Malware problem - Chrome i instalirani programi

Malware problem - Chrome i instalirani programi

offline
  • Pridružio: 28 Jan 2009
  • Poruke: 74

Napisano: 03 Jun 2019 11:24

Pozdrav svima,

Juce prilikom instalacije Photoshopa-a, odjenom su se instalirali mnogobrojni programi i chrome je poceo da budali. Prebacao me na druge sajtove, i pisalo mi je 'Chrome managed by your organization'.
Bilo je prakticno nemoguce raditi bilo sta. Ono sto sam uradio je da sam deinstalirao sve programe koji su juce instalirani bili, i skenirao preko Malwarebytes-a. 98 prijetnji je uklonjeno, ali nisam i dalje siguran da je sve cisto, jer kompujter i dalje radi malcice usporeno.

Windows 8.1 verzija.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-06-2019
Ran by Nikola Pejovic (administrator) on NIKOLAPC (LENOVO HuronRiver Platform) (03-06-2019 12:10:00)
Running from C:\Users\Nikola Pejovic\Downloads
Loaded Profiles: Nikola Pejovic (Available Profiles: Nikola Pejovic)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\ProgramData\OnlineUpdate\ouc.exe
(@ByELDI -> @ByELDI) [File not signed] C:\Program Files\KMSpico\Service_KMS.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\73.4.118\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\73.4.118\QtWebEngineProcess.exe
(Foxit Software Incorporated -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Huawei Technologies Co., Ltd. -> ) C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(JRD COMMUNICATION (SHENZHEN) LTD -> ) C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe
(LiquidVPN Inc. -> ) C:\Program Files (x86)\LiquidVPN\LiquidVPNService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NETSTAT.EXE
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\assistant\browser_assistant.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe
(PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(Slack Technologies, Inc. -> Slack Technologies) C:\Users\Nikola Pejovic\AppData\Local\slack\app-3.4.1\slack.exe
(Slack Technologies, Inc. -> Slack Technologies) C:\Users\Nikola Pejovic\AppData\Local\slack\app-3.4.1\slack.exe
(Slack Technologies, Inc. -> Slack Technologies) C:\Users\Nikola Pejovic\AppData\Local\slack\app-3.4.1\slack.exe
(Slack Technologies, Inc. -> Slack Technologies) C:\Users\Nikola Pejovic\AppData\Local\slack\app-3.4.1\slack.exe
(Slack Technologies, Inc. -> Slack Technologies) C:\Users\Nikola Pejovic\AppData\Local\slack\app-3.4.1\slack.exe
(Slack Technologies, Inc. -> Slack Technologies) C:\Users\Nikola Pejovic\AppData\Local\slack\app-3.4.1\slack.exe
(TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit 2018\Snagit32.exe
(TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit 2018\SnagitEditor.exe
(TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit 2018\SnagPriv.exe
(Upwork Global Inc. -> ) C:\Program Files (x86)\Upwork\cmon.exe
(Upwork Global Inc. -> Upwork, Inc.) C:\Program Files (x86)\Upwork\upwork.exe
(Upwork Global Inc. -> Upwork, Inc.) C:\Program Files (x86)\Upwork\upwork.exe
(Upwork Global Inc. -> Upwork, Inc.) C:\Program Files (x86)\Upwork\upwork.exe
(Viber Media S.a.r.l -> ) C:\Users\Nikola Pejovic\AppData\Local\Viber\Viber.exe
(Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi -> Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi -> Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi -> Copyright 2017.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes Corporation -> Malwarebytes)
HKLM\...\Run: [TechSmithSnagit] => C:\Program Files\TechSmith\Snagit 2018\Snagit32.exe [9165232 2017-10-13] (TechSmith Corporation -> TechSmith Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files (x86)\Opera\assistant\browser_assistant.exe [2312792 2019-05-23] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [Viber] => C:\Users\Nikola Pejovic\AppData\Local\Viber\Viber.exe [80036560 2015-05-25] (Viber Media S.a.r.l -> )
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [Chromium] => "c:\users\nikola pejovic\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [Upwork] => C:\Program Files (x86)\Upwork\upwork.exe [58605360 2018-07-05] (Upwork Global Inc. -> Upwork, Inc.)
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [Box Local Com Server] => C:\Users\Nikola Pejovic\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe [80976 2018-11-20] (Box, Inc. -> Box, Inc.)
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [Box Edit] => C:\Users\Nikola Pejovic\AppData\Local\Box\Box Edit\Box Edit.exe [196688 2018-11-20] (Box, Inc. -> Box, Inc.)
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53646696 2019-04-25] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [com.squirrel.slack.slack] => C:\Users\Nikola Pejovic\AppData\Local\slack\Update.exe [1569296 2019-05-13] (Slack Technologies, Inc. -> )
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [1HQAyyqIM2.exe] => C:\Program Files\AVAST Software\UOG8S\1HQAyyqIM2.exe
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [çEFR-f0Dby.exe] => C:\Program Files\Microsoft Power Query for Excel\GAXO8Y2ZQCEEBQN7XGKZ\çEFR-f0Dby.exe
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: D - "D:\autorun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {06ffbd2c-e5fb-11e4-827d-60d819ea6866} - "G:\AutoRun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {06ffbd7f-e5fb-11e4-827d-60d819ea6866} - "D:\AutoRun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {1c2b1253-13c8-11e4-825a-60d819ea6866} - "H:\autorun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {403db24f-c8f7-11e5-82b9-60d819ea6866} - "G:\AutoRun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {46966f1b-2cac-11e5-8285-60d819ea6866} - "D:\AutoRun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {4c352bcc-f3da-11e4-827e-60d819ea6866} - "D:\AutoRun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {8f3306ca-33bd-11e4-825e-60d819ea6866} - "D:\Lenovo_Suite.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {8f3306d8-33bd-11e4-825e-60d819ea6866} - "G:\Lenovo_Suite.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {ca7e1973-6c5d-11e6-82fd-60d819ea6866} - "G:\Lenovo_Suite.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {e4e87462-9b4c-11e5-82ac-60d819ea6866} - "D:\AutoRun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {e4e87525-9b4c-11e5-82ac-60d819ea6866} - "D:\AutoRun.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-23] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gcrchdhi.lnk [2019-06-02]
ShortcutAndArgument: gcrchdhi.lnk -> C:\Windows\System32\cmd.exe => /c start "" "C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\gcrchdhi\hvsiivse.exe"

