PROVERA

1

PROVERA

offline
  • Pridružio: 10 Dec 2015
  • Poruke: 11

Otvaraju se razne stvari kada sam na netu,kompjuter mi koci...koji antivirus da instaliram?

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
Ran by Gojko (administrator) on TOSHIBA (10-12-2015 04:00:43)
Running from C:\Users\Gojko\Desktop
Loaded Profiles: Gojko (Available Profiles: Gojko)
Platform: Windows 8.1 Enterprise (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(The Privoxy team - privoxy.org) C:\Program Files (x86)\Techsmart Computer\privoxy.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Common Files\48ed1695-d484-472b-bd42-582714ef1368\updater.exe
() C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugincontainer.exe
() C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugins\2\Plugin.exe
() C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugins\3\Plugin.exe
() C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugins\5\Plugin.exe
() C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugins\10\Plugin.exe
() C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugins\8\Plugin.exe
() C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugins\7\Plugin.exe
() C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugins\12\Plugin.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugins\12\Plugin.exe
() C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugins\7\Plugin.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugins\3\Plugin.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BitTorrent Inc.) C:\Users\Gojko\AppData\Roaming\uTorrent\uTorrent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
() C:\Program Files (x86)\OLBPre\OLBPre.exe
(BitTorrent Inc.) C:\Users\Gojko\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(BitTorrent Inc.) C:\Users\Gojko\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-09-16] (Oracle Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKU\S-1-5-21-2798359788-3770072197-1221550767-1001\...\Run: [uTorrent] => C:\Users\Gojko\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-09] (BitTorrent Inc.)
Startup: C:\Users\Gojko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2015-12-09]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\OLBPre\OLBPre.exe ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2798359788-3770072197-1221550767-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-2798359788-3770072197-1221550767-1001] => 127.0.0.1:8118
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A483E617-3A91-4528-A332-D2564BE0013F}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{FCBB8D69-38AE-4128-A096-E4D77F22F57D}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKU\S-1-5-21-2798359788-3770072197-1221550767-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_frmr_15_50_newdop¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dme%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEzzyEtCtCyCtBtB0CtA0EtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0Fzy0CtC0EyEyCtGtAtA0DtAtG0E0ByC0CtGyDtA0A0BtGyDtA0DtAtA0CtAyCtAyDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztByB0F0AtD0CtG0ByE0E0AtGyE0A0AyBtGzytCzy0AtGzy0C0B0C0CyD0EtD0AtBtA0B2QtN0A0LzuyE%26cr%3D1347582360%26a%3Dwny_frmr_15_50_newdop%26os%3DWindows%2B8.1%2BEnterprise
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_frmr_15_50_newdop¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dme%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEzzyEtCtCyCtBtB0CtA0EtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0Fzy0CtC0EyEyCtGtAtA0DtAtG0E0ByC0CtGyDtA0A0BtGyDtA0DtAtA0CtAyCtAyDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztByB0F0AtD0CtG0ByE0E0AtGyE0A0AyBtGzytCzy0AtGzy0C0B0C0CyD0EtD0AtBtA0B2QtN0A0LzuyE%26cr%3D1347582360%26a%3Dwny_frmr_15_50_newdop%26os%3DWindows%2B8.1%2BEnterprise&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_frmr_15_50_newdop¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dme%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEzzyEtCtCyCtBtB0CtA0EtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0Fzy0CtC0EyEyCtGtAtA0DtAtG0E0ByC0CtGyDtA0A0BtGyDtA0DtAtA0CtAyCtAyDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztByB0F0AtD0CtG0ByE0E0AtGyE0A0AyBtGzytCzy0AtGzy0C0B0C0CyD0EtD0AtBtA0B2QtN0A0LzuyE%26cr%3D1347582360%26a%3Dwny_frmr_15_50_newdop%26os%3DWindows%2B8.1%2BEnterprise&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2798359788-3770072197-1221550767-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_frmr_15_50_newdop¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dme%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEzzyEtCtCyCtBtB0CtA0EtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0Fzy0CtC0EyEyCtGtAtA0DtAtG0E0ByC0CtGyDtA0A0BtGyDtA0DtAtA0CtAyCtAyDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztByB0F0AtD0CtG0ByE0E0AtGyE0A0AyBtGzytCzy0AtGzy0C0B0C0CyD0EtD0AtBtA0B2QtN0A0LzuyE%26cr%3D1347582360%26a%3Dwny_frmr_15_50_newdop%26os%3DWindows%2B8.1%2BEnterprise&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2798359788-3770072197-1221550767-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_frmr_15_50_newdop¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dme%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEzzyEtCtCyCtBtB0CtA0EtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0Fzy0CtC0EyEyCtGtAtA0DtAtG0E0ByC0CtGyDtA0A0BtGyDtA0DtAtA0CtAyCtAyDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztByB0F0AtD0CtG0ByE0E0AtGyE0A0AyBtGzytCzy0AtGzy0C0B0C0CyD0EtD0AtBtA0B2QtN0A0LzuyE%26cr%3D1347582360%26a%3Dwny_frmr_15_50_newdop%26os%3DWindows%2B8.1%2BEnterprise&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-19] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-19] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-25] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Middle Rush -> {d00ab4cc-662c-40b6-a85f-d53086f4bb16} -> C:\Program Files (x86)\Middle Rush\Extensions\d00ab4cc-662c-40b6-a85f-d53086f4bb16.dll [2015-12-09] ()
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-25] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.me/
CHR StartupUrls: Default -> "hxxps://www.google.me/"
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_frmr_15_50_newdop¶m1=1¶m2=f%3D4%26b%3DChrome%26cc%3Dme%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEzzyEtCtCyCtBtB0CtA0EtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0Fzy0CtC0EyEyCtGtAtA0DtAtG0E0ByC0CtGyDtA0A0BtGyDtA0DtAtA0CtAyCtAyDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztByB0F0AtD0CtG0ByE0E0AtGyE0A0AyBtGzytCzy0AtGzy0C0B0C0CyD0EtD0AtBtA0B2QtN0A0LzuyE%26cr%3D1347582360%26a%3Dwny_frmr_15_50_newdop%26os%3DWindows%2B8.1%2BEnterprise&p={searchTerms}
CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-19]
CHR Extension: (Google Docs) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-19]
CHR Extension: (Google Drive) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-19]
CHR Extension: (Google Docs Offline) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-19]
CHR Extension: (Gmail) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-19]

