PROVERA

1

PROVERA

offline
  • Pridružio: 10 Dec 2015
  • Poruke: 11

Otvaraju se razne stvari kada sam na netu,kompjuter mi koci...koji antivirus da instaliram?

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
Ran by Gojko (administrator) on TOSHIBA (10-12-2015 04:00:43)
Running from C:\Users\Gojko\Desktop
Loaded Profiles: Gojko (Available Profiles: Gojko)
Platform: Windows 8.1 Enterprise (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(The Privoxy team - privoxy.org) C:\Program Files (x86)\Techsmart Computer\privoxy.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Common Files\48ed1695-d484-472b-bd42-582714ef1368\updater.exe
() C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugincontainer.exe
() C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugins\2\Plugin.exe
() C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugins\3\Plugin.exe
() C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugins\5\Plugin.exe
() C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugins\10\Plugin.exe
() C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugins\8\Plugin.exe
() C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugins\7\Plugin.exe
() C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugins\12\Plugin.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugins\12\Plugin.exe
() C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugins\7\Plugin.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugins\3\Plugin.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BitTorrent Inc.) C:\Users\Gojko\AppData\Roaming\uTorrent\uTorrent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
() C:\Program Files (x86)\OLBPre\OLBPre.exe
(BitTorrent Inc.) C:\Users\Gojko\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(BitTorrent Inc.) C:\Users\Gojko\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-09-16] (Oracle Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKU\S-1-5-21-2798359788-3770072197-1221550767-1001\...\Run: [uTorrent] => C:\Users\Gojko\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-09] (BitTorrent Inc.)
Startup: C:\Users\Gojko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2015-12-09]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\OLBPre\OLBPre.exe ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2798359788-3770072197-1221550767-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-2798359788-3770072197-1221550767-1001] => 127.0.0.1:8118
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A483E617-3A91-4528-A332-D2564BE0013F}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{FCBB8D69-38AE-4128-A096-E4D77F22F57D}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKU\S-1-5-21-2798359788-3770072197-1221550767-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_frmr_15_50_newdop¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dme%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEzzyEtCtCyCtBtB0CtA0EtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0Fzy0CtC0EyEyCtGtAtA0DtAtG0E0ByC0CtGyDtA0A0BtGyDtA0DtAtA0CtAyCtAyDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztByB0F0AtD0CtG0ByE0E0AtGyE0A0AyBtGzytCzy0AtGzy0C0B0C0CyD0EtD0AtBtA0B2QtN0A0LzuyE%26cr%3D1347582360%26a%3Dwny_frmr_15_50_newdop%26os%3DWindows%2B8.1%2BEnterprise
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_frmr_15_50_newdop¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dme%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEzzyEtCtCyCtBtB0CtA0EtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0Fzy0CtC0EyEyCtGtAtA0DtAtG0E0ByC0CtGyDtA0A0BtGyDtA0DtAtA0CtAyCtAyDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztByB0F0AtD0CtG0ByE0E0AtGyE0A0AyBtGzytCzy0AtGzy0C0B0C0CyD0EtD0AtBtA0B2QtN0A0LzuyE%26cr%3D1347582360%26a%3Dwny_frmr_15_50_newdop%26os%3DWindows%2B8.1%2BEnterprise&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_frmr_15_50_newdop¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dme%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEzzyEtCtCyCtBtB0CtA0EtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0Fzy0CtC0EyEyCtGtAtA0DtAtG0E0ByC0CtGyDtA0A0BtGyDtA0DtAtA0CtAyCtAyDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztByB0F0AtD0CtG0ByE0E0AtGyE0A0AyBtGzytCzy0AtGzy0C0B0C0CyD0EtD0AtBtA0B2QtN0A0LzuyE%26cr%3D1347582360%26a%3Dwny_frmr_15_50_newdop%26os%3DWindows%2B8.1%2BEnterprise&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2798359788-3770072197-1221550767-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_frmr_15_50_newdop¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dme%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEzzyEtCtCyCtBtB0CtA0EtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0Fzy0CtC0EyEyCtGtAtA0DtAtG0E0ByC0CtGyDtA0A0BtGyDtA0DtAtA0CtAyCtAyDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztByB0F0AtD0CtG0ByE0E0AtGyE0A0AyBtGzytCzy0AtGzy0C0B0C0CyD0EtD0AtBtA0B2QtN0A0LzuyE%26cr%3D1347582360%26a%3Dwny_frmr_15_50_newdop%26os%3DWindows%2B8.1%2BEnterprise&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2798359788-3770072197-1221550767-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_frmr_15_50_newdop¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dme%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEzzyEtCtCyCtBtB0CtA0EtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0Fzy0CtC0EyEyCtGtAtA0DtAtG0E0ByC0CtGyDtA0A0BtGyDtA0DtAtA0CtAyCtAyDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztByB0F0AtD0CtG0ByE0E0AtGyE0A0AyBtGzytCzy0AtGzy0C0B0C0CyD0EtD0AtBtA0B2QtN0A0LzuyE%26cr%3D1347582360%26a%3Dwny_frmr_15_50_newdop%26os%3DWindows%2B8.1%2BEnterprise&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-19] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-19] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-25] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Middle Rush -> {d00ab4cc-662c-40b6-a85f-d53086f4bb16} -> C:\Program Files (x86)\Middle Rush\Extensions\d00ab4cc-662c-40b6-a85f-d53086f4bb16.dll [2015-12-09] ()
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-25] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.me/
CHR StartupUrls: Default -> "hxxps://www.google.me/"
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_frmr_15_50_newdop¶m1=1¶m2=f%3D4%26b%3DChrome%26cc%3Dme%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEzzyEtCtCyCtBtB0CtA0EtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0Fzy0CtC0EyEyCtGtAtA0DtAtG0E0ByC0CtGyDtA0A0BtGyDtA0DtAtA0CtAyCtAyDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztByB0F0AtD0CtG0ByE0E0AtGyE0A0AyBtGzytCzy0AtGzy0C0B0C0CyD0EtD0AtBtA0B2QtN0A0LzuyE%26cr%3D1347582360%26a%3Dwny_frmr_15_50_newdop%26os%3DWindows%2B8.1%2BEnterprise&p={searchTerms}
CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-19]
CHR Extension: (Google Docs) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-19]
CHR Extension: (Google Drive) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-19]
CHR Extension: (Google Docs Offline) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-19]
CHR Extension: (Gmail) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-19]