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02517402-1B76-4F24-8DAB-D65BE59386E9} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall => {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
Task: {08AAB2F4-3A92-4630-AB1D-37666DA22570} - System32\Tasks\Microsoft Office 15 Sync Maintenance for NikolaPC-Nikola Pejovic NikolaPC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [469640 2012-10-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {0ABE61ED-F3BC-4A05-AF71-E9AE32C2AC13} - System32\Tasks\KMS Server OnLogon Activate => C:\Windows\AutoKMS_VL_ALL\AutoKMS_VL_ALL.exe [670227 2013-11-14] (MDL) [File not signed]
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator => {645E29EA-4B0A-464C-8B7D-1A6B9F9D92A8} C:\Windows\system32\msched.dll [132608 2013-11-14] (Microsoft Windows -> Microsoft Corporation)
Task: {13CAF343-9463-4901-A8B3-D3A1223E9DA6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance => {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} C:\Windows\system32\msched.dll [132608 2013-11-14] (Microsoft Windows -> Microsoft Corporation)
Task: {18D711AF-D919-4DDB-883F-488C7F44C5D6} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall => {EFF7F153-1C97-417a-B633-FEDE6683A939}
Task: {1A4230A2-E136-4936-9B22-DDF624BB8332} - System32\Tasks\Microsoft\Windows\IME\SQM data sender => {ccb1d8cb-d39f-41c9-b793-0196214bdc4e} C:\Windows\System32\IME\shared\imecfm.dll [108544 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
Task: {1B2E42CC-9687-4058-A160-F1561A7665F0} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2017-11-09] () [File not signed]
Task: {209B995D-70D0-40B7-8BF7-C9E3CCE68198} - \{AB62DAF7-7BC3-4770-87BC-925598591929} -> No File <==== ATTENTION
Task: {221203AC-EBF6-499E-817E-E0EFB5EAB1BF} - System32\Tasks\Microsoft\Windows\WS\WSTask => {E52C9A25-F3E8-49E4-BAA7-FAD0EF620129} C:\Windows\System32\WSService.dll [3394384 2014-02-22] (Microsoft Windows -> Microsoft Corporation)
Task: {2BAA7E3E-432B-4794-A2B1-B7F2CE73DDEF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh => {EBF00FCB-0769-4b81-9BEC-6C05514111AA} C:\Windows\System32\WpcWebSync.dll [2648064 2014-02-22] (Microsoft Windows -> Microsoft Corporation)
Task: {3DCC789D-E786-4417-8084-2DD9A7CD2ECE} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]
Task: {45561755-0BB2-49DF-9B3C-3F0CEB4AB61E} - System32\Tasks\Microsoft\Windows\WS\Badge Update => {00CCDDF6-5107-424D-853D-3907AE5502DC} C:\Windows\winstore\WinStoreUI.dll [1092608 2014-02-22] (Microsoft Windows -> Microsoft Corporation)
Task: {458A29F7-0F15-4531-A4CA-B1FA319D612F} - System32\Tasks\NvNgxUpdateCheckDaily_{A6B397E0-97E0-97E0-97E0-A6B397E097E0} => regsvr32 /s /n /u /i:"C:\Users\Nikola Pejovic\AppData\Roaming\wijtcrd" scrobj
Task: {46BFCC72-16EF-4000-B3BC-31B027659DAA} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {47BFE674-5DFA-4395-B88C-47D28D6E5597} - System32\Tasks\Microsoft\Windows\Maintenance\WinSAT => A9A33436-678B-4c9c-A211-7CC38785E79D
Task: {4FC089FF-D8AF-4760-8CDB-40A542371BCB} - System32\Tasks\Opera scheduled Autoupdate 1442584658 => C:\Program Files (x86)\Opera\launcher.exe [1301592 2019-05-23] (Opera Software AS -> Opera Software)
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {c8367320-6f85-11e0-a1f0-0800200c9a66} C:\Windows\System32\BthSQM.dll [26624 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup => {DEF03232-9688-11E2-BE7F-B4B52FD966FF} C:\Windows\System32\pnpclean.dll [116736 2014-02-22] (Microsoft Windows -> Microsoft Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {bf6c1e47-86ec-4194-9ce5-13c15dcb2001} C:\Windows\System32\skydrive.exe [872448 2014-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance => {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} C:\Windows\system32\msched.dll [132608 2013-11-14] (Microsoft Windows -> Microsoft Corporation)
Task: {73F931AA-0E5B-4C84-B943-FFD06BE0E804} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect => {784E29F4-5EBE-4279-9948-1E8FE941646D}
Task: {7410777A-8ABC-491A-AD5B-3A7491993FCA} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1642672 2012-10-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {81A56CE6-601C-4260-9E89-C2ECE15AC668} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 => {429BC048-379E-45E0-80E4-EB1977941B5C} C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll [29360 2018-05-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {81ADE2CF-6A20-45DB-8231-3F41276E391D} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 => {84F0FAE1-C27B-4F6F-807B-28CF6F96287D} C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll [29360 2018-05-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1b1f472e-3221-4826-97db-2c2324d389ae} C:\Windows\System32\skydrive.exe [872448 2014-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {87B2AA2C-017A-463A-9F40-74EA69B16814} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [3153408 2014-06-27] () [File not signed]
Task: {895E83F7-BF75-4E2A-86B8-50519B7621F1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {9AE37D28-4D53-45A9-970D-A57242F1A84F} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical => {613fba38-a3df-4ab8-9674-5604984a299a} C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll [29360 2018-05-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {9C8E21C9-6AB1-4D66-8DF5-73AF5359B24E} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses => {10F591BE-3C84-418A-86DD-BAA002E2F36E} C:\Windows\winstore\WinStoreUI.dll [1092608 2014-02-22] (Microsoft Windows -> Microsoft Corporation)
Task: {B3681720-E7D7-4D54-BADF-A23CCD44CF49} - System32\Tasks\Opera scheduled Autoupdate 1526675292 => C:\Program Files\Opera\launcher.exe [1493592 2019-05-23] (Opera Software AS -> Opera Software)
Task: {B4432B9B-D374-401A-B20F-56AB128FBEB6} - System32\Tasks\KMS Server Daily Activate => C:\Windows\AutoKMS_VL_ALL\AutoKMS_VL_ALL.exe [670227 2013-11-14] (MDL) [File not signed]
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance => {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} C:\Windows\system32\msched.dll [132608 2013-11-14] (Microsoft Windows -> Microsoft Corporation)
Task: {B9A808D0-5DA8-4C45-94D7-1FC7CB8BACFD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {C371F25E-745F-4A1E-BEF3-959161B56258} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific => {9f2b0085-9218-42a1-88b0-9f0e65851666} C:\Windows\system32\apprepsync.dll [157696 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
Task: {C4AE3C3E-C327-4689-B6FD-C11FB31AE88B} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler => {5AA199A0-1CED-43A5-9B85-3226086738A3} C:\Windows\System32\netcfgx.dll [488280 2014-03-06] (Microsoft Windows -> Microsoft Corporation)
Task: {C7C9E3E7-88B3-4A77-A5C1-FA3A9E3067BF} - \{CDDD04BC-F422-4141-8D80-A2F727E80B87} -> No File <==== ATTENTION
Task: {C990D22B-2D67-4944-B993-83026157D3FD} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-05-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {C9C20725-29A2-4253-AC59-269E6E52DB1C} - System32\Tasks\Opera scheduled assistant Autoupdate 1547291724 => C:\Program Files (x86)\Opera\launcher.exe [1301592 2019-05-23] (Opera Software AS -> Opera Software)
Task: {CC02F010-1719-4535-A896-30F9B7D929D6} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [3227984 2013-10-16] (Nero AG -> Nero AG)