Opera:
=======
OPR Extension: (Middle Rush) - C:\Users\Gojko\AppData\Roaming\Opera Software\Opera Stable\Extensions\nijokjacnfmhhkcaeobikclkkjihgpjj [2015-12-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319888 2014-12-31] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-03-19] ()
R2 PrivoxyService; C:\Program Files (x86)\Techsmart Computer\privoxy.exe [371200 2015-12-09] (The Privoxy team - privoxy.org) [File not signed] <==== ATTENTION
R2 Service Mgr MiddleRush; C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugincontainer.exe [730336 2015-12-10] () <==== ATTENTION
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6887696 2015-11-30] (TeamViewer GmbH)
R2 Update Mgr MiddleRush; C:\Program Files (x86)\Common Files\48ed1695-d484-472b-bd42-582714ef1368\updater.exe [606432 2015-12-10] () <==== ATTENTION
R2 vmms; C:\Windows\system32\vmms.exe [13784064 2015-03-31] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-03-19] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-29] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-11-21] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [68952 2015-05-11] (Microsoft Corporation)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2015-09-19] (Microsoft Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3497240 2015-03-23] (Intel Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2015-09-19] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [27136 2015-09-19] (Microsoft Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [18944 2015-09-19] (Microsoft Corporation)
R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2015-08-05] (Microsoft Corporation)
S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2015-08-05] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2015-08-05] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2015-08-05] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S1 wgqsgpji; C:\Windows\system32\drivers\wgqsgpji.sys [55168 2015-12-09] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-10 04:00 - 2015-12-10 04:00 - 00021167 _____ C:\Users\Gojko\Desktop\FRST.txt
2015-12-10 03:52 - 2015-12-10 03:55 - 00029152 _____ C:\Users\Gojko\Downloads\Addition.txt
2015-12-10 03:50 - 2015-12-10 04:00 - 00000000 ____D C:\FRST
2015-12-10 03:50 - 2015-12-10 03:55 - 00045739 _____ C:\Users\Gojko\Downloads\FRST.txt
2015-12-10 03:49 - 2015-12-10 03:49 - 02369024 _____ (Farbar) C:\Users\Gojko\Desktop\FRST64.exe
2015-12-10 01:17 - 2015-12-10 01:17 - 00000017 _____ C:\Users\Gojko\AppData\Local\resmon.resmoncfg
2015-12-10 01:15 - 2015-12-10 03:28 - 00000000 ____D C:\Users\Gojko\AppData\LocalLow\uTorrent
2015-12-10 01:12 - 2015-12-10 01:12 - 00055168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\zeedujfb.sys
2015-12-09 11:14 - 2015-12-09 11:14 - 00055168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wgqsgpji.sys
2015-12-09 08:58 - 2015-12-09 11:14 - 00000000 ____D C:\Program Files\KMSpico
2015-12-09 08:58 - 2015-12-09 08:58 - 00004608 _____ C:\Windows\SECOH-QAD.exe
2015-12-09 08:58 - 2015-12-09 08:58 - 00003584 _____ C:\Windows\SECOH-QAD.dll
2015-12-09 08:58 - 2015-12-09 08:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2015-12-09 08:58 - 2010-12-05 18:16 - 00090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2015-12-09 08:57 - 2015-12-10 01:13 - 00000000 ____D C:\Users\Gojko\Downloads\KMSpico 10.1.1 FINAL + Portable (Office and Windows 10 Activator) [TechTools.NET]
2015-12-09 08:41 - 2015-12-09 08:44 - 00000000 ____D C:\Users\Gojko\Downloads\Microsoft Toolkit 2.5.3 Official Torrent
2015-12-09 08:27 - 2015-12-10 03:30 - 00003754 _____ C:\Windows\System32\Tasks\AutoKMS
2015-12-09 08:27 - 2015-12-09 10:55 - 00000000 ____D C:\Windows\AutoKMS
2015-12-09 08:27 - 2015-12-09 08:27 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2015-12-09 08:24 - 2015-12-09 08:26 - 56589543 _____ C:\Users\Gojko\Downloads\Microsoft Toolkit 2.6 Beta 2 [4realtorrentz].zip
2015-12-09 08:19 - 2015-12-09 08:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-12-09 08:19 - 2015-12-09 08:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-12-09 08:19 - 2015-12-09 08:19 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-09 08:18 - 2015-12-09 08:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2015-12-09 08:17 - 2015-12-09 08:17 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-12-09 08:16 - 2015-12-09 08:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2015-12-09 07:56 - 2015-12-09 07:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2015-12-09 07:56 - 2015-12-09 07:56 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2015-12-09 07:50 - 2015-12-09 07:50 - 00000000 _____ C:\Users\Gojko\Desktop\New Text Document.txt
2015-12-09 07:49 - 2015-12-09 07:50 - 01645496 _____ C:\Users\Gojko\Downloads\SetupVirtualCloneDrive_52193.exe
2015-12-09 07:48 - 2015-12-09 08:10 - 767623168 _____ C:\Users\Gojko\Downloads\14.0.4734.1000_ProfessionalPlus_volume_x86_en-us.iso
2015-12-09 07:31 - 2015-12-09 09:00 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-09 07:31 - 2015-12-09 07:31 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2015-12-09 07:31 - 2015-12-09 07:31 - 00001047 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2015-12-09 07:31 - 2015-12-09 07:31 - 00000000 ____D C:\Users\Gojko\AppData\Roaming\TeamViewer
2015-12-09 07:25 - 2015-12-09 07:26 - 00003274 _____ C:\Windows\System32\Tasks\Techsmart Computer Service
2015-12-09 07:25 - 2015-12-09 07:25 - 00000000 ____D C:\Program Files (x86)\Techsmart Computer
2015-12-09 07:24 - 2015-12-09 07:30 - 11156704 _____ (TeamViewer GmbH) C:\Users\Gojko\Downloads\TeamViewer_Setup.exe
2015-12-09 07:22 - 2015-12-09 07:22 - 00017047 _____ C:\Users\Gojko\AppData\Roaming\rp.dll
2015-12-09 07:22 - 2015-12-09 07:22 - 00000000 _____ C:\Users\Gojko\AppData\Roaming\D9F9.tmp
2015-12-09 07:22 - 2015-12-09 07:22 - 00000000 _____ C:\Users\Gojko\AppData\Roaming\3603.tmp
2015-12-09 07:21 - 2015-12-09 07:22 - 00003306 _____ C:\Windows\System32\Tasks\Internet Checker
2015-12-09 07:21 - 2015-12-09 07:21 - 00000000 ____D C:\Users\Gojko\AppData\Roaming\Internet Checker
2015-12-09 07:16 - 2015-12-09 07:17 - 00003982 _____ C:\Windows\System32\Tasks\LaunchPreSignup
2015-12-09 07:16 - 2015-12-09 07:17 - 00000000 ____D C:\Program Files (x86)\OLBPre
2015-12-09 07:16 - 2015-12-09 07:16 - 00001879 _____ C:\Users\Gojko\Desktop\MyPC Backup.lnk
2015-12-09 07:15 - 2015-12-10 01:20 - 00000000 ____D C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368
2015-12-09 07:15 - 2015-12-09 07:16 - 00000000 ____D C:\Program Files (x86)\Middle Rush
2015-12-09 07:12 - 2015-12-09 07:12 - 00000344 __RSH C:\ProgramData\ntuser.pol
2015-12-09 07:11 - 2015-12-09 07:19 - 01037648 _____ (BitTorrent Inc.) C:\Users\Gojko\Downloads\utorrent-64-bit [1].exe
2015-12-09 07:08 - 2015-12-09 07:08 - 01030936 _____ (Program Software ) C:\Users\Gojko\Desktop\utorrent-64-bit.exe
2015-12-09 07:03 - 2015-12-09 07:03 - 00705018 _____ C:\Users\Gojko\Downloads\Microsoft Toolkit 2 5 3 Official Torrent.cab
2015-12-09 06:57 - 2015-12-09 06:57 - 00705022 _____ C:\Users\Gojko\Downloads\Microsoft OFFICE 2010 Pro Plus PRE(zabranjeno)ED (1).cab
2015-12-09 06:52 - 2015-12-09 06:52 - 00000000 ____D C:\Users\Gojko\Desktop\JAVA KNJIGE
2015-12-09 06:41 - 2015-12-09 06:41 - 00003834 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1449672066
2015-12-09 06:41 - 2015-12-09 06:41 - 00001151 _____ C:\Users\Public\Desktop\Opera.lnk
2015-12-09 06:41 - 2015-12-09 06:41 - 00001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-12-09 06:41 - 2015-12-09 06:41 - 00000000 ____D C:\Users\Gojko\AppData\Roaming\Opera Software
2015-12-09 06:41 - 2015-12-09 06:41 - 00000000 ____D C:\Users\Gojko\AppData\Local\Opera Software
2015-12-09 06:39 - 2015-12-09 06:46 - 00000000 ____D C:\Users\Gojko\Desktop\FAX1
2015-12-09 06:39 - 2015-12-09 06:39 - 00000000 ____D C:\Users\Gojko\Downloads\The Unforseeable Fate Of Mr. Jones
2015-12-09 06:38 - 2015-12-10 03:58 - 00000000 ____D C:\Users\Gojko\AppData\Roaming\uTorrent
2015-12-09 06:38 - 2015-12-09 06:41 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-09 06:38 - 2015-12-09 06:38 - 00000000 ____D C:\Users\Gojko\AppData\Roaming\RPEng
2015-12-09 06:37 - 2015-12-09 06:37 - 02026520 _____ (BitTorrent Inc.) C:\Users\Gojko\Downloads\uTorrent.exe
2015-12-09 06:34 - 2015-12-09 06:34 - 00705022 _____ C:\Users\Gojko\Downloads\Microsoft OFFICE 2010 Pro Plus PRE(zabranjeno)ED.cab
2015-11-22 09:02 - 2015-11-22 09:02 - 00911162 _____ C:\Users\Gojko\Downloads\Dumpper v.80.4.rar
2015-11-20 14:26 - 2015-11-20 14:33 - 254992032 _____ C:\Users\Gojko\Downloads\cm-12.1-20151005-UNOFFICIAL-serranoltexx.zip
2015-11-20 07:52 - 2015-12-09 06:54 - 00000000 ____D C:\Users\Gojko\Desktop\s4
2015-11-20 07:47 - 2015-11-20 07:47 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2015-11-20 07:29 - 2015-11-20 07:29 - 00464072 _____ C:\Users\Gojko\Downloads\Odin307.zip
2015-11-15 08:01 - 2015-11-15 08:01 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-11-15 08:01 - 2015-11-15 08:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-11-15 08:00 - 2015-11-15 08:01 - 00000000 ____D C:\Program Files\iTunes
2015-11-15 08:00 - 2015-11-15 08:00 - 00000000 ____D C:\Program Files\iPod
2015-11-15 08:00 - 2015-11-15 08:00 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-11-13 00:48 - 2015-11-13 00:48 - 04680258 _____ C:\Users\Gojko\Downloads\Java knjiga (1).rar
2015-11-11 07:55 - 2015-11-11 07:55 - 04680258 _____ C:\Users\Gojko\Downloads\Java knjiga.rar