Opera:
=======
OPR Extension: (Middle Rush) - C:\Users\Gojko\AppData\Roaming\Opera Software\Opera Stable\Extensions\nijokjacnfmhhkcaeobikclkkjihgpjj [2015-12-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319888 2014-12-31] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-03-19] ()
R2 PrivoxyService; C:\Program Files (x86)\Techsmart Computer\privoxy.exe [371200 2015-12-09] (The Privoxy team - privoxy.org) [File not signed] <==== ATTENTION
R2 Service Mgr MiddleRush; C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugincontainer.exe [730336 2015-12-10] () <==== ATTENTION
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6887696 2015-11-30] (TeamViewer GmbH)
R2 Update Mgr MiddleRush; C:\Program Files (x86)\Common Files\48ed1695-d484-472b-bd42-582714ef1368\updater.exe [606432 2015-12-10] () <==== ATTENTION
R2 vmms; C:\Windows\system32\vmms.exe [13784064 2015-03-31] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-03-19] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-29] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-11-21] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [68952 2015-05-11] (Microsoft Corporation)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2015-09-19] (Microsoft Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3497240 2015-03-23] (Intel Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2015-09-19] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [27136 2015-09-19] (Microsoft Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [18944 2015-09-19] (Microsoft Corporation)
R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2015-08-05] (Microsoft Corporation)
S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2015-08-05] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2015-08-05] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2015-08-05] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S1 wgqsgpji; C:\Windows\system32\drivers\wgqsgpji.sys [55168 2015-12-09] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-10 04:00 - 2015-12-10 04:00 - 00021167 _____ C:\Users\Gojko\Desktop\FRST.txt
2015-12-10 03:52 - 2015-12-10 03:55 - 00029152 _____ C:\Users\Gojko\Downloads\Addition.txt
2015-12-10 03:50 - 2015-12-10 04:00 - 00000000 ____D C:\FRST
2015-12-10 03:50 - 2015-12-10 03:55 - 00045739 _____ C:\Users\Gojko\Downloads\FRST.txt
2015-12-10 03:49 - 2015-12-10 03:49 - 02369024 _____ (Farbar) C:\Users\Gojko\Desktop\FRST64.exe
2015-12-10 01:17 - 2015-12-10 01:17 - 00000017 _____ C:\Users\Gojko\AppData\Local\resmon.resmoncfg
2015-12-10 01:15 - 2015-12-10 03:28 - 00000000 ____D C:\Users\Gojko\AppData\LocalLow\uTorrent
2015-12-10 01:12 - 2015-12-10 01:12 - 00055168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\zeedujfb.sys
2015-12-09 11:14 - 2015-12-09 11:14 - 00055168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wgqsgpji.sys
2015-12-09 08:58 - 2015-12-09 11:14 - 00000000 ____D C:\Program Files\KMSpico
2015-12-09 08:58 - 2015-12-09 08:58 - 00004608 _____ C:\Windows\SECOH-QAD.exe
2015-12-09 08:58 - 2015-12-09 08:58 - 00003584 _____ C:\Windows\SECOH-QAD.dll
2015-12-09 08:58 - 2015-12-09 08:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2015-12-09 08:58 - 2010-12-05 18:16 - 00090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2015-12-09 08:57 - 2015-12-10 01:13 - 00000000 ____D C:\Users\Gojko\Downloads\KMSpico 10.1.1 FINAL + Portable (Office and Windows 10 Activator) [TechTools.NET]
2015-12-09 08:41 - 2015-12-09 08:44 - 00000000 ____D C:\Users\Gojko\Downloads\Microsoft Toolkit 2.5.3 Official Torrent
2015-12-09 08:27 - 2015-12-10 03:30 - 00003754 _____ C:\Windows\System32\Tasks\AutoKMS
2015-12-09 08:27 - 2015-12-09 10:55 - 00000000 ____D C:\Windows\AutoKMS
2015-12-09 08:27 - 2015-12-09 08:27 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2015-12-09 08:24 - 2015-12-09 08:26 - 56589543 _____ C:\Users\Gojko\Downloads\Microsoft Toolkit 2.6 Beta 2 [4realtorrentz].zip
2015-12-09 08:19 - 2015-12-09 08:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-12-09 08:19 - 2015-12-09 08:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-12-09 08:19 - 2015-12-09 08:19 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-09 08:18 - 2015-12-09 08:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2015-12-09 08:17 - 2015-12-09 08:17 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-12-09 08:16 - 2015-12-09 08:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2015-12-09 07:56 - 2015-12-09 07:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2015-12-09 07:56 - 2015-12-09 07:56 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2015-12-09 07:50 - 2015-12-09 07:50 - 00000000 _____ C:\Users\Gojko\Desktop\New Text Document.txt
2015-12-09 07:49 - 2015-12-09 07:50 - 01645496 _____ C:\Users\Gojko\Downloads\SetupVirtualCloneDrive_52193.exe
2015-12-09 07:48 - 2015-12-09 08:10 - 767623168 _____ C:\Users\Gojko\Downloads\14.0.4734.1000_ProfessionalPlus_volume_x86_en-us.iso
2015-12-09 07:31 - 2015-12-09 09:00 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-09 07:31 - 2015-12-09 07:31 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2015-12-09 07:31 - 2015-12-09 07:31 - 00001047 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2015-12-09 07:31 - 2015-12-09 07:31 - 00000000 ____D C:\Users\Gojko\AppData\Roaming\TeamViewer
2015-12-09 07:25 - 2015-12-09 07:26 - 00003274 _____ C:\Windows\System32\Tasks\Techsmart Computer Service
2015-12-09 07:25 - 2015-12-09 07:25 - 00000000 ____D C:\Program Files (x86)\Techsmart Computer
2015-12-09 07:24 - 2015-12-09 07:30 - 11156704 _____ (TeamViewer GmbH) C:\Users\Gojko\Downloads\TeamViewer_Setup.exe
2015-12-09 07:22 - 2015-12-09 07:22 - 00017047 _____ C:\Users\Gojko\AppData\Roaming\rp.dll
2015-12-09 07:22 - 2015-12-09 07:22 - 00000000 _____ C:\Users\Gojko\AppData\Roaming\D9F9.tmp
2015-12-09 07:22 - 2015-12-09 07:22 - 00000000 _____ C:\Users\Gojko\AppData\Roaming\3603.tmp
2015-12-09 07:21 - 2015-12-09 07:22 - 00003306 _____ C:\Windows\System32\Tasks\Internet Checker
2015-12-09 07:21 - 2015-12-09 07:21 - 00000000 ____D C:\Users\Gojko\AppData\Roaming\Internet Checker
2015-12-09 07:16 - 2015-12-09 07:17 - 00003982 _____ C:\Windows\System32\Tasks\LaunchPreSignup
2015-12-09 07:16 - 2015-12-09 07:17 - 00000000 ____D C:\Program Files (x86)\OLBPre
2015-12-09 07:16 - 2015-12-09 07:16 - 00001879 _____ C:\Users\Gojko\Desktop\MyPC Backup.lnk
2015-12-09 07:15 - 2015-12-10 01:20 - 00000000 ____D C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368
2015-12-09 07:15 - 2015-12-09 07:16 - 00000000 ____D C:\Program Files (x86)\Middle Rush
2015-12-09 07:12 - 2015-12-09 07:12 - 00000344 __RSH C:\ProgramData\ntuser.pol
2015-12-09 07:11 - 2015-12-09 07:19 - 01037648 _____ (BitTorrent Inc.) C:\Users\Gojko\Downloads\utorrent-64-bit [1].exe
2015-12-09 07:08 - 2015-12-09 07:08 - 01030936 _____ (Program Software ) C:\Users\Gojko\Desktop\utorrent-64-bit.exe
2015-12-09 07:03 - 2015-12-09 07:03 - 00705018 _____ C:\Users\Gojko\Downloads\Microsoft Toolkit 2 5 3 Official Torrent.cab
2015-12-09 06:57 - 2015-12-09 06:57 - 00705022 _____ C:\Users\Gojko\Downloads\Microsoft OFFICE 2010 Pro Plus PRE(zabranjeno)ED (1).cab
2015-12-09 06:52 - 2015-12-09 06:52 - 00000000 ____D C:\Users\Gojko\Desktop\JAVA KNJIGE
2015-12-09 06:41 - 2015-12-09 06:41 - 00003834 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1449672066
2015-12-09 06:41 - 2015-12-09 06:41 - 00001151 _____ C:\Users\Public\Desktop\Opera.lnk
2015-12-09 06:41 - 2015-12-09 06:41 - 00001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-12-09 06:41 - 2015-12-09 06:41 - 00000000 ____D C:\Users\Gojko\AppData\Roaming\Opera Software
2015-12-09 06:41 - 2015-12-09 06:41 - 00000000 ____D C:\Users\Gojko\AppData\Local\Opera Software
2015-12-09 06:39 - 2015-12-09 06:46 - 00000000 ____D C:\Users\Gojko\Desktop\FAX1
2015-12-09 06:39 - 2015-12-09 06:39 - 00000000 ____D C:\Users\Gojko\Downloads\The Unforseeable Fate Of Mr. Jones
2015-12-09 06:38 - 2015-12-10 03:58 - 00000000 ____D C:\Users\Gojko\AppData\Roaming\uTorrent
2015-12-09 06:38 - 2015-12-09 06:41 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-09 06:38 - 2015-12-09 06:38 - 00000000 ____D C:\Users\Gojko\AppData\Roaming\RPEng
2015-12-09 06:37 - 2015-12-09 06:37 - 02026520 _____ (BitTorrent Inc.) C:\Users\Gojko\Downloads\uTorrent.exe
2015-12-09 06:34 - 2015-12-09 06:34 - 00705022 _____ C:\Users\Gojko\Downloads\Microsoft OFFICE 2010 Pro Plus PRE(zabranjeno)ED.cab
2015-11-22 09:02 - 2015-11-22 09:02 - 00911162 _____ C:\Users\Gojko\Downloads\Dumpper v.80.4.rar
2015-11-20 14:26 - 2015-11-20 14:33 - 254992032 _____ C:\Users\Gojko\Downloads\cm-12.1-20151005-UNOFFICIAL-serranoltexx.zip
2015-11-20 07:52 - 2015-12-09 06:54 - 00000000 ____D C:\Users\Gojko\Desktop\s4
2015-11-20 07:47 - 2015-11-20 07:47 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2015-11-20 07:29 - 2015-11-20 07:29 - 00464072 _____ C:\Users\Gojko\Downloads\Odin307.zip
2015-11-15 08:01 - 2015-11-15 08:01 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-11-15 08:01 - 2015-11-15 08:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-11-15 08:00 - 2015-11-15 08:01 - 00000000 ____D C:\Program Files\iTunes
2015-11-15 08:00 - 2015-11-15 08:00 - 00000000 ____D C:\Program Files\iPod
2015-11-15 08:00 - 2015-11-15 08:00 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-11-13 00:48 - 2015-11-13 00:48 - 04680258 _____ C:\Users\Gojko\Downloads\Java knjiga (1).rar
2015-11-11 07:55 - 2015-11-11 07:55 - 04680258 _____ C:\Users\Gojko\Downloads\Java knjiga.rar