Task: {D7E204D7-19CF-454B-97E9-FA30A1B945E0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-05-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E90AFE1C-4FDE-42AA-955F-3B9EDF653C66} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical => {de434264-8fe9-4c0b-a83b-89ebeebff78e} C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll [29360 2018-05-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {EA1D3D8F-8866-4662-A9CE-69FAA629BE16} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2864281891-3376825052-3278056506-1001 => {2D3F8A1B-6DCD-4ED5-BDBA-A096594B98EF} C:\Windows\System32\twinapi.dll [721408 2014-02-22] (Microsoft Windows -> Microsoft Corporation)
Task: {EEAECC13-E19C-4011-B902-0A286DA36676} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics => {5b6b6834-34f0-49b9-ad4e-81d4994c7a74} C:\Windows\system32\DfpCommon.dll [390656 2014-02-22] (Microsoft Windows -> Microsoft Corporation)
Task: {F3084DAB-1CE6-4C30-8C5E-D30B69FE78B9} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {FE29CB98-A78C-40A7-80C0-12BEE764EF5B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd -> Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{51D99859-CEE1-4B15-AA5C-B73E1ABD6149}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E2F76DF2-CB29-4BDE-A886-05196AE18760}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{EF0C37D5-3A14-4A73-B3F9-5F29B4219C0A}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2864281891-3376825052-3278056506-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-02] (Oracle America, Inc. -> Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-02] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: rg6r1qti.default
FF DefaultProfile: 3revh3hg.default
FF ProfilePath: C:\Users\Nikola Pejovic\AppData\Roaming\Zotero\Zotero\Profiles\rg6r1qti.default [2019-03-26]
FF Extension: (Zotero LibreOffice Integration) - C:\Program Files (x86)\Zotero\extensions\zoteroOpenOfficeIntegration@zotero.org [2019-03-26] [Legacy] [not signed]
FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero\extensions\zoteroWinWordIntegration@zotero.org [2019-03-26] [Legacy] [not signed]
FF ProfilePath: C:\Users\Nikola Pejovic\AppData\Roaming\Mozilla\Firefox\Profiles\3revh3hg.default [2019-06-03]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-10-24] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll [2014-11-03] (Adobe Systems Incorporated -> )
FF Plugin: @cuminas.jp/DjVuPlugin -> C:\Program Files\Cuminas\Document Express DjVu Plug-in\npdjvu.dll [2015-05-08] (Cuminas Corporation -> Cuminas Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll [2014-11-03] (Adobe Systems Incorporated -> )
FF Plugin-x32: @cuminas.jp/DjVuPlugin -> C:\Program Files (x86)\Cuminas\Document Express DjVu Plug-in\npdjvu.dll [2015-05-08] (Cuminas Corporation -> Cuminas Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-07-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-08-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1442584478&z=bad0e49b332362138910f83gdzfz4o0w8bdz2z4mam&from=cor&uid=WDCXWD5000BPVT-24HXZT3_WD-WXA1A91E3668E3668","hxxp://www.youndoo.com/?z=ad99dbc43c4dab03b38dc41g0z7q1b5z6zacaq2t3m&from=wak&uid=WDCXWD5000BPVT-24HXZT3_WD-WXA1A91E3668E3668&type=hp"
CHR Profile: C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default [2019-06-03]
CHR Extension: (Slides) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-11]
CHR Extension: (Docs) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-11]
CHR Extension: (Google Drive) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-28]
CHR Extension: (YouTube) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-03]
CHR Extension: (Sheets) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-11]
CHR Extension: (Google Docs Offline) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-06-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-11]
CHR Extension: (Gmail) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-03]
CHR Extension: (Chrome Media Router) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-03]
CHR Profile: C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\gregugitulestogagh [2019-06-02] <==== ATTENTION
CHR Extension: (Google Slides) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\gregugitulestogagh\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-23]
CHR Extension: (Google Docs) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\gregugitulestogagh\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-23]
CHR Extension: (Google Drive) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\gregugitulestogagh\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-23]
CHR Extension: (YouTube) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\gregugitulestogagh\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-23]
CHR Extension: (Adobe Acrobat) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\gregugitulestogagh\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-23]
CHR Extension: (Google Sheets) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\gregugitulestogagh\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-23]
CHR Extension: (Google Docs Offline) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\gregugitulestogagh\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\gregugitulestogagh\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-23]
CHR Extension: (Gmail) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\gregugitulestogagh\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-23]
CHR Extension: (Chrome Media Router) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\gregugitulestogagh\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-23]
CHR Profile: C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh [2019-06-02] <==== ATTENTION
CHR Extension: (Slides) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-23]
CHR Extension: (Adobe Acrobat) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-05-15]
CHR Extension: (Zotero Connector) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2019-05-09]
CHR Extension: (Sheets) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (UberConference Screen Sharing) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\hcakmcggjddnhepfcajfcpkdjoggcnak [2018-05-16]
CHR Extension: (Unseen) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\iicapmagmhahddefgokbabbgieiogjop [2017-05-24]
CHR Extension: (Unseen for Facebook) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\jiomcgpfgkeefipihnplhadgdoollmap [2019-03-18]
CHR Extension: (Save to Facebook) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2019-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-23]
CHR Profile: C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\System Profile [2019-06-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-05-13] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-05-13] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-05-21] (Dropbox, Inc -> Dropbox, Inc.)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Incorporated -> Foxit Software Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-02-06] (Huawei Technologies Co., Ltd. -> )
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2013-08-16] () [File not signed]
R2 LiquidVPNService; C:\Program Files (x86)\LiquidVPN\LiquidVPNService.exe [53976 2018-05-14] (LiquidVPN Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes Corporation -> Malwarebytes)
R2 MTel_ontenegro Imola Modem Device Helper; C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe [53312 2012-03-14] (JRD COMMUNICATION (SHENZHEN) LTD -> )
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation -> TechSmith Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation -> Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi -> Copyright 2017.)
R2 postgresql-x64-9.5; "C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe" runservice -N "postgresql-x64-9.5" -D "C:\Program Files\PostgreSQL\9.5\data" -w

