoftEdgeAutoLaunch_A9AE4A14A8BD639F4AB91FC16A3CB162] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4131264 2023-10-13] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3742737895-398362341-1790896251-1001\...\Run: [qBittorrent] => C:\Program Files\qBittorrent\qbittorrent.exe [32222208 2023-11-20] (The qBittorrent Project) [File not signed] HKU\S-1-5-21-3742737895-398362341-1790896251-1001\...\Run: [AMDNoiseSuppression] => "C:\Windows\system32\AMD\ANR\AMDNoiseSuppression.exe" (No File) HKU\S-1-5-21-3742737895-398362341-1790896251-1001\...\Run: [autogen] => C:\Users\dejan\AppData\Local\Temp\is-260H7.tmp\a6.exe [5902390 2023-11-22] () [File not signed] <==== ATTENTION HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\Windows\system32\HpTcpMon.dll [331264 2009-09-16] (Hewlett Packard) [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\119.0.6045.160\Installer\chrmstp.exe [2023-11-17] (Google LLC -> Google LLC) ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {52DB003B-2D0C-492B-82B0-BF020AD428F2} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2023-10-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) Task: {641A9920-9DC9-40F1-9021-527F7F52C9C0} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [183736 2023-10-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) Task: {E9631097-A1F9-4221-AB57-031CB827226B} - System32\Tasks\CrystalDiskInfo => C:\Program Files\CrystalDiskInfo\DiskInfo64.exe [2851864 2023-07-11] (Open Source Developer, Noriyuki Miyazaki -> Crystal Dew World) Task: {4A534B2F-438B-49D3-87C7-D8559D63769C} - System32\Tasks\GoogleUpdateTaskMachineCore{1A06BADA-A8D7-43F1-B50C-5994EBDDAA3D} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-09-03] (Google LLC -> Google LLC) Task: {F7BC5270-2529-456B-B079-71B9F948E559} - System32\Tasks\GoogleUpdateTaskMachineUA{916D487C-2D66-4DB3-80A8-DC1BAD219A07} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-09-03] (Google LLC -> Google LLC) Task: {6373F595-A235-4271-B148-4D20736716DA} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [60880 2023-11-09] (HP Inc. -> HP Inc.) Task: {875307EA-B8FB-44DD-BEAF-0B6F0B9AD6E8} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [60880 2023-11-09] (HP Inc. -> HP Inc.) Task: {CB7B650F-1996-45A2-A490-32BCC9CC8DD0} - System32\Tasks\Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask => {82aa0895-198a-4c1b-b2d1-c16894218afb} C:\Windows\System32\unifiedconsent.dll [311296 2023-11-07] (Microsoft Windows -> Microsoft Corporation) Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File) Task: {D27E549F-316F-4048-9ABC-C3027748BFAF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {1B4A251C-E446-4D23-A5D2-66BB48892689} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {4B9F0B37-75EF-449C-9D29-239BD1723C77} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {8B975653-A840-45D8-8D93-42D35C7E4174} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {7D411E60-C734-4DF2-A7AE-43C4CA6DCA93} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2023-10-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) Task: {3D9165A2-3CD4-4993-A545-A5F94CAB63FB} - System32\Tasks\Opera scheduled Autoupdate 1693753719 => C:\Users\dejan\AppData\Local\Programs\Opera\launcher.exe [2642848 2023-11-21] (Opera Norway AS -> Opera Software) Task: {62745F43-5976-4D71-B627-D865EDEC3FBA} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [60344 2023-10-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) Task: {212AAE0A-1228-443E-90CE-DE4DBC2A4795} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [324024 2023-10-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) Task: {B0EF9426-EC2A-43DA-BC6F-E608BADCE0DC} - System32\Tasks\update-S-1-5-21-3742737895-398362341-1790896251-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {13F30F04-9908-4F99-93A0-F3A1635FD6A2} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\update-S-1-5-21-3742737895-398362341-1790896251-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{78b586f0-797e-4c99-bc9d-e781f9772ddb}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{7d7a6ad2-718f-49c9-8beb-6355924f5174}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\dejan\AppData\Local\Microsoft\Edge\User Data\Default [2023-11-25] Edge Notifications: Default -> hxxps://www.msn.com Edge Session Restore: Default -> is enabled. Edge Extension: (Malwarebytes Browser Guard) - C:\Users\dejan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2023-11-24] Edge Extension: (Google Docs Offline) - C:\Users\dejan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-18] Edge Extension: (Edge relevant text changes) - C:\Users\dejan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-13] Edge Profile: C:\Users\dejan\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2023-11-24] Edge Session Restore: Profile 1 -> is enabled. Edge Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\dejan\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2023-11-17] Edge Extension: (Google Docs Offline) - C:\Users\dejan\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-03] Edge Extension: (Edge relevant text changes) - C:\Users\dejan\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-10-23] Edge Extension: (Octotree - GitHub code tree) - C:\Users\dejan\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\joagmknfcgpikbadjkaikmnhpjadihjg [2023-10-25] Edge Extension: (AdBlock — best ad blocker) - C:\Users\dejan\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2023-11-15] Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn] Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn] Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default [2023-11-25] CHR DownloadDir: D:\Downloads CHR HomePage: Default -> hxxps://www.google.com/ CHR Session Restore: Default -> is enabled. CHR Extension: (Google Translate) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2023-09-03] CHR Extension: (AliExpress Coupon Finder) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\adanomdlalebngcphfbknoglbcdcbchb [2023-09-03] CHR