2015-11-11 07:43 - 2015-09-29 04:24 - 00155480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2015-11-11 07:43 - 2015-09-04 11:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-11-11 07:43 - 2015-08-28 14:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-11-11 07:43 - 2015-08-20 12:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-11 07:43 - 2015-08-20 09:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-11-11 07:43 - 2014-11-04 17:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-11-11 07:43 - 2014-11-04 17:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-11-11 07:03 - 2015-11-05 05:10 - 01398104 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2015-11-11 07:03 - 2015-11-05 05:10 - 01367384 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2015-11-11 07:03 - 2015-10-30 15:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 07:03 - 2015-10-30 15:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 07:03 - 2015-10-30 15:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 07:03 - 2015-10-30 15:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 07:03 - 2015-10-30 15:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 07:03 - 2015-10-30 14:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 07:03 - 2015-10-30 14:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 07:03 - 2015-10-30 14:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 07:03 - 2015-10-30 14:39 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-11-11 07:03 - 2015-10-30 14:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 07:03 - 2015-10-30 14:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 07:03 - 2015-10-30 14:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 07:03 - 2015-10-30 14:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 07:03 - 2015-10-30 14:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 07:03 - 2015-10-30 14:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 07:03 - 2015-10-30 14:14 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-11-11 07:03 - 2015-10-30 14:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 07:03 - 2015-10-30 14:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 07:03 - 2015-10-30 14:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 07:03 - 2015-10-30 13:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-11 07:03 - 2015-10-30 13:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 07:03 - 2015-10-30 13:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 07:03 - 2015-10-30 13:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 07:03 - 2015-10-20 13:54 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 07:03 - 2015-10-20 06:53 - 03705856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 07:03 - 2015-10-20 06:36 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 07:03 - 2015-10-20 06:35 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 07:03 - 2015-10-20 06:34 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-11-11 07:03 - 2015-10-20 06:34 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 07:03 - 2015-10-20 06:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 07:03 - 2015-10-20 06:33 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 07:03 - 2015-10-20 06:14 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 07:03 - 2015-10-20 06:13 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 07:03 - 2015-10-20 06:13 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 07:03 - 2015-10-20 06:13 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 07:03 - 2015-10-15 08:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 07:03 - 2015-10-15 07:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 07:03 - 2015-10-14 15:02 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 07:03 - 2015-10-14 15:02 - 01659560 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-11-11 07:03 - 2015-10-14 15:02 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-11-11 07:03 - 2015-10-14 15:02 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-11-11 07:03 - 2015-10-14 15:02 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-11-11 07:03 - 2015-10-13 09:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 07:03 - 2015-10-13 09:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 07:03 - 2015-10-13 07:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 07:03 - 2015-10-13 07:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 07:03 - 2015-10-13 07:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 07:03 - 2015-10-13 07:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 07:03 - 2015-10-13 07:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-11-11 07:03 - 2015-10-13 07:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-11-11 07:03 - 2015-10-10 22:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 07:03 - 2015-10-10 22:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 07:03 - 2015-10-10 10:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 07:03 - 2015-10-10 10:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 07:03 - 2015-10-10 10:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-11 07:03 - 2015-10-10 09:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 07:03 - 2015-10-10 09:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 07:03 - 2015-10-10 09:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-11 07:03 - 2015-10-10 08:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 07:03 - 2015-09-29 15:41 - 01391448 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.efi
2015-11-11 07:03 - 2015-09-29 15:41 - 01264472 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.exe
2015-11-11 07:03 - 2015-09-12 05:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml
2015-11-11 07:03 - 2015-09-07 08:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-11-11 07:03 - 2015-09-07 08:21 - 00825856 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll
2015-11-11 07:03 - 2015-09-07 08:17 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\ppcsnap.dll
2015-11-11 07:03 - 2015-09-07 07:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-11-11 07:03 - 2015-09-07 07:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-11-11 07:03 - 2015-05-11 16:24 - 00068952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2015-11-11 07:03 - 2015-05-11 16:24 - 00019800 _____ (Microsoft Corporation) C:\Windows\system32\kdhvcom.dll
2015-11-11 06:58 - 2015-10-17 06:19 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 06:58 - 2015-10-08 08:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-11-11 06:58 - 2015-08-10 10:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-11-11 06:58 - 2015-08-10 10:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-11-11 06:58 - 2015-08-10 09:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-11-11 06:58 - 2015-08-10 08:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-11-11 06:58 - 2015-08-10 08:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-11-11 06:58 - 2014-11-10 10:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-10 03:57 - 2015-09-19 08:17 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2798359788-3770072197-1221550767-1001
2015-12-10 03:55 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
2015-12-10 03:54 - 2015-09-19 08:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-10 03:53 - 2015-09-19 08:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-10 03:53 - 2013-08-22 07:20 - 00000000 ____D C:\Windows\CbsTemp
2015-12-10 03:52 - 2013-08-22 05:25 - 00000167 _____ C:\Windows\win.ini
2015-12-10 03:50 - 2015-09-19 09:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-10 03:49 - 2015-09-19 09:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-10 03:49 - 2015-09-19 09:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-10 03:46 - 2015-09-19 09:23 - 00002323 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-10 03:46 - 2015-09-19 09:22 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-10 03:45 - 2015-09-29 12:30 - 00000000 ____D C:\Windows\system32\MRT
2015-12-10 03:33 - 2015-09-29 12:30 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-10 03:28 - 2015-09-19 09:22 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-10 03:27 - 2015-09-19 14:14 - 00000000 __SHD C:\Users\Gojko\IntelGraphicsProfiles
2015-12-10 01:17 - 2015-09-19 08:33 - 27590656 _____ C:\Windows\system32\vmguest.iso
2015-12-10 01:14 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-10 01:14 - 2013-08-22 06:44 - 00482536 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-10 01:13 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-10 01:11 - 2015-09-19 09:04 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BD78261B-51E4-4513-A7E5-B441B8A9F93B}
2015-12-09 08:18 - 2015-09-19 08:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-09 08:17 - 2013-08-22 07:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-09 08:16 - 2015-09-19 08:27 - 00000000 ____D C:\Program Files\Microsoft Office
2015-12-09 08:15 - 2014-11-21 00:22 - 00000000 ____D C:\Windows\ShellNew
2015-12-09 07:56 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
2015-12-09 07:12 - 2015-09-19 09:12 - 00001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-09 07:12 - 2013-08-22 07:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-12-09 07:12 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-12-09 06:53 - 2015-09-19 08:11 - 00000000 ____D C:\Users\Gojko
2015-12-08 19:39 - 2015-09-21 09:05 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-07 09:18 - 2015-09-19 08:11 - 00000000 ____D C:\Users\Gojko\AppData\Local\Packages
2015-12-07 07:08 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\NDF
2015-12-05 07:16 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\AppReadiness
2015-12-04 01:38 - 2015-09-19 09:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 01:38 - 2015-09-19 09:22 - 00003658 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-01 09:19 - 2014-11-21 05:19 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-01 09:19 - 2014-11-21 05:19 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-30 09:57 - 2015-09-19 09:45 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-27 10:00 - 2014-11-21 00:40 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-20 01:41 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\rescache
2015-11-18 05:20 - 2013-08-22 07:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-11-15 08:00 - 2015-09-19 09:58 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-12 08:48 - 2013-08-22 07:36 - 00000000 ___RD C:\Windows\ToastData

