Malwer neki

Malwer neki

offline
  • bios1  Male
  • Ugledni građanin
  • Pridružio: 18 Jan 2012
  • Poruke: 430

Prvo sam slucajno skinuo i pokrenu neki fajl od druga sto mi je poslao na Fejsbuku. Potom mi se desilo da je CPU stalno bio na 100%, a u task menadzeru nista nije pokazivalo neku radnju koja bi opteretila toliko sistem. Onda sam iskljucio interent cisto da vidim da Malwer ili virus preko toga ne radi, i jeste bilo, da se CPU vratio normalno, kada sam ponovo ukljucio net opet je zakucao na 100%, instalirao sam onda onaj anti malwer skenirao jedva nekako, on je nesto odradio, i ne znam da li je od njega ili je taj virus izvrsio operaciju svoju CPU se stabilizovao, ugasio sam komp. i ponovo kada sam dosao sa posla, ukljucim racunar odem da se istusiram vracam se kad ono Chorme se sam pokrenu i usao na Fejsbuku, kad ono vidim pa barem nekih 80/tak poslatih poruka isti taj fajl sto sam ja skinuo, kasnije je poslalo jos jednom, onda sam opet uzeo anti/malwer skenirao naslo je neki kao inficiranih datotetka i izbrisalo. Mislio sam da ce danas stanje biti bolje ali opet kada sam usao na FB, ovaj put sa drugoga profila opet su se te poruke pocele slati, taj neki fajl, kao neki video.
Kada pokrenm Chorme gore bude pinovan Fejsbuku, a u Ekstanzije uopste ne mogu da udjem...
https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
Ran by tadija (administrator) on TADIJA-PC (27-12-2017 17:15:58)
Running from C:\Users\tadija\Desktop\New folder (3)
Loaded Profiles: tadija (Available Profiles: tadija)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(MDL Forum, mod by Ratiborus) C:\ProgramData\KMSAuto\bin\KMSSS.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Users\tadija\AppData\Roaming\tadija\endive.exe
(GameRanger Technologies) C:\Users\tadija\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
HKLM-x32\...\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499208 2016-01-14] (Lenovo)
HKU\S-1-5-21-4037507749-3530104932-657287422-1000\...\Run: [World of Tanks] => "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
HKU\S-1-5-21-4037507749-3530104932-657287422-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-4037507749-3530104932-657287422-1000\...\Run: [Google Updater] => C:\Users\tadija\AppData\Roaming\tadija\endive.exe [463872 2017-12-25] ()
HKU\S-1-5-21-4037507749-3530104932-657287422-1000\...\Run: [GoogleChromeAutoLaunch_41C4D63379726246C02E4F2474ADF57E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1592664 2017-12-06] (Google Inc.)
HKU\S-1-5-21-4037507749-3530104932-657287422-1000\...\MountPoints2: {1c40aa36-e0e2-11e7-abf0-b8eb147e8033} - G:\Lenovo_Suite.exe
HKU\S-1-5-21-4037507749-3530104932-657287422-1000\...\MountPoints2: {6e1dfe58-ade6-11e7-a8f2-806a6d7ece57} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-4037507749-3530104932-657287422-1000\...\MountPoints2: {6e1dfe5a-ade6-11e7-a8f2-806a6d7ece57} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-4037507749-3530104932-657287422-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\Users\tadija\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk [2017-12-03]
ShortcutTarget: GameRanger.lnk -> C:\Users\tadija\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A54617B0-F741-40B0-8B3B-78F119991E58}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-4037507749-3530104932-657287422-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-14] (Microsoft Corporation.)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-14] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-4037507749-3530104932-657287422-1000 -> True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-11] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-11] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-11] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-11] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 4h1vrpmf.default
FF ProfilePath: C:\Users\tadija\AppData\Roaming\Mozilla\Firefox\Profiles\4h1vrpmf.default [2017-12-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-11] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-13] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> yandex.ru
CHR StartupUrls: Default -> "hxxp://websearch.goodforsearch.info/?pid=24447&r=2015/05/15&hid=17436162113930900200&lg=EN&cc=BA&unqvl=86"
CHR Profile: C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default [2017-12-27]