Extension: (Sexy Undo Close Tab) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg [2023-09-03] CHR Extension: (ColorZilla) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2023-10-11] CHR Extension: (Octotree - GitHub code tree) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkhaagjahfmjljalopjnoealnfndnagc [2023-11-14] CHR Extension: (JSON Viewer) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdgpbipfallnflgajpaliibnhdgobh [2023-09-03] CHR Extension: (Toby Mini) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfdcgfhkelkdmglklfbndgopaihmoeci [2023-11-22] CHR Extension: (Google Docs Offline) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-03] CHR Extension: (AdBlock — best ad blocker) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-11-16] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-11-24] CHR Extension: (WhatFont) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2023-09-03] CHR Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2023-11-24] CHR Extension: (StayFocusd - Block Distracting Websites) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2023-11-15] CHR Extension: (AliSaver - AliExpress Shopping and Cashback) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbpccgpiidnajgnapidpjmcjakjhkbom [2023-09-03] CHR Extension: (Humble New Tab Page) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfgdmpfihlmdekaclngibpjhdebndhdj [2023-10-23] CHR Extension: (editGPT) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mognjodfeldknhobgbnkoomipkmlnnhk [2023-11-15] CHR Extension: (The Printliminator) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nklechikgnfoonbfmcalddjcpmcmgapf [2023-09-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-03] CHR Extension: (Toast - Save Tabs for Later) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pejhbjnfifdecpkgcjhgmcaphdobmiie [2023-09-03] CHR Profile: C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-11-13] CHR Session Restore: Profile 1 -> is enabled. CHR Extension: (Google Translate) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2023-09-03] CHR Extension: (Sexy Undo Close Tab) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg [2023-09-03] CHR Extension: (JSON Formatter) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bcjindcccaagfpapjjmafapmmgkkhgoa [2023-09-03] CHR Extension: (Web Developer) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2023-09-03] CHR Extension: (ColorZilla) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2023-11-13] CHR Extension: (Octotree - GitHub code tree) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bkhaagjahfmjljalopjnoealnfndnagc [2023-11-13] CHR Extension: (Weava Highlighter - PDF & Web) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cbnaodkpfinfiipjblikofhlhlcickei [2023-11-13] CHR Extension: (JSONVue) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chklaanhfefbnpoihckbnefhakgolnmc [2023-11-13] CHR Extension: (OneTab) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2023-11-13] CHR Extension: (Fonts Ninja) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eljapbgkmlngdpckoiiibecpemleclhh [2023-09-03] CHR Extension: (Google Font Previewer for Chrome) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\engndlnldodigdjamndkplafgmkkencc [2023-09-03] CHR Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdpohaocaechififmbbbbbknoalclacl [2023-09-03] CHR Extension: (React Developer Tools) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fmkadmapgofadopljbjfkapdkoienihi [2023-11-13] CHR Extension: (JSON Viewer) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbmdgpbipfallnflgajpaliibnhdgobh [2023-09-03] CHR Extension: (Toby Mini) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gfdcgfhkelkdmglklfbndgopaihmoeci [2023-11-13] CHR Extension: (Google Docs Offline) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-03] CHR Extension: (ColorA11y) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icfneoldcbdmgaiocnnobpbbjncdfbfb [2023-09-03] CHR Extension: (WhatFont) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2023-09-03] CHR Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2023-11-13] CHR Extension: (Momentum) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2023-11-13] CHR Extension: (Google Keep Chrome Extension) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2023-11-13] CHR Extension: (SelectorsHub) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndgimibanhlabgdgjcpbbndiehljcpfh [2023-09-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-03] CHR Extension: (AdBlocker Ultimate) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2023-11-13] CHR Extension: (Inspect Devices) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjpobmgdbnbegggcdgbljfgplleejmkb [2023-09-03] CHR Profile: C:\Users\dejan\AppData\Local\Google\Chrome\User Data\System Profile [2023-11-07] CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] Opera: ======= OPR DefaultProfile: Default ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 CloudBackupRestoreSvc; C:\Windows\System32\CloudRestoreLauncher.dll [1355776 2023-11-07] (Microsoft Windows -> Microsoft Corporation) R3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [11187816 2023-11-24] (Electronic Arts, Inc. -> Electronic Arts) S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [375248 2023-10-22] (Epic Games Inc. -> Epic Games, Inc.) R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176640 2020-02-11] (HP Inc.) [File not signed] R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230360 2023-11-09] (HP Inc. -> HP Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9343840 2023-11-24] (Malwarebytes Inc. -> Malwarebytes) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534584 2023-11-15] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe [3121120 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe [133704 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation) S2 WMS; C:\Windows\WinS\wmpnetwk.exe [331264 2014-08-31] () [File not signed] <==== ATTENTION S3 