provera

2

provera

offline
  • Pridružio: 15 Feb 2011
  • Poruke: 110

Opet ja.
Molim za proveru logova,poceo je da mi stize mail na gmail od nekog gde pise da zna moju sifru za neki sajt i da ako mu neuplatim 997$ da ce svim mojim kontaktima da salje neke (film-za-odrasle)-jave :-)


mycity.rs/must-login.png



[edit by magna86]: uklonjen iskopirani Additonal.txt izvestaj

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6062

Pozdrav,

Iskopirani log je isti kao i prikaceni uz file, Additional.

Prvo deinstaliraj Ace Stream Media. Bas sam otisao na FRST-ov autorski forum da vidim zasto ga Farbar markira i postoji citava mala analiza zasto je taj softver nepozeljan.
Plus, iz loga vidim da ni jedan njegov file nije potpisan (citaj kao ilegalno nastanjuje OS).

Znaci deinstaliraj ga sa racunara standardnim putem. Potom ponovo postavi FRST.txt i Additional.txt da pregledamo izvestaje jos jednom.

offline
  • Pridružio: 15 Feb 2011
  • Poruke: 110

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2019
Ran by kosmet srbima (administrator) on DESKTOP-THBVBPR (Gigabyte Technology Co., Ltd. H81M-S2PH) (07-06-2019 19:21:49)
Running from C:\Users\kosmet srbima\Desktop
Loaded Profiles: kosmet srbima (Available Profiles: kosmet srbima)
Platform: Windows 10 Pro Version 1809 17763.503 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19031.17720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19051.545.0_x64__8wekyb3d8bbwe\YourPhone.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0337968.inf_amd64_e9075e8c655a0e88\B337967\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0337968.inf_amd64_e9075e8c655a0e88\B337967\atiesrxx.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\NisSrv.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-14] (Logitech -> Logitech, Inc.)
HKU\S-1-5-21-2161285649-454037250-3043812474-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [735336 2019-02-10] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-2161285649-454037250-3043812474-1001\...\RunOnce: [StartIsBack update] => C:\Program Files (x86)\StartIsBack\UpdateCheck.exe [18672 2018-10-20] (Stanislav Zinukhov -> startisback.com)
HKU\S-1-5-21-2161285649-454037250-3043812474-1001\...\MountPoints2: {12d63236-3278-11e9-8e8e-c46e1f018836} - "H:\setup.exe"
HKU\S-1-5-21-2161285649-454037250-3043812474-1001\...\MountPoints2: {cd13e52a-2d0c-11e9-8e87-c46e1f018836} - "E:\Setup.exe"
HKU\S-1-5-21-2161285649-454037250-3043812474-1001\...\MountPoints2: {cd13e55a-2d0c-11e9-8e87-c46e1f018836} - "F:\setup.exe"
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [105984 2018-09-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2018-09-26] (Beepa P/L) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.80\Installer\chrmstp.exe [2019-06-05] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {059AA7A2-23D2-46D4-A643-40C2CC607EA6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3398344 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {0F87BC3A-0205-4851-A56E-DF4F19BBDABC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-09] (Google Inc -> Google Inc.)
Task: {21F5B0A2-19CC-4E6C-9873-C5A7439F4FEB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [123168 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {3C232ACF-2A2B-469E-8DC6-70D2D5E42DCC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14679256 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {448ABFE0-5483-4584-A24D-8FB21F89E63B} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {4E204CB3-08ED-4F14-90F6-5CFECAB489EF} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [52104 2017-09-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {4F39C751-7FC8-46D4-95F7-CF5C1CA17C08} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {69B2D156-E96B-40A8-85B1-BD3DAC5ABB90} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3398344 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {6A7247C8-B4D4-47F9-B9BA-D704FB639F20} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-09] (Google Inc -> Google Inc.)
Task: {74578670-B235-414B-A17E-6250AC783454} - System32\Tasks\Opera scheduled Autoupdate 1549745796 => C:\Users\kosmet srbima\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-05] (Opera Software AS -> Opera Software)
Task: {880D199A-E1CA-47EB-87BA-0C8AA94921FE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24257912 2018-12-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {8FE01B67-3A6E-487F-878A-39EDC27161B2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2139424 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {9E50B146-FAB7-4CD0-8666-C9C1F5150A67} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [123168 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {BA6CEEC7-4EFC-48F3-98C7-FBEE23732DD3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24257912 2018-12-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {C2907566-E1C5-459B-9FFA-BF36373F729D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C39B9B02-17A4-4EA8-B5CC-222B56332329} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C5499031-06DB-4064-AC8A-03E0C73572BF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {E387CD8D-A9A1-4CF6-9161-539A92196D38} - System32\Tasks\StartIsBack health check => C:\Program Files (x86)\StartIsBack\startscreen.exe [54728 2018-10-20] (Stanislav Zinukhov -> startisback.com)
Task: {E6E9BCAA-F4C0-45EC-BACA-EF8DC147E7FC} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2139424 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {F7F71430-D622-4025-8F2E-3FDD3A079D38} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 109.122.98.6
Tcpip\..\Interfaces\{a7f11256-82bb-4d0c-8ef9-13de69fc6f4f}: [DhcpNameServer] 109.122.98.6