CHR Extension: (ProxFlow) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2017-12-02]
CHR Extension: (Google Translate) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-11-13]
CHR Extension: (Slides) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (VK Music Download - Save Vkontakte audio) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\afkpfjljjhhonjehpkmgonimjjgaheap [2017-12-24]
CHR Extension: (Docs) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-04]
CHR Extension: (Turn Off the Lights) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-12-02]
CHR Extension: (YouTube) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-04]
CHR Extension: (Chrome IG Story) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojgejgifofondahckoaahkilneffhmf [2017-12-02]
CHR Extension: (Adblock Plus) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-11-30]
CHR Extension: (DownAlbum) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2017-12-02]
CHR Extension: (Tampermonkey) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-12-02]
CHR Extension: (Adobe Acrobat) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-21]
CHR Extension: (Slagalica fer igra - Ludara.com) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpifakoabdhigpeebhalfkjkoidenba [2017-12-02]
CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2017-12-02]
CHR Extension: (Sheets) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Quick Javascript Switcher) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\geddoclleiomckbhadiaipdggiiccfje [2017-12-02]
CHR Extension: (Google Docs Offline) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-07]
CHR Extension: (AdBlock) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-07]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-12-15]
CHR Extension: (VkOpt) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoboppgpbgclpfnjfdidokiilachfcbb [2017-12-02]
CHR Extension: (Video Recorder) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\janpabomenbggihohponfklipffjhlfb [2017-05-07]
CHR Extension: (Turn Off the Lights) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\labjanboighjienkhiabgpefblkbmemd [2017-12-02]
CHR Extension: (Start Page — Yandex) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\lalfiodohdgaejjccfgfmmngggpplmhp [2017-05-08]
CHR Extension: (Audio EQ) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfafdlnjaliaghpjdajmlcnnblkgcefh [2017-05-07]
CHR Extension: (Yandex) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehapofakghljopfegjogpgpeljkhjjn [2017-05-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (VK Feed Tweaks (aka VK Spoilers)) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\offdcbgibomkmdeeklddjajjpfngbffh [2017-12-02]
CHR Extension: (Gmail) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-07]
CHR Extension: (Chrome Media Router) - C:\Users\tadija\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
CHR Extension: (Google Afeso) - C:\Users\tadija\AppData\Roaming\tadija [2017-12-27]
CHR Profile: C:\Users\tadija\AppData\Local\Google\Chrome\User Data\System Profile [2017-12-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
S3 cfbackd; C:\Program Files (x86)\CleverFiles\Disk Drill\cfbackd.w32.exe [211520 2014-08-31] (CleverFiles)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2776664 2015-08-16] (Microsoft Corporation)
R2 KMSEmulator; C:\ProgramData\KMSAuto\bin\KMSSS.exe [301056 2015-07-24] (MDL Forum, mod by Ratiborus) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S2 SwOffScheduler; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2014-09-23] (Airytec) [File not signed]
S2 SwOffWeb; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2014-09-23] (Airytec) [File not signed]
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2017-12-26] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-12-27] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2017-12-27] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-26] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2017-12-27] (Malwarebytes)
R2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [11376 2017-12-03] () [File not signed]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-27 06:13 - 2017-12-27 17:11 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-12-26 13:09 - 2017-12-27 17:15 - 000000000 ____D C:\Users\tadija\Desktop\New folder (3)
