OPQZ. virus

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Poštovani,

Prilikom traženja nekog torrent fajla izgleda da sam pokupio virus koji mi je na sve fajlove u kompjuteru dodao ekstenziju .opqz i nijedan ne mogu da otvorim.

Na netu reklamiraju softver SpyHunter5 koji sam i instalirao i skenirao sa njim, međutim on neće da izbriše malware dok ne uplatim neke pare, pa mi je sve to pomalo sumnjivo.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-04-2020
Ran by Vlado (administrator) on VLADO-PC (21-04-2020 11:29:35)
Running from C:\Users\Vlado\Desktop
Loaded Profiles: Vlado (Available Profiles: Vlado)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Autodesk, Inc -> Autodesk Inc.) C:\Program Files\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Autodesk, Inc -> Autodesk Inc.) C:\Users\Vlado\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Autodesk, Inc -> Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Vlado\AppData\Roaming\uTorrent\helper\helper.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Vlado\AppData\Roaming\uTorrent\updates\3.5.5_45628\utorrentie.exe <2>
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Vlado\AppData\Roaming\uTorrent\uTorrent.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Mega Limited -> Mega Limited) C:\Users\Vlado\AppData\Local\MEGAsync\MEGAsync.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Power Software Ltd -> Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(SOFTPERFECT PTY. LTD. -> SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(The Chromium Authors) [File not signed] C:\Users\Vlado\AppData\Local\chromium\Application\chrome.exe <7>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [336992 2012-12-09] (Power Software Ltd -> Power Software Ltd)
HKLM\...\Run: [ADSKAppManager] => C:\Program Files\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-05] (Autodesk, Inc -> Autodesk Inc.)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [4462800 2014-11-25] (SOFTPERFECT PTY. LTD. -> SoftPerfect Research)
HKLM\...\Run: [Autodesk Sync] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-313114812-3662397513-2543398346-1000\...\Run: [avichannel] => "C:\Program Files\Evaer\videochannel.exe"
HKU\S-1-5-21-313114812-3662397513-2543398346-1000\...\Run: [Facebook Update] => C:\Users\Vlado\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-12-09] (Facebook, Inc. -> Facebook Inc.)
HKU\S-1-5-21-313114812-3662397513-2543398346-1000\...\Run: [uTorrent] => C:\Users\Vlado\AppData\Roaming\uTorrent\uTorrent.exe [2072816 2020-04-19] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-313114812-3662397513-2543398346-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-313114812-3662397513-2543398346-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1165704 2015-01-27] (Autodesk, Inc -> Autodesk, Inc.)
HKU\S-1-5-21-313114812-3662397513-2543398346-1000\...\Run: [Chromium] => "c:\users\vlado\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-313114812-3662397513-2543398346-1000\...\Policies\Explorer: []
HKU\S-1-5-21-313114812-3662397513-2543398346-1000\...\MountPoints2: {0197b94b-8517-11e4-8c0c-90e6bab9f9c3} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-313114812-3662397513-2543398346-1000\...\MountPoints2: {4ea7709f-a8b0-11e4-9ec4-90e6bab9f9c3} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-313114812-3662397513-2543398346-1000\...\MountPoints2: {88994314-27ec-11ea-b716-90e6bab9f9c3} - G:\LG_PC_Programs.exe
HKU\S-1-5-21-313114812-3662397513-2543398346-1000\...\MountPoints2: {daffaedd-6528-11e4-b397-806e6f6e6963} - E:\Launcher.exe
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1165704 2015-01-27] (Autodesk, Inc -> Autodesk, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-19] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2014-11-05]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () [File not signed]
Startup: C:\Users\Vlado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-08-10]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Vlado\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0797BC5E-2601-46C6-9B2F-C15DCD2DBB20} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-313114812-3662397513-2543398346-1000 => C:\Users\Vlado\AppData\Local\MEGAsync\MEGAupdater.exe [615160 2020-03-19] (Mega Limited -> Mega Limited)
Task: {129013B9-1788-4C11-8E84-C5D7C3F5ADC1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {1F8DECB9-4126-4A36-9777-3E1F6325E240} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-313114812-3662397513-2543398346-1000Core => C:\Users\Vlado\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-12-09] (Facebook, Inc. -> Facebook Inc.)