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2161285649-454037250-3043812474-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2161285649-454037250-3043812474-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2161285649-454037250-3043812474-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-02-13] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Extension: (Firefox ESR configurer for OLDJAWS screen reader ) - C:\Program Files\Mozilla Firefox\browser\features\jaws-esr@mozilla.org.xpi [2018-10-17] [Legacy] [not signed]
FF HKU\S-1-5-21-2161285649-454037250-3043812474-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\kosmet srbima\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Script) - C:\Users\kosmet srbima\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2018-11-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-01-08] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-08] (Adobe Systems Incorporated -> )
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)

Chrome:
=======
CHR HomePage: Default -> hxxps://poslovi.infostud.com/oglasi-za-posao/grad/beograd-35#last_search_time=&page=0&submit=0&q=&city%5B%5D=35&dist=50&vreme_postavljanja=2&rok_konkursa=&firma_uid=&education=&vrste_kategorija_posla=&jezik=&sort=
CHR Profile: C:\Users\kosmet srbima\AppData\Local\Google\Chrome\User Data\Default [2019-06-07]
CHR Extension: (Slides) - C:\Users\kosmet srbima\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-09]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\kosmet srbima\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2019-06-05]
CHR Extension: (Docs) - C:\Users\kosmet srbima\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-09]
CHR Extension: (Google Drive) - C:\Users\kosmet srbima\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-09]
CHR Extension: (YouTube) - C:\Users\kosmet srbima\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-09]
CHR Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\kosmet srbima\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfjbkbddpfnoplfhceolpopfoepleco [2019-02-26]
CHR Extension: (Tampermonkey) - C:\Users\kosmet srbima\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-05-09]
CHR Extension: (Sheets) - C:\Users\kosmet srbima\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-09]
CHR Extension: (Google Docs Offline) - C:\Users\kosmet srbima\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-09]
CHR Extension: (AdBlock) - C:\Users\kosmet srbima\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-05-28]
CHR Extension: (Ace Script) - C:\Users\kosmet srbima\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2019-02-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kosmet srbima\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-09]
CHR Extension: (Downloader for Instagram™ (+ Upload photo)) - C:\Users\kosmet srbima\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkpikmlhoaojbbmmpejnimiglejmboe [2019-06-06]
CHR Extension: (Gmail) - C:\Users\kosmet srbima\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\kosmet srbima\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-05]
CHR HKU\S-1-5-21-2161285649-454037250-3043812474-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (Google Translate) - C:\Users\kosmet srbima\AppData\Roaming\Opera Software\Opera Stable\Extensions\mchdgimobfnilobnllpdnompfjkkfdmi [2019-05-12]
OPR Extension: (Adblock Plus - free ad blocker) - C:\Users\kosmet srbima\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2019-05-12]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\u0337968.inf_amd64_e9075e8c655a0e88\B337967\atiesrxx.exe [508320 2019-01-10] (Advanced Micro Devices, Inc. -> AMD)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9619824 2018-12-26] (Microsoft Corporation -> Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4132456 2019-02-10] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [353768 2018-11-15] (Intel Corporation -> Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2019-02-24] (Even Balance, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5382448 2019-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\u0337968.inf_amd64_e9075e8c655a0e88\B337967\atikmdag.sys [52792736 2019-01-10] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\u0337968.inf_amd64_e9075e8c655a0e88\B337967\atikmpag.sys [590240 2019-01-10] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [107496 2019-02-09] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [42256 2019-02-10] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [59360 2019-02-10] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R0 iaStorE; C:\Windows\System32\drivers\iaStorE.sys [1068968 2018-09-03] (Intel(R) Rapid Storage Technology enterprise -> Intel Corporation)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [97176 2019-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - sysinternals.com)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1139848 2019-02-09] (Realtek Semiconductor Corp. -> Realtek )