2017-12-26 13:02 - 2017-12-26 13:02 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-12-26 13:01 - 2017-12-27 17:10 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-12-26 13:01 - 2017-12-27 17:01 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-12-26 13:01 - 2017-12-27 17:00 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-12-26 12:59 - 2017-12-26 23:41 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-12-26 12:59 - 2017-12-26 12:59 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-26 12:59 - 2017-12-26 12:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-26 12:59 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-12-26 12:53 - 2017-12-26 12:56 - 083316440 _____ (Malwarebytes ) C:\Users\tadija\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2017-12-26 12:15 - 2017-12-26 13:04 - 000015960 _____ C:\Users\tadija\Downloads\Addition.txt
2017-12-26 11:57 - 2017-12-27 17:15 - 000000000 ____D C:\FRST
2017-12-26 11:55 - 2017-12-26 11:55 - 000043625 _____ C:\Users\tadija\Downloads\279226_1119101461_Addition.txt
2017-12-26 11:05 - 2017-12-26 11:05 - 000000000 ____D C:\Users\tadija\Downloads\Malwarebytes Anti-Malware Premium 2.1.8.1057 Multilingual + KeyGen by FFF
2017-12-26 10:49 - 2017-12-26 10:49 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-26 10:45 - 2017-12-26 12:58 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-26 10:45 - 2017-12-26 12:53 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-12-26 10:40 - 2017-12-26 10:44 - 000000000 ____D C:\Users\tadija\Downloads\Malwarebytes Premium 3.0 FINAL + (zabranjeno) [TechTools.ME]
2017-12-26 10:39 - 2017-12-26 11:04 - 000000000 ____D C:\Users\tadija\AppData\LocalLow\uTorrent
2017-12-26 10:37 - 2017-12-26 10:37 - 000361457 _____ C:\Users\tadija\Downloads\video_7574.mp4.7z
2017-12-26 10:37 - 2017-12-26 06:05 - 000463872 ____N C:\Users\tadija\Downloads\Video.4368150.mp4.exe
2017-12-26 10:27 - 2017-12-27 17:02 - 000000000 ____D C:\Users\tadija\AppData\Roaming\tadija
2017-12-26 10:27 - 2017-12-25 22:02 - 000463872 ____N C:\Users\tadija\Downloads\Video.15592867.mp4.exe
2017-12-26 10:26 - 2017-12-26 10:27 - 000362208 _____ C:\Users\tadija\Downloads\video_8094.mp4.7z
2017-12-25 13:21 - 2017-12-26 12:35 - 000000968 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-12-25 13:21 - 2017-12-25 13:47 - 000000000 ____D C:\Users\tadija\AppData\LocalLow\Mozilla
2017-12-25 13:21 - 2017-12-25 13:26 - 000000000 ____D C:\Users\tadija\AppData\Local\Mozilla
2017-12-25 13:21 - 2017-12-25 13:21 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-25 13:21 - 2017-12-25 13:21 - 000000000 ____D C:\Users\tadija\AppData\Roaming\Mozilla
2017-12-25 13:21 - 2017-12-25 13:21 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-25 13:21 - 2017-12-25 13:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-25 13:19 - 2017-12-25 13:19 - 000311272 _____ (Mozilla) C:\Users\tadija\Downloads\Firefox Installer.exe
2017-12-24 18:00 - 2017-12-24 18:00 - 000568151 _____ C:\Users\tadija\Downloads\25478100_319660081882044_6939651910261538816_n.mp4
2017-12-24 15:59 - 2017-12-24 15:59 - 000000000 ____D C:\Users\tadija\Downloads\New folder (2)
2017-12-21 23:23 - 2017-12-21 23:23 - 004459099 _____ C:\Users\tadija\Downloads\bozja_miljenica-2017-12-21T23_23_44+01_00.zip
2017-12-21 23:23 - 2017-12-21 23:23 - 001237099 _____ C:\Users\tadija\Downloads\25468719_1737721702946108_916840316420489216_n.mp4
2017-12-21 23:20 - 2017-12-21 23:22 - 042499398 _____ C:\Users\tadija\Downloads\10000000_152051462111166_1506698312965685248_n.mp4
2017-12-21 23:19 - 2017-12-21 23:19 - 004459099 _____ C:\Users\tadija\Downloads\bozja_miljenica-2017-12-21T23_19_38+01_00.zip
2017-12-19 23:59 - 2017-12-19 23:59 - 000000000 ____D C:\Users\tadija\AppData\Local\World in Conflict
2017-12-19 23:49 - 2017-12-20 00:18 - 000000000 ____D C:\Users\tadija\Documents\World in Conflict
2017-12-19 12:30 - 2017-12-19 12:30 - 000000232 _____ C:\Users\tadija\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World in Conflict.url
2017-12-19 12:29 - 2017-12-19 12:29 - 000000232 _____ C:\Users\tadija\Desktop\World in Conflict.url
2017-12-19 00:50 - 2017-12-19 00:50 - 000000233 _____ C:\Users\tadija\Desktop\Watch_Dogs.url
