Malware problem - Chrome i instalirani programi

Malware problem - Chrome i instalirani programi

offline
  • Pridružio: 28 Jan 2009
  • Poruke: 74

Napisano: 03 Jun 2019 11:24

Pozdrav svima,

Juce prilikom instalacije Photoshopa-a, odjenom su se instalirali mnogobrojni programi i chrome je poceo da budali. Prebacao me na druge sajtove, i pisalo mi je 'Chrome managed by your organization'.
Bilo je prakticno nemoguce raditi bilo sta. Ono sto sam uradio je da sam deinstalirao sve programe koji su juce instalirani bili, i skenirao preko Malwarebytes-a. 98 prijetnji je uklonjeno, ali nisam i dalje siguran da je sve cisto, jer kompujter i dalje radi malcice usporeno.

Windows 8.1 verzija.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-06-2019
Ran by Nikola Pejovic (administrator) on NIKOLAPC (LENOVO HuronRiver Platform) (03-06-2019 12:10:00)
Running from C:\Users\Nikola Pejovic\Downloads
Loaded Profiles: Nikola Pejovic (Available Profiles: Nikola Pejovic)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\ProgramData\OnlineUpdate\ouc.exe
(@ByELDI -> @ByELDI) [File not signed] C:\Program Files\KMSpico\Service_KMS.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\73.4.118\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\73.4.118\QtWebEngineProcess.exe
(Foxit Software Incorporated -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Huawei Technologies Co., Ltd. -> ) C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(JRD COMMUNICATION (SHENZHEN) LTD -> ) C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe
(LiquidVPN Inc. -> ) C:\Program Files (x86)\LiquidVPN\LiquidVPNService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NETSTAT.EXE
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\assistant\browser_assistant.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe
(PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(Slack Technologies, Inc. -> Slack Technologies) C:\Users\Nikola Pejovic\AppData\Local\slack\app-3.4.1\slack.exe
(Slack Technologies, Inc. -> Slack Technologies) C:\Users\Nikola Pejovic\AppData\Local\slack\app-3.4.1\slack.exe
(Slack Technologies, Inc. -> Slack Technologies) C:\Users\Nikola Pejovic\AppData\Local\slack\app-3.4.1\slack.exe
(Slack Technologies, Inc. -> Slack Technologies) C:\Users\Nikola Pejovic\AppData\Local\slack\app-3.4.1\slack.exe
(Slack Technologies, Inc. -> Slack Technologies) C:\Users\Nikola Pejovic\AppData\Local\slack\app-3.4.1\slack.exe
(Slack Technologies, Inc. -> Slack Technologies) C:\Users\Nikola Pejovic\AppData\Local\slack\app-3.4.1\slack.exe
(TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit 2018\Snagit32.exe
(TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit 2018\SnagitEditor.exe
(TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit 2018\SnagPriv.exe
(Upwork Global Inc. -> ) C:\Program Files (x86)\Upwork\cmon.exe
(Upwork Global Inc. -> Upwork, Inc.) C:\Program Files (x86)\Upwork\upwork.exe
(Upwork Global Inc. -> Upwork, Inc.) C:\Program Files (x86)\Upwork\upwork.exe
(Upwork Global Inc. -> Upwork, Inc.) C:\Program Files (x86)\Upwork\upwork.exe
(Viber Media S.a.r.l -> ) C:\Users\Nikola Pejovic\AppData\Local\Viber\Viber.exe
(Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi -> Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi -> Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi -> Copyright 2017.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes Corporation -> Malwarebytes)
HKLM\...\Run: [TechSmithSnagit] => C:\Program Files\TechSmith\Snagit 2018\Snagit32.exe [9165232 2017-10-13] (TechSmith Corporation -> TechSmith Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files (x86)\Opera\assistant\browser_assistant.exe [2312792 2019-05-23] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [Viber] => C:\Users\Nikola Pejovic\AppData\Local\Viber\Viber.exe [80036560 2015-05-25] (Viber Media S.a.r.l -> )
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [Chromium] => "c:\users\nikola pejovic\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [Upwork] => C:\Program Files (x86)\Upwork\upwork.exe [58605360 2018-07-05] (Upwork Global Inc. -> Upwork, Inc.)
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [Box Local Com Server] => C:\Users\Nikola Pejovic\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe [80976 2018-11-20] (Box, Inc. -> Box, Inc.)
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [Box Edit] => C:\Users\Nikola Pejovic\AppData\Local\Box\Box Edit\Box Edit.exe [196688 2018-11-20] (Box, Inc. -> Box, Inc.)
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53646696 2019-04-25] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [com.squirrel.slack.slack] => C:\Users\Nikola Pejovic\AppData\Local\slack\Update.exe [1569296 2019-05-13] (Slack Technologies, Inc. -> )
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [1HQAyyqIM2.exe] => C:\Program Files\AVAST Software\UOG8S\1HQAyyqIM2.exe
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [çEFR-f0Dby.exe] => C:\Program Files\Microsoft Power Query for Excel\GAXO8Y2ZQCEEBQN7XGKZ\çEFR-f0Dby.exe
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: D - "D:\autorun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {06ffbd2c-e5fb-11e4-827d-60d819ea6866} - "G:\AutoRun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {06ffbd7f-e5fb-11e4-827d-60d819ea6866} - "D:\AutoRun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {1c2b1253-13c8-11e4-825a-60d819ea6866} - "H:\autorun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {403db24f-c8f7-11e5-82b9-60d819ea6866} - "G:\AutoRun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {46966f1b-2cac-11e5-8285-60d819ea6866} - "D:\AutoRun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {4c352bcc-f3da-11e4-827e-60d819ea6866} - "D:\AutoRun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {8f3306ca-33bd-11e4-825e-60d819ea6866} - "D:\Lenovo_Suite.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {8f3306d8-33bd-11e4-825e-60d819ea6866} - "G:\Lenovo_Suite.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {ca7e1973-6c5d-11e6-82fd-60d819ea6866} - "G:\Lenovo_Suite.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {e4e87462-9b4c-11e5-82ac-60d819ea6866} - "D:\AutoRun.exe"
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\MountPoints2: {e4e87525-9b4c-11e5-82ac-60d819ea6866} - "D:\AutoRun.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-23] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gcrchdhi.lnk [2019-06-02]
ShortcutAndArgument: gcrchdhi.lnk -> C:\Windows\System32\cmd.exe => /c start "" "C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\gcrchdhi\hvsiivse.exe"