EasyAntiCheat; "C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe" [X] S3 EasyAntiCheat_EOS; "C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe" [X] S3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 amdfendrmgr; C:\Windows\System32\drivers\amdfendrmgr.sys [36736 2023-05-05] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [36928 2022-09-16] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc) R2 AMDRyzenMasterDriverV20; C:\Windows\system32\AMDRyzenMasterDriver.sys [58952 2023-10-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices) R3 AMDSAFD; C:\Windows\System32\DriverStore\FileRepository\amdsafd.inf_amd64_54807f69fe156f14\amdsafd.sys [113088 2023-04-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices) R3 amduw23g; C:\Windows\System32\DriverStore\FileRepository\u0396906.inf_amd64_85a7dd2e12f92c85\B396804\amdkmdag.sys [106396096 2023-10-19] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [61888 2023-05-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [532480 2023-05-05] (Microsoft Corporation) [File not signed] S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [184320 2023-05-05] (Microsoft Corporation) [File not signed] S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed] R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222784 2023-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-11-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt11.sys [233704 2023-11-24] (Malwarebytes Inc. -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2023-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2023-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [188008 2023-11-24] (Malwarebytes Inc. -> Malwarebytes) R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [19000 2023-04-05] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd) R3 rt68cx21; C:\Windows\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_400a42c66fb0e159\rt68cx21x64.sys [598976 2022-01-17] (Realtek Semiconductor Corp. -> Realtek) S3 rtcx21; C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows -> Realtek) S4 UCPD; C:\Windows\System32\drivers\UCPD.sys [29184 2023-09-13] (Microsoft Windows -> Microsoft Corporation) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55744 2023-11-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [578856 2023-11-07] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105768 2023-11-07] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2023-11-25 01:49 - 2023-11-25 01:49 - 000000000 ____D C:\FRST 2023-11-24 01:22 - 2023-11-24 01:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent 2023-11-24 01:22 - 2023-11-24 01:22 - 000000000 ____D C:\Program Files\qBittorrent 2023-11-24 01:21 - 2023-11-24 01:21 - 000233704 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt11.sys 2023-11-24 01:21 - 2023-11-24 01:21 - 000188008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2023-11-24 00:56 - 2023-11-25 01:06 - 000000000 ____D C:\Users\dejan\AppData\Local\Malwarebytes 2023-11-24 00:56 - 2023-11-24 00:56 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2023-11-24 00:56 - 2023-11-24 00:56 - 000000000 ____D C:\Users\dejan\AppData\Local\mbam 2023-11-24 00:56 - 2023-11-24 00:56 - 000000000 ____D C:\ProgramData\Malwarebytes 2023-11-24 00:56 - 2023-11-24 00:56 - 000000000 ____D C:\Program Files\Malwarebytes 2023-11-22 10:18 - 2023-11-22 10:18 - 000000000 ____D C:\Windows\Microsoft Antimalware 2023-11-22 01:29 - 2023-11-22 01:29 - 002383872 _____ (Farbar) C:\Users\dejan\Downloads\FRSTEnglish.exe 2023-11-22 00:53 - 2023-11-24 00:59 - 000000000 ____D C:\Users\dejan\AppData\Roaming\DigitalCloud 2023-11-22 00:53 - 2023-11-22 00:53 - 000000000 ____D C:\Users\dejan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DigitalCloud 2023-11-22 00:48 - 2023-11-22 01:14 - 000000004 ____H C:\ProgramData\rc.dat 2023-11-22 00:47 - 2023-11-22 01:14 - 000000004 ____H C:\ProgramData\lock.dat 2023-11-22 00:47 - 2023-11-22 00:47 - 000000512 ____H C:\ProgramData\resource.dat 2023-11-22 00:47 - 2023-11-22 00:47 - 000000008 ____H C:\ProgramData\ts.dat 2023-11-22 00:46 - 2023-11-22 01:15 - 000000000 ____D C:\ProgramData\AudioLevel 2023-11-22 00:31 - 2023-11-22 00:31 - 000000000 ____D C:\Users\dejan\AppData\LocalLow\Statespace 2023-11-22 00:27 - 2023-11-22 00:27 - 000000000 ____D C:\Users\dejan\AppData\Local\tkr 2023-11-22 00:09 - 2023-11-22 00:09 - 000000000 ____D C:\Users\dejan\AppData\Local\unali-468551218 2023-11-22 00:09 - 2023-11-22 00:09 - 000000000 ____D C:\Users\dejan\AppData\Local\unali-468551109 2023-11-21 23:55 - 2023-11-21 23:55 - 000000000 ____D C:\Users\dejan\AppData\LocalLow\Woodhill Studios 2023-11-21 23:43 - 2023-11-21 23:43 - 000000000 ____D C:\Users\dejan\AppData\Local\AitDPrologue 2023-11-21 19:25 - 2023-11-21 19:25 - 000000000 ____D C:\Users\dejan\AppData\Roaming\EaseUS 2023-11-21 19:25 - 2023-11-21 19:25 - 000000000 ____D C:\ProgramData\SystemAcCrux 2023-11-21 19:25 - 2023-11-21 19:25 - 000000000 ____D C:\Program Files\EaseUS 2023-11-21 19:25 - 2023-11-21 19:25 - 000000000 ____D C:\Program Files (x86)\EaseUS 2023-11-21 15:49 - 2023-11-24 11:16 - 000000000 ____D C:\Program Files\Recuva 2023-11-21 15:49 - 2023-11-21 15:49 - 000000000 ____D C:\ProgramData\Piriform 2023-11-21 15:47 - 2023-11-21 15:47 - 000000000 ____H C:\Users\dejan\OneDrive\Documents\Default.rdp 2023-11-21 14:29 - 2023-11-21 14:29 - 000000016 _____ C:\ProgramData\mntemp 2023-11-21 14:29 - 2023-11-21 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters 2023-11-21 14:28 - 2023-11-21 15:45 - 000000000 ____D C:\ProgramData\Wondershare 2023-11-21 14:28 - 2023-11-21 15:45 - 000000000 ____D C:\Program Files (x86)\iSkysoft 2023-11-21 14:28 - 2023-11-21 14:29 - 000000000 ____D C:\Program Files (x86)\LAV Filters 2023-11-19 21:20 - 2023-11-19 21:20 - 000000000 ____D C:\Users\dejan\AppData\Local\VALORANT 2023-11-18 11:47 - 2023-11-21 00:13 - 000000000 ____D C:\Users\dejan\OneDrive\Documents\ViberDownloads 2023-11-18 11:47 - 2023-11-19 21:00 - 000000000 ____D C:\Users\dejan\AppData\Roaming\ViberPC 2023-11-18 11:47 - 2023-11-18 11:47 - 000001070 _____ C:\Users\dejan\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk 2023-11-18 11:47 - 2023-11-18 11:47 - 000000000 ____D C:\Users\dejan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber 2023-11-18 11:47 - 2023-11-18 11:47 - 000000000 ____D C:\Users\dejan\AppData\Local\ViberCache 2023-11-18 11:47 - 2023-11-18 11:47 - 000000000 ____D C:\Users\dejan\AppData\Local\Viber Media S.