2017-12-19 00:50 - 2017-12-19 00:50 - 000000233 _____ C:\Users\tadija\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Watch_Dogs.url
2017-12-18 16:14 - 2017-12-19 00:45 - 000000000 ____D C:\Users\tadija\Documents\Assassin's Creed IV Black Flag
2017-12-18 16:13 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2017-12-18 16:13 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2017-12-18 16:13 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2017-12-18 16:13 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2017-12-18 16:13 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2017-12-18 16:13 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2017-12-17 23:29 - 2017-12-26 12:35 - 000000973 _____ C:\Users\Public\Desktop\Airytec Switch Off.lnk
2017-12-17 23:29 - 2017-12-17 23:29 - 000245921 _____ C:\Users\tadija\Downloads\swoff351.exe
2017-12-17 23:29 - 2017-12-17 23:29 - 000000941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airytec Switch Off.lnk
2017-12-17 23:29 - 2017-12-17 23:29 - 000000000 ____D C:\Users\tadija\AppData\Roaming\Airytec
2017-12-17 23:29 - 2017-12-17 23:29 - 000000000 ____D C:\Program Files\Airytec
2017-12-17 20:49 - 2017-12-19 01:03 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2017-12-17 20:49 - 2017-12-17 20:49 - 000001007 _____ C:\Users\tadija\Desktop\SpeedFan.lnk
2017-12-17 20:49 - 2017-12-17 20:49 - 000000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2017-12-17 20:49 - 2017-12-17 20:49 - 000000000 ____D C:\Users\tadija\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2017-12-17 20:48 - 2017-12-17 20:49 - 003086696 _____ C:\Users\tadija\Downloads\instspeedfan452.exe
2017-12-17 15:19 - 2017-12-17 15:50 - 000000000 ____D C:\Users\tadija\Desktop\New folder
2017-12-16 23:02 - 2017-12-16 23:02 - 000217137 _____ C:\Users\tadija\Desktop\roman.jpeg
2017-12-16 23:01 - 2017-12-16 23:01 - 000000112 _____ C:\Users\tadija\Downloads\listen.pls
2017-12-16 19:53 - 2017-12-16 19:53 - 000000233 _____ C:\Users\tadija\Desktop\Assassin's Creed IV Black Flag (Singleplayer).url
2017-12-16 19:53 - 2017-12-16 19:53 - 000000233 _____ C:\Users\tadija\Desktop\Assassin's Creed IV Black Flag (Multiplayer).url
2017-12-16 19:53 - 2017-12-16 19:53 - 000000233 _____ C:\Users\tadija\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Assassin's Creed IV Black Flag (Singleplayer).url
2017-12-16 19:53 - 2017-12-16 19:53 - 000000233 _____ C:\Users\tadija\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Assassin's Creed IV Black Flag (Multiplayer).url
2017-12-16 19:46 - 2017-12-24 14:19 - 000000000 ____D C:\Users\tadija\AppData\Local\Ubisoft Game Launcher
2017-12-16 19:46 - 2017-12-16 19:46 - 000001201 _____ C:\Users\tadija\Desktop\Uplay.lnk
2017-12-16 19:46 - 2017-12-16 19:46 - 000000000 ____D C:\Users\tadija\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-12-16 19:46 - 2017-12-16 19:46 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2017-12-16 19:43 - 2017-12-16 19:45 - 072445392 _____ (Ubisoft) C:\Users\tadija\Downloads\UplayInstaller.exe
2017-12-14 17:28 - 2017-12-14 17:56 - 000000000 ____D C:\Users\tadija\Desktop\621 mm
2017-12-14 16:52 - 2017-12-14 16:52 - 000003990 _____ C:\Windows\System32\Tasks\lenovo mobile auto run
2017-12-14 16:52 - 2017-12-14 16:52 - 000000949 _____ C:\Users\Public\Desktop\Mobile Assistant.lnk
2017-12-14 16:52 - 2017-12-14 16:52 - 000000527 _____ C:\Users\tadija\ticket1.xml
2017-12-14 16:52 - 2017-12-14 16:52 - 000000000 ____D C:\Users\tadija\.android
2017-12-14 16:52 - 2017-12-14 16:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Assistant
2017-12-14 16:52 - 2017-12-14 16:52 - 000000000 ____D C:\Program Files (x86)\MagicPlus
2017-12-14 16:51 - 2017-12-14 16:52 - 000000000 ____D C:\Users\tadija\AppData\Roaming\Lenovo
2017-12-14 16:49 - 2017-12-14 16:51 - 000000000 ____D C:\Program Files (x86)\LenovoUsbDriver
2017-12-14 16:49 - 2017-12-14 16:51 - 000000000 ____D C:\MagicPlusMini
2017-12-14 16:49 - 2017-12-14 16:49 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2017-12-14 16:49 - 2017-12-14 16:49 - 000000000 ____D C:\Program Files\DIFX
2017-12-14 16:37 - 2017-12-14 16:47 - 000000000 ____D C:\Users\tadija\Desktop\mzka
2017-12-14 16:32 - 2017-12-14 17:27 - 000000000 ____D C:\Users\tadija\Desktop\fon11
2017-12-13 11:19 - 2017-12-13 11:19 - 000000833 _____ C:\Users\tadija\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-12-13 11:19 - 2017-12-13 11:19 - 000000785 _____ C:\Users\tadija\Desktop\Start Tor Browser.lnk