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02517402-1B76-4F24-8DAB-D65BE59386E9} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall => {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
Task: {08AAB2F4-3A92-4630-AB1D-37666DA22570} - System32\Tasks\Microsoft Office 15 Sync Maintenance for NikolaPC-Nikola Pejovic NikolaPC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [469640 2012-10-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {0ABE61ED-F3BC-4A05-AF71-E9AE32C2AC13} - System32\Tasks\KMS Server OnLogon Activate => C:\Windows\AutoKMS_VL_ALL\AutoKMS_VL_ALL.exe [670227 2013-11-14] (MDL) [File not signed]
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator => {645E29EA-4B0A-464C-8B7D-1A6B9F9D92A8} C:\Windows\system32\msched.dll [132608 2013-11-14] (Microsoft Windows -> Microsoft Corporation)
Task: {13CAF343-9463-4901-A8B3-D3A1223E9DA6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance => {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} C:\Windows\system32\msched.dll [132608 2013-11-14] (Microsoft Windows -> Microsoft Corporation)
Task: {18D711AF-D919-4DDB-883F-488C7F44C5D6} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall => {EFF7F153-1C97-417a-B633-FEDE6683A939}
Task: {1A4230A2-E136-4936-9B22-DDF624BB8332} - System32\Tasks\Microsoft\Windows\IME\SQM data sender => {ccb1d8cb-d39f-41c9-b793-0196214bdc4e} C:\Windows\System32\IME\shared\imecfm.dll [108544 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
Task: {1B2E42CC-9687-4058-A160-F1561A7665F0} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2017-11-09] () [File not signed]
Task: {209B995D-70D0-40B7-8BF7-C9E3CCE68198} - \{AB62DAF7-7BC3-4770-87BC-925598591929} -> No File <==== ATTENTION
Task: {221203AC-EBF6-499E-817E-E0EFB5EAB1BF} - System32\Tasks\Microsoft\Windows\WS\WSTask => {E52C9A25-F3E8-49E4-BAA7-FAD0EF620129} C:\Windows\System32\WSService.dll [3394384 2014-02-22] (Microsoft Windows -> Microsoft Corporation)
Task: {2BAA7E3E-432B-4794-A2B1-B7F2CE73DDEF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh => {EBF00FCB-0769-4b81-9BEC-6C05514111AA} C:\Windows\System32\WpcWebSync.dll [2648064 2014-02-22] (Microsoft Windows -> Microsoft Corporation)
Task: {3DCC789D-E786-4417-8084-2DD9A7CD2ECE} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]
Task: {45561755-0BB2-49DF-9B3C-3F0CEB4AB61E} - System32\Tasks\Microsoft\Windows\WS\Badge Update => {00CCDDF6-5107-424D-853D-3907AE5502DC} C:\Windows\winstore\WinStoreUI.dll [1092608 2014-02-22] (Microsoft Windows -> Microsoft Corporation)
Task: {458A29F7-0F15-4531-A4CA-B1FA319D612F} - System32\Tasks\NvNgxUpdateCheckDaily_{A6B397E0-97E0-97E0-97E0-A6B397E097E0} => regsvr32 /s /n /u /i:"C:\Users\Nikola Pejovic\AppData\Roaming\wijtcrd" scrobj
Task: {46BFCC72-16EF-4000-B3BC-31B027659DAA} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {47BFE674-5DFA-4395-B88C-47D28D6E5597} - System32\Tasks\Microsoft\Windows\Maintenance\WinSAT => A9A33436-678B-4c9c-A211-7CC38785E79D
Task: {4FC089FF-D8AF-4760-8CDB-40A542371BCB} - System32\Tasks\Opera scheduled Autoupdate 1442584658 => C:\Program Files (x86)\Opera\launcher.exe [1301592 2019-05-23] (Opera Software AS -> Opera Software)
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {c8367320-6f85-11e0-a1f0-0800200c9a66} C:\Windows\System32\BthSQM.dll [26624 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup => {DEF03232-9688-11E2-BE7F-B4B52FD966FF} C:\Windows\System32\pnpclean.dll [116736 2014-02-22] (Microsoft Windows -> Microsoft Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {bf6c1e47-86ec-4194-9ce5-13c15dcb2001} C:\Windows\System32\skydrive.exe [872448 2014-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance => {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} C:\Windows\system32\msched.dll [132608 2013-11-14] (Microsoft Windows -> Microsoft Corporation)
Task: {73F931AA-0E5B-4C84-B943-FFD06BE0E804} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect => {784E29F4-5EBE-4279-9948-1E8FE941646D}
Task: {7410777A-8ABC-491A-AD5B-3A7491993FCA} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1642672 2012-10-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {81A56CE6-601C-4260-9E89-C2ECE15AC668} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 => {429BC048-379E-45E0-80E4-EB1977941B5C} C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll [29360 2018-05-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {81ADE2CF-6A20-45DB-8231-3F41276E391D} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 => {84F0FAE1-C27B-4F6F-807B-28CF6F96287D} C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll [29360 2018-05-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1b1f472e-3221-4826-97db-2c2324d389ae} C:\Windows\System32\skydrive.exe [872448 2014-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {87B2AA2C-017A-463A-9F40-74EA69B16814} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [3153408 2014-06-27] () [File not signed]
Task: {895E83F7-BF75-4E2A-86B8-50519B7621F1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {9AE37D28-4D53-45A9-970D-A57242F1A84F} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical => {613fba38-a3df-4ab8-9674-5604984a299a} C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll [29360 2018-05-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {9C8E21C9-6AB1-4D66-8DF5-73AF5359B24E} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses => {10F591BE-3C84-418A-86DD-BAA002E2F36E} C:\Windows\winstore\WinStoreUI.dll [1092608 2014-02-22] (Microsoft Windows -> Microsoft Corporation)
Task: {B3681720-E7D7-4D54-BADF-A23CCD44CF49} - System32\Tasks\Opera scheduled Autoupdate 1526675292 => C:\Program Files\Opera\launcher.exe [1493592 2019-05-23] (Opera Software AS -> Opera Software)
Task: {B4432B9B-D374-401A-B20F-56AB128FBEB6} - System32\Tasks\KMS Server Daily Activate => C:\Windows\AutoKMS_VL_ALL\AutoKMS_VL_ALL.exe [670227 2013-11-14] (MDL) [File not signed]
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance => {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} C:\Windows\system32\msched.dll [132608 2013-11-14] (Microsoft Windows -> Microsoft Corporation)
Task: {B9A808D0-5DA8-4C45-94D7-1FC7CB8BACFD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {C371F25E-745F-4A1E-BEF3-959161B56258} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific => {9f2b0085-9218-42a1-88b0-9f0e65851666} C:\Windows\system32\apprepsync.dll [157696 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
Task: {C4AE3C3E-C327-4689-B6FD-C11FB31AE88B} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler => {5AA199A0-1CED-43A5-9B85-3226086738A3} C:\Windows\System32\netcfgx.dll [488280 2014-03-06] (Microsoft Windows -> Microsoft Corporation)
Task: {C7C9E3E7-88B3-4A77-A5C1-FA3A9E3067BF} - \{CDDD04BC-F422-4141-8D80-A2F727E80B87} -> No File <==== ATTENTION
Task: {C990D22B-2D67-4944-B993-83026157D3FD} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-05-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {C9C20725-29A2-4253-AC59-269E6E52DB1C} - System32\Tasks\Opera scheduled assistant Autoupdate 1547291724 => C:\Program Files (x86)\Opera\launcher.exe [1301592 2019-05-23] (Opera Software AS -> Opera Software)
Task: {CC02F010-1719-4535-A896-30F9B7D929D6} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [3227984 2013-10-16] (Nero AG -> Nero AG)
Task: {D7E204D7-19CF-454B-97E9-FA30A1B945E0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-05-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E90AFE1C-4FDE-42AA-955F-3B9EDF653C66} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical => {de434264-8fe9-4c0b-a83b-89ebeebff78e} C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll [29360 2018-05-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {EA1D3D8F-8866-4662-A9CE-69FAA629BE16} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2864281891-3376825052-3278056506-1001 => {2D3F8A1B-6DCD-4ED5-BDBA-A096594B98EF} C:\Windows\System32\twinapi.dll [721408 2014-02-22] (Microsoft Windows -> Microsoft Corporation)