Task: {22308E89-217E-4729-954D-4216E37313B7} - System32\Tasks\{6D53D6E7-A964-68A0-A874-492258B53232} => C:\Users\Vlado\AppData\Roaming\6d53d6e7a96468a0a874492258b53232\Hudefun.exe [660480 2013-05-02] () [File not signed]
Task: {25CF973B-BF18-4E32-BA26-EA551EFB6311} - System32\Tasks\{42EA93F5-14AB-49D1-B70A-77539800AB9C} => C:\Users\Vlado\AppData\Roaming\.minecraft\MCLauncher.exe [6406144 2019-09-10] () [File not signed]
Task: {28FEFB53-BE77-4095-931A-E6E1A0777894} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {3D66F73F-9751-4319-9A28-3B068FD0C709} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {606F9CD2-7D60-40EF-9A7D-B40872BBD711} - System32\Tasks\{53B77FD5-E4CE-49DB-AEAC-B29CECD2786B} => C:\Windows\system32\pcalua.exe -a C:\Users\Vlado\Downloads\Framework35.exe -d C:\Users\Vlado\Downloads
Task: {618BB472-C6E6-42FA-AF37-AFB5C00335A0} - System32\Tasks\{A3DE1E99-11D4-4131-B550-2750134F6817} => C:\Windows\system32\pcalua.exe -a C:\Users\Vlado\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=pjr <==== ATTENTION
Task: {6F9D289E-C053-4BE8-A6C5-99665BEE616B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-313114812-3662397513-2543398346-1000UA => C:\Users\Vlado\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-12-09] (Facebook, Inc. -> Facebook Inc.)
Task: {73A2E3BE-BD7B-4B2E-86C8-343EC8804D1C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_344_pepper.exe [1453624 2020-04-01] (Adobe Inc. -> Adobe)
Task: {75B1214B-5441-4BF8-A863-BFCFEAA4B2D9} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {7C823EF5-0AF2-4F9F-B489-6C19DC8303B9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [282800 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {AC094CCB-8A52-47D4-896E-7819840A6102} - System32\Tasks\Advanced System Protector => C:\Program Files\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: {AF33F846-0CE4-4E7C-93DC-20FE4F2E1A5F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1051864 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {DA62D01B-FC16-4C0F-AB41-951101E2E626} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [3153408 2014-12-05] () [File not signed]
Task: {F0043CC0-88BA-4A80-A66D-6BA2E79B35EB} - System32\Tasks\LaunchPreSignup => C:\Program Files\OLBPre\OLBPre.exe <==== ATTENTION
Task: {F0ADF610-1109-434B-A400-243816030CC6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [282800 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {F7BE177C-1553-408E-9307-799EDAD79C52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {FA95EEE9-318A-4EC9-BD70-0FD09A409CF8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-04-01] (Adobe Inc. -> Adobe)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-313114812-3662397513-2543398346-1000Core.job => C:\Users\Vlado\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-313114812-3662397513-2543398346-1000UA.job => C:\Users\Vlado\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\{6D53D6E7-A964-68A0-A874-492258B53232}.job => C:\Users\Vlado\AppData\Roaming\6D53D6~1\Hudefun.exe <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0889F3B0-2D80-4791-9B1A-42677C6A17FA}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A13B1A09-9BC8-4AD2-9CF3-421889BAC552}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B0A2B1C3-68D8-48F9-BD5D-61C9220B26A2}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-313114812-3662397513-2543398346-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-313114812-3662397513-2543398346-1000 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-313114812-3662397513-2543398346-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-09-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_241\bin\ssv.dll [2020-01-21] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-09-16] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-01-21] (Oracle America, Inc. -> Oracle Corporation)
BHO: DIALux Browser Helper Object -> {F586CB96-7091-42ec-9829-F5D5CE65AFC1} -> C:\Program Files\DIAL GmbH\DIALux\Dialux.BHO_x86.dll [2016-03-08] (DIAL -> DIAL GmbH)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation -> Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1417447461&from=pjr&uid=WDCXWD3200AAKS-00L9A0_WD-WCAV2840790407904