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4319632 2017-08-07] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
R3 dbx; C:\Windows\System32\DRIVERS\dbx.sys [47600 2019-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Dropbox, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ew_hwusbdev; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [109568 2013-08-16] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 ew_usbenumfilter; C:\Windows\System32\drivers\ew_usbenumfilter.sys [14976 2013-08-16] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 huawei_enumerator; C:\Windows\System32\drivers\ew_jubusenum.sys [91648 2013-08-16] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hwusb_cdcacm; C:\Windows\system32\DRIVERS\ew_cdcacm.sys [121728 2013-10-23] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\system32\DRIVERS\ew_wwanecm.sys [375040 2013-10-23] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [5363200 2014-01-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 jrdusbser; C:\Windows\system32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (Microsoft Windows Hardware Compatibility Publisher -> TCT International Mobile Ltd)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2019-06-03] (Malwarebytes Corporation -> Malwarebytes)
S3 netr28ux; C:\Windows\system32\DRIVERS\netr28ux.sys [2408208 2013-06-18] (Mediatek Inc. -> Ralink Technology Corp.)
R3 RTL8168; C:\Windows\system32\DRIVERS\Rt630x64.sys [591360 2013-06-18] (Microsoft Windows -> Realtek )
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35856 2013-10-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [236888 2013-10-31] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Windows -> Microsoft Corporation)
U4 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2019-05-12] (Nemea Mjukvaruutveckling AB -> Basil Projects)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-02-02] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-02-02] (Zemana Ltd. -> Zemana Ltd.)
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
S1 MpKsl209e431b; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D12B0855-EECF-4B7D-9690-D53D32B4F929}\MpKsl209e431b.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-03 12:10 - 2019-06-03 12:13 - 000043334 _____ C:\Users\Nikola Pejovic\Downloads\FRST.txt
2019-06-03 12:09 - 2019-06-03 12:10 - 000000000 ____D C:\FRST
2019-06-03 12:09 - 2019-06-03 12:09 - 002433536 _____ (Farbar) C:\Users\Nikola Pejovic\Downloads\FRST64.exe
2019-06-03 10:24 - 2019-06-03 10:24 - 000003754 _____ C:\Windows\System32\Tasks\AutoKMS
2019-06-02 23:52 - 2019-06-02 23:52 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2019-06-02 23:48 - 2019-06-02 23:48 - 000000258 __RSH C:\Users\Nikola Pejovic\ntuser.pol
2019-06-02 22:40 - 2019-06-02 22:40 - 000000003 _____ C:\Windows\SysWOW64\log
2019-06-02 22:33 - 2019-06-02 22:33 - 000003260 _____ C:\Windows\System32\Tasks\NvNgxUpdateCheckDaily_{A6B397E0-97E0-97E0-97E0-A6B397E097E0}
2019-06-02 22:11 - 2019-06-02 22:11 - 000000000 ____D C:\ProgramData\Pader
2019-06-02 22:10 - 2019-06-02 22:10 - 000000000 ____D C:\Program Files (x86)\Seed Trade
2019-06-02 22:09 - 2019-06-02 22:21 - 000000000 ____D C:\Program Files (x86)\DreamTrips
2019-06-02 22:08 - 2019-06-02 23:48 - 000000000 ____D C:\Program Files (x86)\LJHSDK
2019-06-02 22:08 - 2019-06-02 22:08 - 000000000 ____D C:\ProgramData\fb
2019-06-02 22:07 - 2019-06-02 22:07 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\AdvinstAnalytics
2019-05-31 18:54 - 2019-05-31 18:54 - 000373585 _____ C:\Users\Nikola Pejovic\Downloads\19-05-31.zip
2019-05-31 16:47 - 2019-05-31 16:47 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\BitTorrentHelper
2019-05-28 22:52 - 2019-05-28 22:52 - 000018399 _____ C:\Users\Nikola Pejovic\Downloads\Reverse Correlation Multinationals.xlsx
2019-05-28 22:48 - 2019-05-28 22:48 - 000056711 _____ C:\Users\Nikola Pejovic\Downloads\UNITEDHEALTH GROUP.xlsx
2019-05-25 17:34 - 2019-05-25 17:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2019-05-25 17:34 - 2019-05-25 17:34 - 000000996 _____ C:\Users\Nikola Pejovic\Desktop\FileZilla.lnk
2019-05-25 17:34 - 2019-05-25 17:34 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2019-05-24 18:21 - 2019-05-24 18:28 - 000028378 _____ C:\Users\Nikola Pejovic\Desktop\index1.html
2019-05-23 23:23 - 2019-05-23 23:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-05-22 21:23 - 2019-05-22 21:23 - 000057084 _____ C:\Users\Nikola Pejovic\Downloads\FTE Project Queue_Master-2 (1) (1) (1).xlsx
2019-05-21 23:34 - 2019-05-21 23:34 - 003335226 _____ C:\Users\Nikola Pejovic\Downloads\Rezultati povezivanja poslodavaca i korisnika Programa stručnog osposobljavanja visokoškolaca.pdf
2019-05-21 14:10 - 2019-05-21 14:10 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-05-21 14:10 - 2019-05-21 14:10 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-05-21 14:10 - 2019-05-21 14:10 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-05-21 14:10 - 2019-05-21 14:10 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-05-21 14:10 - 2019-05-21 14:10 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx.sys
2019-05-17 12:50 - 2019-06-03 11:16 - 000000600 _____ C:\Users\Nikola Pejovic\AppData\Local\PUTTY.RND
2019-05-17 12:49 - 2019-05-17 12:49 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Sublime Text 3
2019-05-17 12:49 - 2019-05-17 12:49 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\Sublime Text 3
2019-05-17 12:47 - 2019-05-17 12:47 - 010913768 _____ (Sublime HQ Pty Ltd ) C:\Users\Nikola Pejovic\Downloads\Sublime Text Build 3207 x64 Setup.exe
2019-05-17 12:47 - 2019-05-17 12:47 - 000000898 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2019-05-17 12:47 - 2019-05-17 12:47 - 000000000 ____D C:\Program Files\Sublime Text 3
2019-05-16 22:40 - 2019-05-16 22:40 - 005238102 _____ C:\Users\Nikola Pejovic\Downloads\Formular za prijavu teme magistarskog rada_Nikola Pejovic II.pdf
2019-05-16 14:31 - 2019-05-16 14:29 - 000000962 _____ C:\Users\Nikola Pejovic\Desktop\PuTTY.lnk