Task: {EEAECC13-E19C-4011-B902-0A286DA36676} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics => {5b6b6834-34f0-49b9-ad4e-81d4994c7a74} C:\Windows\system32\DfpCommon.dll [390656 2014-02-22] (Microsoft Windows -> Microsoft Corporation)
Task: {F3084DAB-1CE6-4C30-8C5E-D30B69FE78B9} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {FE29CB98-A78C-40A7-80C0-12BEE764EF5B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd -> Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{51D99859-CEE1-4B15-AA5C-B73E1ABD6149}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E2F76DF2-CB29-4BDE-A886-05196AE18760}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{EF0C37D5-3A14-4A73-B3F9-5F29B4219C0A}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2864281891-3376825052-3278056506-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-02] (Oracle America, Inc. -> Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-02] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: rg6r1qti.default
FF DefaultProfile: 3revh3hg.default
FF ProfilePath: C:\Users\Nikola Pejovic\AppData\Roaming\Zotero\Zotero\Profiles\rg6r1qti.default [2019-03-26]
FF Extension: (Zotero LibreOffice Integration) - C:\Program Files (x86)\Zotero\extensions\zoteroOpenOfficeIntegration@zotero.org [2019-03-26] [Legacy] [not signed]
FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero\extensions\zoteroWinWordIntegration@zotero.org [2019-03-26] [Legacy] [not signed]
FF ProfilePath: C:\Users\Nikola Pejovic\AppData\Roaming\Mozilla\Firefox\Profiles\3revh3hg.default [2019-06-03]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-10-24] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll [2014-11-03] (Adobe Systems Incorporated -> )
FF Plugin: @cuminas.jp/DjVuPlugin -> C:\Program Files\Cuminas\Document Express DjVu Plug-in\npdjvu.dll [2015-05-08] (Cuminas Corporation -> Cuminas Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll [2014-11-03] (Adobe Systems Incorporated -> )
FF Plugin-x32: @cuminas.jp/DjVuPlugin -> C:\Program Files (x86)\Cuminas\Document Express DjVu Plug-in\npdjvu.dll [2015-05-08] (Cuminas Corporation -> Cuminas Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-07-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-08-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1442584478&z=bad0e49b332362138910f83gdzfz4o0w8bdz2z4mam&from=cor&uid=WDCXWD5000BPVT-24HXZT3_WD-WXA1A91E3668E3668","hxxp://www.youndoo.com/?z=ad99dbc43c4dab03b38dc41g0z7q1b5z6zacaq2t3m&from=wak&uid=WDCXWD5000BPVT-24HXZT3_WD-WXA1A91E3668E3668&type=hp"
CHR Profile: C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default [2019-06-03]
CHR Extension: (Slides) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-11]
CHR Extension: (Docs) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-11]
CHR Extension: (Google Drive) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-28]
CHR Extension: (YouTube) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-03]
CHR Extension: (Sheets) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-11]
CHR Extension: (Google Docs Offline) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-06-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-11]
CHR Extension: (Gmail) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-03]
CHR Extension: (Chrome Media Router) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-03]
CHR Profile: C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\gregugitulestogagh [2019-06-02] <==== ATTENTION
CHR Extension: (Google Slides) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\gregugitulestogagh\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-23]
CHR Extension: (Google Docs) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\gregugitulestogagh\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-23]
CHR Extension: (Google Drive) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\gregugitulestogagh\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-23]
CHR Extension: (YouTube) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\gregugitulestogagh\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-23]
CHR Extension: (Adobe Acrobat) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\gregugitulestogagh\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-23]
CHR Extension: (Google Sheets) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\gregugitulestogagh\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-23]
CHR Extension: (Google Docs Offline) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\gregugitulestogagh\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\gregugitulestogagh\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-23]
CHR Extension: (Gmail) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\gregugitulestogagh\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-23]
CHR Extension: (Chrome Media Router) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\gregugitulestogagh\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-23]
CHR Profile: C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh [2019-06-02] <==== ATTENTION
CHR Extension: (Slides) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-23]
CHR Extension: (Adobe Acrobat) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-05-15]
CHR Extension: (Zotero Connector) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2019-05-09]
CHR Extension: (Sheets) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (UberConference Screen Sharing) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\hcakmcggjddnhepfcajfcpkdjoggcnak [2018-05-16]
CHR Extension: (Unseen) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\iicapmagmhahddefgokbabbgieiogjop [2017-05-24]
CHR Extension: (Unseen for Facebook) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\jiomcgpfgkeefipihnplhadgdoollmap [2019-03-18]
CHR Extension: (Save to Facebook) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2019-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\pruvchshzedomhalgh\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-23]
CHR Profile: C:\Users\Nikola Pejovic\AppData\Local\Google\Chrome\User Data\System Profile [2019-06-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-05-13] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-05-13] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-05-21] (Dropbox, Inc -> Dropbox, Inc.)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Incorporated -> Foxit Software Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-02-06] (Huawei Technologies Co., Ltd. -> )
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2013-08-16] () [File not signed]
R2 LiquidVPNService; C:\Program Files (x86)\LiquidVPN\LiquidVPNService.exe [53976 2018-05-14] (LiquidVPN Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes Corporation -> Malwarebytes)
R2 MTel_ontenegro Imola Modem Device Helper; C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe [53312 2012-03-14] (JRD COMMUNICATION (SHENZHEN) LTD -> )
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation -> TechSmith Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation -> Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi -> Copyright 2017.)
R2 postgresql-x64-9.5; "C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe" runservice -N "postgresql-x64-9.5" -D "C:\Program Files\PostgreSQL\9.5\data" -w