2017-12-13 11:19 - 2017-12-13 11:19 - 000000000 ____D C:\Users\tadija\Desktop\Tor Browser
2017-12-13 11:17 - 2017-12-13 11:19 - 053564880 _____ C:\Users\tadija\Downloads\torbrowser-install-7.0.11_en-US.exe
2017-12-07 00:02 - 2017-12-07 00:02 - 002006672 _____ C:\Users\tadija\Downloads\kirra_lan-2017-12-07T00_02_02+01_00.zip
2017-12-06 20:22 - 2017-12-06 20:22 - 000000270 _____ C:\Users\tadija\Downloads\techno.asx
2017-12-05 11:31 - 2017-12-05 11:31 - 000000000 ____D C:\Users\tadija\Documents\Lightshot
2017-12-03 17:42 - 2017-12-03 17:42 - 000000000 ____D C:\ProgramData\Age of Empires 3
2017-12-03 16:51 - 2017-12-03 16:51 - 000000000 ____D C:\Program Files (x86)\MSXML 4.0
2017-12-03 16:50 - 2017-12-03 16:50 - 000001212 _____ C:\Users\tadija\Desktop\Age of Empires III - The WarChiefs.lnk
2017-12-03 16:50 - 2017-12-03 16:50 - 000001212 _____ C:\Users\tadija\Desktop\Age of Empires - III The Asian Dynasties.lnk
2017-12-03 16:50 - 2017-12-03 16:50 - 000001207 _____ C:\Users\tadija\Desktop\Age of Empires III.lnk
2017-12-03 16:50 - 2017-12-03 16:50 - 000000000 ____D C:\Users\tadija\AppData\Roaming\Age of Empires III - Complete Collection_unistall
2017-12-03 16:50 - 2017-12-03 16:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Empires III - Complete Collection
2017-12-03 16:15 - 2017-12-03 16:50 - 000000000 ____D C:\Program Files (x86)\Age of Empires III - Complete Collection
2017-12-03 12:58 - 2017-12-03 12:58 - 003117457 _____ C:\Users\tadija\Downloads\AGE.OF.MYTHOLOGY.THE.TITANS.V1.03.ENG.VENGEANCE.BACKUPCD.ZIPd
2017-12-03 12:55 - 2017-12-03 12:55 - 000011376 _____ C:\Windows\SysWOW64\Drivers\SECDRV.SYS
2017-12-03 12:40 - 2017-12-03 12:40 - 000003138 _____ C:\Windows\System32\Tasks\{35B731F9-8B83-46FA-A87E-B3FFCF6D900F}
2017-12-03 12:21 - 2017-12-03 13:19 - 000000000 ____D C:\Users\tadija\Downloads\Age of Empires III - Complete Collection [Origami]
2017-12-03 12:08 - 2017-12-03 12:08 - 008058144 _____ C:\Users\tadija\Downloads\aomx10to103.exe
2017-12-03 12:08 - 2017-12-03 12:08 - 000114352 _____ (GameRanger Technologies) C:\Users\tadija\Downloads\GameRangerSetup.exe
2017-12-03 12:08 - 2017-12-03 12:08 - 000001072 _____ C:\Users\tadija\Desktop\GameRanger.lnk
2017-12-03 12:08 - 2017-12-03 12:08 - 000001058 _____ C:\Users\tadija\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
2017-12-03 12:08 - 2017-12-03 12:08 - 000000000 ____D C:\Users\tadija\AppData\Roaming\GameRanger
2017-12-03 01:44 - 2017-12-27 05:48 - 000000390 _____ C:\Windows\Tasks\update-S-1-5-21-4037507749-3530104932-657287422-1000.job
2017-12-03 01:44 - 2017-12-27 02:45 - 000000390 _____ C:\Windows\Tasks\update-sys.job
2017-12-03 01:44 - 2017-12-03 01:44 - 002731152 _____ (Skillbrains ) C:\Users\tadija\Downloads\setup-lightshot.exe
2017-12-03 01:44 - 2017-12-03 01:44 - 000003286 _____ C:\Windows\System32\Tasks\update-sys
2017-12-03 01:44 - 2017-12-03 01:44 - 000003266 _____ C:\Windows\System32\Tasks\update-S-1-5-21-4037507749-3530104932-657287422-1000
2017-12-03 01:44 - 2017-12-03 01:44 - 000000425 _____ C:\Users\tadija\AppData\Local\UserProducts.xml
2017-12-03 01:44 - 2017-12-03 01:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2017-12-03 01:44 - 2017-12-03 01:44 - 000000000 ____D C:\Program Files (x86)\Skillbrains
2017-12-02 21:20 - 2017-12-02 21:20 - 000001312 _____ C:\Users\tadija\Desktop\Age of Mythology - The Titans Expansion.lnk
2017-12-02 21:20 - 2017-12-02 21:20 - 000001305 _____ C:\Users\tadija\Desktop\Age of Mythology.lnk
2017-12-02 20:58 - 2017-12-02 21:00 - 000000000 ____D C:\Users\tadija\Desktop\The Prodigy - Discography
2017-12-02 20:09 - 2017-12-02 20:09 - 000000000 ____D C:\Users\tadija\Downloads\Age of Mythology Gold Edition
2017-12-02 19:59 - 2017-12-17 15:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Games
2017-12-02 19:55 - 2002-12-29 01:14 - 000081920 _____ C:\Windows\SysWOW64\Startup.cpl
2017-12-02 19:42 - 2017-12-02 21:02 - 000000000 ____D C:\Users\tadija\Desktop\Crisgon DotA Toolkit v1.0
2017-12-02 18:56 - 2017-12-26 10:23 - 000000000 ____D C:\Users\tadija\Desktop\vse to mene hdd1 old
2017-12-02 18:54 - 2017-12-02 19:15 - 000000000 ____D C:\Users\tadija\Desktop\New folder (2)