à r.l 2023-11-18 11:47 - 2023-11-18 11:47 - 000000000 ____D C:\Users\dejan\AppData\Local\Viber 2023-11-18 11:47 - 2023-11-18 11:47 - 000000000 ____D C:\Users\dejan\AppData\Local\Package Cache 2023-11-18 11:47 - 2023-11-18 11:47 - 000000000 ____D C:\Users\dejan\AppData\Local\2010-2023_Viber_Media_S.a 2023-11-15 17:07 - 2023-11-15 17:07 - 000000000 ____D C:\Users\dejan\AppData\Local\Days of Wonder 2023-11-15 17:01 - 2023-11-15 17:01 - 000000000 ____D C:\Users\dejan\AppData\LocalLow\Choice Provisions 2023-11-15 16:29 - 2023-11-15 16:29 - 000000000 ____D C:\Users\dejan\AppData\LocalLow\Codename Entertainment 2023-11-15 16:26 - 2023-11-15 16:28 - 000000000 ____D C:\Users\dejan\AppData\LocalLow\Unity 2023-11-15 16:17 - 2023-11-15 16:26 - 000000000 ____D C:\Users\dejan\AppData\LocalLow\Obsidian Entertainment 2023-11-15 15:56 - 2023-11-15 15:56 - 000000000 ____D C:\Users\dejan\AppData\LocalLow\Fullbright 2023-11-15 12:57 - 2023-11-15 12:58 - 000000000 ___HD C:\$WinREAgent 2023-11-13 09:57 - 2023-11-19 22:22 - 000000001 _____ C:\Windows\vgkbootstatus.dat 2023-11-12 22:08 - 2023-11-12 22:08 - 000000000 ____D C:\Users\dejan\OneDrive\Documents\Avalanche Studios 2023-11-12 22:08 - 2023-11-12 22:08 - 000000000 ____D C:\Users\dejan\AppData\Local\CrashRpt 2023-11-12 22:08 - 2023-11-12 22:08 - 000000000 ____D C:\Users\dejan\AppData\Local\Avalanche Studios 2023-11-12 21:59 - 2023-11-12 22:04 - 000000000 ____D C:\Users\dejan\AppData\Roaming\Path of Exile 2023-11-12 21:56 - 2023-11-12 21:56 - 000000000 ____D C:\Users\dejan\AppData\Roaming\Kalypso Media 2023-11-12 21:56 - 2023-11-12 21:56 - 000000000 ____D C:\Users\dejan\AppData\LocalLow\Realmforge Studios GmbH 2023-11-12 21:56 - 2023-11-12 21:56 - 000000000 ____D C:\Users\dejan\AppData\Local\Kalypso Media 2023-11-12 21:45 - 2023-11-12 21:45 - 000000000 ____D C:\Users\dejan\AppData\LocalLow\Koch Media GmbH 2023-11-12 21:39 - 2023-11-12 21:40 - 000000000 ____D C:\Users\dejan\AppData\Roaming\Surviving Mars 2023-11-12 21:22 - 2023-11-12 21:23 - 000000000 ____D C:\Users\dejan\OneDrive\Documents\Guacamelee2_EGS 2023-11-12 21:14 - 2023-11-12 21:14 - 000000000 ____D C:\Users\dejan\AppData\Local\QUBE 2023-11-12 21:02 - 2023-11-12 21:02 - 000000000 ____D C:\Users\dejan\AppData\LocalLow\MrPink 2023-11-12 20:56 - 2023-11-12 20:56 - 000000000 ____D C:\Users\dejan\AppData\LocalLow\No Code 2023-11-11 11:51 - 2023-11-11 11:51 - 000000000 ____D C:\Users\dejan\AppData\Local\HoYoverse 2023-11-11 10:36 - 2023-11-11 10:36 - 000000000 ____D C:\Users\dejan\AppData\LocalLow\Drop Bear Bytes 2023-11-11 10:27 - 2023-11-11 10:27 - 000000000 ____D C:\Users\dejan\AppData\Local\ColonyShipGame 2023-11-08 13:20 - 2023-11-08 13:20 - 000000000 ____D C:\Users\dejan\AppData\Local\Backup 2023-11-07 23:11 - 2023-11-07 23:11 - 000000000 ____D C:\Users\dejan\OneDrive\Documents\Darkest 2023-11-07 23:01 - 2023-11-07 23:01 - 000000000 ____D C:\Users\dejan\AppData\Local\VisionaireStudio 2023-11-07 23:01 - 2023-11-07 23:01 - 000000000 ____D C:\Users\dejan\AppData\Local\Visionaire Editor 2023-11-07 23:01 - 2023-11-07 23:01 - 000000000 ____D C:\Users\dejan\AppData\Local\Daedalic Entertainment GmbH 2023-11-07 22:43 - 2023-11-07 22:43 - 000000000 ____D C:\Users\dejan\AppData\LocalLow\Ripstone 2023-11-07 19:22 - 2023-11-07 19:22 - 000016240 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json 2023-11-07 19:08 - 2023-11-07 19:08 - 000000000 ____D C:\Users\dejan\AppData\LocalLow\Cosmonaut Studios Limited 2023-11-07 18:59 - 2023-11-07 18:59 - 000000000 ____D C:\Users\dejan\AppData\Local\Shadows 2023-11-07 18:37 - 2023-11-07 18:37 - 000000000 ____D C:\Users\dejan\AppData\LocalLow\Beam Team Games 2023-11-07 18:30 - 2023-11-07 18:30 - 000000000 ____D C:\Users\dejan\AppData\Roaming\Samurai Shodown NEOGEO Collection 2023-11-07 18:27 - 2023-11-07 18:27 - 000000000 ____D C:\Users\dejan\AppData\LocalLow\Snoozy Kazoo 2023-11-06 23:09 - 2023-11-06 23:09 - 000000000 ____D C:\Users\dejan\AppData\LocalLow\Dim Bulb Games 2023-11-06 23:02 - 2023-11-06 23:02 - 000000000 ____D C:\Users\dejan\AppData\Roaming\Aspyr Media 2023-11-06 23:02 - 2023-11-06 23:02 - 000000000 ____D C:\Users\dejan\AppData\LocalLow\PolyKnight Games 2023-11-06 23:02 - 2023-11-06 23:02 - 000000000 ____D C:\Users\dejan\AppData\Local\Aspyr Media 2023-11-06 22:52 - 2023-11-06 22:52 - 000000000 ____D C:\Users\dejan\AppData\Local\QUBE_Remastered 2023-11-06 18:44 - 2023-11-06 18:44 - 000000000 ____D C:\Users\dejan\AppData\Local\Ubisoft 2023-11-06 16:16 - 2023-11-06 16:16 - 000000000 ____D C:\Users\dejan\AppData\LocalLow\Hinterland 2023-11-06 16:15 - 2023-11-06 16:16 - 000000000 ____D C:\Users\dejan\AppData\Local\Hinterland 2023-11-06 14:18 - 2023-11-24 11:15 - 000003102 _____ C:\Windows\system32\Tasks\AMDLinkUpdate 2023-11-06 14:18 - 2023-11-06 14:18 - 000003484 _____ C:\Windows\system32\Tasks\ModifyLinkUpdate 2023-11-06 14:18 - 2023-11-06 14:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool 2023-11-06 14:17 - 2023-11-06 14:17 - 000003072 _____ C:\Windows\system32\Tasks\StartDVR 2023-11-06 14:17 - 2023-11-06 14:17 - 000002620 _____ C:\Windows\system32\Tasks\AMDRyzenMasterSDKTask 2023-11-06 14:17 - 2023-11-06 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Software꞉ Adrenalin Edition 2023-11-06 14:15 - 2023-10-19 08:44 - 002091056 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe 2023-11-06 14:15 - 2023-10-19 08:44 - 002091056 _____ C:\Windows\system32\vulkaninfo.exe 2023-11-06 14:15 - 2023-10-19 08:44 - 001649200 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2023-11-06 14:15 - 2023-10-19 08:44 - 001649200 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2023-11-06 