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4319632 2017-08-07] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
R3 dbx; C:\Windows\System32\DRIVERS\dbx.sys [47600 2019-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Dropbox, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ew_hwusbdev; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [109568 2013-08-16] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 ew_usbenumfilter; C:\Windows\System32\drivers\ew_usbenumfilter.sys [14976 2013-08-16] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 huawei_enumerator; C:\Windows\System32\drivers\ew_jubusenum.sys [91648 2013-08-16] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hwusb_cdcacm; C:\Windows\system32\DRIVERS\ew_cdcacm.sys [121728 2013-10-23] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\system32\DRIVERS\ew_wwanecm.sys [375040 2013-10-23] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [5363200 2014-01-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 jrdusbser; C:\Windows\system32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (Microsoft Windows Hardware Compatibility Publisher -> TCT International Mobile Ltd)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2019-06-03] (Malwarebytes Corporation -> Malwarebytes)
S3 netr28ux; C:\Windows\system32\DRIVERS\netr28ux.sys [2408208 2013-06-18] (Mediatek Inc. -> Ralink Technology Corp.)
R3 RTL8168; C:\Windows\system32\DRIVERS\Rt630x64.sys [591360 2013-06-18] (Microsoft Windows -> Realtek )
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35856 2013-10-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [236888 2013-10-31] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Windows -> Microsoft Corporation)
U4 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2019-05-12] (Nemea Mjukvaruutveckling AB -> Basil Projects)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-02-02] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-02-02] (Zemana Ltd. -> Zemana Ltd.)
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
S1 MpKsl209e431b; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D12B0855-EECF-4B7D-9690-D53D32B4F929}\MpKsl209e431b.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-03 12:10 - 2019-06-03 12:13 - 000043334 _____ C:\Users\Nikola Pejovic\Downloads\FRST.txt
2019-06-03 12:09 - 2019-06-03 12:10 - 000000000 ____D C:\FRST
2019-06-03 12:09 - 2019-06-03 12:09 - 002433536 _____ (Farbar) C:\Users\Nikola Pejovic\Downloads\FRST64.exe
2019-06-03 10:24 - 2019-06-03 10:24 - 000003754 _____ C:\Windows\System32\Tasks\AutoKMS
2019-06-02 23:52 - 2019-06-02 23:52 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2019-06-02 23:48 - 2019-06-02 23:48 - 000000258 __RSH C:\Users\Nikola Pejovic\ntuser.pol
2019-06-02 22:40 - 2019-06-02 22:40 - 000000003 _____ C:\Windows\SysWOW64\log
2019-06-02 22:33 - 2019-06-02 22:33 - 000003260 _____ C:\Windows\System32\Tasks\NvNgxUpdateCheckDaily_{A6B397E0-97E0-97E0-97E0-A6B397E097E0}
2019-06-02 22:11 - 2019-06-02 22:11 - 000000000 ____D C:\ProgramData\Pader
2019-06-02 22:10 - 2019-06-02 22:10 - 000000000 ____D C:\Program Files (x86)\Seed Trade
2019-06-02 22:09 - 2019-06-02 22:21 - 000000000 ____D C:\Program Files (x86)\DreamTrips
2019-06-02 22:08 - 2019-06-02 23:48 - 000000000 ____D C:\Program Files (x86)\LJHSDK
2019-06-02 22:08 - 2019-06-02 22:08 - 000000000 ____D C:\ProgramData\fb
2019-06-02 22:07 - 2019-06-02 22:07 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\AdvinstAnalytics
2019-05-31 18:54 - 2019-05-31 18:54 - 000373585 _____ C:\Users\Nikola Pejovic\Downloads\19-05-31.zip
2019-05-31 16:47 - 2019-05-31 16:47 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\BitTorrentHelper
2019-05-28 22:52 - 2019-05-28 22:52 - 000018399 _____ C:\Users\Nikola Pejovic\Downloads\Reverse Correlation Multinationals.xlsx
2019-05-28 22:48 - 2019-05-28 22:48 - 000056711 _____ C:\Users\Nikola Pejovic\Downloads\UNITEDHEALTH GROUP.xlsx
2019-05-25 17:34 - 2019-05-25 17:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2019-05-25 17:34 - 2019-05-25 17:34 - 000000996 _____ C:\Users\Nikola Pejovic\Desktop\FileZilla.lnk
2019-05-25 17:34 - 2019-05-25 17:34 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2019-05-24 18:21 - 2019-05-24 18:28 - 000028378 _____ C:\Users\Nikola Pejovic\Desktop\index1.html
2019-05-23 23:23 - 2019-05-23 23:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-05-22 21:23 - 2019-05-22 21:23 - 000057084 _____ C:\Users\Nikola Pejovic\Downloads\FTE Project Queue_Master-2 (1) (1) (1).xlsx
2019-05-21 23:34 - 2019-05-21 23:34 - 003335226 _____ C:\Users\Nikola Pejovic\Downloads\Rezultati povezivanja poslodavaca i korisnika Programa stručnog osposobljavanja visokoškolaca.pdf
2019-05-21 14:10 - 2019-05-21 14:10 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-05-21 14:10 - 2019-05-21 14:10 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-05-21 14:10 - 2019-05-21 14:10 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-05-21 14:10 - 2019-05-21 14:10 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-05-21 14:10 - 2019-05-21 14:10 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx.sys
2019-05-17 12:50 - 2019-06-03 11:16 - 000000600 _____ C:\Users\Nikola Pejovic\AppData\Local\PUTTY.RND
2019-05-17 12:49 - 2019-05-17 12:49 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Sublime Text 3
2019-05-17 12:49 - 2019-05-17 12:49 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\Sublime Text 3
2019-05-17 12:47 - 2019-05-17 12:47 - 010913768 _____ (Sublime HQ Pty Ltd ) C:\Users\Nikola Pejovic\Downloads\Sublime Text Build 3207 x64 Setup.exe
2019-05-17 12:47 - 2019-05-17 12:47 - 000000898 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2019-05-17 12:47 - 2019-05-17 12:47 - 000000000 ____D C:\Program Files\Sublime Text 3
2019-05-16 22:40 - 2019-05-16 22:40 - 005238102 _____ C:\Users\Nikola Pejovic\Downloads\Formular za prijavu teme magistarskog rada_Nikola Pejovic II.pdf
2019-05-16 14:31 - 2019-05-16 14:29 - 000000962 _____ C:\Users\Nikola Pejovic\Desktop\PuTTY.lnk