2017-12-02 00:25 - 2017-12-25 19:09 - 000024064 _____ C:\Users\tadija\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-12-01 23:41 - 2017-12-01 23:41 - 000000219 _____ C:\Users\tadija\Desktop\Dota 2.url
2017-12-01 23:04 - 2017-12-02 18:31 - 000001155 ___SH C:\Users\tadija\Desktop\DTKConfig.ini
2017-12-01 23:04 - 2017-12-02 18:31 - 000000000 __SHD C:\Users\tadija\Documents\DotaToolKit files
2017-12-01 19:37 - 2017-12-01 19:38 - 000000000 ____D C:\Users\Public\Documents\Warcraft III
2017-12-01 19:37 - 2017-12-01 19:37 - 000000000 ____D C:\Users\tadija\AppData\Roaming\Battle.net
2017-12-01 19:37 - 2017-12-01 19:37 - 000000000 ____D C:\Users\tadija\AppData\Local\Blizzard
2017-12-01 19:36 - 2017-12-01 19:38 - 000000000 ____D C:\Users\tadija\Documents\Warcraft III
2017-12-01 18:32 - 2017-12-01 18:36 - 078152400 _____ C:\Users\tadija\Downloads\WVS-127-by-DotA_Utilities.zip
2017-12-01 18:30 - 2017-12-01 18:30 - 000000044 _____ C:\Windows\wawx_dumpreg64.dll
2017-12-01 18:30 - 2017-12-01 18:30 - 000000044 _____ C:\Users\tadija\AppData\Roaming\twow_sysprepdt.dat
2017-12-01 18:29 - 2017-12-01 19:36 - 000000000 ____D C:\Users\tadija\AppData\Roaming\Eurobattle.net
2017-12-01 18:28 - 2017-12-01 18:29 - 000000000 ____D C:\Program Files (x86)\Eurobattle.net
2017-12-01 18:28 - 2017-12-01 18:28 - 000001017 _____ C:\Users\tadija\Desktop\Eurobattle.net Client.lnk
2017-12-01 17:52 - 2017-12-02 20:01 - 000000000 ____D C:\Users\tadija\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-12-01 17:50 - 2017-12-01 19:41 - 000000000 ____D C:\Users\tadija\Desktop\Warcraft III 1.26 -IceBlitz
2017-12-01 17:49 - 2017-12-01 19:41 - 000000000 ____D C:\Users\tadija\Downloads\New folder
2017-12-01 17:49 - 2017-12-01 17:52 - 000038912 ___SH C:\Users\tadija\Downloads\Thumbs.db
2017-12-01 16:35 - 2017-12-01 16:37 - 027360966 _____ C:\Users\tadija\Downloads\installer_v9.zip
2017-11-30 18:22 - 2017-12-27 17:02 - 000001448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-30 18:22 - 2017-12-27 17:02 - 000001436 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-30 18:13 - 2017-11-30 18:13 - 001129816 _____ (Google Inc.) C:\Users\tadija\Downloads\ChromeSetup.exe
2017-11-30 17:16 - 2017-11-30 17:26 - 000001908 _____ C:\Windows\diagwrn.xml
2017-11-30 17:16 - 2017-11-30 17:26 - 000001908 _____ C:\Windows\diagerr.xml
2017-11-30 12:51 - 2017-11-30 12:51 - 000000000 ____D C:\ProgramData\KMSAuto
2017-11-30 12:39 - 2017-11-30 12:54 - 000000000 ____D C:\Users\tadija\AppData\Local\MSfree Inc
2017-11-28 19:09 - 2017-11-28 19:09 - 000000000 ____D C:\Users\tadija\Downloads\Senke.nad.Balkanom.2017.HDTV.720p.S01.EP06
2017-11-28 00:43 - 2017-11-30 18:17 - 000007605 _____ C:\Users\tadija\AppData\Local\Resmon.ResmonCfg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-27 17:15 - 2017-07-26 11:23 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-27 17:00 - 2017-08-22 12:58 - 000000360 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2017-12-27 17:00 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-27 06:17 - 2009-07-14 05:45 - 000020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-27 06:17 - 2009-07-14 05:45 - 000020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-27 06:11 - 2017-06-14 16:53 - 000000000 ____D C:\Users\tadija\Desktop\(zabranjeno)
2017-12-27 06:11 - 2017-05-24 17:07 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.6
2017-12-27 05:32 - 2017-05-08 19:32 - 000000422 _____ C:\Windows\Tasks\Yandex Browser update.job
2017-12-27 00:00 - 2017-10-17 19:48 - 000000000 ____D C:\Users\tadija\AppData\Local\Microsoft Windows
2017-12-26 13:34 - 2017-05-04 19:38 - 000000000 ____D C:\Users\tadija\AppData\Roaming\uTorrent
2017-12-26 13:04 - 2017-06-14 18:51 - 000000000 ____D C:\Users\tadija\AppData\Local\CrashDumps
2017-12-26 12:35 - 2017-05-21 02:45 - 000001147 _____ C:\Users\Public\Desktop\Sid Meiers Civilization VI.lnk
2017-12-26 01:18 - 2017-05-08 20:08 - 000000000 ____D C:\Users\tadija\AppData\Roaming\Skype
2017-12-24 10:03 - 2017-05-18 14:47 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-19 23:48 - 2009-07-14 06:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-12-19 10:04 - 2017-05-19 17:41 - 000000000 ____D C:\Users\tadija\Documents\My Games
2017-12-18 16:02 - 2009-07-14 06:08 - 000032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-12-14 16:52 - 2017-05-04 03:07 - 000000000 ____D C:\Users\tadija