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [47496 2019-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [337632 2019-06-05] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-05] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-07 19:21 - 2019-06-07 19:22 - 000023636 _____ C:\Users\kosmet srbima\Desktop\FRST.txt
2019-06-07 19:21 - 2019-06-07 19:21 - 002417664 _____ (Farbar) C:\Users\kosmet srbima\Desktop\FRST64.exe
2019-06-07 19:21 - 2019-06-07 19:21 - 000000000 ____D C:\FRST
2019-05-22 21:23 - 2019-05-22 21:24 - 000000000 ____D C:\Users\kosmet srbima\Desktop\ACA
2019-05-21 17:08 - 2019-05-21 17:43 - 000139776 _____ C:\Users\kosmet srbima\Desktop\Copy of serijski brojevi 2018-1.11-skraceno.xls
2019-05-16 17:34 - 2019-05-16 17:34 - 019022336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-05-16 17:34 - 2019-05-16 17:34 - 006072320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-05-16 17:34 - 2019-05-16 17:34 - 003602944 _____ (Microsoft Corporation) C:\Windows\system32\tellib.dll
2019-05-16 17:34 - 2019-05-16 17:34 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-05-16 17:34 - 2019-05-16 17:34 - 000684032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-05-16 17:34 - 2019-05-16 17:34 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-05-16 17:34 - 2019-05-16 17:34 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-05-16 17:34 - 2019-05-16 17:34 - 000317240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssecflt.sys
2019-05-16 17:33 - 2019-05-16 17:33 - 026807808 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 023438848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 020814848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 009682744 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-05-16 17:33 - 2019-05-16 17:33 - 007883776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 007879680 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 007687576 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 007645384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 006542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 006440960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 006309040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 005498880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 005040640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 004883968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 004660736 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 004588544 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2019-05-16 17:33 - 2019-05-16 17:33 - 003905536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 003743744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 003637248 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-05-16 17:33 - 2019-05-16 17:33 - 003557888 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 003384832 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 003363856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-05-16 17:33 - 2019-05-16 17:33 - 002780000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 002708480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-05-16 17:33 - 2019-05-16 17:33 - 002422272 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2019-05-16 17:33 - 2019-05-16 17:33 - 002278240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 002189312 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 001860096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 001760768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 001701888 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 001699496 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-05-16 17:33 - 2019-05-16 17:33 - 001641616 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 001605120 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 001484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 001470016 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-05-16 17:33 - 2019-05-16 17:33 - 001395264 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 001387520 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 001342608 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-05-16 17:33 - 2019-05-16 17:33 - 001309696 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 001290752 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 001253904 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-05-16 17:33 - 2019-05-16 17:33 - 001225728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2019-05-16 17:33 - 2019-05-16 17:33 - 001179680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-05-16 17:33 - 2019-05-16 17:33 - 001062400 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 