2019-05-16 14:29 - 2019-05-16 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2019-05-16 14:29 - 2019-05-16 14:29 - 000000000 ____D C:\Program Files\PuTTY
2019-05-16 14:28 - 2019-05-16 14:29 - 003157504 _____ C:\Users\Nikola Pejovic\Downloads\putty-64bit-0.71-installer.msi
2019-05-16 14:26 - 2019-06-03 11:42 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\FileZilla
2019-05-16 14:26 - 2019-05-29 14:06 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\FileZilla
2019-05-15 15:07 - 2019-05-15 15:07 - 000229163 _____ C:\Users\Nikola Pejovic\Downloads\Stručni saradnik depozitnih poslova, Sektor procesinga, Služba kreditnih....pdf
2019-05-14 18:54 - 2019-05-14 18:54 - 000055070 _____ C:\Users\Nikola Pejovic\Downloads\FTE Project Queue_Master-2 (1) (1).xlsx
2019-05-13 21:58 - 2019-05-13 21:58 - 000001206 _____ C:\Users\Nikola Pejovic\Desktop\Dropbox.lnk
2019-05-13 20:21 - 2019-05-13 20:21 - 000694184 _____ (Dropbox, Inc.) C:\Users\Nikola Pejovic\Downloads\DropboxInstaller (2).exe
2019-05-13 18:02 - 2019-06-03 11:44 - 000002219 _____ C:\Users\Nikola Pejovic\Desktop\Slack.lnk
2019-05-13 18:02 - 2019-06-03 11:44 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Slack
2019-05-13 18:02 - 2019-06-03 11:44 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2019-05-13 18:01 - 2019-06-03 11:44 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\slack
2019-05-13 17:59 - 2019-05-13 18:02 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\SquirrelTemp
2019-05-13 17:59 - 2019-05-13 17:59 - 085822480 _____ (Slack Technologies) C:\Users\Nikola Pejovic\Downloads\SlackSetup.exe
2019-05-13 17:48 - 2019-06-03 11:53 - 000000942 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2019-05-13 17:48 - 2019-06-03 10:36 - 000000938 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-05-13 17:48 - 2019-05-23 23:24 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-05-13 17:48 - 2019-05-13 17:48 - 000003914 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2019-05-13 17:48 - 2019-05-13 17:48 - 000003678 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2019-05-13 17:47 - 2019-05-13 17:47 - 000694184 _____ (Dropbox, Inc.) C:\Users\Nikola Pejovic\Downloads\DropboxInstaller (1).exe
2019-05-13 10:32 - 2019-05-13 10:32 - 000001286 _____ C:\Users\Public\Desktop\Skype.lnk
2019-05-13 10:31 - 2019-05-13 10:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-05-13 10:16 - 2019-05-13 10:18 - 062223112 _____ (Skype Technologies S.A.) C:\Users\Nikola Pejovic\Downloads\Skype-8.44.0.40.exe
2019-05-13 09:37 - 2019-05-13 09:37 - 000358632 _____ C:\Users\Nikola Pejovic\Downloads\DE Correlation Intelligence Report 02122019 - 9D3113EB-F005-948F-C73482A6A10FA145.pdf
2019-05-12 15:01 - 2019-05-12 15:01 - 000538798 _____ C:\Users\Nikola Pejovic\Downloads\14606-53062-1-PB.pdf
2019-05-12 11:25 - 2019-05-12 11:43 - 000000000 ____D C:\Program Files\KMSpico
2019-05-12 11:25 - 2019-05-12 11:27 - 000003382 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2019-05-12 11:25 - 2019-05-12 11:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2019-05-12 11:25 - 2019-05-12 11:25 - 000004608 _____ C:\Windows\SECOH-QAD.exe
2019-05-12 11:25 - 2019-05-12 11:25 - 000003584 _____ C:\Windows\SECOH-QAD.dll
2019-05-12 11:25 - 2010-12-06 04:16 - 000090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2019-05-12 11:21 - 2019-05-12 11:21 - 000001381 _____ C:\Users\Public\Desktop\Windows 8.1 KMS Activator Ultimate v1.4.1.lnk
2019-05-12 11:21 - 2019-05-12 11:21 - 000000000 ____D C:\Program Files (x86)\Windows 8.1 KMS Activator Ultimate v1.4.1
2019-05-12 09:10 - 2019-05-12 09:12 - 206692864 _____ (Microsoft Corporation) C:\Users\Nikola Pejovic\Downloads\dotnetfx35.exe
2019-05-12 09:06 - 2019-05-12 09:06 - 002869264 _____ (Microsoft Corporation) C:\Users\Nikola Pejovic\Downloads\dotNetFx35setup.exe
2019-05-11 12:54 - 2019-05-11 12:54 - 003471521 _____ C:\Users\Nikola Pejovic\Downloads\MR - Menice i bankarske garancije kao sredstva obezbeđenja plaćanja u savremenom korporativnom.pdf
2019-05-10 11:16 - 2019-05-10 11:16 - 000098727 _____ C:\Users\Nikola Pejovic\Downloads\DE Correlation Master_Processed 050119.xlsx
2019-05-10 10:37 - 2019-05-10 10:37 - 000011722 _____ C:\Users\Nikola Pejovic\Downloads\DE Reporting Change Tracker (1).xlsx
2019-05-10 10:34 - 2019-05-10 10:34 - 000268676 _____ C:\Users\Nikola Pejovic\Downloads\DE Correlation Intelligence Report 051818 (1).pdf
2019-05-10 10:28 - 2019-05-10 10:28 - 000038673 _____ C:\Users\Nikola Pejovic\Downloads\Moffitt DE Correlation Uploads Weekly.xlsx
2019-05-09 21:55 - 2019-05-09 21:55 - 000007680 _____ C:\Users\Nikola Pejovic\Downloads\wrike_090519_125540.xls
2019-05-09 18:02 - 2019-05-09 18:02 - 000000000 ____D C:\Windows\pss
2019-05-09 14:25 - 2019-06-02 13:33 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\LocalLow\uTorrent
2019-05-09 11:51 - 2019-05-09 11:51 - 000001060 _____ C:\Users\Nikola Pejovic\Desktop\Telegram.lnk
2019-05-09 11:51 - 2019-05-09 11:51 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2019-05-09 11:50 - 2019-05-15 16:34 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Telegram Desktop
2019-05-09 11:50 - 2019-05-09 11:50 - 020385160 _____ (Telegram Messenger LLP ) C:\Users\Nikola Pejovic\Downloads\tsetup.1.6.7.exe
2019-05-09 11:50 - 2019-05-09 11:50 - 020385160 _____ (Telegram Messenger LLP ) C:\Users\Nikola Pejovic\Downloads\tsetup.1.6.7 (1).exe
2019-05-09 10:09 - 2019-05-09 10:09 - 000000000 ____D C:\Program Files (x86)\Windows 8.1 Product Key Finder Ultimate v13.10.1
2019-05-08 19:55 - 2019-05-09 18:52 - 000000000 ____D C:\Users\Nikola Pejovic\Desktop\HTML
2019-05-08 19:47 - 2019-05-08 19:47 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\ActiveState
2019-05-08 19:47 - 2019-05-08 19:47 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\ActiveState
2019-05-08 19:46 - 2019-05-08 19:46 - 000002032 _____ C:\Users\Public\Desktop\Komodo Edit 11.lnk
2019-05-08 19:46 - 2019-05-08 19:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActiveState Komodo Edit 11
2019-05-08 19:43 - 2019-05-08 19:46 - 000000000 ____D C:\Program Files (x86)\ActiveState Komodo Edit 11