2017-12-14 16:51 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-12-14 16:37 - 2017-05-10 23:41 - 000723920 _____ C:\Windows\system32\perfh019.dat
2017-12-14 16:37 - 2017-05-10 23:41 - 000150222 _____ C:\Windows\system32\perfc019.dat
2017-12-14 16:37 - 2009-07-14 06:13 - 001647438 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-13 11:09 - 2017-05-18 14:48 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-13 11:09 - 2017-05-18 14:48 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-13 11:09 - 2017-05-18 14:48 - 000004544 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-13 11:09 - 2017-05-18 14:48 - 000004390 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-13 11:09 - 2017-05-18 14:47 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-03 12:54 - 2017-05-12 03:15 - 000000000 ____D C:\Users\tadija\Downloads\Subs
2017-12-03 12:22 - 2017-06-23 23:32 - 000000000 ____D C:\Games
2017-12-03 10:32 - 2009-07-14 05:45 - 000516232 _____ C:\Windows\system32\FNTCACHE.DAT
2017-12-02 20:08 - 2017-05-04 03:17 - 000130992 _____ C:\Users\tadija\AppData\Local\GDIPFONTCACHEV1.DAT
2017-12-02 00:13 - 2017-05-12 00:00 - 000000000 ____D C:\Users\tadija\AppData\Roaming\BSplayer
2017-12-01 23:41 - 2017-07-26 11:33 - 000000000 ____D C:\Users\tadija\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-01 16:34 - 2017-10-23 18:56 - 000000000 ___SD C:\Users\tadija\AppData\LocalLow\Temp
2017-12-01 16:32 - 2017-05-15 19:31 - 000000000 ____D C:\ProgramData\Skype
2017-11-30 19:10 - 2017-05-10 23:13 - 000000000 ____D C:\Users\tadija\AppData\Roaming\vlc
2017-11-30 18:22 - 2017-05-04 03:17 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-30 18:17 - 2017-05-08 20:09 - 000000000 ___RD C:\Users\tadija\OneDrive
2017-11-30 18:15 - 2017-05-18 11:50 - 000000000 ____D C:\Users\tadija\AppData\Local\tkdata
2017-11-30 18:15 - 2017-05-08 19:35 - 000000667 _____ C:\Users\tadija\Desktop\Яндекс.Диск.lnk
2017-11-30 18:15 - 2017-05-08 19:35 - 000000000 ___RD C:\Users\tadija\YandexDisk
2017-11-30 18:14 - 2017-05-08 19:32 - 000000000 ____D C:\ProgramData\Yandex
2017-11-30 18:14 - 2017-05-08 19:32 - 000000000 ____D C:\Program Files (x86)\Yandex
2017-11-30 18:14 - 2017-05-08 19:30 - 000000000 ____D C:\Users\tadija\AppData\Roaming\Yandex
2017-11-30 18:14 - 2017-05-04 03:07 - 000001443 _____ C:\Users\tadija\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-11-30 18:12 - 2017-09-11 20:33 - 000000000 ____D C:\Users\tadija\AppData\Local\WhatsApp
2017-11-30 18:12 - 2017-05-08 12:43 - 000000000 ____D C:\Program Files (x86)\Genery Software
2017-11-30 18:11 - 2017-09-11 20:34 - 000000000 ____D C:\Users\tadija\AppData\Roaming\WhatsApp
2017-11-30 18:11 - 2017-09-11 20:34 - 000000000 ____D C:\Users\tadija\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-11-30 17:14 - 2017-05-18 11:33 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2017-12-01 18:30 - 2017-12-01 18:30 - 000000044 _____ () C:\Users\tadija\AppData\Roaming\twow_sysprepdt.dat
2017-12-02 00:25 - 2017-12-25 19:09 - 000024064 _____ () C:\Users\tadija\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-28 00:43 - 2017-11-30 18:17 - 000007605 _____ () C:\Users\tadija\AppData\Local\Resmon.ResmonCfg
2017-12-03 01:44 - 2017-12-03 01:44 - 000000003 _____ () C:\Users\tadija\AppData\Local\updater.log
2017-12-03 01:44 - 2017-12-03 01:44 - 000000425 _____ () C:\Users\tadija\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2017-05-20 22:55 - 2017-05-20 22:55 - 007850088 _____ (Microsoft Corporation) C:\Users\tadija\AppData\Local\Temp\BingBarSetup-Partner.exe
2002-10-08 02:35 - 2002-10-08 02:35 - 001020000 ____N (Microsoft Corporation) C:\Users\tadija\AppData\Local\Temp\EBUB434.EXE
2002-10-08 01:34 - 2002-10-08 01:34 - 002113536 ____N (Microsoft Corporation) C:\Users\tadija\AppData\Local\Temp\EBUE449.DLL
2017-05-07 23:35 - 2013-01-23 07:13 - 009180976 ____N () C:\Users\tadija\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE
2017-09-11 21:21 - 2017-09-11 21:21 - 002885168 _____ () C:\Users\tadija\AppData\Local\Temp\npp.7.5.1.Installer.exe
2017-11-20 16:44 - 2017-11-20 16:44 - 057516536 _____ (YANDEX LLC) C:\Users\tadija\AppData\Local\Temp\Setup-yabrowser.exe
2013-10-29 10:30 - 2013-10-29 10:30 - 000228336 ____N (MSI) C:\Users\tadija\AppData\Local\Temp\SETUP_AFTERBURNER.EXE
2017-12-17 20:49 - 2017-12-19 01:03 - 000192512 _____ () C:\Users\tadija\AppData\Local\Temp\sfamcc00001.dll