14:15 - 2023-10-19 08:44 - 001456192 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll 2023-11-06 14:15 - 2023-10-19 08:44 - 001456192 _____ C:\Windows\system32\vulkan-1.dll 2023-11-06 14:15 - 2023-10-19 08:44 - 001297536 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll 2023-11-06 14:15 - 2023-10-19 08:44 - 001297536 _____ C:\Windows\SysWOW64\vulkan-1.dll 2023-11-06 14:15 - 2023-10-19 08:44 - 000176688 _____ C:\Windows\system32\mantleaxl64.dll 2023-11-06 14:15 - 2023-10-19 08:43 - 000721456 _____ C:\Windows\system32\hiprt0200064.dll 2023-11-06 14:15 - 2023-10-19 08:43 - 000598056 _____ C:\Windows\system32\GameManager64.dll 2023-11-06 14:15 - 2023-10-19 08:43 - 000539184 _____ C:\Windows\system32\libsmi_guest.dll 2023-11-06 14:15 - 2023-10-19 08:43 - 000514608 _____ C:\Windows\system32\libsmi_host.dll 2023-11-06 14:15 - 2023-10-19 08:43 - 000494016 _____ C:\Windows\system32\EEURestart.exe 2023-11-06 14:15 - 2023-10-19 08:43 - 000452656 _____ C:\Windows\SysWOW64\GameManager32.dll 2023-11-06 14:15 - 2023-10-19 08:43 - 000256960 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll 2023-11-06 14:15 - 2023-10-19 08:43 - 000219072 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll 2023-11-06 14:15 - 2023-10-19 08:43 - 000197568 _____ C:\Windows\system32\mantle64.dll 2023-11-06 14:15 - 2023-10-19 08:43 - 000186304 _____ (AMD) C:\Windows\system32\atimuixx.dll 2023-11-06 14:15 - 2023-10-19 08:43 - 000174528 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll 2023-11-06 14:15 - 2023-10-19 08:43 - 000156080 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll 2023-11-06 14:15 - 2023-10-19 08:43 - 000155696 _____ C:\Windows\SysWOW64\mantle32.dll 2023-11-06 14:15 - 2023-10-19 08:43 - 000139312 _____ C:\Windows\SysWOW64\mantleaxl32.dll 2023-11-06 14:15 - 2023-10-19 08:43 - 000138688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll 2023-11-06 14:15 - 2023-10-19 08:43 - 000127440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll 2023-11-06 14:15 - 2023-10-19 08:43 - 000121688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll 2023-11-06 14:15 - 2023-10-19 08:42 - 011747120 _____ C:\Windows\system32\amdsmi.exe 2023-11-06 14:15 - 2023-10-19 08:42 - 002235328 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdsasrv64.dll 2023-11-06 14:15 - 2023-10-19 08:42 - 001701040 _____ (AMD) C:\Windows\system32\amf-mft-mjpeg-decoder64.dll 2023-11-06 14:15 - 2023-10-19 08:42 - 001607616 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll 2023-11-06 14:15 - 2023-10-19 08:42 - 001607616 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll 2023-11-06 14:15 - 2023-10-19 08:42 - 001328576 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdsacli64.dll 2023-11-06 14:15 - 2023-10-19 08:42 - 001049536 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdsacli32.dll 2023-11-06 14:15 - 2023-10-19 08:42 - 000965568 _____ (AMD) C:\Windows\system32\atieclxx.exe 2023-11-06 14:15 - 2023-10-19 08:42 - 000933824 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll 2023-11-06 14:15 - 2023-10-19 08:42 - 000761280 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll 2023-11-06 14:15 - 2023-10-19 08:42 - 000527296 _____ C:\Windows\system32\atieah64.exe 2023-11-06 14:15 - 2023-10-19 08:42 - 000463296 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll 2023-11-06 14:15 - 2023-10-19 08:42 - 000396224 _____ C:\Windows\SysWOW64\atieah32.exe 2023-11-06 14:15 - 2023-10-19 08:42 - 000200944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll 2023-11-06 14:15 - 2023-10-19 08:42 - 000164864 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll 2023-11-06 14:15 - 2023-10-19 08:42 - 000128960 _____ C:\Windows\system32\amdxc64.dll 2023-11-06 14:15 - 2023-10-19 08:42 - 000104896 _____ C:\Windows\SysWOW64\amdxc32.dll 2023-11-06 14:15 - 2023-10-19 08:42 - 000064960 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll 2023-11-06 14:15 - 2023-10-19 08:41 - 004375088 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdadlx64.dll 2023-11-06 14:15 - 2023-10-19 08:41 - 004180016 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdadlx32.dll 2023-11-06 14:15 - 2023-10-19 08:41 - 001378456 _____ (AMD) C:\Windows\SysWOW64\amf-mft-mjpeg-decoder32.dll 2023-11-06 14:15 - 2023-10-19 08:41 - 000791600 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll 2023-11-06 14:15 - 2023-10-19 08:41 - 000668720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll 2023-11-06 14:15 - 2023-10-19 08:41 - 000560176 _____ C:\Windows\system32\amdgfxinfo64.dll 2023-11-06 14:15 - 2023-10-19 08:41 - 000532928 _____ C:\Windows\system32\dgtrayicon.exe 2023-11-06 14:15 - 2023-10-19 08:41 - 000461248 _____ C:\Windows\system32\amdlogum.exe 2023-11-06 14:15 - 2023-10-19 08:41 - 000423984 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll 2023-11-06 14:15 - 2023-10-19 08:41 - 000041520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll 2023-11-06 14:15 - 2023-10-19 08:41 - 000038448 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll 2023-11-06 14:15 - 2023-10-19 08:40 - 105391040 _____ C:\Windows\system32\amd_comgr.dll 2023-11-06 14:15 - 2023-10-19 08:40 - 088605632 _____ C:\Windows\SysWOW64\amd_comgr32.dll 2023-11-06 14:15 - 2023-10-19 08:40 - 019424192 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64.dll 2023-11-06 14:15 - 2023-10-19 08:40 - 000557552 _____ C:\Windows\system32\amdmiracast.dll 2023-11-06 14:15 - 2023-10-19 08:40 - 000515008 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2023-11-06 14:15 - 2023-10-19 08:40 - 000380864 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2023-11-06 14:15 - 2023-10-19 08:40 - 000328056 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdfendr.stz 2023-11-06 14:15 - 2023-10-19 08:40 - 000166848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll 2023-11-06 14:15 - 2023-10-19 08:40 - 000156080 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll 2023-11-06 14:15 - 2023-10-19 08:40 - 000135616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl.dll 