2019-05-16 14:29 - 2019-05-16 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2019-05-16 14:29 - 2019-05-16 14:29 - 000000000 ____D C:\Program Files\PuTTY
2019-05-16 14:28 - 2019-05-16 14:29 - 003157504 _____ C:\Users\Nikola Pejovic\Downloads\putty-64bit-0.71-installer.msi
2019-05-16 14:26 - 2019-06-03 11:42 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\FileZilla
2019-05-16 14:26 - 2019-05-29 14:06 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\FileZilla
2019-05-15 15:07 - 2019-05-15 15:07 - 000229163 _____ C:\Users\Nikola Pejovic\Downloads\Stručni saradnik depozitnih poslova, Sektor procesinga, Služba kreditnih....pdf
2019-05-14 18:54 - 2019-05-14 18:54 - 000055070 _____ C:\Users\Nikola Pejovic\Downloads\FTE Project Queue_Master-2 (1) (1).xlsx
2019-05-13 21:58 - 2019-05-13 21:58 - 000001206 _____ C:\Users\Nikola Pejovic\Desktop\Dropbox.lnk
2019-05-13 20:21 - 2019-05-13 20:21 - 000694184 _____ (Dropbox, Inc.) C:\Users\Nikola Pejovic\Downloads\DropboxInstaller (2).exe
2019-05-13 18:02 - 2019-06-03 11:44 - 000002219 _____ C:\Users\Nikola Pejovic\Desktop\Slack.lnk
2019-05-13 18:02 - 2019-06-03 11:44 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Slack
2019-05-13 18:02 - 2019-06-03 11:44 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2019-05-13 18:01 - 2019-06-03 11:44 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\slack
2019-05-13 17:59 - 2019-05-13 18:02 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\SquirrelTemp
2019-05-13 17:59 - 2019-05-13 17:59 - 085822480 _____ (Slack Technologies) C:\Users\Nikola Pejovic\Downloads\SlackSetup.exe
2019-05-13 17:48 - 2019-06-03 11:53 - 000000942 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2019-05-13 17:48 - 2019-06-03 10:36 - 000000938 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-05-13 17:48 - 2019-05-23 23:24 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-05-13 17:48 - 2019-05-13 17:48 - 000003914 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2019-05-13 17:48 - 2019-05-13 17:48 - 000003678 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2019-05-13 17:47 - 2019-05-13 17:47 - 000694184 _____ (Dropbox, Inc.) C:\Users\Nikola Pejovic\Downloads\DropboxInstaller (1).exe
2019-05-13 10:32 - 2019-05-13 10:32 - 000001286 _____ C:\Users\Public\Desktop\Skype.lnk
2019-05-13 10:31 - 2019-05-13 10:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-05-13 10:16 - 2019-05-13 10:18 - 062223112 _____ (Skype Technologies S.A.) C:\Users\Nikola Pejovic\Downloads\Skype-8.44.0.40.exe
2019-05-13 09:37 - 2019-05-13 09:37 - 000358632 _____ C:\Users\Nikola Pejovic\Downloads\DE Correlation Intelligence Report 02122019 - 9D3113EB-F005-948F-C73482A6A10FA145.pdf
2019-05-12 15:01 - 2019-05-12 15:01 - 000538798 _____ C:\Users\Nikola Pejovic\Downloads\14606-53062-1-PB.pdf
2019-05-12 11:25 - 2019-05-12 11:43 - 000000000 ____D C:\Program Files\KMSpico
2019-05-12 11:25 - 2019-05-12 11:27 - 000003382 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2019-05-12 11:25 - 2019-05-12 11:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2019-05-12 11:25 - 2019-05-12 11:25 - 000004608 _____ C:\Windows\SECOH-QAD.exe
2019-05-12 11:25 - 2019-05-12 11:25 - 000003584 _____ C:\Windows\SECOH-QAD.dll
2019-05-12 11:25 - 2010-12-06 04:16 - 000090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2019-05-12 11:21 - 2019-05-12 11:21 - 000001381 _____ C:\Users\Public\Desktop\Windows 8.1 KMS Activator Ultimate v1.4.1.lnk
2019-05-12 11:21 - 2019-05-12 11:21 - 000000000 ____D C:\Program Files (x86)\Windows 8.1 KMS Activator Ultimate v1.4.1
2019-05-12 09:10 - 2019-05-12 09:12 - 206692864 _____ (Microsoft Corporation) C:\Users\Nikola Pejovic\Downloads\dotnetfx35.exe
2019-05-12 09:06 - 2019-05-12 09:06 - 002869264 _____ (Microsoft Corporation) C:\Users\Nikola Pejovic\Downloads\dotNetFx35setup.exe
2019-05-11 12:54 - 2019-05-11 12:54 - 003471521 _____ C:\Users\Nikola Pejovic\Downloads\MR - Menice i bankarske garancije kao sredstva obezbeđenja plaćanja u savremenom korporativnom.pdf
2019-05-10 11:16 - 2019-05-10 11:16 - 000098727 _____ C:\Users\Nikola Pejovic\Downloads\DE Correlation Master_Processed 050119.xlsx
2019-05-10 10:37 - 2019-05-10 10:37 - 000011722 _____ C:\Users\Nikola Pejovic\Downloads\DE Reporting Change Tracker (1).xlsx
2019-05-10 10:34 - 2019-05-10 10:34 - 000268676 _____ C:\Users\Nikola Pejovic\Downloads\DE Correlation Intelligence Report 051818 (1).pdf
2019-05-10 10:28 - 2019-05-10 10:28 - 000038673 _____ C:\Users\Nikola Pejovic\Downloads\Moffitt DE Correlation Uploads Weekly.xlsx
2019-05-09 21:55 - 2019-05-09 21:55 - 000007680 _____ C:\Users\Nikola Pejovic\Downloads\wrike_090519_125540.xls
2019-05-09 18:02 - 2019-05-09 18:02 - 000000000 ____D C:\Windows\pss
2019-05-09 14:25 - 2019-06-02 13:33 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\LocalLow\uTorrent
2019-05-09 11:51 - 2019-05-09 11:51 - 000001060 _____ C:\Users\Nikola Pejovic\Desktop\Telegram.lnk
2019-05-09 11:51 - 2019-05-09 11:51 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2019-05-09 11:50 - 2019-05-15 16:34 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Telegram Desktop
2019-05-09 11:50 - 2019-05-09 11:50 - 020385160 _____ (Telegram Messenger LLP ) C:\Users\Nikola Pejovic\Downloads\tsetup.1.6.7.exe
2019-05-09 11:50 - 2019-05-09 11:50 - 020385160 _____ (Telegram Messenger LLP ) C:\Users\Nikola Pejovic\Downloads\tsetup.1.6.7 (1).exe
2019-05-09 10:09 - 2019-05-09 10:09 - 000000000 ____D C:\Program Files (x86)\Windows 8.1 Product Key Finder Ultimate v13.10.1
2019-05-08 19:55 - 2019-05-09 18:52 - 000000000 ____D C:\Users\Nikola Pejovic\Desktop\HTML
2019-05-08 19:47 - 2019-05-08 19:47 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\ActiveState
2019-05-08 19:47 - 2019-05-08 19:47 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\ActiveState
2019-05-08 19:46 - 2019-05-08 19:46 - 000002032 _____ C:\Users\Public\Desktop\Komodo Edit 11.lnk
2019-05-08 19:46 - 2019-05-08 19:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActiveState Komodo Edit 11
2019-05-08 19:43 - 2019-05-08 19:46 - 000000000 ____D C:\Program Files (x86)\ActiveState Komodo Edit 11