==================== Files in the root of some directories =======

2015-12-09 07:22 - 2015-12-09 07:22 - 0000000 _____ () C:\Users\Gojko\AppData\Roaming\3603.tmp
2015-12-09 07:22 - 2015-12-09 07:22 - 0000000 _____ () C:\Users\Gojko\AppData\Roaming\D9F9.tmp
2015-12-09 07:22 - 2015-12-09 07:22 - 0017047 _____ () C:\Users\Gojko\AppData\Roaming\rp.dll
2015-12-10 01:17 - 2015-12-10 01:17 - 0000017 _____ () C:\Users\Gojko\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\Gojko\AppData\Local\Temp\0e3acdcb97544808b506fec1ed2f42ca560062.exe
C:\Users\Gojko\AppData\Local\Temp\16D4.tmp.exe
C:\Users\Gojko\AppData\Local\Temp\16E4.tmp.exe
C:\Users\Gojko\AppData\Local\Temp\77A5.tmp.exe
C:\Users\Gojko\AppData\Local\Temp\C151.tmp.exe
C:\Users\Gojko\AppData\Local\Temp\C1B0.tmp.exe
C:\Users\Gojko\AppData\Local\Temp\EC5C.tmp.exe
C:\Users\Gojko\AppData\Local\Temp\ExPromo.exe
C:\Users\Gojko\AppData\Local\Temp\GrLauncherTempSetup.exe
C:\Users\Gojko\AppData\Local\Temp\NSISPromotionEx.dll
C:\Users\Gojko\AppData\Local\Temp\ose00000.exe
C:\Users\Gojko\AppData\Local\Temp\ose00001.exe
C:\Users\Gojko\AppData\Local\Temp\{07ABD4B6-A270-4CF1-996B-F466E2C7EBC3}.dll
C:\Users\Gojko\AppData\Local\Temp\{2E265B01-BC4C-4A57-B2E7-8BFFBAF0C06A}.dll
C:\Users\Gojko\AppData\Local\Temp\{8F01358F-F237-412D-A90A-C521035A2C9D}.dll
C:\Users\Gojko\AppData\Local\Temp\{B19C18F2-8383-44C9-B93D-972228582D67}.dll
C:\Users\Gojko\AppData\Local\Temp\{B81C3546-F414-4D9D-BE5F-AB3EB92E3EBF}.dll
C:\Users\Gojko\AppData\Local\Temp\{DABFFC3F-E887-46A7-B173-A346DF5224F3}.dll
C:\Users\Gojko\AppData\Local\Temp\{E67A962A-8BBE-441C-9447-667A81BA708A}.dll
C:\Users\Gojko\AppData\Local\Temp\{F82129A4-30EE-4F0F-AD80-6B24DF0B374A}.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-07 07:33


mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,



Preuzmi Malwarebytes Anti-Malware i sacuvaj instalaciju na Desktop.
Instaliraj program standardnim putem, samo sto na kraju instalacije mozes da iskljucis Trial verziju, ali i ne moras. Drugu opciju ostavi, MalwareBytes ce biti pokrenut i azuriran.
Nakon sto je to gotovo, klikni na Settings tab, na levoj strani izaberi Detctions & protection and obelezi Scan for rootkits ukoliko vec nije.
U istom prozoru, ispod PUP and PUM detections postavi da bude Treat detections as malware.
Zatim klikni na Scan tab, Izaberi Threat Scan i na kraju klikni na Scan Now.
Nakon sto i ukoliko je malware detektovan, klikni na Apply Actions. Zatim ce MalwareBytes krenuti sa uklanjanjem infekcije i zatrazice ti da restartujes racunar.
Nakon zavrsetka skeniranja (ili nakon restart), klikni na History tab.
Klikni na Application Logs, a zatim dvoklik na najnoviji Scan Log.
Na dnu prozora klikni na Export i izaberi Text file.