2015-11-11 07:43 - 2015-09-29 04:24 - 00155480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2015-11-11 07:43 - 2015-09-04 11:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-11-11 07:43 - 2015-08-28 14:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-11-11 07:43 - 2015-08-20 12:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-11 07:43 - 2015-08-20 09:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-11-11 07:43 - 2014-11-04 17:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-11-11 07:43 - 2014-11-04 17:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-11-11 07:03 - 2015-11-05 05:10 - 01398104 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2015-11-11 07:03 - 2015-11-05 05:10 - 01367384 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2015-11-11 07:03 - 2015-10-30 15:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 07:03 - 2015-10-30 15:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 07:03 - 2015-10-30 15:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 07:03 - 2015-10-30 15:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 07:03 - 2015-10-30 15:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 07:03 - 2015-10-30 14:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 07:03 - 2015-10-30 14:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 07:03 - 2015-10-30 14:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 07:03 - 2015-10-30 14:39 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-11-11 07:03 - 2015-10-30 14:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 07:03 - 2015-10-30 14:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 07:03 - 2015-10-30 14:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 07:03 - 2015-10-30 14:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 07:03 - 2015-10-30 14:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 07:03 - 2015-10-30 14:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 07:03 - 2015-10-30 14:14 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-11-11 07:03 - 2015-10-30 14:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 07:03 - 2015-10-30 14:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 07:03 - 2015-10-30 14:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 07:03 - 2015-10-30 13:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-11 07:03 - 2015-10-30 13:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 07:03 - 2015-10-30 13:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 07:03 - 2015-10-30 13:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 07:03 - 2015-10-20 13:54 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 07:03 - 2015-10-20 06:53 - 03705856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 07:03 - 2015-10-20 06:36 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 07:03 - 2015-10-20 06:35 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 07:03 - 2015-10-20 06:34 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-11-11 07:03 - 2015-10-20 06:34 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 07:03 - 2015-10-20 06:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 07:03 - 2015-10-20 06:33 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 07:03 - 2015-10-20 06:14 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 07:03 - 2015-10-20 06:13 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 07:03 - 2015-10-20 06:13 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 07:03 - 2015-10-20 06:13 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 07:03 - 2015-10-15 08:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 07:03 - 2015-10-15 07:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 07:03 - 2015-10-14 15:02 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 07:03 - 2015-10-14 15:02 - 01659560 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-11-11 07:03 - 2015-10-14 15:02 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-11-11 07:03 - 2015-10-14 15:02 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-11-11 07:03 - 2015-10-14 15:02 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-11-11 07:03 - 2015-10-13 09:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 07:03 - 2015-10-13 09:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 07:03 - 2015-10-13 07:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 07:03 - 2015-10-13 07:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 07:03 - 2015-10-13 07:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 07:03 - 2015-10-13 07:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 07:03 - 2015-10-13 07:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-11-11 07:03 - 2015-10-13 07:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-11-11 07:03 - 2015-10-10 22:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 07:03 - 2015-10-10 22:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 07:03 - 2015-10-10 10:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 07:03 - 2015-10-10 10:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 07:03 - 2015-10-10 10:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-11 07:03 - 2015-10-10 09:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 07:03 - 2015-10-10 09:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 07:03 - 2015-10-10 09:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-11 07:03 - 2015-10-10 08:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 07:03 - 2015-09-29 15:41 - 01391448 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.efi
2015-11-11 07:03 - 2015-09-29 15:41 - 01264472 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.exe
2015-11-11 07:03 - 2015-09-12 05:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml
2015-11-11 07:03 - 2015-09-07 08:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-11-11 07:03 - 2015-09-07 08:21 - 00825856 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll
2015-11-11 07:03 - 2015-09-07 08:17 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\ppcsnap.dll
2015-11-11 07:03 - 2015-09-07 07:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-11-11 07:03 - 2015-09-07 07:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-11-11 07:03 - 2015-05-11 16:24 - 00068952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2015-11-11 07:03 - 2015-05-11 16:24 - 00019800 _____ (Microsoft Corporation) C:\Windows\system32\kdhvcom.dll
2015-11-11 06:58 - 2015-10-17 06:19 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 06:58 - 2015-10-08 08:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-11-11 06:58 - 2015-08-10 10:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-11-11 06:58 - 2015-08-10 10:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-11-11 06:58 - 2015-08-10 09:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-11-11 06:58 - 2015-08-10 08:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-11-11 06:58 - 2015-08-10 08:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-11-11 06:58 - 2014-11-10 10:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-10 03:57 - 2015-09-19 08:17 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2798359788-3770072197-1221550767-1001
2015-12-10 03:55 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
2015-12-10 03:54 - 2015-09-19 08:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-10 03:53 - 2015-09-19 08:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-10 03:53 - 2013-08-22 07:20 - 00000000 ____D C:\Windows\CbsTemp
2015-12-10 03:52 - 2013-08-22 05:25 - 00000167 _____ C:\Windows\win.ini
2015-12-10 03:50 - 2015-09-19 09:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-10 03:49 - 2015-09-19 09:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-10 03:49 - 2015-09-19 09:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-10 03:46 - 2015-09-19 09:23 - 00002323 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-10 03:46 - 2015-09-19 09:22 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-10 03:45 - 2015-09-29 12:30 - 00000000 ____D C:\Windows\system32\MRT
2015-12-10 03:33 - 2015-09-29 12:30 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-10 03:28 - 2015-09-19 09:22 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-10 03:27 - 2015-09-19 14:14 - 00000000 __SHD C:\Users\Gojko\IntelGraphicsProfiles
2015-12-10 01:17 - 2015-09-19 08:33 - 27590656 _____ C:\Windows\system32\vmguest.iso
2015-12-10 01:14 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-10 01:14 - 2013-08-22 06:44 - 00482536 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-10 01:13 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-10 01:11 - 2015-09-19 09:04 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BD78261B-51E4-4513-A7E5-B441B8A9F93B}
2015-12-09 08:18 - 2015-09-19 08:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-09 08:17 - 2013-08-22 07:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-09 08:16 - 2015-09-19 08:27 - 00000000 ____D C:\Program Files\Microsoft Office
2015-12-09 08:15 - 2014-11-21 00:22 - 00000000 ____D C:\Windows\ShellNew
2015-12-09 07:56 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
2015-12-09 07:12 - 2015-09-19 09:12 - 00001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-09 07:12 - 2013-08-22 07:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-12-09 07:12 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-12-09 06:53 - 2015-09-19 08:11 - 00000000 ____D C:\Users\Gojko
2015-12-08 19:39 - 2015-09-21 09:05 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-07 09:18 - 2015-09-19 08:11 - 00000000 ____D C:\Users\Gojko\AppData\Local\Packages
2015-12-07 07:08 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\NDF
2015-12-05 07:16 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\AppReadiness
2015-12-04 01:38 - 2015-09-19 09:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 01:38 - 2015-09-19 09:22 - 00003658 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-01 09:19 - 2014-11-21 05:19 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-01 09:19 - 2014-11-21 05:19 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-30 09:57 - 2015-09-19 09:45 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-27 10:00 - 2014-11-21 00:40 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-20 01:41 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\rescache
2015-11-18 05:20 - 2013-08-22 07:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-11-15 08:00 - 2015-09-19 09:58 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-12 08:48 - 2013-08-22 07:36 - 00000000 ___RD C:\Windows\ToastData