FireFox:
========
FF DefaultProfile: es9va9vp.default-1417618522267-1572168325779
FF ProfilePath: C:\Users\Vlado\AppData\Roaming\Mozilla\Firefox\Profiles\es9va9vp.default-1417618522267-1572168325779 [2020-04-21]
FF Extension: (Mozilla Official) - C:\Users\Vlado\AppData\Roaming\Mozilla\Firefox\Profiles\es9va9vp.default-1417618522267-1572168325779\Extensions\{14553439-2741-4e9d-b474-784f336f58c9} [2020-03-25] [not signed]
FF Extension: (Greasemonkey) - C:\Users\Vlado\AppData\Roaming\Mozilla\Firefox\Profiles\es9va9vp.default-1417618522267-1572168325779\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2020-03-18]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Vlado\AppData\Roaming\Mozilla\Firefox\Profiles\tu5jahuc.default\extensions\faststartff@gmail.com => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-29] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-313114812-3662397513-2543398346-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Vlado\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Software Sarl -> Skype Limited)
FF Plugin HKU\S-1-5-21-313114812-3662397513-2543398346-1000: SkypePlugin -> C:\Users\Vlado\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi.dll [2017-04-18] (Microsoft Corporation -> Skype Technologies S.A.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default [2020-04-21]
CHR DefaultSearchURL: Default -> hxxp://www.blpsearch.com/search?sid=750&aid={APPID}&itype=u&src=ds&p={searchTerms}&tm=0
CHR DefaultSearchKeyword: Default -> BLPSearch
CHR Extension: (Презентације) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-27]
CHR Extension: (Документи) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-24]
CHR Extension: (Google диск) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Touch VPN - Secure and unlimited VPN proxy) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\bihmplhobchoageeokmgbdihknkjbknd [2020-03-19]
CHR Extension: (Skype pozivanje) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2015-11-02]
CHR Extension: (YouTube) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-03-06]
CHR Extension: (Табеле) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-24]
CHR Extension: (Free Smileys & Emoticons) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl [2015-10-09]
CHR Extension: (Google документи офлајн) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-21]
CHR Extension: (SearchApp - Entertainment) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdnjppmfcllfcclhbfmlkbdmldpojheg [2017-08-26]
CHR Extension: (Bazz Search) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\inafjghmmkmiobijhbgkfekenbfbklhb [2020-03-25]
CHR Extension: (MOS-cow) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\khdhonhlcplccoojleafjbooiopjcmad [2018-10-05]
CHR Extension: (Video DownloadHelper) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2020-04-01]
CHR Extension: (Google провера поште) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2016-04-02]
CHR Extension: (SearchApp - Entertainment) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\mopdmcedkloeiggmjnofcaebgcoofjlm [2017-08-26]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (book_helper) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\oecimljnlbibpobkpgkcengcioafchma [2020-03-25]
CHR Extension: (Gmail) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2002-01-01]
CHR Extension: (Chrome Media Router) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-21]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM\...\Chrome\Extension: [fjbbjfdilbioabojmcplalojlmdngbjl] - C:\Users\Vlado\AppData\Local\Temp\swlfiles\smileyswelovetoolbar.crx [2014-03-29]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk, Inc -> Autodesk Inc.)
R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [88648 2020-02-25] (Adobe Inc. -> Adobe Systems)
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [176128 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc -> Autodesk, Inc.)