Sacuvaj izvestaj na Desktop i prikaci ga u sledecoj poruci.

offline
  • Pridružio: 10 Dec 2015
  • Poruke: 11

Evo odradio sam sve navedeno gore
mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Odlicno! Kakva je situacija sada?

Ponovo pokreni FRST, obelezi Addition.txt, klikni na scan i prikaci oba izvestaja.

offline
  • Pridružio: 10 Dec 2015
  • Poruke: 11

Hvala puno,sad je odlicno ja msm, koji antivirus bi sada trebao da instaliram?


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
Ran by Gojko (administrator) on TOSHIBA (10-12-2015 14:25:53)
Running from C:\Users\Gojko\Desktop
Loaded Profiles: Gojko (Available Profiles: Gojko)
Platform: Windows 8.1 Enterprise (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BitTorrent Inc.) C:\Users\Gojko\AppData\Roaming\uTorrent\uTorrent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(BitTorrent Inc.) C:\Users\Gojko\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(BitTorrent Inc.) C:\Users\Gojko\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-09-16] (Oracle Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKU\S-1-5-21-2798359788-3770072197-1221550767-1001\...\Run: [uTorrent] => C:\Users\Gojko\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-09] (BitTorrent Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A483E617-3A91-4528-A332-D2564BE0013F}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{FCBB8D69-38AE-4128-A096-E4D77F22F57D}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2798359788-3770072197-1221550767-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-19] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-19] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-25] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-25] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.me/
CHR StartupUrls: Default -> "hxxps://www.google.me/"
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_frmr_15_50_newdop¶m1=1¶m2=f%3D4%26b%3DChrome%26cc%3Dme%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEzzyEtCtCyCtBtB0CtA0EtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0Fzy0CtC0EyEyCtGtAtA0DtAtG0E0ByC0CtGyDtA0A0BtGyDtA0DtAtA0CtAyCtAyDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztByB0F0AtD0CtG0ByE0E0AtGyE0A0AyBtGzytCzy0AtGzy0C0B0C0CyD0EtD0AtBtA0B2QtN0A0LzuyE%26cr%3D1347582360%26a%3Dwny_frmr_15_50_newdop%26os%3DWindows%2B8.1%2BEnterprise&p={searchTerms}
CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-19]
CHR Extension: (Google Docs) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-19]
CHR Extension: (Google Drive) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-19]
CHR Extension: (Google Docs Offline) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-19]
CHR Extension: (Gmail) - C:\Users\Gojko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319888 2014-12-31] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-03-19] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6887696 2015-11-30] (TeamViewer GmbH)
R2 vmms; C:\Windows\system32\vmms.exe [13784064 2015-03-31] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-03-19] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-29] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-11-21] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [68952 2015-05-11] (Microsoft Corporation)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2015-09-19] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3497240 2015-03-23] (Intel Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2015-09-19] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [27136 2015-09-19] (Microsoft Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [18944 2015-09-19] (Microsoft Corporation)
R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2015-08-05] (Microsoft Corporation)
S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2015-08-05] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2015-08-05] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2015-08-05] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-10 11:59 - 2015-12-10 11:59 - 00042465 _____ C:\Users\Gojko\Downloads\562497_1187040377_scan.txt
2015-12-10 11:56 - 2015-12-10 11:56 - 00042465 _____ C:\Users\Gojko\Desktop\scan.txt
2015-12-10 11:03 - 2015-12-10 11:54 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-10 11:02 - 2015-12-10 11:02 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-10 11:02 - 2015-12-10 11:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-10 11:02 - 2015-12-10 11:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-10 11:02 - 2015-12-10 11:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-10 11:02 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-10 11:02 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-10 11:02 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-10 10:59 - 2015-12-10 11:51 - 00000000 ____D C:\Users\Gojko\AppData\Roaming\Interstat
2015-12-10 10:59 - 2015-12-10 11:00 - 22908888 _____ (Malwarebytes ) C:\Users\Gojko\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-10 04:07 - 2015-12-10 04:07 - 00029150 _____ C:\Users\Gojko\Downloads\562497_1147499519_Addition.txt
2015-12-10 04:01 - 2015-12-10 04:01 - 00029150 _____ C:\Users\Gojko\Desktop\Addition.txt
2015-12-10 04:00 - 2015-12-10 14:25 - 00015427 _____ C:\Users\Gojko\Desktop\FRST.txt
2015-12-10 03:52 - 2015-12-10 03:55 - 00029152 _____ C:\Users\Gojko\Downloads\Addition.txt
2015-12-10 03:50 - 2015-12-10 14:25 - 00000000 ____D C:\FRST
2015-12-10 03:50 - 2015-12-10 03:55 - 00045739 _____ C:\Users\Gojko\Downloads\FRST.txt
2015-12-10 03:49 - 2015-12-10 03:49 - 02369024 _____ (Farbar) C:\Users\Gojko\Desktop\FRST64.exe
2015-12-10 01:17 - 2015-12-10 01:17 - 00000017 _____ C:\Users\Gojko\AppData\Local\resmon.resmoncfg
2015-12-10 01:15 - 2015-12-10 14:22 - 00000000 ____D C:\Users\Gojko\AppData\LocalLow\uTorrent
2015-12-10 01:12 - 2015-12-10 01:12 - 00055168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\zeedujfb.sys
2015-12-09 11:14 - 2015-12-09 11:14 - 00055168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wgqsgpji.sys
2015-12-09 08:58 - 2015-12-09 11:14 - 00000000 ____D C:\Program Files\KMSpico
2015-12-09 08:58 - 2015-12-09 08:58 - 00004608 _____ C:\Windows\SECOH-QAD.exe
2015-12-09 08:58 - 2015-12-09 08:58 - 00003584 _____ C:\Windows\SECOH-QAD.dll
2015-12-09 08:58 - 2015-12-09 08:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2015-12-09 08:58 - 2010-12-05 18:16 - 00090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2015-12-09 08:57 - 2015-12-10 01:13 - 00000000 ____D C:\Users\Gojko\Downloads\KMSpico 10.1.1 FINAL + Portable (Office and Windows 10 Activator) [TechTools.NET]
2015-12-09 08:41 - 2015-12-09 08:44 - 00000000 ____D C:\Users\Gojko\Downloads\Microsoft Toolkit 2.5.3 Official Torrent
2015-12-09 08:27 - 2015-12-10 14:23 - 00003756 _____ C:\Windows\System32\Tasks\AutoKMS
2015-12-09 08:27 - 2015-12-09 10:55 - 00000000 ____D C:\Windows\AutoKMS
2015-12-09 08:27 - 2015-12-09 08:27 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2015-12-09 08:24 - 2015-12-09 08:26 - 56589543 _____ C:\Users\Gojko\Downloads\Microsoft Toolkit 2.6 Beta 2 [4realtorrentz].zip
2015-12-09 08:19 - 2015-12-09 08:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-12-09 08:19 - 2015-12-09 08:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-12-09 08:19 - 2015-12-09 08:19 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-09 08:18 - 2015-12-09 08:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2015-12-09 08:17 - 2015-12-09 08:17 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-12-09 08:16 - 2015-12-09 08:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2015-12-09 07:56 - 2015-12-09 07:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2015-12-09 07:56 - 2015-12-09 07:56 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2015-12-09 07:50 - 2015-12-09 07:50 - 00000000 _____ C:\Users\Gojko\Desktop\New Text Document.txt
2015-12-09 07:49 - 2015-12-09 07:50 - 01645496 _____ C:\Users\Gojko\Downloads\SetupVirtualCloneDrive_52193.exe
2015-12-09 07:48 - 2015-12-09 08:10 - 767623168 _____ C:\Users\Gojko\Downloads\14.0.4734.1000_ProfessionalPlus_volume_x86_en-us.iso
2015-12-09 07:31 - 2015-12-09 09:00 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-09 07:31 - 2015-12-09 07:31 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2015-12-09 07:31 - 2015-12-09 07:31 - 00001047 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2015-12-09 07:31 - 2015-12-09 07:31 - 00000000 ____D C:\Users\Gojko\AppData\Roaming\TeamViewer
2015-12-09 07:25 - 2015-12-10 10:58 - 00003274 _____ C:\Windows\System32\Tasks\Techsmart Computer Service
2015-12-09 07:24 - 2015-12-09 07:30 - 11156704 _____ (TeamViewer GmbH) C:\Users\Gojko\Downloads\TeamViewer_Setup.exe
2015-12-09 07:22 - 2015-12-09 07:22 - 00017047 _____ C:\Users\Gojko\AppData\Roaming\rp.dll
2015-12-09 07:22 - 2015-12-09 07:22 - 00000000 _____ C:\Users\Gojko\AppData\Roaming\D9F9.tmp
2015-12-09 07:22 - 2015-12-09 07:22 - 00000000 _____ C:\Users\Gojko\AppData\Roaming\3603.tmp
2015-12-09 07:21 - 2015-12-09 07:22 - 00003306 _____ C:\Windows\System32\Tasks\Internet Checker
2015-12-09 07:21 - 2015-12-09 07:21 - 00000000 ____D C:\Users\Gojko\AppData\Roaming\Internet Checker