==================== Files in the root of some directories =======

2015-12-09 07:22 - 2015-12-09 07:22 - 0000000 _____ () C:\Users\Gojko\AppData\Roaming\3603.tmp
2015-12-09 07:22 - 2015-12-09 07:22 - 0000000 _____ () C:\Users\Gojko\AppData\Roaming\D9F9.tmp
2015-12-09 07:22 - 2015-12-09 07:22 - 0017047 _____ () C:\Users\Gojko\AppData\Roaming\rp.dll
2015-12-10 01:17 - 2015-12-10 01:17 - 0000017 _____ () C:\Users\Gojko\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\Gojko\AppData\Local\Temp\0e3acdcb97544808b506fec1ed2f42ca560062.exe
C:\Users\Gojko\AppData\Local\Temp\16D4.tmp.exe
C:\Users\Gojko\AppData\Local\Temp\16E4.tmp.exe
C:\Users\Gojko\AppData\Local\Temp\77A5.tmp.exe
C:\Users\Gojko\AppData\Local\Temp\C151.tmp.exe
C:\Users\Gojko\AppData\Local\Temp\C1B0.tmp.exe
C:\Users\Gojko\AppData\Local\Temp\EC5C.tmp.exe
C:\Users\Gojko\AppData\Local\Temp\ExPromo.exe
C:\Users\Gojko\AppData\Local\Temp\GrLauncherTempSetup.exe
C:\Users\Gojko\AppData\Local\Temp\NSISPromotionEx.dll
C:\Users\Gojko\AppData\Local\Temp\ose00000.exe
C:\Users\Gojko\AppData\Local\Temp\ose00001.exe
C:\Users\Gojko\AppData\Local\Temp\{07ABD4B6-A270-4CF1-996B-F466E2C7EBC3}.dll
C:\Users\Gojko\AppData\Local\Temp\{2E265B01-BC4C-4A57-B2E7-8BFFBAF0C06A}.dll
C:\Users\Gojko\AppData\Local\Temp\{8F01358F-F237-412D-A90A-C521035A2C9D}.dll
C:\Users\Gojko\AppData\Local\Temp\{B19C18F2-8383-44C9-B93D-972228582D67}.dll
C:\Users\Gojko\AppData\Local\Temp\{B81C3546-F414-4D9D-BE5F-AB3EB92E3EBF}.dll
C:\Users\Gojko\AppData\Local\Temp\{DABFFC3F-E887-46A7-B173-A346DF5224F3}.dll
C:\Users\Gojko\AppData\Local\Temp\{E67A962A-8BBE-441C-9447-667A81BA708A}.dll
C:\Users\Gojko\AppData\Local\Temp\{F82129A4-30EE-4F0F-AD80-6B24DF0B374A}.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-07 07:33


mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,



Preuzmi Malwarebytes Anti-Malware i sacuvaj instalaciju na Desktop.
Instaliraj program standardnim putem, samo sto na kraju instalacije mozes da iskljucis Trial verziju, ali i ne moras. Drugu opciju ostavi, MalwareBytes ce biti pokrenut i azuriran.
Nakon sto je to gotovo, klikni na Settings tab, na levoj strani izaberi Detctions & protection and obelezi Scan for rootkits ukoliko vec nije.
U istom prozoru, ispod PUP and PUM detections postavi da bude Treat detections as malware.
Zatim klikni na Scan tab, Izaberi Threat Scan i na kraju klikni na Scan Now.
Nakon sto i ukoliko je malware detektovan, klikni na Apply Actions. Zatim ce MalwareBytes krenuti sa uklanjanjem infekcije i zatrazice ti da restartujes racunar.
Nakon zavrsetka skeniranja (ili nakon restart), klikni na History tab.
Klikni na Application Logs, a zatim dvoklik na najnoviji Scan Log.
Na dnu prozora klikni na Export i izaberi Text file.