S3 DialComService; C:\Program Files\DIAL GmbH\DIAL Communication Framework\DialComService.exe [2183440 2014-12-10] (DIAL -> DIAL GmbH)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [9412320 2020-04-21] (EnigmaSoft Limited -> EnigmaSoft Limited)
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1104128 2015-04-18] (Flexera Software LLC -> Flexera Software LLC)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [419040 2020-04-21] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe -service [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [7772160 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [243712 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1570304 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [7772160 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R3 EnigmaFileMonDriver; C:\Windows\System32\drivers\EnigmaFileMonDriver.sys [60232 2020-04-21] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 Haspnt; C:\Windows\system32\drivers\Haspnt.sys [47616 2017-01-27] (Aladdin Knowledge Systems) [File not signed]
S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2013-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [14848 2010-06-19] (Microsoft Windows Hardware Compatibility Publisher -> Siliten)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 networx; C:\Windows\System32\drivers\networx.sys [55288 2014-11-03] (SOFTPERFECT PTY. LTD. -> NetFilterSDK.com)
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [139776 2009-07-14] (Microsoft Windows -> Realtek Corporation )
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [113168 2012-12-09] (Power Software Ltd -> Power Software Ltd)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-21 11:29 - 2020-04-21 11:31 - 000024409 _____ C:\Users\Vlado\Desktop\FRST.txt
2020-04-21 11:29 - 2020-04-21 11:30 - 000000000 ____D C:\FRST
2020-04-21 11:27 - 2020-04-21 11:27 - 002009600 _____ (Farbar) C:\Users\Vlado\Desktop\FRST.exe
2020-04-21 09:36 - 2020-04-21 09:37 - 000352641 _____ C:\Users\Vlado\Downloads\archive (1).zip
2020-04-21 09:28 - 2020-04-21 11:26 - 000060232 _____ (EnigmaSoft Limited) C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys
2020-04-21 09:28 - 2020-04-21 09:28 - 000001163 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2020-04-21 09:28 - 2020-04-21 09:28 - 000001163 _____ C:\ProgramData\Desktop\SpyHunter5.lnk
2020-04-21 09:28 - 2020-04-21 09:28 - 000000000 ____D C:\sh5ldr
2020-04-21 09:28 - 2020-04-21 09:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2020-04-21 09:28 - 2020-04-21 09:28 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2020-04-21 09:27 - 2020-04-21 09:27 - 000000000 ____D C:\Program Files\EnigmaSoft
2020-04-21 09:26 - 2020-04-21 09:27 - 006455520 _____ (EnigmaSoft Limited) C:\Users\Vlado\Downloads\SpyHunter-Installer.exe
2020-04-21 09:09 - 2020-04-21 11:26 - 000000000 ____D C:\Users\Vlado\AppData\LocalLow\uTorrent
2020-04-19 15:21 - 2020-04-19 15:21 - 000199436 _____ C:\Users\Vlado\Downloads\3SU10513AB420AK0_datasheet_en (1).pdf
2020-04-19 12:57 - 2020-04-19 12:57 - 005018048 _____ C:\Users\Vlado\Downloads\3RV2011-4AA10_G_NSA0_XX_93050V.tif