2023-11-06 14:15 - 2023-10-19 08:40 - 000127328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll 2023-11-06 14:15 - 2023-10-19 08:40 - 000093120 _____ C:\Windows\system32\clinfo.exe 2023-11-06 14:15 - 2023-10-19 08:40 - 000046456 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdfendrmgr.stz 2023-11-06 14:15 - 2023-10-19 08:39 - 000166440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll 2023-11-06 14:15 - 2023-10-19 08:39 - 000141384 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll 2023-11-06 14:15 - 2023-10-19 07:32 - 110152720 _____ C:\Windows\system32\amdxc64.so 2023-11-06 11:53 - 2023-11-06 11:53 - 000000000 ____D C:\Users\dejan\AppData\Local\My Games 2023-11-05 19:39 - 2023-11-05 19:39 - 000000000 ____D C:\Users\dejan\AppData\LocalLow\BonusXP 2023-10-27 00:04 - 2023-10-27 00:05 - 000000000 ____D C:\Users\dejan\AppData\Local\UnravelTwo ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2023-11-25 01:42 - 2023-09-03 16:11 - 000000000 ____D C:\Program Files (x86)\Steam 2023-11-25 01:41 - 2023-09-03 16:38 - 000000000 ____D C:\Users\dejan\AppData\Roaming\qBittorrent 2023-11-25 01:28 - 2023-09-03 22:06 - 000000000 ____D C:\Program Files (x86)\Google 2023-11-25 01:28 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SystemTemp 2023-11-24 19:51 - 2023-09-04 00:55 - 000000000 ____D C:\Windows\system32\SleepStudy 2023-11-24 14:32 - 2023-09-03 16:13 - 000000000 ____D C:\Users\dejan\AppData\Local\Ubisoft Game Launcher 2023-11-24 14:18 - 2023-09-03 16:05 - 000000000 ____D C:\Users\dejan\AppData\Local\D3DSCache 2023-11-24 13:42 - 2023-09-03 16:03 - 000000000 ____D C:\Users\dejan 2023-11-24 12:58 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-11-24 11:27 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\AppReadiness 2023-11-24 11:10 - 2023-09-03 16:06 - 000000000 ___RD C:\Users\dejan\OneDrive 2023-11-24 02:14 - 2022-05-07 06:17 - 000032768 _____ C:\Windows\system32\config\ELAM 2023-11-24 01:27 - 2023-09-03 16:03 - 000850316 _____ C:\Windows\system32\PerfStringBackup.INI 2023-11-24 01:27 - 2022-05-07 06:22 - 000000000 ____D C:\Windows\INF 2023-11-24 01:21 - 2023-09-04 00:56 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-11-24 01:21 - 2023-09-04 00:55 - 000012288 ___SH C:\DumpStack.log.tmp 2023-11-24 01:16 - 2022-05-07 06:17 - 000524288 _____ C:\Windows\system32\config\BBI 2023-11-24 01:12 - 2023-10-15 19:16 - 000001607 _____ C:\Windows\system32\config\VSMIDK 2023-11-24 01:09 - 2023-09-03 18:08 - 000000000 ____D C:\Windows\system32\MRT 2023-11-24 00:56 - 2022-05-07 06:24 - 000000000 ___HD C:\Windows\ELAMBKUP 2023-11-23 20:33 - 2023-09-03 16:11 - 000000000 ____D C:\Program Files (x86)\Epic Games 2023-11-22 11:13 - 2023-09-03 16:08 - 000004182 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1693753719 2023-11-22 11:13 - 2023-09-03 16:08 - 000001446 _____ C:\Users\dejan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk 2023-11-22 03:30 - 2023-09-07 14:10 - 000000000 ____D C:\Windows\Minidump 2023-11-22 01:16 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate 2023-11-22 01:15 - 2023-10-15 17:17 - 000000000 ____D C:\Windows\WinS 2023-11-22 01:01 - 2023-09-04 00:55 - 000303704 _____ C:\Windows\system32\FNTCACHE.DAT 2023-11-22 01:01 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SystemResources 2023-11-22 00:53 - 2023-09-03 18:52 - 000000000 ____D C:\Users\dejan\AppData\Local\CrashDumps 2023-11-22 00:27 - 2023-09-03 16:12 - 000000000 ____D C:\Users\dejan\AppData\Local\UnrealEngine 2023-11-21 22:26 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps 2023-11-21 15:46 - 2022-05-07 06:17 - 000000000 ____D C:\Windows\CbsTemp 2023-11-21 01:21 - 2023-09-03 16:06 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3742737895-398362341-1790896251-1001 2023-11-21 01:21 - 2023-09-03 16:06 - 000003370 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3742737895-398362341-1790896251-1001 2023-11-21 01:21 - 2023-09-03 16:06 - 000002420 _____ C:\Users\dejan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-11-20 20:14 - 2023-09-03 19:09 - 000000000 ____D C:\Users\dejan\AppData\Local\AMD_Common 2023-11-19 22:21 - 2023-09-20 22:31 - 000000000 ____D C:\Users\dejan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riot Games 2023-11-19 21:21 - 2023-09-03 22:06 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2023-11-19 21:20 - 2023-09-20 22:31 - 000000000 ____D C:\Users\dejan\AppData\Local\Riot Games 2023-11-18 00:04 - 2023-09-03 16:05 - 000000000 ____D C:\Users\dejan\AppData\Local\Packages 2023-11-17 18:45 - 2023-09-03 16:11 - 000000000 ____D C:\Users\dejan\AppData\Local\Steam 2023-11-16 01:55 - 2022-05-07 08:39 - 000000000 ___HD C:\Program Files\Windows Defender Advanced Threat Protection 2023-11-16 01:55 - 2022-05-07 06:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2023-11-16 01:55 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\oobe 2023-11-16 01:55 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\bcastdvr 2023-11-15 16:29 - 2023-09-03 16:13 - 000000000 ____D C:\ProgramData\Package Cache 2023-11-15 13:02 - 2023-09-03 18:08 - 182871392 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2023-11-15 13:01 - 2023-09-03 15:58 - 003212800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2023-11-15 10:55 - 2023-09-19 13:19 - 000000000 ____D C:\Program Files\HPPrintScanDoctor 2023-11-14 00:23 - 2023-09-03 22:06 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{916D487C-2D66-4DB3-80A8-DC1BAD219A07} 2023-11-14 00:23 - 2023-09-03 22:06 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{1A06BADA-A8D7-43F1-B50C-5994EBDDAA3D} 2023-11-13 09:58 - 2023-09-03 16:01 - 000000000 ____D C:\Program Files\AMD 2023-11-13 01:55 - 2023-09-14 12:29 - 000000000 ____D C:\Users\dejan\AppData\Roaming\KSM 2023-11-12 21:59 - 2023-09-03 16:27 - 000000000 ____D C:\Users\dejan\OneDrive\Documents\My Games 2023-11-10 09:48 - 2023-09-19 13:19 - 000000000 ____D C:\Windows\system32\Tasks\HP 2023-11-10 09:48 - 2023-09-03 16:20 - 000000000 ____D C:\Users\dejan\AppData\Local\Publishers 