2019-05-08 19:42 - 2019-05-08 19:43 - 078393344 _____ C:\Users\Nikola Pejovic\Downloads\Komodo-Edit-11.1.1-18206.msi
2019-05-08 16:54 - 2019-05-08 16:54 - 000329116 _____ C:\Users\Nikola Pejovic\Downloads\2019 GKS-G Application FAQs(English-Korean).pdf
2019-05-07 16:26 - 2019-05-07 16:26 - 000000282 _____ C:\Users\Nikola Pejovic\Downloads\speedtests-2019-05-07-142549.csv
2019-05-07 15:26 - 2019-05-07 15:26 - 000204135 _____ C:\Users\Nikola Pejovic\Downloads\Konkurs stipendije 2019.pdf
2019-05-07 11:36 - 2019-05-07 11:36 - 000131831 _____ C:\Users\Nikola Pejovic\Downloads\time_series_econometrics_mansoor_ahmad_adnan_majeed.pptx
2019-05-06 18:12 - 2019-05-06 18:12 - 000459438 _____ C:\Users\Nikola Pejovic\Downloads\Tačka 35.pdf
2019-05-06 18:10 - 2019-05-06 18:11 - 000301459 _____ C:\Users\Nikola Pejovic\Downloads\63_27_87_26_07_2018.pdf
2019-05-06 08:28 - 2019-05-06 08:28 - 000746846 _____ C:\Users\Nikola Pejovic\Downloads\Attachment_1552570853226000001_attach_1_1552570853226000001_20190314140554315.pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-03 12:13 - 2017-10-22 16:48 - 000158975 _____ C:\Windows\ZAM.krnl.trace
2019-06-03 12:13 - 2017-10-22 16:48 - 000130797 _____ C:\Windows\ZAM_Guard.krnl.trace
2019-06-03 12:10 - 2014-06-12 02:41 - 000003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{05485734-D435-4311-95F2-4238E740C9B6}
2019-06-03 11:49 - 2014-06-12 02:38 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2864281891-3376825052-3278056506-1001
2019-06-03 11:22 - 2017-12-20 21:24 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\Power Query Telemetry
2019-06-03 11:05 - 2016-03-05 17:10 - 000004994 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for NikolaPC-Nikola Pejovic NikolaPC
2019-06-03 10:42 - 2015-06-02 14:11 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\ViberPC
2019-06-03 10:37 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
2019-06-03 10:36 - 2017-05-23 22:55 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2019-06-03 10:36 - 2015-12-20 19:04 - 000000000 ____D C:\ProgramData\OnlineUpdate
2019-06-03 10:36 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-06-03 10:35 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2019-06-03 10:30 - 2014-07-23 22:27 - 000000000 ____D C:\Users\Nikola Pejovic\Documents\ViberDownloads
2019-06-02 23:48 - 2017-10-22 13:32 - 000000258 __RSH C:\ProgramData\ntuser.pol
2019-06-02 23:48 - 2014-06-12 02:32 - 000000000 ____D C:\Users\Nikola Pejovic
2019-06-02 22:56 - 2014-06-13 07:23 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\uTorrent
2019-06-02 22:29 - 2013-08-22 17:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-06-02 22:23 - 2017-04-28 16:39 - 000000000 ____D C:\ProgramData\Package Cache
2019-06-02 22:12 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\tracing
2019-06-02 22:11 - 2013-08-22 17:36 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2019-06-02 22:09 - 2017-12-20 21:23 - 000000000 ____D C:\Program Files\Microsoft Power Query for Excel
2019-06-02 22:09 - 2017-10-22 13:54 - 000000000 ____D C:\Program Files\AVAST Software
2019-06-02 21:57 - 2018-07-15 12:55 - 000000000 ____D C:\Users\Nikola Pejovic\.spyder-py3
2019-06-02 14:07 - 2014-06-12 02:32 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Adobe
2019-06-02 13:55 - 2014-06-29 00:32 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\Adobe
2019-06-02 13:54 - 2014-06-29 00:29 - 000000000 ____D C:\ProgramData\Adobe
2019-06-01 09:58 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\FxsTmp
2019-05-30 09:12 - 2015-06-02 14:10 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\Viber
2019-05-29 15:04 - 2014-06-13 06:46 - 010181120 ___SH C:\Users\Nikola Pejovic\Desktop\Thumbs.db
2019-05-27 22:42 - 2015-06-17 15:30 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\Dropbox
2019-05-27 15:39 - 2015-09-18 15:57 - 000003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1442584658
2019-05-27 15:39 - 2015-09-18 15:54 - 000000000 ____D C:\Program Files (x86)\Opera
2019-05-27 12:34 - 2018-05-18 22:28 - 000003834 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1526675292
2019-05-27 12:34 - 2018-05-18 22:28 - 000001050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-05-27 12:34 - 2018-05-18 22:27 - 000000000 ____D C:\Program Files\Opera
2019-05-26 22:25 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\NDF
2019-05-24 19:48 - 2014-07-31 14:49 - 001190400 ___SH C:\Users\Nikola Pejovic\Documents\Thumbs.db
2019-05-24 12:19 - 2019-01-12 13:15 - 000004050 _____ C:\Windows\System32\Tasks\Opera scheduled assistant Autoupdate 1547291724
2019-05-23 15:44 - 2014-06-12 02:34 - 000824212 _____ C:\Windows\system32\PerfStringBackup.INI
2019-05-23 09:27 - 2014-06-12 02:43 - 000002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-23 09:27 - 2014-06-12 02:43 - 000002163 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-20 17:53 - 2017-12-16 12:36 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\CrashDumps
2019-05-15 10:24 - 2017-02-15 12:14 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-05-13 22:01 - 2014-06-19 02:54 - 004163072 ___SH C:\Users\Nikola Pejovic\Downloads\Thumbs.db
2019-05-13 17:54 - 2014-06-13 21:38 - 000000000 ___RD C:\Users\Nikola Pejovic\Dropbox (Old)
2019-05-13 17:53 - 2014-06-13 21:33 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox
2019-05-13 10:06 - 2016-07-13 10:49 - 000238035 ____H C:\Users\Nikola Pejovic\AppData\Local\IconCache.db.backup
2019-05-13 10:05 - 2014-06-12 03:01 - 000000000 ____D C:\ProgramData\Skype
2019-05-12 12:09 - 2014-10-28 10:48 - 000000000 ____D C:\Users\Nikola Pejovic\Downloads\IELTS Trainer Practice Tests with answers
2019-05-12 10:26 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp
2019-05-08 19:10 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-08 19:10 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\AppReadiness
2019-05-08 17:42 - 2018-04-11 18:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-06 08:27 - 2014-06-12 02:32 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\Packages