2020-04-19 12:36 - 2020-04-19 12:36 - 000199436 _____ C:\Users\Vlado\Downloads\3SU10513AB420AK0_datasheet_en.pdf
2020-04-19 12:12 - 2020-04-19 12:12 - 000313596 _____ C:\Users\Vlado\Downloads\3RV20114AA10_datasheet_en.pdf
2020-03-31 19:12 - 2020-03-31 19:12 - 000099936 _____ C:\Users\Vlado\Downloads\Easy9_EZ9E112P2S_document.pdf
2020-03-31 18:45 - 2020-03-31 20:06 - 000040883 _____ C:\Users\Vlado\Documents\Kanal 2D.dwg
2020-03-31 16:42 - 2020-04-01 22:40 - 000098640 _____ C:\Users\Vlado\Documents\Kanal 3D.dwg
2020-03-31 16:42 - 2020-04-01 18:10 - 000101556 _____ C:\Users\Vlado\Documents\Kanal 3D.bak
2020-03-26 21:12 - 2020-03-26 21:12 - 000115909 _____ C:\Users\Vlado\Desktop\Drawing1.vsdx
2020-03-26 21:12 - 2020-03-26 21:12 - 000092131 _____ C:\Users\Vlado\Desktop\Drawing1.pdf
2020-03-26 17:35 - 2020-04-21 09:35 - 000000196 _____ C:\Users\Vlado\AppData\Roaming\WB.CFG
2020-03-26 17:19 - 2020-03-26 17:24 - 396579752 _____ (Microsoft Corporation) C:\Users\Vlado\Downloads\VisioProfessional_x86_en-us (1).exe
2020-03-26 17:19 - 2020-03-26 17:19 - 000001126 _____ C:\Users\Vlado\Desktop\New Electra Drawing.lnk
2020-03-26 17:19 - 2020-03-26 17:19 - 000000000 ____D C:\Users\Vlado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Radica Software
2020-03-26 17:19 - 2020-03-26 17:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radica Software
2020-03-26 17:19 - 2020-03-26 17:19 - 000000000 ____D C:\Program Files\Radica
2020-03-26 17:17 - 2020-03-26 17:17 - 013677616 _____ C:\Users\Vlado\Downloads\E8Trials_R1113.exe
2020-03-25 22:21 - 2020-03-25 22:21 - 000001115 _____ C:\Users\Vlado\_readme.txt
2020-03-25 22:21 - 2020-03-25 22:21 - 000001115 _____ C:\_readme.txt
2020-03-25 22:20 - 2020-03-25 22:29 - 000000000 ____D C:\ProgramData\Voyasollam
2020-03-25 22:20 - 2020-03-25 22:29 - 000000000 ____D C:\ProgramData\Logic Cramble
2020-03-25 22:20 - 2020-03-25 22:29 - 000000000 ____D C:\Program Files\Common Files\Driptex
2020-03-25 22:20 - 2020-03-25 22:20 - 008509952 _____ C:\Users\Vlado\AppData\Local\agent.dat
2020-03-25 22:20 - 2020-03-25 22:20 - 002160800 _____ C:\Users\Vlado\AppData\Local\DingSunlight.tst
2020-03-25 22:20 - 2020-03-25 22:20 - 001895382 _____ C:\Users\Vlado\AppData\Local\Xxx-tough.bin
2020-03-25 22:20 - 2020-03-25 22:20 - 000126464 _____ C:\Users\Vlado\AppData\Local\noah.dat
2020-03-25 22:20 - 2020-03-25 22:20 - 000069888 _____ C:\Users\Vlado\AppData\Local\Config.xml
2020-03-25 22:20 - 2020-03-25 22:20 - 000018432 _____ C:\Users\Vlado\AppData\Local\Main.dat
2020-03-25 22:20 - 2020-03-25 22:20 - 000000049 _____ C:\Users\Vlado\AppData\Local\script.ps1
2020-03-25 22:20 - 2020-03-25 22:20 - 000000000 ____D C:\ProgramData\QUMOWPTCDXAZQ31MG8XSCOHCQ
2020-03-25 22:19 - 2020-03-25 22:29 - 000000000 ____D C:\Users\Vlado\AppData\Roaming\SearchNewTab
2020-03-25 22:19 - 2020-03-25 22:29 - 000000000 ____D C:\Users\Vlado\AppData\Local\ScrSnap
2020-03-25 22:19 - 2020-03-25 22:29 - 000000000 ____D C:\ProgramData\CloudPrinter
2020-03-25 22:19 - 2020-03-25 22:29 - 000000000 ____D C:\Program Files\DreamTrips
2020-03-25 22:19 - 2020-03-25 22:20 - 000005568 _____ C:\Users\Vlado\AppData\Local\md.xml