Sacuvaj izvestaj na Desktop i prikaci ga u sledecoj poruci.

offline
  • Pridružio: 10 Dec 2015
  • Poruke: 11

Evo odradio sam sve navedeno gore
mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Odlicno! Kakva je situacija sada?

Ponovo pokreni FRST, obelezi Addition.txt, klikni na scan i prikaci oba izvestaja.

offline
  • Pridružio: 10 Dec 2015
  • Poruke: 11

Hvala puno,sad je odlicno ja msm, koji antivirus bi sada trebao da instaliram?


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
Ran by Gojko (administrator) on TOSHIBA (10-12-2015 14:25:53)
Running from C:\Users\Gojko\Desktop
Loaded Profiles: Gojko (Available Profiles: Gojko)
Platform: Windows 8.1 Enterprise (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BitTorrent Inc.) C:\Users\Gojko\AppData\Roaming\uTorrent\uTorrent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(BitTorrent Inc.) C:\Users\Gojko\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(BitTorrent Inc.) C:\Users\Gojko\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-09-16] (Oracle Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKU\S-1-5-21-2798359788-3770072197-1221550767-1001\...\Run: [uTorrent] => C:\Users\Gojko\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-09] (BitTorrent Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A483E617-3A91-4528-A332-D2564BE0013F}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{FCBB8D69-38AE-4128-A096-E4D77F22F57D}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2798359788-3770072197-1221550767-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-19] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-19] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-25] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-25] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.me/
CHR StartupUrls: Default -> "hxxps://www.google.me/"
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_frmr_15_50_newdop¶m1=1¶m2=f%3D4%26b%3DChrome%26cc%3Dme%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEzzyEtCtCyCtBtB0CtA0EtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0Fzy0CtC0EyEyCtGtAtA0DtAtG0E0ByC0CtGyDtA0A0BtGyDtA0DtAtA0CtAyCtAyDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztByB0F0AtD0CtG0ByE0E0AtGyE0A0AyBtGzytCzy0AtGzy0C0B0C0CyD0EtD0AtBtA0B2QtN0A0LzuyE%26cr%3D1347582360%26a%3Dwny_frmr_15_50_newdop%26os%3DWindows%2B8.1%2BEnterprise&p={searchTerms}
CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-19]
CHR Extension: (Google Docs) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-19]
CHR Extension: (Google Drive) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-19]
CHR Extension: (Google Docs Offline) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-19]
CHR Extension: (Gmail) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319888 2014-12-31] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-03-19] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6887696 2015-11-30] (TeamViewer GmbH)
R2 vmms; C:\Windows\system32\vmms.exe [13784064 2015-03-31] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-03-19] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-29] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-11-21] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [68952 2015-05-11] (Microsoft Corporation)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2015-09-19] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3497240 2015-03-23] (Intel Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2015-09-19] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [27136 2015-09-19] (Microsoft Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [18944 2015-09-19] (Microsoft Corporation)
R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2015-08-05] (Microsoft Corporation)
S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2015-08-05] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2015-08-05] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2015-08-05] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-10 11:59 - 2015-12-10 11:59 - 00042465 _____ C:\Users\Gojko\Downloads\562497_1187040377_scan.txt
2015-12-10 11:56 - 2015-12-10 11:56 - 00042465 _____ C:\Users\Gojko\Desktop\scan.txt
2015-12-10 11:03 - 2015-12-10 11:54 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-10 11:02 - 2015-12-10 11:02 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-10 11:02 - 2015-12-10 11:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-10 11:02 - 2015-12-10 11:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-10 11:02 - 2015-12-10 11:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-10 11:02 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-10 11:02 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-10 11:02 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-10 10:59 - 2015-12-10 11:51 - 00000000 ____D C:\Users\Gojko\AppData\Roaming\Interstat
2015-12-10 10:59 - 2015-12-10 11:00 - 22908888 _____ (Malwarebytes ) C:\Users\Gojko\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-10 04:07 - 2015-12-10 04:07 - 00029150 _____ C:\Users\Gojko\Downloads\562497_1147499519_Addition.txt
2015-12-10 04:01 - 2015-12-10 04:01 - 00029150 _____ C:\Users\Gojko\Desktop\Addition.txt
2015-12-10 04:00 - 2015-12-10 14:25 - 00015427 _____ C:\Users\Gojko\Desktop\FRST.txt
2015-12-10 03:52 - 2015-12-10 03:55 - 00029152 _____ C:\Users\Gojko\Downloads\Addition.txt
2015-12-10 03:50 - 2015-12-10 14:25 - 00000000 ____D C:\FRST
2015-12-10 03:50 - 2015-12-10 03:55 - 00045739 _____ C:\Users\Gojko\Downloads\FRST.txt
2015-12-10 03:49 - 2015-12-10 03:49 - 02369024 _____ (Farbar) C:\Users\Gojko\Desktop\FRST64.exe
2015-12-10 01:17 - 2015-12-10 01:17 - 00000017 _____ C:\Users\Gojko\AppData\Local\resmon.resmoncfg
2015-12-10 01:15 - 2015-12-10 14:22 - 00000000 ____D C:\Users\Gojko\AppData\LocalLow\uTorrent
2015-12-10 01:12 - 2015-12-10 01:12 - 00055168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\zeedujfb.sys
2015-12-09 11:14 - 2015-12-09 11:14 - 00055168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wgqsgpji.sys
2015-12-09 08:58 - 2015-12-09 11:14 - 00000000 ____D C:\Program Files\KMSpico
2015-12-09 08:58 - 2015-12-09 08:58 - 00004608 _____ C:\Windows\SECOH-QAD.exe
2015-12-09 08:58 - 2015-12-09 08:58 - 00003584 _____ C:\Windows\SECOH-QAD.dll
2015-12-09 08:58 - 2015-12-09 08:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2015-12-09 08:58 - 2010-12-05 18:16 - 00090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2015-12-09 08:57 - 2015-12-10 01:13 - 00000000 ____D C:\Users\Gojko\Downloads\KMSpico 10.1.1 FINAL + Portable (Office and Windows 10 Activator) [TechTools.NET]
2015-12-09 08:41 - 2015-12-09 08:44 - 00000000 ____D C:\Users\Gojko\Downloads\Microsoft Toolkit 2.5.3 Official Torrent
2015-12-09 08:27 - 2015-12-10 14:23 - 00003756 _____ C:\Windows\System32\Tasks\AutoKMS
2015-12-09 08:27 - 2015-12-09 10:55 - 00000000 ____D C:\Windows\AutoKMS
2015-12-09 08:27 - 2015-12-09 08:27 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2015-12-09 08:24 - 2015-12-09 08:26 - 56589543 _____ C:\Users\Gojko\Downloads\Microsoft Toolkit 2.6 Beta 2 [4realtorrentz].zip
2015-12-09 08:19 - 2015-12-09 08:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-12-09 08:19 - 2015-12-09 08:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-12-09 08:19 - 2015-12-09 08:19 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-09 08:18 - 2015-12-09 08:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2015-12-09 08:17 - 2015-12-09 08:17 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-12-09 08:16 - 2015-12-09 08:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2015-12-09 07:56 - 2015-12-09 07:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2015-12-09 07:56 - 2015-12-09 07:56 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2015-12-09 07:50 - 2015-12-09 07:50 - 00000000 _____ C:\Users\Gojko\Desktop\New Text Document.txt
2015-12-09 07:49 - 2015-12-09 07:50 - 01645496 _____ C:\Users\Gojko\Downloads\SetupVirtualCloneDrive_52193.exe
2015-12-09 07:48 - 2015-12-09 08:10 - 767623168 _____ C:\Users\Gojko\Downloads\14.0.4734.1000_ProfessionalPlus_volume_x86_en-us.iso
2015-12-09 07:31 - 2015-12-09 09:00 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-09 07:31 - 2015-12-09 07:31 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2015-12-09 07:31 - 2015-12-09 07:31 - 00001047 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2015-12-09 07:31 - 2015-12-09 07:31 - 00000000 ____D C:\Users\Gojko\AppData\Roaming\TeamViewer
2015-12-09 07:25 - 2015-12-10 10:58 - 00003274 _____ C:\Windows\System32\Tasks\Techsmart Computer Service
2015-12-09 07:24 - 2015-12-09 07:30 - 11156704 _____ (TeamViewer GmbH) C:\Users\Gojko\Downloads\TeamViewer_Setup.exe
2015-12-09 07:22 - 2015-12-09 07:22 - 00017047 _____ C:\Users\Gojko\AppData\Roaming\rp.dll
2015-12-09 07:22 - 2015-12-09 07:22 - 00000000 _____ C:\Users\Gojko\AppData\Roaming\D9F9.tmp
2015-12-09 07:22 - 2015-12-09 07:22 - 00000000 _____ C:\Users\Gojko\AppData\Roaming\3603.tmp
2015-12-09 07:21 - 2015-12-09 07:22 - 00003306 _____ C:\Windows\System32\Tasks\Internet Checker
2015-12-09 07:21 - 2015-12-09 07:21 - 00000000 ____D C:\Users\Gojko\AppData\Roaming\Internet Checker