==================== Files in the root of some directories =======

2014-06-14 19:26 - 2014-02-22 17:46 - 000573952 ___SH (MPC-HC Team) C:\Users\Nikola Pejovic\AppData\Roaming\abhvsii
2014-06-14 19:26 - 2014-02-22 17:46 - 000000279 ___SH () C:\Users\Nikola Pejovic\AppData\Roaming\wijtcrd
2015-12-23 23:39 - 2015-12-23 23:39 - 000969852 _____ () C:\Users\Nikola Pejovic\AppData\Local\DjVu-Reader-_1116.rar
2019-05-17 12:50 - 2019-06-03 11:16 - 000000600 _____ () C:\Users\Nikola Pejovic\AppData\Local\PUTTY.RND

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-05-21 20:56
==================== End of FRST.txt ============================
mycity.rs/must-login.png

Dopuna: 04 Jun 2019 8:13

Ovu dobijam pri paljenju kompa.


offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10460
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

VirusTotal: C:\Program Files\AVAST Software\UOG8S\1HQAyyqIM2.exe;C:\Program Files\Microsoft Power Query for Excel\GAXO8Y2ZQCEEBQN7XGKZ\çEFR-f0Dby.exe;C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\gcrchdhi\hvsiivse.exe
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [Chromium] => "c:\users\nikola pejovic\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [1HQAyyqIM2.exe] => C:\Program Files\AVAST Software\UOG8S\1HQAyyqIM2.exe
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [çEFR-f0Dby.exe] => C:\Program Files\Microsoft Power Query for Excel\GAXO8Y2ZQCEEBQN7XGKZ\çEFR-f0Dby.exe
Startup: C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gcrchdhi.lnk [2019-06-02]
ShortcutAndArgument: gcrchdhi.lnk -> C:\Windows\System32\cmd.exe => /c start "" "C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\gcrchdhi\hvsiivse.exe"
Task: {209B995D-70D0-40B7-8BF7-C9E3CCE68198} - \{AB62DAF7-7BC3-4770-87BC-925598591929} -> No File <==== ATTENTION
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1442584478&z=bad0e49b332362138910f83gdzfz4o0w8bdz2z4mam&from=cor&uid=WDCXWD5000BPVT-24HXZT3_WD-WXA1A91E3668E3668","hxxp://www.youndoo.com/?z=ad99dbc43c4dab03b38dc41g0z7q1b5z6zacaq2t3m&from=wak&uid=WDCXWD5000BPVT-24HXZT3_WD-WXA1A91E3668E3668&type=hp"
2019-06-02 22:11 - 2019-06-02 22:11 - 000000000 ____D C:\ProgramData\Pader
2019-06-02 22:10 - 2019-06-02 22:10 - 000000000 ____D C:\Program Files (x86)\Seed Trade
2019-06-02 22:09 - 2019-06-02 22:21 - 000000000 ____D C:\Program Files (x86)\DreamTrips
2019-06-02 22:08 - 2019-06-02 23:48 - 000000000 ____D C:\Program Files (x86)\LJHSDK
2019-06-02 22:08 - 2019-06-02 22:08 - 000000000 ____D C:\ProgramData\fb
WMI:subscription\__TimerInstruction->SethomePage Interval Timer:: <==== ATTENTION
WMI:subscription\__IntervalTimerInstruction->SethomePage Interval Timer:: <==== ATTENTION
WMI:subscription\__EventFilter->EventFilter sethomePage2::[Query => Select * From __timerevent Where TimerId = "SethomePage Interval Timer"] <==== ATTENTION
2014-06-14 19:26 - 2014-02-22 17:46 - 000573952 ___SH (MPC-HC Team) C:\Users\Nikola Pejovic\AppData\Roaming\abhvsii
2014-06-14 19:26 - 2014-02-22 17:46 - 000000279 ___SH () C:\Users\Nikola Pejovic\AppData\Roaming\wijtcrd
C:\Program Files\AVAST Software\UOG8S
C:\Program Files\Microsoft Power Query for Excel\GAXO8Y2ZQCEEBQN7XGKZ
C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\gcrchdhi