2020-03-25 22:19 - 2020-03-25 22:19 - 000142336 _____ C:\Users\Vlado\AppData\Local\installer.dat
2020-03-25 22:19 - 2020-03-25 22:19 - 000126464 _____ C:\Users\Vlado\AppData\Local\lobby.dat
2020-03-25 22:19 - 2020-03-25 22:19 - 000068471 _____ C:\Users\Vlado\AppData\Local\Nimphase.tst
2020-03-25 22:19 - 2020-03-25 22:19 - 000045056 _____ C:\Users\Vlado\AppData\Local\ApplicationHosting.dat
2020-03-25 22:19 - 2020-03-25 22:19 - 000016896 _____ C:\Users\Vlado\AppData\Local\InstallationConfiguration.xml
2020-03-25 22:19 - 2020-03-25 22:19 - 000000560 _____ C:\Users\Vlado\AppData\Local\bowsakkdestx.txt
2020-03-25 22:19 - 2020-03-25 22:19 - 000000000 ____D C:\Users\Vlado\AppData\Roaming\Python
2020-03-25 22:19 - 2020-03-25 22:19 - 000000000 ____D C:\SystemID
2020-03-25 22:19 - 2020-03-25 22:19 - 000000000 ____D C:\Program Files (x86)
2020-03-25 22:18 - 2020-03-25 22:29 - 000000000 ____D C:\Program Files\GHJK
2020-03-25 22:18 - 2020-03-25 22:29 - 000000000 ____D C:\Program Files\DiskFixer
2020-03-25 22:18 - 2020-03-25 22:29 - 000000000 ____D C:\Program Files\8SBHX0BWWW
2020-03-25 22:18 - 2020-03-25 22:18 - 000000000 ____D C:\Users\Vlado\AppData\Local\MediaHuman
2020-03-25 22:18 - 2020-03-25 22:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHuman
2020-03-25 22:18 - 2020-03-25 22:18 - 000000000 ____D C:\Program Files\MediaHuman
2020-03-25 22:17 - 2020-03-25 22:17 - 005537310 _____ C:\Users\Vlado\Downloads\cofaso-full-(zabranjeno)--_32265361.zip
2020-03-25 21:47 - 2020-03-25 22:29 - 000000000 ___SD C:\Users\Vlado\Documents\My Shapes
2020-03-25 21:45 - 2020-03-25 21:46 - 000076457 _____ C:\Users\Vlado\Downloads\Easy Pragma_EZ9E108P2S.pdf
2020-03-25 21:40 - 2020-03-25 21:40 - 396579752 _____ (Microsoft Corporation) C:\Users\Vlado\Downloads\VisioProfessional_x86_en-us.exe
2020-03-25 21:36 - 2020-03-25 21:36 - 000002257 _____ C:\Users\Vlado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2020-03-25 21:36 - 2020-03-25 21:36 - 000000000 ____D C:\Users\Vlado\AppData\Local\chromium
2020-03-25 21:35 - 2020-04-21 10:35 - 000000276 _____ C:\Windows\Tasks\{6D53D6E7-A964-68A0-A874-492258B53232}.job
2020-03-25 21:35 - 2020-03-25 21:37 - 000000000 ____D C:\Users\Vlado\AppData\Local\{12582404-36F0-48BC-5B68-6D547F0091CC}
2020-03-25 21:35 - 2020-03-25 21:35 - 000003216 _____ C:\Windows\system32\Tasks\{6D53D6E7-A964-68A0-A874-492258B53232}
2020-03-25 21:35 - 2020-03-25 21:35 - 000001282 _____ C:\Users\Vlado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk
2020-03-25 21:35 - 2020-03-25 21:35 - 000000000 ____D C:\Users\Vlado\AppData\Roaming\6d53d6e7a96468a0a874492258b53232
2020-03-25 21:33 - 2020-03-25 21:33 - 003043328 _____ (Bedun ) C:\Users\Vlado\Downloads\VisioProfessional_x86_en-us_1268664424.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-21 11:31 - 2014-11-05 22:43 - 000000000 ____D C:\Users\Vlado\AppData\Roaming\uTorrent
2020-04-21 11:25 - 2014-12-09 18:20 - 000000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-313114812-3662397513-2543398346-1000UA.job
2020-04-21 11:25 - 2002-01-01 22:15 - 000000000 ____D C:\Users\Vlado\AppData\Local\BitTorrentHelper