2015-12-09 07:12 - 2015-12-10 11:52 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-12-09 07:11 - 2015-12-09 07:19 - 01037648 _____ (BitTorrent Inc.) C:\Users\Gojko\Downloads\utorrent-64-bit [1].exe
2015-12-09 07:03 - 2015-12-09 07:03 - 00705018 _____ C:\Users\Gojko\Downloads\Microsoft Toolkit 2 5 3 Official Torrent.cab
2015-12-09 06:57 - 2015-12-09 06:57 - 00705022 _____ C:\Users\Gojko\Downloads\Microsoft OFFICE 2010 Pro Plus PRE(zabranjeno)ED (1).cab
2015-12-09 06:52 - 2015-12-09 06:52 - 00000000 ____D C:\Users\Gojko\Desktop\JAVA KNJIGE
2015-12-09 06:41 - 2015-12-09 06:41 - 00003834 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1449672066
2015-12-09 06:41 - 2015-12-09 06:41 - 00001151 _____ C:\Users\Public\Desktop\Opera.lnk
2015-12-09 06:41 - 2015-12-09 06:41 - 00001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-12-09 06:41 - 2015-12-09 06:41 - 00000000 ____D C:\Users\Gojko\AppData\Roaming\Opera Software
2015-12-09 06:41 - 2015-12-09 06:41 - 00000000 ____D C:\Users\Gojko\AppData\Local\Opera Software
2015-12-09 06:39 - 2015-12-09 06:46 - 00000000 ____D C:\Users\Gojko\Desktop\FAX1
2015-12-09 06:39 - 2015-12-09 06:39 - 00000000 ____D C:\Users\Gojko\Downloads\The Unforseeable Fate Of Mr. Jones
2015-12-09 06:38 - 2015-12-10 14:24 - 00000000 ____D C:\Users\Gojko\AppData\Roaming\uTorrent
2015-12-09 06:38 - 2015-12-09 06:41 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-09 06:38 - 2015-12-09 06:38 - 00000000 ____D C:\Users\Gojko\AppData\Roaming\RPEng
2015-12-09 06:37 - 2015-12-09 06:37 - 02026520 _____ (BitTorrent Inc.) C:\Users\Gojko\Downloads\uTorrent.exe
2015-12-09 06:34 - 2015-12-09 06:34 - 00705022 _____ C:\Users\Gojko\Downloads\Microsoft OFFICE 2010 Pro Plus PRE(zabranjeno)ED.cab
2015-12-09 06:29 - 2015-11-05 00:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-09 06:28 - 2015-11-11 08:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-09 06:28 - 2015-11-11 08:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-09 06:28 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-09 06:28 - 2015-11-11 07:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-12-09 06:28 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-09 06:28 - 2015-11-11 07:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-09 06:28 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-09 06:28 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-09 06:28 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-09 06:28 - 2015-11-09 16:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-09 06:28 - 2015-11-09 16:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-09 06:28 - 2015-11-09 15:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-09 06:28 - 2015-11-09 15:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-12-09 06:28 - 2015-11-09 15:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-09 06:28 - 2015-11-09 15:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-09 06:28 - 2015-11-09 15:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-09 06:28 - 2015-11-09 15:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-09 06:28 - 2015-11-09 15:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-12-09 06:28 - 2015-11-09 15:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-09 06:28 - 2015-11-09 15:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-09 06:28 - 2015-11-09 15:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-09 06:28 - 2015-11-08 14:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-09 06:28 - 2015-11-08 14:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-09 06:28 - 2015-11-08 14:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-09 06:28 - 2015-11-08 14:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-09 06:28 - 2015-11-08 14:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-09 06:28 - 2015-11-08 13:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-09 06:28 - 2015-11-08 13:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-12-09 06:28 - 2015-11-08 13:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-12-09 06:28 - 2015-11-08 13:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-09 06:28 - 2015-11-08 13:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-09 06:28 - 2015-11-08 13:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-09 06:28 - 2015-11-08 13:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-09 06:28 - 2015-11-08 13:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-09 06:28 - 2015-11-08 13:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-09 06:28 - 2015-11-08 12:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-12-09 06:28 - 2015-11-08 12:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-09 06:28 - 2015-11-08 12:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-09 06:28 - 2015-11-08 12:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-09 06:27 - 2015-11-21 22:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-09 06:27 - 2015-11-21 22:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-09 06:27 - 2015-11-21 22:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-12-09 06:27 - 2015-11-21 22:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-12-09 06:27 - 2015-11-21 22:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-12-09 06:27 - 2015-11-21 22:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-12-09 06:27 - 2015-11-21 22:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-09 06:27 - 2015-11-21 10:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-12-09 06:27 - 2015-11-21 09:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-12-09 06:27 - 2015-11-21 08:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 06:27 - 2015-11-21 08:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 06:27 - 2015-11-21 08:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-09 06:27 - 2015-11-21 08:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 06:27 - 2015-11-08 16:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 06:27 - 2015-11-08 14:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 06:27 - 2015-11-08 13:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 06:27 - 2015-11-08 13:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 06:27 - 2015-11-08 13:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-09 06:27 - 2015-11-08 12:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 06:27 - 2015-11-08 12:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 06:27 - 2015-11-08 12:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-09 06:27 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-09 06:27 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2015-12-09 06:27 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-09 06:27 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-09 06:27 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-09 06:27 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2015-12-09 06:27 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-09 06:27 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-09 06:27 - 2015-10-22 08:21 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-12-09 06:27 - 2015-10-22 08:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-12-09 06:27 - 2015-10-22 07:58 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-12-09 06:27 - 2015-10-22 07:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-12-09 06:27 - 2015-10-22 06:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
2015-12-09 06:27 - 2015-10-22 06:08 - 00513456 _____ C:\Windows\system32\locale.nls
2015-12-09 06:27 - 2015-10-10 09:20 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-12-09 06:27 - 2015-10-03 11:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-12-09 06:27 - 2015-10-03 11:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-12-09 06:26 - 2015-11-20 14:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-09 06:26 - 2015-11-20 10:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-09 06:26 - 2015-11-20 08:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-09 06:26 - 2015-11-20 08:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-09 06:26 - 2015-11-20 08:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-09 06:26 - 2015-11-20 08:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-12-09 06:26 - 2015-11-20 08:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-09 06:26 - 2015-11-20 08:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-09 06:26 - 2015-11-20 08:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-09 06:26 - 2015-11-20 08:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-09 06:26 - 2015-11-20 08:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-09 06:26 - 2015-11-20 08:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-09 06:26 - 2015-11-20 08:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-09 06:26 - 2015-10-28 07:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-09 06:26 - 2015-10-28 07:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-09 06:26 - 2015-10-10 22:34 - 00468824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-12-09 06:26 - 2015-10-10 22:34 - 00462168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-12-09 06:26 - 2015-10-10 22:34 - 00443224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-12-09 06:26 - 2015-10-10 22:34 - 00092504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-12-09 06:26 - 2015-10-10 22:34 - 00027992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-12-09 06:26 - 2015-10-10 10:41 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-12-09 06:26 - 2015-10-10 10:41 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-12-09 06:26 - 2015-10-10 10:40 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys
2015-12-09 06:26 - 2015-10-08 08:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2015-12-09 06:26 - 2015-10-08 07:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2015-12-09 06:26 - 2015-10-05 10:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2015-12-09 06:26 - 2015-10-05 10:25 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-11-20 14:26 - 2015-11-20 14:33 - 254992032 _____ C:\Users\Gojko\Downloads\cm-12.1-20151005-UNOFFICIAL-serranoltexx.zip
2015-11-20 07:52 - 2015-12-09 06:54 - 00000000 ____D C:\Users\Gojko\Desktop\s4
2015-11-20 07:47 - 2015-11-20 07:47 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2015-11-20 07:29 - 2015-11-20 07:29 - 00464072 _____ C:\Users\Gojko\Downloads\Odin307.zip
2015-11-15 08:01 - 2015-11-15 08:01 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-11-15 08:01 - 2015-11-15 08:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-11-15 08:00 - 2015-11-15 08:01 - 00000000 ____D C:\Program Files\iTunes
2015-11-15 08:00 - 2015-11-15 08:00 - 00000000 ____D C:\Program Files\iPod
2015-11-15 08:00 - 2015-11-15 08:00 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-11-13 00:48 - 2015-11-13 00:48 - 04680258 _____ C:\Users\Gojko\Downloads\Java knjiga (1).rar
2015-11-11 07:55 - 2015-11-11 07:55 - 04680258 _____ C:\Users\Gojko\Downloads\Java knjiga.rar
2015-11-11 07:43 - 2015-09-29 04:24 - 00155480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2015-11-11 07:43 - 2015-09-04 11:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-11-11 07:43 - 2015-08-28 14:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-11-11 07:43 - 2015-08-20 12:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-11 07:43 - 2015-08-20 09:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-11-11 07:43 - 2014-11-04 17:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-11-11 07:43 - 2014-11-04 17:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-11-11 07:03 - 2015-11-05 05:10 - 01398104 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2015-11-11 07:03 - 2015-11-05 05:10 - 01367384 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2015-11-11 07:03 - 2015-10-15 08:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 07:03 - 2015-10-15 07:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 07:03 - 2015-10-13 09:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 07:03 - 2015-10-13 09:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 07:03 - 2015-10-13 07:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 07:03 - 2015-10-13 07:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 07:03 - 2015-10-13 07:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 07:03 - 2015-10-13 07:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 07:03 - 2015-10-13 07:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-11-11 07:03 - 2015-10-13 07:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-11-11 07:03 - 2015-10-10 22:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 07:03 - 2015-10-10 22:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 07:03 - 2015-10-10 10:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 07:03 - 2015-10-10 10:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 07:03 - 2015-10-10 10:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-11 07:03 - 2015-10-10 09:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 07:03 - 2015-10-10 09:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 07:03 - 2015-10-10 09:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-11 07:03 - 2015-10-10 08:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 07:03 - 2015-09-29 15:41 - 01391448 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.efi
2015-11-11 07:03 - 2015-09-29 15:41 - 01264472 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.exe
2015-11-11 07:03 - 2015-09-12 05:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml
2015-11-11 07:03 - 2015-09-07 08:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-11-11 07:03 - 2015-09-07 08:21 - 00825856 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll
2015-11-11 07:03 - 2015-09-07 08:17 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\ppcsnap.dll
2015-11-11 07:03 - 2015-09-07 07:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-11-11 07:03 - 2015-09-07 07:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-11-11 07:03 - 2015-05-11 16:24 - 00068952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2015-11-11 07:03 - 2015-05-11 16:24 - 00019800 _____ (Microsoft Corporation) C:\Windows\system32\kdhvcom.dll
2015-11-11 06:58 - 2015-10-08 08:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-11-11 06:58 - 2015-08-10 10:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-11-11 06:58 - 2015-08-10 10:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-11-11 06:58 - 2015-08-10 09:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-11-11 06:58 - 2015-08-10 08:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-11-11 06:58 - 2015-08-10 08:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-11-11 06:58 - 2014-11-10 10:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-10 14:22 - 2015-09-19 14:14 - 00000000 __SHD C:\Users\Gojko\IntelGraphicsProfiles
2015-12-10 14:22 - 2015-09-19 09:22 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-10 12:08 - 2015-09-19 08:17 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2798359788-3770072197-1221550767-1001
2015-12-10 11:54 - 2015-09-19 08:33 - 27590656 _____ C:\Windows\system32\vmguest.iso
2015-12-10 11:52 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-10 11:51 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\InputMethod
2015-12-10 11:43 - 2015-09-19 09:22 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-10 10:58 - 2015-09-19 09:04 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BD78261B-51E4-4513-A7E5-B441B8A9F93B}
2015-12-10 10:54 - 2013-08-22 06:44 - 00482864 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-10 10:54 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
2015-12-10 10:53 - 2015-09-19 09:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-10 10:53 - 2015-09-19 09:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-10 06:07 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-10 06:06 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2015-12-10 06:06 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\en-GB
2015-12-10 06:04 - 2015-09-19 08:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-10 04:01 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
2015-12-10 03:54 - 2015-09-19 08:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-10 03:53 - 2013-08-22 07:20 - 00000000 ____D C:\Windows\CbsTemp
2015-12-10 03:52 - 2013-08-22 05:25 - 00000167 _____ C:\Windows\win.ini
2015-12-10 03:50 - 2015-09-19 09:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-10 03:45 - 2015-09-29 12:30 - 00000000 ____D C:\Windows\system32\MRT
2015-12-10 03:33 - 2015-09-29 12:30 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-09 08:18 - 2015-09-19 08:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-09 08:17 - 2013-08-22 07:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-09 08:16 - 2015-09-19 08:27 - 00000000 ____D C:\Program Files\Microsoft Office
2015-12-09 08:15 - 2014-11-21 00:22 - 00000000 ____D C:\Windows\ShellNew
2015-12-09 07:12 - 2015-09-19 09:12 - 00001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-09 07:12 - 2013-08-22 07:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-12-09 07:12 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-12-09 06:53 - 2015-09-19 08:11 - 00000000 ____D C:\Users\Gojko
2015-12-08 19:39 - 2015-09-21 09:05 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-07 09:18 - 2015-09-19 08:11 - 00000000 ____D C:\Users\Gojko\AppData\Local\Packages
2015-12-07 07:08 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\NDF
2015-12-05 07:16 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\AppReadiness
2015-12-04 01:38 - 2015-09-19 09:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 01:38 - 2015-09-19 09:22 - 00003658 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-01 09:19 - 2014-11-21 05:19 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-01 09:19 - 2014-11-21 05:19 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-30 09:57 - 2015-09-19 09:45 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-27 10:00 - 2014-11-21 00:40 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-20 01:41 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\rescache
2015-11-18 05:20 - 2013-08-22 07:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-11-15 08:00 - 2015-09-19 09:58 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-12 08:48 - 2013-08-22 07:36 - 00000000 ___RD C:\Windows\ToastData