001054712 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-05-16 17:33 - 2019-05-16 17:33 - 001048376 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-05-16 17:33 - 2019-05-16 17:33 - 001026792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000972288 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000912384 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000895792 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000865280 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000840192 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000807464 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2019-05-16 17:33 - 2019-05-16 17:33 - 000758896 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2019-05-16 17:33 - 2019-05-16 17:33 - 000703488 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000680184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000660992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000586280 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000543744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-05-16 17:33 - 2019-05-16 17:33 - 000532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2019-05-16 17:33 - 2019-05-16 17:33 - 000508432 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2019-05-16 17:33 - 2019-05-16 17:33 - 000495104 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000449376 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000444944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2019-05-16 17:33 - 2019-05-16 17:33 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000387832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000376320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000254952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2019-05-16 17:33 - 2019-05-16 17:33 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000223544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-05-16 17:33 - 2019-05-16 17:33 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2019-05-16 17:33 - 2019-05-16 17:33 - 000216064 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000212792 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-05-16 17:33 - 2019-05-16 17:33 - 000203272 _____ (Microsoft Corporation) C:\Windows\system32\tcbloader.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000202768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-05-16 17:33 - 2019-05-16 17:33 - 000201016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-05-16 17:33 - 2019-05-16 17:33 - 000198456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-05-16 17:33 - 2019-05-16 17:33 - 000192824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-05-16 17:33 - 2019-05-16 17:33 - 000181248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2019-05-16 17:33 - 2019-05-16 17:33 - 000179728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2019-05-16 17:33 - 2019-05-16 17:33 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000177976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-05-16 17:33 - 2019-05-16 17:33 - 000163240 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2019-05-16 17:33 - 2019-05-16 17:33 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000147736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2019-05-16 17:33 - 2019-05-16 17:33 - 000138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000128000 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000122368 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000121656 _____ (Microsoft Corporation) C:\Windows\system32\kdnet.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2019-05-16 17:33 - 2019-05-16 17:33 - 000090640 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000080184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2019-05-16 17:33 - 2019-05-16 17:33 - 000079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dtdump.exe
2019-05-16 17:33 - 2019-05-16 17:33 - 000066688 _____ (Microsoft Corporation) C:\Windows\system32\cryptdll.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000055792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdll.dll
2019-05-16 17:33 - 2019-05-16 17:33 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2019-05-16 17:33 - 2019-05-16 17:33 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2019-05-16 17:33 - 2019-05-16 17:33 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2019-05-16 17:33 - 2019-05-16 17:33 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2019-05-16 17:33 - 2019-05-16 17:33 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2019-05-16 17:33 - 2019-05-16 17:33 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2019-05-16 17:33 - 2019-05-16 17:33 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2019-05-16 17:33 - 2019-05-16 17:33 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-07 19:11 - 2019-02-21 00:15 - 000000000 ____D C:\Users\kosmet srbima\AppData\Roaming\ACEStream