2019-05-08 19:42 - 2019-05-08 19:43 - 078393344 _____ C:\Users\Nikola Pejovic\Downloads\Komodo-Edit-11.1.1-18206.msi
2019-05-08 16:54 - 2019-05-08 16:54 - 000329116 _____ C:\Users\Nikola Pejovic\Downloads\2019 GKS-G Application FAQs(English-Korean).pdf
2019-05-07 16:26 - 2019-05-07 16:26 - 000000282 _____ C:\Users\Nikola Pejovic\Downloads\speedtests-2019-05-07-142549.csv
2019-05-07 15:26 - 2019-05-07 15:26 - 000204135 _____ C:\Users\Nikola Pejovic\Downloads\Konkurs stipendije 2019.pdf
2019-05-07 11:36 - 2019-05-07 11:36 - 000131831 _____ C:\Users\Nikola Pejovic\Downloads\time_series_econometrics_mansoor_ahmad_adnan_majeed.pptx
2019-05-06 18:12 - 2019-05-06 18:12 - 000459438 _____ C:\Users\Nikola Pejovic\Downloads\Tačka 35.pdf
2019-05-06 18:10 - 2019-05-06 18:11 - 000301459 _____ C:\Users\Nikola Pejovic\Downloads\63_27_87_26_07_2018.pdf
2019-05-06 08:28 - 2019-05-06 08:28 - 000746846 _____ C:\Users\Nikola Pejovic\Downloads\Attachment_1552570853226000001_attach_1_1552570853226000001_20190314140554315.pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-03 12:13 - 2017-10-22 16:48 - 000158975 _____ C:\Windows\ZAM.krnl.trace
2019-06-03 12:13 - 2017-10-22 16:48 - 000130797 _____ C:\Windows\ZAM_Guard.krnl.trace
2019-06-03 12:10 - 2014-06-12 02:41 - 000003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{05485734-D435-4311-95F2-4238E740C9B6}
2019-06-03 11:49 - 2014-06-12 02:38 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2864281891-3376825052-3278056506-1001
2019-06-03 11:22 - 2017-12-20 21:24 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\Power Query Telemetry
2019-06-03 11:05 - 2016-03-05 17:10 - 000004994 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for NikolaPC-Nikola Pejovic NikolaPC
2019-06-03 10:42 - 2015-06-02 14:11 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\ViberPC
2019-06-03 10:37 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
2019-06-03 10:36 - 2017-05-23 22:55 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2019-06-03 10:36 - 2015-12-20 19:04 - 000000000 ____D C:\ProgramData\OnlineUpdate
2019-06-03 10:36 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-06-03 10:35 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2019-06-03 10:30 - 2014-07-23 22:27 - 000000000 ____D C:\Users\Nikola Pejovic\Documents\ViberDownloads
2019-06-02 23:48 - 2017-10-22 13:32 - 000000258 __RSH C:\ProgramData\ntuser.pol
2019-06-02 23:48 - 2014-06-12 02:32 - 000000000 ____D C:\Users\Nikola Pejovic
2019-06-02 22:56 - 2014-06-13 07:23 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\uTorrent
2019-06-02 22:29 - 2013-08-22 17:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-06-02 22:23 - 2017-04-28 16:39 - 000000000 ____D C:\ProgramData\Package Cache
2019-06-02 22:12 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\tracing
2019-06-02 22:11 - 2013-08-22 17:36 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2019-06-02 22:09 - 2017-12-20 21:23 - 000000000 ____D C:\Program Files\Microsoft Power Query for Excel
2019-06-02 22:09 - 2017-10-22 13:54 - 000000000 ____D C:\Program Files\AVAST Software
2019-06-02 21:57 - 2018-07-15 12:55 - 000000000 ____D C:\Users\Nikola Pejovic\.spyder-py3
2019-06-02 14:07 - 2014-06-12 02:32 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Adobe
2019-06-02 13:55 - 2014-06-29 00:32 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\Adobe
2019-06-02 13:54 - 2014-06-29 00:29 - 000000000 ____D C:\ProgramData\Adobe
2019-06-01 09:58 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\FxsTmp
2019-05-30 09:12 - 2015-06-02 14:10 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\Viber
2019-05-29 15:04 - 2014-06-13 06:46 - 010181120 ___SH C:\Users\Nikola Pejovic\Desktop\Thumbs.db
2019-05-27 22:42 - 2015-06-17 15:30 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\Dropbox
2019-05-27 15:39 - 2015-09-18 15:57 - 000003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1442584658
2019-05-27 15:39 - 2015-09-18 15:54 - 000000000 ____D C:\Program Files (x86)\Opera
2019-05-27 12:34 - 2018-05-18 22:28 - 000003834 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1526675292
2019-05-27 12:34 - 2018-05-18 22:28 - 000001050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-05-27 12:34 - 2018-05-18 22:27 - 000000000 ____D C:\Program Files\Opera
2019-05-26 22:25 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\NDF
2019-05-24 19:48 - 2014-07-31 14:49 - 001190400 ___SH C:\Users\Nikola Pejovic\Documents\Thumbs.db
2019-05-24 12:19 - 2019-01-12 13:15 - 000004050 _____ C:\Windows\System32\Tasks\Opera scheduled assistant Autoupdate 1547291724
2019-05-23 15:44 - 2014-06-12 02:34 - 000824212 _____ C:\Windows\system32\PerfStringBackup.INI
2019-05-23 09:27 - 2014-06-12 02:43 - 000002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-23 09:27 - 2014-06-12 02:43 - 000002163 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-20 17:53 - 2017-12-16 12:36 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\CrashDumps
2019-05-15 10:24 - 2017-02-15 12:14 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-05-13 22:01 - 2014-06-19 02:54 - 004163072 ___SH C:\Users\Nikola Pejovic\Downloads\Thumbs.db
2019-05-13 17:54 - 2014-06-13 21:38 - 000000000 ___RD C:\Users\Nikola Pejovic\Dropbox (Old)
2019-05-13 17:53 - 2014-06-13 21:33 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Roaming\Dropbox
2019-05-13 10:06 - 2016-07-13 10:49 - 000238035 ____H C:\Users\Nikola Pejovic\AppData\Local\IconCache.db.backup
2019-05-13 10:05 - 2014-06-12 03:01 - 000000000 ____D C:\ProgramData\Skype
2019-05-12 12:09 - 2014-10-28 10:48 - 000000000 ____D C:\Users\Nikola Pejovic\Downloads\IELTS Trainer Practice Tests with answers
2019-05-12 10:26 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp
2019-05-08 19:10 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-08 19:10 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\AppReadiness
2019-05-08 17:42 - 2018-04-11 18:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-06 08:27 - 2014-06-12 02:32 - 000000000 ____D C:\Users\Nikola Pejovic\AppData\Local\Packages