2017-12-17 21:40 - 2017-12-17 21:40 - 000192512 _____ () C:\Users\tadija\AppData\Local\Temp\sfamcc00002.dll
2017-12-17 23:20 - 2017-12-17 23:20 - 000192512 _____ () C:\Users\tadija\AppData\Local\Temp\sfamcc00003.dll
2015-02-10 18:56 - 2015-02-10 18:56 - 000105984 _____ () C:\Users\tadija\AppData\Local\Temp\sfextra.dll
2017-05-15 19:27 - 2017-05-15 19:27 - 014456872 _____ (Microsoft Corporation) C:\Users\tadija\AppData\Local\Temp\vc_redist.x86.exe
2017-06-08 13:51 - 2017-06-08 13:51 - 030950664 _____ () C:\Users\tadija\AppData\Local\Temp\vlc-2.2.6-win32.exe
2017-11-30 18:15 - 2017-05-01 17:03 - 000226608 _____ () C:\Users\tadija\AppData\Local\Temp\YandexWorking.exe
2007-02-28 00:08 - 2007-02-28 00:08 - 000456416 ____R (Macrovision Corporation) C:\Users\tadija\AppData\Local\Temp\_is6827.exe
2007-02-28 00:08 - 2007-02-28 00:08 - 000456416 ____R (Macrovision Corporation) C:\Users\tadija\AppData\Local\Temp\_isEA41.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 04:24] - [2017-05-04 03:06] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-21 04:24] - [2017-05-04 03:06] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-19 01:59

==================== End of FRST.txt ============================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10459
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

HKU\S-1-5-21-4037507749-3530104932-657287422-1000\...\Run: [Google Updater] => C:\Users\tadija\AppData\Roaming\tadija\endive.exe [463872 2017-12-25] ()
CHR HomePage: Default -> yandex.ru
CHR StartupUrls: Default -> "hxxp://websearch.goodforsearch.info/?pid=24447&r=2015/05/15&hid=17436162113930900200&lg=EN&cc=BA&unqvl=86"
CHR Extension: (Google Afeso) - C:\Users\tadija\AppData\Roaming\tadija [2017-12-27]
ShortcutWithArgument: C:\Users\tadija\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --enable-automation --disable-infobars --load-extension=C:\Users\tadija\AppData\Roaming\tadija
ShortcutWithArgument: C:\Users\tadija\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5ab281fb3bb55f68\Chrome IG Story.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=bojgejgifofondahckoaahkilneffhmf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --enable-automation --disable-infobars --load-extension=C:\Users\tadija\AppData\Roaming\tadija
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --enable-automation --disable-infobars --load-extension=C:\Users\tadija\AppData\Roaming\tadija
C:\Users\tadija\Downloads\Video.15592867.mp4.exe
C:\Users\tadija\Downloads\Video.4368150.mp4.exe
C:\Users\tadija\Downloads\Malwarebytes Premium 3.0 FINAL + (zabranjeno) [TechTools.ME]
C:\Users\tadija\Downloads\Malwarebytes Anti-Malware Premium 2.1.8.1057 Multilingual + KeyGen by FFF
C:\Users\tadija\AppData\Roaming\tadija


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

offline
  • bios1  Male
  • Ugledni građanin
  • Pridružio: 18 Jan 2012
  • Poruke: 430

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10459
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Potrebno je da spakuješ folder C:\FRST\Quarantine u arhivu i pošalješ nam ga.

Uđi u folder C:\FRST
Desnim tasterom miša klini na folder Quarantine i izaberi opciju Add to archive... kao na slici



Kao Archive format izaberi 7z
Za Compression level odaberi Ultra (napomena: ako dobiješ grešku da nema dovoljno memorije, stavi na Maximum ili Normal)
Za Compression method stavi LZMA2 ili LZMA
U polje Split to volumes, bytes unesi 5000000 (slovima: pet miliona)
Na desnoj strani označi opciju Compress Shared Files (pogledaj sliku dole)



Klikni na OK
Kada 7-Zip završi sa kompresovanjem, dobijene fajlove uploaduj (jedan po jedan) na:
https://www.mycity.rs/ambulanta-upload.php

Ko je trenutno na forumu
 

Ukupno su 822 korisnika na forumu :: 39 registrovanih, 3 sakrivenih i 780 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 2967 - dana 31 Okt 2019 06:37

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 4channer, A.R.Chafee.Jr., amaterSRB, aramis s, cikadeda, dimitrovskid, dojcinoski1977, dozorni, Dusko Nikolin, duskovuk63, Gama, goxin, indja2, ivance95, ivicasimo, kozi, Kubovac, lacko, mandicdamir245, Marko Marković, Maschinekalibar, mercedesamg, Mercury2, MILO-VAN, mrav pesadinac, oblak, RJ, robertino, Shomy2, soonne, Srki94, Stija zmija, ucenik32, USSVoyager, vlvl, Voja1978, vuk.994ns, Warhawk, Zikka