2015-12-09 07:12 - 2015-12-10 11:52 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-12-09 07:11 - 2015-12-09 07:19 - 01037648 _____ (BitTorrent Inc.) C:\Users\Gojko\Downloads\utorrent-64-bit [1].exe
2015-12-09 07:03 - 2015-12-09 07:03 - 00705018 _____ C:\Users\Gojko\Downloads\Microsoft Toolkit 2 5 3 Official Torrent.cab
2015-12-09 06:57 - 2015-12-09 06:57 - 00705022 _____ C:\Users\Gojko\Downloads\Microsoft OFFICE 2010 Pro Plus PRE(zabranjeno)ED (1).cab
2015-12-09 06:52 - 2015-12-09 06:52 - 00000000 ____D C:\Users\Gojko\Desktop\JAVA KNJIGE
2015-12-09 06:41 - 2015-12-09 06:41 - 00003834 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1449672066
2015-12-09 06:41 - 2015-12-09 06:41 - 00001151 _____ C:\Users\Public\Desktop\Opera.lnk
2015-12-09 06:41 - 2015-12-09 06:41 - 00001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-12-09 06:41 - 2015-12-09 06:41 - 00000000 ____D C:\Users\Gojko\AppData\Roaming\Opera Software
2015-12-09 06:41 - 2015-12-09 06:41 - 00000000 ____D C:\Users\Gojko\AppData\Local\Opera Software
2015-12-09 06:39 - 2015-12-09 06:46 - 00000000 ____D C:\Users\Gojko\Desktop\FAX1
2015-12-09 06:39 - 2015-12-09 06:39 - 00000000 ____D C:\Users\Gojko\Downloads\The Unforseeable Fate Of Mr. Jones
2015-12-09 06:38 - 2015-12-10 14:24 - 00000000 ____D C:\Users\Gojko\AppData\Roaming\uTorrent
2015-12-09 06:38 - 2015-12-09 06:41 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-09 06:38 - 2015-12-09 06:38 - 00000000 ____D C:\Users\Gojko\AppData\Roaming\RPEng
2015-12-09 06:37 - 2015-12-09 06:37 - 02026520 _____ (BitTorrent Inc.) C:\Users\Gojko\Downloads\uTorrent.exe
2015-12-09 06:34 - 2015-12-09 06:34 - 00705022 _____ C:\Users\Gojko\Downloads\Microsoft OFFICE 2010 Pro Plus PRE(zabranjeno)ED.cab
2015-12-09 06:29 - 2015-11-05 00:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-09 06:28 - 2015-11-11 08:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-09 06:28 - 2015-11-11 08:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-09 06:28 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-09 06:28 - 2015-11-11 07:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-12-09 06:28 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-09 06:28 - 2015-11-11 07:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-09 06:28 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-09 06:28 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-09 06:28 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-09 06:28 - 2015-11-09 16:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-09 06:28 - 2015-11-09 16:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-09 06:28 - 2015-11-09 15:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-09 06:28 - 2015-11-09 15:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-12-09 06:28 - 2015-11-09 15:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-09 06:28 - 2015-11-09 15:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-09 06:28 - 2015-11-09 15:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-09 06:28 - 2015-11-09 15:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-09 06:28 - 2015-11-09 15:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-12-09 06:28 - 2015-11-09 15:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-09 06:28 - 2015-11-09 15:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-09 06:28 - 2015-11-09 15:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-09 06:28 - 2015-11-08 14:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-09 06:28 - 2015-11-08 14:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-09 06:28 - 2015-11-08 14:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-09 06:28 - 2015-11-08 14:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-09 06:28 - 2015-11-08 14:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-09 06:28 - 2015-11-08 13:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-09 06:28 - 2015-11-08 13:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-12-09 06:28 - 2015-11-08 13:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-12-09 06:28 - 2015-11-08 13:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-09 06:28 - 2015-11-08 13:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-09 06:28 - 2015-11-08 13:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-09 06:28 - 2015-11-08 13:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-09 06:28 - 2015-11-08 13:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-09 06:28 - 2015-11-08 13:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-09 06:28 - 2015-11-08 12:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-12-09 06:28 - 2015-11-08 12:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-09 06:28 - 2015-11-08 12:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-09 06:28 - 2015-11-08 12:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-09 06:27 - 2015-11-21 22:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-09 06:27 - 2015-11-21 22:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-09 06:27 - 2015-11-21 22:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-12-09 06:27 - 2015-11-21 22:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-12-09 06:27 - 2015-11-21 22:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-12-09 06:27 - 2015-11-21 22:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-12-09 06:27 - 2015-11-21 22:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-09 06:27 - 2015-11-21 10:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-12-09 06:27 - 2015-11-21 09:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-12-09 06:27 - 2015-11-21 08:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 06:27 - 2015-11-21 08:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 06:27 - 2015-11-21 08:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-09 06:27 - 2015-11-21 08:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 06:27 - 2015-11-08 16:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 06:27 - 2015-11-08 14:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 06:27 - 2015-11-08 13:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 06:27 - 2015-11-08 13:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 06:27 - 2015-11-08 13:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-09 06:27 - 2015-11-08 12:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 06:27 - 2015-11-08 12:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 06:27 - 2015-11-08 12:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-09 06:27 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-09 06:27 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2015-12-09 06:27 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-09 06:27 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-09 06:27 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-09 06:27 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2015-12-09 06:27 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-09 06:27 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-09 06:27 - 2015-10-22 08:21 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-12-09 06:27 - 2015-10-22 08:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-12-09 06:27 - 2015-10-22 07:58 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-12-09 06:27 - 2015-10-22 07:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-12-09 06:27 - 2015-10-22 06:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
2015-12-09 06:27 - 2015-10-22 06:08 - 00513456 _____ C:\Windows\system32\locale.nls
2015-12-09 06:27 - 2015-10-10 09:20 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-12-09 06:27 - 2015-10-03 11:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-12-09 06:27 - 2015-10-03 11:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-12-09 06:26 - 2015-11-20 14:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-09 06:26 - 2015-11-20 10:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-09 06:26 - 2015-11-20 08:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-09 06:26 - 2015-11-20 08:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-09 06:26 - 2015-11-20 08:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-09 06:26 - 2015-11-20 08:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-12-09 06:26 - 2015-11-20 08:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-09 06:26 - 2015-11-20 08:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-09 06:26 - 2015-11-20 08:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-09 06:26 - 2015-11-20 08:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-09 06:26 - 2015-11-20 08:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-09 06:26 - 2015-11-20 08:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-09 06:26 - 2015-11-20 08:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-09 06:26 - 2015-10-28 07:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-09 06:26 - 2015-10-28 07:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-09 06:26 - 2015-10-10 22:34 - 00468824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-12-09 06:26 - 2015-10-10 22:34 - 00462168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-12-09 06:26 - 2015-10-10 22:34 - 00443224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-12-09 06:26 - 2015-10-10 22:34 - 00092504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-12-09 06:26 - 2015-10-10 22:34 - 00027992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-12-09 06:26 - 2015-10-10 10:41 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-12-09 06:26 - 2015-10-10 10:41 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-12-09 06:26 - 2015-10-10 10:40 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys
2015-12-09 06:26 - 2015-10-08 08:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2015-12-09 06:26 - 2015-10-08 07:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2015-12-09 06:26 - 2015-10-05 10:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2015-12-09 06:26 - 2015-10-05 10:25 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-11-20 14:26 - 2015-11-20 14:33 - 254992032 _____ C:\Users\Gojko\Downloads\cm-12.1-20151005-UNOFFICIAL-serranoltexx.zip
2015-11-20 07:52 - 2015-12-09 06:54 - 00000000 ____D C:\Users\Gojko\Desktop\s4
2015-11-20 07:47 - 2015-11-20 07:47 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2015-11-20 07:29 - 2015-11-20 07:29 - 00464072 _____ C:\Users\Gojko\Downloads\Odin307.zip
2015-11-15 08:01 - 2015-11-15 08:01 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-11-15 08:01 - 2015-11-15 08:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-11-15 08:00 - 2015-11-15 08:01 - 00000000 ____D C:\Program Files\iTunes
2015-11-15 08:00 - 2015-11-15 08:00 - 00000000 ____D C:\Program Files\iPod
2015-11-15 08:00 - 2015-11-15 08:00 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-11-13 00:48 - 2015-11-13 00:48 - 04680258 _____ C:\Users\Gojko\Downloads\Java knjiga (1).rar
2015-11-11 07:55 - 2015-11-11 07:55 - 04680258 _____ C:\Users\Gojko\Downloads\Java knjiga.rar
2015-11-11 07:43 - 2015-09-29 04:24 - 00155480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2015-11-11 07:43 - 2015-09-04 11:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-11-11 07:43 - 2015-08-28 14:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-11-11 07:43 - 2015-08-20 12:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-11 07:43 - 2015-08-20 09:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-11-11 07:43 - 2014-11-04 17:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-11-11 07:43 - 2014-11-04 17:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-11-11 07:03 - 2015-11-05 05:10 - 01398104 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2015-11-11 07:03 - 2015-11-05 05:10 - 01367384 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2015-11-11 07:03 - 2015-10-15 08:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 07:03 - 2015-10-15 07:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 07:03 - 2015-10-13 09:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 07:03 - 2015-10-13 09:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 07:03 - 2015-10-13 07:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 07:03 - 2015-10-13 07:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 07:03 - 2015-10-13 07:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 07:03 - 2015-10-13 07:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 07:03 - 2015-10-13 07:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-11-11 07:03 - 2015-10-13 07:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-11-11 07:03 - 2015-10-10 22:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 07:03 - 2015-10-10 22:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 07:03 - 2015-10-10 10:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 07:03 - 2015-10-10 10:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 07:03 - 2015-10-10 10:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-11 07:03 - 2015-10-10 09:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 07:03 - 2015-10-10 09:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 07:03 - 2015-10-10 09:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-11 07:03 - 2015-10-10 08:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 07:03 - 2015-09-29 15:41 - 01391448 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.efi
2015-11-11 07:03 - 2015-09-29 15:41 - 01264472 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.exe
2015-11-11 07:03 - 2015-09-12 05:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml
2015-11-11 07:03 - 2015-09-07 08:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-11-11 07:03 - 2015-09-07 08:21 - 00825856 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll
2015-11-11 07:03 - 2015-09-07 08:17 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\ppcsnap.dll
2015-11-11 07:03 - 2015-09-07 07:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-11-11 07:03 - 2015-09-07 07:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-11-11 07:03 - 2015-05-11 16:24 - 00068952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2015-11-11 07:03 - 2015-05-11 16:24 - 00019800 _____ (Microsoft Corporation) C:\Windows\system32\kdhvcom.dll
2015-11-11 06:58 - 2015-10-08 08:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-11-11 06:58 - 2015-08-10 10:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-11-11 06:58 - 2015-08-10 10:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-11-11 06:58 - 2015-08-10 09:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-11-11 06:58 - 2015-08-10 08:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-11-11 06:58 - 2015-08-10 08:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-11-11 06:58 - 2014-11-10 10:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-10 14:22 - 2015-09-19 14:14 - 00000000 __SHD C:\Users\Gojko\IntelGraphicsProfiles
2015-12-10 14:22 - 2015-09-19 09:22 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-10 12:08 - 2015-09-19 08:17 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2798359788-3770072197-1221550767-1001
2015-12-10 11:54 - 2015-09-19 08:33 - 27590656 _____ C:\Windows\system32\vmguest.iso
2015-12-10 11:52 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-10 11:51 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\InputMethod
2015-12-10 11:43 - 2015-09-19 09:22 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-10 10:58 - 2015-09-19 09:04 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BD78261B-51E4-4513-A7E5-B441B8A9F93B}
2015-12-10 10:54 - 2013-08-22 06:44 - 00482864 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-10 10:54 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
2015-12-10 10:53 - 2015-09-19 09:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-10 10:53 - 2015-09-19 09:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-10 06:07 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-10 06:06 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2015-12-10 06:06 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\en-GB
2015-12-10 06:04 - 2015-09-19 08:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-10 04:01 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
2015-12-10 03:54 - 2015-09-19 08:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-10 03:53 - 2013-08-22 07:20 - 00000000 ____D C:\Windows\CbsTemp
2015-12-10 03:52 - 2013-08-22 05:25 - 00000167 _____ C:\Windows\win.ini
2015-12-10 03:50 - 2015-09-19 09:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-10 03:45 - 2015-09-29 12:30 - 00000000 ____D C:\Windows\system32\MRT
2015-12-10 03:33 - 2015-09-29 12:30 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-09 08:18 - 2015-09-19 08:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-09 08:17 - 2013-08-22 07:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-09 08:16 - 2015-09-19 08:27 - 00000000 ____D C:\Program Files\Microsoft Office
2015-12-09 08:15 - 2014-11-21 00:22 - 00000000 ____D C:\Windows\ShellNew
2015-12-09 07:12 - 2015-09-19 09:12 - 00001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-09 07:12 - 2013-08-22 07:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-12-09 07:12 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-12-09 06:53 - 2015-09-19 08:11 - 00000000 ____D C:\Users\Gojko
2015-12-08 19:39 - 2015-09-21 09:05 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-07 09:18 - 2015-09-19 08:11 - 00000000 ____D C:\Users\Gojko\AppData\Local\Packages
2015-12-07 07:08 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\NDF
2015-12-05 07:16 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\AppReadiness
2015-12-04 01:38 - 2015-09-19 09:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 01:38 - 2015-09-19 09:22 - 00003658 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-01 09:19 - 2014-11-21 05:19 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-01 09:19 - 2014-11-21 05:19 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-30 09:57 - 2015-09-19 09:45 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-27 10:00 - 2014-11-21 00:40 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-20 01:41 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\rescache
2015-11-18 05:20 - 2013-08-22 07:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-11-15 08:00 - 2015-09-19 09:58 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-12 08:48 - 2013-08-22 07:36 - 00000000 ___RD C:\Windows\ToastData