==================== Files in the root of some directories =======

2014-06-14 19:26 - 2014-02-22 17:46 - 000573952 ___SH (MPC-HC Team) C:\Users\Nikola Pejovic\AppData\Roaming\abhvsii
2014-06-14 19:26 - 2014-02-22 17:46 - 000000279 ___SH () C:\Users\Nikola Pejovic\AppData\Roaming\wijtcrd
2015-12-23 23:39 - 2015-12-23 23:39 - 000969852 _____ () C:\Users\Nikola Pejovic\AppData\Local\DjVu-Reader-_1116.rar
2019-05-17 12:50 - 2019-06-03 11:16 - 000000600 _____ () C:\Users\Nikola Pejovic\AppData\Local\PUTTY.RND

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-05-21 20:56
==================== End of FRST.txt ============================
mycity.rs/must-login.png

Dopuna: 04 Jun 2019 8:13

Ovu dobijam pri paljenju kompa.


offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10385
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

VirusTotal: C:\Program Files\AVAST Software\UOG8S\1HQAyyqIM2.exe;C:\Program Files\Microsoft Power Query for Excel\GAXO8Y2ZQCEEBQN7XGKZ\çEFR-f0Dby.exe;C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\gcrchdhi\hvsiivse.exe
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [Chromium] => "c:\users\nikola pejovic\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [1HQAyyqIM2.exe] => C:\Program Files\AVAST Software\UOG8S\1HQAyyqIM2.exe
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [çEFR-f0Dby.exe] => C:\Program Files\Microsoft Power Query for Excel\GAXO8Y2ZQCEEBQN7XGKZ\çEFR-f0Dby.exe
Startup: C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gcrchdhi.lnk [2019-06-02]
ShortcutAndArgument: gcrchdhi.lnk -> C:\Windows\System32\cmd.exe => /c start "" "C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\gcrchdhi\hvsiivse.exe"
Task: {209B995D-70D0-40B7-8BF7-C9E3CCE68198} - \{AB62DAF7-7BC3-4770-87BC-925598591929} -> No File <==== ATTENTION
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1442584478&z=bad0e49b332362138910f83gdzfz4o0w8bdz2z4mam&from=cor&uid=WDCXWD5000BPVT-24HXZT3_WD-WXA1A91E3668E3668","hxxp://www.youndoo.com/?z=ad99dbc43c4dab03b38dc41g0z7q1b5z6zacaq2t3m&from=wak&uid=WDCXWD5000BPVT-24HXZT3_WD-WXA1A91E3668E3668&type=hp"
2019-06-02 22:11 - 2019-06-02 22:11 - 000000000 ____D C:\ProgramData\Pader
2019-06-02 22:10 - 2019-06-02 22:10 - 000000000 ____D C:\Program Files (x86)\Seed Trade
2019-06-02 22:09 - 2019-06-02 22:21 - 000000000 ____D C:\Program Files (x86)\DreamTrips
2019-06-02 22:08 - 2019-06-02 23:48 - 000000000 ____D C:\Program Files (x86)\LJHSDK
2019-06-02 22:08 - 2019-06-02 22:08 - 000000000 ____D C:\ProgramData\fb
WMI:subscription\__TimerInstruction->SethomePage Interval Timer:: <==== ATTENTION
WMI:subscription\__IntervalTimerInstruction->SethomePage Interval Timer:: <==== ATTENTION
WMI:subscription\__EventFilter->EventFilter sethomePage2::[Query => Select * From __timerevent Where TimerId = "SethomePage Interval Timer"] <==== ATTENTION
2014-06-14 19:26 - 2014-02-22 17:46 - 000573952 ___SH (MPC-HC Team) C:\Users\Nikola Pejovic\AppData\Roaming\abhvsii
2014-06-14 19:26 - 2014-02-22 17:46 - 000000279 ___SH () C:\Users\Nikola Pejovic\AppData\Roaming\wijtcrd
C:\Program Files\AVAST Software\UOG8S
C:\Program Files\Microsoft Power Query for Excel\GAXO8Y2ZQCEEBQN7XGKZ
C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\gcrchdhi


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

offline
  • Pridružio: 28 Jan 2009
  • Poruke: 74

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-06-2019
Ran by Nikola Pejovic (06-06-2019 21:07:48) Run:1
Running from C:\Users\Nikola Pejovic\Desktop
Loaded Profiles: Nikola Pejovic (Available Profiles: Nikola Pejovic)
Boot Mode: Normal
==============================================