2019-06-07 19:11 - 2019-02-10 05:23 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-06-07 19:11 - 2019-02-09 20:51 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-06-07 19:11 - 2019-02-09 20:51 - 000000000 __SHD C:\Users\kosmet srbima\IntelGraphicsProfiles
2019-06-07 19:11 - 2018-09-15 09:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-06-07 19:10 - 2019-02-09 20:49 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2019-06-07 19:10 - 2018-09-15 08:09 - 000524288 _____ C:\Windows\system32\config\BBI
2019-06-07 17:15 - 2019-02-21 00:16 - 000000000 ____D C:\Users\kosmet srbima\AppData\Roaming\.ACEStream
2019-06-07 17:11 - 2019-02-09 22:56 - 000004274 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1549745796
2019-06-07 17:11 - 2019-02-09 22:56 - 000001497 _____ C:\Users\kosmet srbima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-06-07 00:13 - 2019-02-09 20:35 - 000000000 ____D C:\Users\kosmet srbima
2019-06-06 21:40 - 2019-02-10 05:23 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-06-06 17:53 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\AppReadiness
2019-06-05 22:50 - 2018-09-15 09:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-05 22:07 - 2019-02-09 20:39 - 000003394 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2161285649-454037250-3043812474-1001
2019-06-05 22:07 - 2019-02-09 20:39 - 000000000 ___RD C:\Users\kosmet srbima\OneDrive
2019-06-05 22:07 - 2019-02-09 20:35 - 000002387 _____ C:\Users\kosmet srbima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-06-05 18:30 - 2019-02-09 21:30 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-06-05 17:55 - 2019-02-10 05:23 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-06-03 22:58 - 2019-02-15 10:24 - 000000000 ____D C:\Users\kosmet srbima\AppData\Local\JDownloader 2.0
2019-05-29 17:39 - 2019-02-10 13:15 - 000000000 ____D C:\Users\kosmet srbima\AppData\Roaming\uTorrent
2019-05-28 19:09 - 2019-02-09 20:54 - 000000000 ____D C:\ProgramData\Packages
2019-05-27 19:55 - 2019-02-27 22:23 - 000000000 ____D C:\Users\kosmet srbima\AppData\Local\BitTorrentHelper
2019-05-21 17:09 - 2019-02-09 20:36 - 000000000 ____D C:\Users\kosmet srbima\AppData\Local\Packages
2019-05-17 18:23 - 2019-02-11 20:51 - 000226168 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2019-05-17 18:23 - 2019-02-11 20:51 - 000214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2019-05-17 18:19 - 2019-02-24 16:50 - 000000000 ____D C:\ProgramData\Origin
2019-05-16 17:48 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\LiveKernelReports
2019-05-16 17:48 - 2018-09-15 09:31 - 000000000 ____D C:\Windows\INF
2019-05-16 17:47 - 2019-02-10 05:23 - 000291072 _____ C:\Windows\system32\FNTCACHE.DAT
2019-05-16 17:44 - 2019-02-09 20:33 - 000840848 _____ C:\Windows\system32\PerfStringBackup.INI
2019-05-16 17:36 - 2018-09-15 09:33 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2019-05-16 17:36 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\bcastdvr
2019-05-16 17:36 - 2018-09-15 09:23 - 000000000 ____D C:\Windows\CbsTemp
2019-05-15 17:19 - 2019-02-09 21:15 - 000000000 ____D C:\Windows\system32\MRT
2019-05-15 17:17 - 2019-02-09 21:15 - 132445408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-05-15 05:09 - 2019-02-09 21:29 - 000003418 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-15 05:09 - 2019-02-09 21:29 - 000003294 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-13 23:23 - 2019-03-14 06:06 - 000835688 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-05-13 23:23 - 2019-03-14 06:06 - 000179816 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-11 02:13 - 2019-02-09 22:34 - 000000000 ____D C:\Users\kosmet srbima\AppData\Local\D3DSCache

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6062

Nista, meni ovo deluje cisto. Ne vidim tragove neke infekcije.

Ono sto vidim jos da je ostalo u Firefox i Chrome browserima ACEStream/Ace Script extenzije, pa i to ukloni rucno, standardnim putem kroz podesavanja da ne vucemo sada script samo zbog toga.

Sve ostalo deluje Ok.

FRST mozes deinstalirati tako sto mu promenis naziv u uninstall.exe i pokrenes ga.

offline
  • Pridružio: 15 Feb 2011
  • Poruke: 110

OK.
Hvala puno na pomoci.

Ko je trenutno na forumu
 

Ukupno su 635 korisnika na forumu :: 37 registrovanih, 7 sakrivenih i 591 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 2967 - dana 31 Okt 2019 06:37

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aca022, alkatraz080, bato, bigbear2, brufen2, Cobi026, darkangel, darkstar101, Djokkinen, Gama, girici3, Hektor2, ivica976, Kožedub, louderick, Marko Marković, MilosKop, Miskohd, moonshine, NenadG, ofbeyond, Panonsky, Pavlov A.A., plavii, r77adder, Rakenica, ruseskij, SOVO515, ssekir75, USSVoyager, vasa.93, Velibor Rado, vladaa012, voja64, zixmix, 187