2023-11-08 01:47 - 2023-10-11 09:38 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView 2023-11-08 01:47 - 2022-05-07 08:39 - 000000000 ___SD C:\Windows\system32\AppV 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ___SD C:\Windows\system32\UNP 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ___RD C:\Windows\PrintDialog 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\UUS 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\vi-VN 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\setup 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\oobe 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\lv-LV 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\lt-LT 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\id-ID 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\gl-ES 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\eu-ES 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\et-EE 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\es-MX 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\Dism 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\ca-ES 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\WinMetadata 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\WinBioPlugIns 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\vi-VN 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\ShellExperiences 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\Sgrm 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\setup 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\PerceptionSimulation 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\migwiz 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\lv-LV 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\lt-LT 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\id-ID 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\HealthAttestationClient 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\gl-ES 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\eu-ES 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\et-EE 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\es-MX 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\Dism 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\DDFs 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\ca-ES 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\appraiser 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\ShellExperiences 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\ShellComponents 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\Provisioning 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\DiagTrack 2023-11-08 01:47 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\System 2023-11-08 01:47 - 2022-05-07 06:17 - 000000000 ____D C:\Windows\servicing 2023-11-07 22:32 - 2023-10-22 18:15 - 000000000 ____D C:\Users\dejan\AppData\Local\TangoGameworks 2023-11-07 19:26 - 2022-05-07 08:39 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll 2023-11-07 19:26 - 2022-05-07 06:25 - 000209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll 2023-11-07 19:26 - 2022-05-07 06:24 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll 2023-11-07 19:20 - 2023-09-03 15:57 - 000000000 ____D C:\ProgramData\Packages 2023-11-07 19:05 - 2023-09-04 00:56 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-11-07 19:05 - 2023-09-04 00:56 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2023-11-07 09:19 - 2023-09-04 00:56 - 000000000 ____D C:\Windows\system32\Drivers\wd 2023-11-06 23:02 - 2023-09-03 16:21 - 000000000 ____D C:\Users\dejan\AppData\Local\cache 2023-11-06 14:24 - 2023-09-03 16:05 - 000000000 ____D C:\Users\dejan\AppData\Local\AMD 2023-11-06 14:19 - 2023-09-03 18:49 - 000000000 ____D C:\AMD 2023-11-06 14:17 - 2023-10-15 19:13 - 000003152 _____ C:\Windows\system32\Tasks\StartCN 2023-10-31 16:59 - 2023-10-21 13:06 - 000000000 ____D C:\Users\dejan\OneDrive\Documents\Euro Truck Simulator 2 ==================== Files in the root of some directories ======== 2023-11-22 00:47 - 2023-11-22 01:14 - 000000004 ____H () C:\ProgramData\lock.dat 2023-11-22 00:48 - 2023-11-22 01:14 - 000000004 ____H () C:\ProgramData\rc.dat 2023-11-22 00:47 - 2023-11-22 00:47 - 000000512 ____H () C:\ProgramData\resource.dat 2023-11-22 00:47 - 2023-11-22 00:47 - 000000008 ____H () C:\ProgramData\ts.dat 2023-09-03 22:50 - 2023-09-03 22:50 - 000000003 _____ () C:\Users\dejan\AppData\Local\updater.log 2023-09-03 22:50 - 2023-09-03 22:50 - 000000424 _____ () C:\Users\dejan\AppData\Local\UserProducts.xml ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Addition fajl: mycity.rs/must-login.png Dopuna: 25 Nov 2023 9:27 Rano jutros se dogodilo za ovaj usputnim FB nalog: `This is to let you know that the email address lezicbmtejmlj@hotmail.com was just added to your Facebook account. About this change Saturday, 25 November 2023 at 12:11 (UTC+07) Near Makwanpur Garhi, Nepal iPhone, iOS` `This is to let you know that your password was just changed. About this change Saturday, 25 November 2023 at 12:11 (UTC+07) Near Makwanpur Garhi, Nepal iPhone, iOS` `This is to let you know that the email address mojaadresa@yahoo.com was just removed from your Facebook account. About this change Saturday, 25 November 2023 at 12:12 (UTC+07) Near Makwanpur Garhi, Nepal iPhone, iOS` Dopuna: 25 Nov 2023 9:44 Povratio sam ga i ako mi nije trebao, isto se ovako dogodilo za onaj usputni linkedin nalog. Takodje Nepal je u pitanju, samo je koriscen drugi email ali isto sa hotmail-a Dopuna: 25 Nov 2023 9:52 Samo bi zamolio nekog kome su ovakve situacije poznate, ako je ono sto sam spomenuo da su preko malware mi ukrali sve sifre, da krenem sa kompletnim menjanjem svega sto mi je bitno. Ali ne znam da li u pozadini moze jos uvek to da radi i sta jos osim sifri krade. Ako zaista ovo jeste, onda mi je ovo katastrofa! Toliko sifara sada imam, dosta su solidne jacine ali indeticne. Video sam za cuvanje sifri da se ovaj bitwarden.com/ dosta spominje. Moze mi je tako najbolje?