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

offline
  • Pridružio: 28 Jan 2009
  • Poruke: 74

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-06-2019
Ran by Nikola Pejovic (06-06-2019 21:07:48) Run:1
Running from C:\Users\Nikola Pejovic\Desktop
Loaded Profiles: Nikola Pejovic (Available Profiles: Nikola Pejovic)
Boot Mode: Normal
==============================================

fixlist content:
*****************
VirusTotal: C:\Program Files\AVAST Software\UOG8S\1HQAyyqIM2.exe;C:\Program Files\Microsoft Power Query for Excel\GAXO8Y2ZQCEEBQN7XGKZ\çEFR-f0Dby.exe;C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\gcrchdhi\hvsiivse.exe
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [Chromium] => "c:\users\nikola pejovic\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [1HQAyyqIM2.exe] => C:\Program Files\AVAST Software\UOG8S\1HQAyyqIM2.exe
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [çEFR-f0Dby.exe] => C:\Program Files\Microsoft Power Query for Excel\GAXO8Y2ZQCEEBQN7XGKZ\çEFR-f0Dby.exe
Startup: C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gcrchdhi.lnk [2019-06-02]
ShortcutAndArgument: gcrchdhi.lnk -> C:\Windows\System32\cmd.exe => /c start "" "C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\gcrchdhi\hvsiivse.exe"
Task: {209B995D-70D0-40B7-8BF7-C9E3CCE68198} - \{AB62DAF7-7BC3-4770-87BC-925598591929} -> No File <==== ATTENTION
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1442584478&z=bad0e49b332362138910f83gdzfz4o0w8bdz2z4mam&from=cor&uid=WDCXWD5000BPVT-24HXZT3_WD-WXA1A91E3668E3668","hxxp://www.youndoo.com/?z=ad99dbc43c4dab03b38dc41g0z7q1b5z6zacaq2t3m&from=wak&uid=WDCXWD5000BPVT-24HXZT3_WD-WXA1A91E3668E3668&type=hp"
2019-06-02 22:11 - 2019-06-02 22:11 - 000000000 ____D C:\ProgramData\Pader
2019-06-02 22:10 - 2019-06-02 22:10 - 000000000 ____D C:\Program Files (x86)\Seed Trade
2019-06-02 22:09 - 2019-06-02 22:21 - 000000000 ____D C:\Program Files (x86)\DreamTrips
2019-06-02 22:08 - 2019-06-02 23:48 - 000000000 ____D C:\Program Files (x86)\LJHSDK
2019-06-02 22:08 - 2019-06-02 22:08 - 000000000 ____D C:\ProgramData\fb
WMI:subscription\__TimerInstruction->SethomePage Interval Timer:: <==== ATTENTION
WMI:subscription\__IntervalTimerInstruction->SethomePage Interval Timer:: <==== ATTENTION
WMI:subscription\__EventFilter->EventFilter sethomePage2::[Query => Select * From __timerevent Where TimerId = "SethomePage Interval Timer"] <==== ATTENTION
2014-06-14 19:26 - 2014-02-22 17:46 - 000573952 ___SH (MPC-HC Team) C:\Users\Nikola Pejovic\AppData\Roaming\abhvsii
2014-06-14 19:26 - 2014-02-22 17:46 - 000000279 ___SH () C:\Users\Nikola Pejovic\AppData\Roaming\wijtcrd
C:\Program Files\AVAST Software\UOG8S
C:\Program Files\Microsoft Power Query for Excel\GAXO8Y2ZQCEEBQN7XGKZ
C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\gcrchdhi
*****************

"VirusTotal: C:\Program Files\AVAST Software\UOG8S\1HQAyyqIM2.exe" => not found
"VirusTotal: C:\Program Files\Microsoft Power Query for Excel\GAXO8Y2ZQCEEBQN7XGKZ\çEFR-f0Dby.exe" => not found
"VirusTotal: C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\gcrchdhi\hvsiivse.exe" => not found
"HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium" => removed successfully
"HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\Software\Microsoft\Windows\CurrentVersion\Run\\1HQAyyqIM2.exe" => removed successfully
"HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\Software\Microsoft\Windows\CurrentVersion\Run\\çEFR-f0Dby.exe" => removed successfully
C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gcrchdhi.lnk => moved successfully
ShortcutAndArgument: gcrchdhi.lnk -> C:\Windows\System32\cmd.exe => /c start "" "C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\gcrchdhi\hvsiivse.exe" => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{209B995D-70D0-40B7-8BF7-C9E3CCE68198} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{209B995D-70D0-40B7-8BF7-C9E3CCE68198} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AB62DAF7-7BC3-4770-87BC-925598591929} => removed successfully
"Chrome StartupUrls" => removed successfully
C:\ProgramData\Pader => moved successfully
C:\Program Files (x86)\Seed Trade => moved successfully
C:\Program Files (x86)\DreamTrips => moved successfully
C:\Program Files (x86)\LJHSDK => moved successfully
C:\ProgramData\fb => moved successfully
"SethomePage Interval Timer" => removed successfully
"SethomePage Interval Timer" => not found
"EventFilter sethomePage2" => removed successfully
C:\Users\Nikola Pejovic\AppData\Roaming\abhvsii => moved successfully
C:\Users\Nikola Pejovic\AppData\Roaming\wijtcrd => moved successfully
C:\Program Files\AVAST Software\UOG8S => moved successfully
"C:\Program Files\Microsoft Power Query for Excel\GAXO8Y2ZQCEEBQN7XGKZ" => not found
C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\gcrchdhi => moved successfully

==== End of Fixlog 21:07:51 ====

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10460
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Kakvo je sada stanje?



Potrebno je da spakuješ folder C:\FRST\Quarantine u arhivu i pošalješ nam ga.

Uđi u folder C:\FRST
Desnim tasterom miša klini na folder Quarantine i izaberi opciju Add to archive... kao na slici



Kao Archive format izaberi RAR5 ili RAR
Za Compression method odaberi Best
U polje Split to volumes, bytes unesi 5000000 (slovima: pet miliona)
Na desnoj strani označi opciju Create Solid Archive (pogledaj sliku dole)



Klikni na OK
Kada WinRAR završi sa kompresovanjem, dobijene fajlove uploaduj (jedan po jedan) na:
https://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 28 Jan 2009
  • Poruke: 74

Zavrseno. Ima samo jedan rar. file. Stanje izgleda dobro, jedino je chrome izgubio neke bookmarks i podatke.

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10460
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

To bi bilo to onda.

Preimenuj FRST64.exe u uninstall.exe i pokreni ga. To bi trebalo ukloniti FRST sa sistema kao i fajlove koje je kreirao.

offline
  • Pridružio: 28 Jan 2009
  • Poruke: 74

Hvala puno!

Ko je trenutno na forumu
 

Ukupno su 731 korisnika na forumu :: 40 registrovanih, 3 sakrivenih i 688 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aleksmajstor, aljosa7, amaterSRB, Bane san, BRATORIII, cikadeda, darkangel, Dimitrise93, Djokislav, FOX, i.jovanovich, ivance95, joca83, Kubovac, Levi, MaksicZoran, Marko Marković2, menges, Mercury2, Metanoja, Milan A. Nikolic, Milan Kosić, Milan.1976, Njemac, Novi, Panter2, Pavlov A.A., Recce, repac, royst33, Shomy2, srecko81, stug, suton2, Voja1978, voja64, wolverined4, zgoljo, zixo