==================== Files in the root of some directories =======

2015-12-09 07:22 - 2015-12-09 07:22 - 0000000 _____ () C:\Users\Gojko\AppData\Roaming\3603.tmp
2015-12-09 07:22 - 2015-12-09 07:22 - 0000000 _____ () C:\Users\Gojko\AppData\Roaming\D9F9.tmp
2015-12-09 07:22 - 2015-12-09 07:22 - 0017047 _____ () C:\Users\Gojko\AppData\Roaming\rp.dll
2015-12-10 01:17 - 2015-12-10 01:17 - 0000017 _____ () C:\Users\Gojko\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\Gojko\AppData\Local\Temp\0e3acdcb97544808b506fec1ed2f42ca560062.exe
C:\Users\Gojko\AppData\Local\Temp\16E4.tmp.exe
C:\Users\Gojko\AppData\Local\Temp\77A5.tmp.exe
C:\Users\Gojko\AppData\Local\Temp\C1B0.tmp.exe
C:\Users\Gojko\AppData\Local\Temp\EC5C.tmp.exe
C:\Users\Gojko\AppData\Local\Temp\ExPromo.exe
C:\Users\Gojko\AppData\Local\Temp\GrLauncherTempSetup.exe
C:\Users\Gojko\AppData\Local\Temp\NSISPromotionEx.dll
C:\Users\Gojko\AppData\Local\Temp\ose00000.exe
C:\Users\Gojko\AppData\Local\Temp\ose00001.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-07 07:33

==================== End of FRST.txt ============================

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Nisi dostavio Addition.txt izvestaj.

offline
  • Pridružio: 10 Dec 2015
  • Poruke: 11

Nije mi izasao addition.txt samo frst.txt...ponovio sam sve nekoliko puta i ne izlazi mi addition...

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

To je zato sto ne citas pazljivo sta sam napisao. Procitaj moju trecu poruku od dna.

offline
  • Pridružio: 10 Dec 2015
  • Poruke: 11

Izvinjavam se,evo sada sam uradio sve i evo ih addition i frst prikaceni Smile Hvala puno
mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Odlicno, uklonicemo jos neke ostatke i to bi bilo to.


1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

createrestorepoint:
closeprocesses:
emptytemp:
Task: {F64F2C96-99A1-41DA-81EF-F3FF4AA825AA} - System32\Tasks\Techsmart Computer Service => C:\Program Files (x86)\Techsmart Computer\ittask.exe <==== ATTENTION
Task: {D96883F5-0D7B-4007-8CA4-BCFF0901A830} - System32\Tasks\Internet Checker => C:\Users\Gojko\AppData\Roaming\Internet Checker\Internet Checker.exe [2015-12-09] () <==== ATTENTION
C:\Users\Gojko\AppData\Roaming\Internet Checker
C:\Program Files (x86)\Techsmart Computer
AlternateDataStreams: C:\Windows\system32\Drivers\wgqsgpji.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\zeedujfb.sys:changelist
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_frmr_15_50_newdop¶m1=1¶m2=f%3D4%26b%3DChrome%26cc%3Dme%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEzzyEtCtCyCtBtB0CtA0EtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0Fzy0CtC0EyEyCtGtAtA0DtAtG0E0ByC0CtGyDtA0A0BtGyDtA0DtAtA0CtAyCtAyDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztByB0F0AtD0CtG0ByE0E0AtGyE0A0AyBtGzytCzy0AtGzy0C0B0C0CyD0EtD0AtBtA0B2QtN0A0LzuyE%26cr%3D1347582360%26a%3Dwny_frmr_15_50_newdop%26os%3DWindows%2B8.1%2BEnterprise&p={searchTerms}
CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
2015-12-09 07:22 - 2015-12-09 07:22 - 0000000 _____ () C:\Users\Gojko\AppData\Roaming\3603.tmp
2015-12-09 07:22 - 2015-12-09 07:22 - 0000000 _____ () C:\Users\Gojko\AppData\Roaming\D9F9.tmp
2015-12-09 07:22 - 2015-12-09 07:22 - 0017047 _____ () C:\Users\Gojko\AppData\Roaming\rp.dll
2015-12-10 01:17 - 2015-12-10 01:17 - 0000017 _____ () C:\Users\Gojko\AppData\Local\resmon.resmoncfg


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Ko je trenutno na forumu
 

Ukupno su 773 korisnika na forumu :: 51 registrovanih, 3 sakrivenih i 719 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Alexandar-1973, amaterSRB, Areal84, babaroga, Bane san, Belac91, bigfoot, bojanM84, dac, Dimitrise93, dollar, Dorcolac, Dusan Medojevic, FOX, goxin, GreenMan, HDMI, ikan, ILGromovnik, ivica976, komkom, kovinacc, Lazarus, madza, mercedesamg, Mercury, Milan A. Nikolic, milijarder, miljannis, MILO-VAN, Miskohd, nadjas_515, nenad81, Oluj2.1, operniki, peruni, Profica, proleter373, Recce, repac, ruma, sizif, Username1000, vandrej, vathra, Vlada78, voja64, VP3987, x9, Zerajic