==================== Files in the root of some directories =======

2015-12-09 07:22 - 2015-12-09 07:22 - 0000000 _____ () C:\Users\Gojko\AppData\Roaming\3603.tmp
2015-12-09 07:22 - 2015-12-09 07:22 - 0000000 _____ () C:\Users\Gojko\AppData\Roaming\D9F9.tmp
2015-12-09 07:22 - 2015-12-09 07:22 - 0017047 _____ () C:\Users\Gojko\AppData\Roaming\rp.dll
2015-12-10 01:17 - 2015-12-10 01:17 - 0000017 _____ () C:\Users\Gojko\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\Gojko\AppData\Local\Temp\0e3acdcb97544808b506fec1ed2f42ca560062.exe
C:\Users\Gojko\AppData\Local\Temp\16E4.tmp.exe
C:\Users\Gojko\AppData\Local\Temp\77A5.tmp.exe
C:\Users\Gojko\AppData\Local\Temp\C1B0.tmp.exe
C:\Users\Gojko\AppData\Local\Temp\EC5C.tmp.exe
C:\Users\Gojko\AppData\Local\Temp\ExPromo.exe
C:\Users\Gojko\AppData\Local\Temp\GrLauncherTempSetup.exe
C:\Users\Gojko\AppData\Local\Temp\NSISPromotionEx.dll
C:\Users\Gojko\AppData\Local\Temp\ose00000.exe
C:\Users\Gojko\AppData\Local\Temp\ose00001.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-07 07:33

==================== End of FRST.txt ============================

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Nisi dostavio Addition.txt izvestaj.

offline
  • Pridružio: 10 Dec 2015
  • Poruke: 11

Nije mi izasao addition.txt samo frst.txt...ponovio sam sve nekoliko puta i ne izlazi mi addition...

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

To je zato sto ne citas pazljivo sta sam napisao. Procitaj moju trecu poruku od dna.

offline
  • Pridružio: 10 Dec 2015
  • Poruke: 11

Izvinjavam se,evo sada sam uradio sve i evo ih addition i frst prikaceni Smile Hvala puno
mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Odlicno, uklonicemo jos neke ostatke i to bi bilo to.


1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

createrestorepoint:
closeprocesses:
emptytemp:
Task: {F64F2C96-99A1-41DA-81EF-F3FF4AA825AA} - System32\Tasks\Techsmart Computer Service => C:\Program Files (x86)\Techsmart Computer\ittask.exe <==== ATTENTION
Task: {D96883F5-0D7B-4007-8CA4-BCFF0901A830} - System32\Tasks\Internet Checker => C:\Users\Gojko\AppData\Roaming\Internet Checker\Internet Checker.exe [2015-12-09] () <==== ATTENTION
C:\Users\Gojko\AppData\Roaming\Internet Checker
C:\Program Files (x86)\Techsmart Computer
AlternateDataStreams: C:\Windows\system32\Drivers\wgqsgpji.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\zeedujfb.sys:changelist
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_frmr_15_50_newdop¶m1=1¶m2=f%3D4%26b%3DChrome%26cc%3Dme%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEzzyEtCtCyCtBtB0CtA0EtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0Fzy0CtC0EyEyCtGtAtA0DtAtG0E0ByC0CtGyDtA0A0BtGyDtA0DtAtA0CtAyCtAyDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztByB0F0AtD0CtG0ByE0E0AtGyE0A0AyBtGzytCzy0AtGzy0C0B0C0CyD0EtD0AtBtA0B2QtN0A0LzuyE%26cr%3D1347582360%26a%3Dwny_frmr_15_50_newdop%26os%3DWindows%2B8.1%2BEnterprise&p={searchTerms}
CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
2015-12-09 07:22 - 2015-12-09 07:22 - 0000000 _____ () C:\Users\Gojko\AppData\Roaming\3603.tmp
2015-12-09 07:22 - 2015-12-09 07:22 - 0000000 _____ () C:\Users\Gojko\AppData\Roaming\D9F9.tmp
2015-12-09 07:22 - 2015-12-09 07:22 - 0017047 _____ () C:\Users\Gojko\AppData\Roaming\rp.dll
2015-12-10 01:17 - 2015-12-10 01:17 - 0000017 _____ () C:\Users\Gojko\AppData\Local\resmon.resmoncfg


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Ko je trenutno na forumu
 

Ukupno su 955 korisnika na forumu :: 85 registrovanih, 8 sakrivenih i 862 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, aboris, AF-1, AleksSE, Alibaba1981, arzak, awathorn, bojank, Brada i Gibanica, BraneS, bufanje, burevesnik, ccoogg123, damirZR, Dannyboy, darcaud, Denaya, Djokkinen, dule10savic, ekser222, esx66, famoso, goran.vvv, Griffon vulture, HrcAk47, ILGromovnik, kairos, kaptain, konstruktor, Koridor, krkalon, Kruger, Krusarac, kunktator, kybonacci, Leonardo, Lord Nem, Markoni29, maskirovka, MB120mm, menges, mercedez, mgolub, Mixelotti, mnn2, MrNo, novator, ObelixSRB, ofbeyond, operniki, ostoja, panzerwaffe, pein, pericanet, perko91, prashinar, proleter373, raskoljnikov, RJ, rkekoke, robert1979, Rocker, S-lash, saputnik plavetnila, Skywhaler, slonic_tonic, Snorks, Sr.Stat., stagezin, stemark, StepskiVuk, strn, Toni, upitnik, Van, vathra, Vlada78, vobo, voja64, VojvodaMisic, W123, wizzardone, zalutalo prase, Zoca, Žukov