Profil

Rocky I Poslao: 26 Nov 2023 09:12 Idi na vrh
offline Rocky I Građanin Pridružio: 26 Dec 2007 Poruke: 132	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ljudi MOLIM VAS, ne znam za drugo mesto gde se resavaju problemi sa virusom. Nadam se da ce ubrzo ukljuci neko iz tima, a do tada da mi bilo ko da neke dmernice. Vise nemam sumlje trojanac je maznuo sve snimljene sifre. Konstatni su mi pokusaju kradje i za sada ne znam gde su mi uspesno nesto ukrali, a to su sigurno vecina foruma gde nema 2FA. Ne znam odakle da pocnem. Ako instaliram Bitwarden i krenem da menjam sifre ne znam da li cu napraviti gresku jer trojanac jos nije resen. Ili sa laptopa to da radim? Molim vas bilo kakva pocetna smernica

Profil

helen1 Poslao: 26 Nov 2023 10:24 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	1Ovo se svidja korisniku: Rocky I Registruj se da bi pohvalio/la poruku! Zdravo, da li si uklonio sve pretnje koje je MBAM nasao? 1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod: `CreateRestorePoint: HKU\S-1-5-21-3742737895-398362341-1790896251-1001\...\Run: [autogen] => C:\Users\dejan\AppData\Local\Temp\is-260H7.tmp\a6.exe [5902390 2023-11-22] () [File not signed] <==== ATTENTION C:\Users\dejan\AppData\Local\Temp\is-260H7.tmp C:\Users\dejan\AppData\Roaming\gvhecgf EmptyTemp:` 2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi. 3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj. Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema. Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku. Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Profil

Rocky I Poslao: 26 Nov 2023 19:29 Idi na vrh
offline Rocky I Građanin Pridružio: 26 Dec 2007 Poruke: 132	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo helen1, hvala sto si se javio. Citat:Zdravo, da li si uklonio sve pretnje koje je MBAM nasao? Jesam, tj oni su u njegovom karantinu. Da ih bas obrisem? Izvoli sadrzaj Fixlog.txt Fix result of Farbar Recovery Scan Tool (x64) Version: 05-11-2023 02 Ran by dejan (26-11-2023 19:21:03) Run:1 Running from C:\Users\dejan\OneDrive\Desktop Loaded Profiles: dejan Boot Mode: Normal ============================================== fixlist content: *************** CreateRestorePoint: HKU\S-1-5-21-3742737895-398362341-1790896251-1001\...\Run: [autogen] => C:\Users\dejan\AppData\Local\Temp\is-260H7.tmp\a6.exe [5902390 2023-11-22] () [File not signed] <==== ATTENTION C:\Users\dejan\AppData\Local\Temp\is-260H7.tmp C:\Users\dejan\AppData\Roaming\gvhecgf EmptyTemp: *************** Restore point was successfully created. "HKU\S-1-5-21-3742737895-398362341-1790896251-1001\Software\Microsoft\Windows\CurrentVersion\Run\\autogen" => removed successfully "C:\Users\dejan\AppData\Local\Temp\is-260H7.tmp" folder move: C:\Users\dejan\AppData\Local\Temp\is-260H7.tmp => moved successfully "C:\Users\dejan\AppData\Roaming\gvhecgf" => not found =========== EmptyTemp: ========== FlushDNS => completed BITS transfer queue => 1572864 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9615124 B Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 510566198 B Windows/system/drivers => 1595653 B Edge => 0 B Chrome => 839371248 B Firefox => 0 B Opera => 430410316 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 14499 B LocalService => 52150 B NetworkService => 116162 B dejan => 619680253 B RecycleBin => 0 B EmptyTemp: => 2.2 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 19:22:04 ==== Ovaj fajl C:\Users\dejan\AppData\Roaming\gvhecgf nisam fizicki video da je na toj lokaciji, a vidim da nije pronadjen ali Win defender i dalje prijavljuje da je tu, samo sto njegove aktivnosti REMOVE i QUARANTINE nisu radile, kao ni dalje.

Profil

helen1 Poslao: 27 Nov 2023 10:27 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	1Ovo se svidja korisniku: Rocky I Registruj se da bi pohvalio/la poruku! Obrisi sve sto je MBAM nasao, pa ponovo skeniraj i javi.

Profil

Rocky I Poslao: 27 Nov 2023 10:31 Idi na vrh
offline Rocky I Građanin Pridružio: 26 Dec 2007 Poruke: 132	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo:

Profil

helen1 Poslao: 27 Nov 2023 11:31 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	1Ovo se svidja korisniku: Rocky I Registruj se da bi pohvalio/la poruku! Kad sledeci put defender nesto prijavi, slikaj ekran, pa mi okaci.

Profil

Rocky I Poslao: 28 Nov 2023 13:28 Idi na vrh
offline Rocky I Građanin Pridružio: 26 Dec 2007 Poruke: 132	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 28 Nov 2023 13:26 Kada sam instalirao MBAM on je preuzeo primat nad defenderom pa moram rucno da pokrecem skeniranje. Ne pronalazi nista na quick scan i custom scan (gde sam mu rekao celu c: da skenira), dok full ne moze da uradi to kraja, predje 2M fajlova i tu blokira. Jedino me brine sto i dalje onaj isti vidi ali tokom skeniranja kaze da nema Interesuje me tvoj komentar za to sto i dalje ga vidi. Da li mi je sada bezbedno da krenem da menjam na svim nalozima sifre i prebacujem u bitwarden? Plasim se da neki key loger ne radi u pozadini ili bilo sta sto moze da ukrade nove sifre. Dopuna: 28 Nov 2023 13:28

Profil

helen1 Poslao: 28 Nov 2023 14:35 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nemam neki posebno pametan savet, taj bitwarden nisam nikad koristio i ne znam koliko je pouzdan i kako radi. Mislim da nema aktivne infekcije. U kom folderu je MBAM pronasao tu poslednju infekciju?

Profil

Rocky I Poslao: 28 Nov 2023 15:01 Idi na vrh
offline Rocky I Građanin Pridružio: 26 Dec 2007 Poruke: 132	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 28 Nov 2023 14:59 I dalje pokazuje da se nalazi u `C:\Users\dejan\AppData\Roaming\gvhecgf` Dopuna: 28 Nov 2023 15:01 To je Win defender, njega nije video Malwerbytes Da li koristis neki password manager?

Profil

MyCity » Ambulanta » Cini mi se da je problem veoma ozbiljan

Ko je trenutno na forumu

Ukupno su 782 korisnika na forumu :: 5 registrovanih, 0 sakrivenih i 777 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: branko7, goxin, HogarStrashni, pacika, zeo

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by