fixlist content:
*****************
VirusTotal: C:\Program Files\AVAST Software\UOG8S\1HQAyyqIM2.exe;C:\Program Files\Microsoft Power Query for Excel\GAXO8Y2ZQCEEBQN7XGKZ\çEFR-f0Dby.exe;C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\gcrchdhi\hvsiivse.exe
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [Chromium] => "c:\users\nikola pejovic\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [1HQAyyqIM2.exe] => C:\Program Files\AVAST Software\UOG8S\1HQAyyqIM2.exe
HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\...\Run: [çEFR-f0Dby.exe] => C:\Program Files\Microsoft Power Query for Excel\GAXO8Y2ZQCEEBQN7XGKZ\çEFR-f0Dby.exe
Startup: C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gcrchdhi.lnk [2019-06-02]
ShortcutAndArgument: gcrchdhi.lnk -> C:\Windows\System32\cmd.exe => /c start "" "C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\gcrchdhi\hvsiivse.exe"
Task: {209B995D-70D0-40B7-8BF7-C9E3CCE68198} - \{AB62DAF7-7BC3-4770-87BC-925598591929} -> No File <==== ATTENTION
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1442584478&z=bad0e49b332362138910f83gdzfz4o0w8bdz2z4mam&from=cor&uid=WDCXWD5000BPVT-24HXZT3_WD-WXA1A91E3668E3668","hxxp://www.youndoo.com/?z=ad99dbc43c4dab03b38dc41g0z7q1b5z6zacaq2t3m&from=wak&uid=WDCXWD5000BPVT-24HXZT3_WD-WXA1A91E3668E3668&type=hp"
2019-06-02 22:11 - 2019-06-02 22:11 - 000000000 ____D C:\ProgramData\Pader
2019-06-02 22:10 - 2019-06-02 22:10 - 000000000 ____D C:\Program Files (x86)\Seed Trade
2019-06-02 22:09 - 2019-06-02 22:21 - 000000000 ____D C:\Program Files (x86)\DreamTrips
2019-06-02 22:08 - 2019-06-02 23:48 - 000000000 ____D C:\Program Files (x86)\LJHSDK
2019-06-02 22:08 - 2019-06-02 22:08 - 000000000 ____D C:\ProgramData\fb
WMI:subscription\__TimerInstruction->SethomePage Interval Timer:: <==== ATTENTION
WMI:subscription\__IntervalTimerInstruction->SethomePage Interval Timer:: <==== ATTENTION
WMI:subscription\__EventFilter->EventFilter sethomePage2::[Query => Select * From __timerevent Where TimerId = "SethomePage Interval Timer"] <==== ATTENTION
2014-06-14 19:26 - 2014-02-22 17:46 - 000573952 ___SH (MPC-HC Team) C:\Users\Nikola Pejovic\AppData\Roaming\abhvsii
2014-06-14 19:26 - 2014-02-22 17:46 - 000000279 ___SH () C:\Users\Nikola Pejovic\AppData\Roaming\wijtcrd
C:\Program Files\AVAST Software\UOG8S
C:\Program Files\Microsoft Power Query for Excel\GAXO8Y2ZQCEEBQN7XGKZ
C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\gcrchdhi
*****************

"VirusTotal: C:\Program Files\AVAST Software\UOG8S\1HQAyyqIM2.exe" => not found
"VirusTotal: C:\Program Files\Microsoft Power Query for Excel\GAXO8Y2ZQCEEBQN7XGKZ\çEFR-f0Dby.exe" => not found
"VirusTotal: C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\gcrchdhi\hvsiivse.exe" => not found
"HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium" => removed successfully
"HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\Software\Microsoft\Windows\CurrentVersion\Run\\1HQAyyqIM2.exe" => removed successfully
"HKU\S-1-5-21-2864281891-3376825052-3278056506-1001\Software\Microsoft\Windows\CurrentVersion\Run\\çEFR-f0Dby.exe" => removed successfully
C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gcrchdhi.lnk => moved successfully
ShortcutAndArgument: gcrchdhi.lnk -> C:\Windows\System32\cmd.exe => /c start "" "C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\gcrchdhi\hvsiivse.exe" => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{209B995D-70D0-40B7-8BF7-C9E3CCE68198} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{209B995D-70D0-40B7-8BF7-C9E3CCE68198} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AB62DAF7-7BC3-4770-87BC-925598591929} => removed successfully
"Chrome StartupUrls" => removed successfully
C:\ProgramData\Pader => moved successfully
C:\Program Files (x86)\Seed Trade => moved successfully
C:\Program Files (x86)\DreamTrips => moved successfully
C:\Program Files (x86)\LJHSDK => moved successfully
C:\ProgramData\fb => moved successfully
"SethomePage Interval Timer" => removed successfully
"SethomePage Interval Timer" => not found
"EventFilter sethomePage2" => removed successfully
C:\Users\Nikola Pejovic\AppData\Roaming\abhvsii => moved successfully
C:\Users\Nikola Pejovic\AppData\Roaming\wijtcrd => moved successfully
C:\Program Files\AVAST Software\UOG8S => moved successfully
"C:\Program Files\Microsoft Power Query for Excel\GAXO8Y2ZQCEEBQN7XGKZ" => not found
C:\Users\Nikola Pejovic\AppData\Roaming\Microsoft\Windows\gcrchdhi => moved successfully

==== End of Fixlog 21:07:51 ====

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10385
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Kakvo je sada stanje?



Potrebno je da spakuješ folder C:\FRST\Quarantine u arhivu i pošalješ nam ga.

Uđi u folder C:\FRST
Desnim tasterom miša klini na folder Quarantine i izaberi opciju Add to archive... kao na slici



Kao Archive format izaberi RAR5 ili RAR
Za Compression method odaberi Best
U polje Split to volumes, bytes unesi 5000000 (slovima: pet miliona)
Na desnoj strani označi opciju Create Solid Archive (pogledaj sliku dole)



Klikni na OK
Kada WinRAR završi sa kompresovanjem, dobijene fajlove uploaduj (jedan po jedan) na:
https://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 28 Jan 2009
  • Poruke: 74

Zavrseno. Ima samo jedan rar. file. Stanje izgleda dobro, jedino je chrome izgubio neke bookmarks i podatke.

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10385
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

To bi bilo to onda.

Preimenuj FRST64.exe u uninstall.exe i pokreni ga. To bi trebalo ukloniti FRST sa sistema kao i fajlove koje je kreirao.

offline
  • Pridružio: 28 Jan 2009
  • Poruke: 74

Hvala puno!

Ko je trenutno na forumu
 

Ukupno su 591 korisnika na forumu :: 49 registrovanih, 5 sakrivenih i 537 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 1567 - dana 15 Jul 2016 19:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aljosa7, atrkulja, babaroga2, blue2, Boris902, darkangel2, Detective, Doca, dule10savic, goxin, indja, Kubovac, ljuba, ltcolonel, manda87, markotrninic51, Maschinekalibar, Megapurpletv, Mercury2, mgaji21, Mihajlo2, Milan Kosić, Mile Stjepanovic, milos_ts, miodrag3, Mirage 2000N, Miskohd, Mlav, MORAVA1, Oscar2, plavii, Profica, repac, sasa.zoric, sergio88nis, Shomy2, simaris, Skijavoneska, Srki94, ssekir75, vathra, Vatreni Zmaj, vespa nikola, vladetije, wilson_16547, Zerajic, Zvrk2, 1872