2020-04-21 11:24 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-04-21 09:16 - 2009-07-14 06:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-04-21 09:16 - 2009-07-14 06:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-04-21 09:13 - 2010-11-20 23:01 - 000785302 _____ C:\Windows\system32\PerfStringBackup.INI
2020-04-21 09:13 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2020-04-21 09:09 - 2014-11-11 18:52 - 000000000 ____D C:\Windows\system32\Macromed
2020-04-19 13:37 - 2015-10-09 21:20 - 000000000 ____D C:\Users\Vlado\AppData\Local\ElevatedDiagnostics
2020-04-19 11:19 - 2014-12-31 14:23 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-01 17:25 - 2014-12-09 18:20 - 000000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-313114812-3662397513-2543398346-1000Core.job
2020-04-01 14:42 - 2015-04-18 16:09 - 000000000 ____D C:\Users\Vlado\Documents\Inventor Server SDK ACAD 2016
2020-04-01 14:25 - 2014-11-11 18:52 - 000000000 ____D C:\Users\Vlado\AppData\Local\Adobe
2020-04-01 14:17 - 2017-03-23 20:08 - 000004474 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-04-01 14:17 - 2014-11-11 18:52 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2020-04-01 14:17 - 2014-11-11 18:52 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2020-03-31 16:12 - 2009-07-14 06:33 - 000507040 _____ C:\Windows\system32\FNTCACHE.DAT
2020-03-26 17:36 - 2014-11-05 22:44 - 000143536 _____ C:\Users\Vlado\AppData\Local\GDIPFONTCACHEV1.DAT
2020-03-26 17:28 - 2014-11-10 17:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-03-26 17:28 - 2014-11-10 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2020-03-26 17:28 - 2009-07-14 04:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-03-25 22:31 - 2014-11-05 22:31 - 000000000 ____D C:\Users\Vlado
2020-03-25 22:30 - 2020-01-02 18:14 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-03-25 22:29 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\registration
2020-03-25 22:28 - 2014-11-10 17:24 - 000000000 ____D C:\Program Files\Microsoft Office
2020-03-25 22:28 - 2014-11-10 17:23 - 000000000 __RHD C:\MSOCache
2020-03-25 22:21 - 2014-12-16 13:34 - 000000000 ____D C:\Temp
2020-03-25 22:21 - 2002-01-01 21:14 - 000000000 __SHD C:\found.000
2020-03-25 21:19 - 2014-12-31 14:21 - 000003354 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-25 21:19 - 2014-12-31 14:21 - 000003226 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories ========

2014-12-01 17:25 - 2014-12-01 17:25 - 001519576 _____ (Cinema VideoV01.12) C:\Users\Vlado\AppData\Roaming\DON.exe
2017-08-26 19:11 - 2017-08-26 19:10 - 000276104 _____ (Rational Intellectual Holdings Ltd.) C:\Users\Vlado\AppData\Roaming\fme.exe
2014-12-01 17:25 - 2014-12-01 17:25 - 001847256 _____ (Cinema VideoV01.12) C:\Users\Vlado\AppData\Roaming\LERRUI.exe
2020-03-26 17:35 - 2020-04-21 09:35 - 000000196 _____ () C:\Users\Vlado\AppData\Roaming\WB.CFG
2020-03-25 22:20 - 2020-03-25 22:20 - 008509952 _____ () C:\Users\Vlado\AppData\Local\agent.dat
2020-03-25 22:19 - 2020-03-25 22:19 - 000045056 _____ () C:\Users\Vlado\AppData\Local\ApplicationHosting.dat
2020-03-25 22:19 - 2020-03-25 22:19 - 000000560 _____ () C:\Users\Vlado\AppData\Local\bowsakkdestx.txt
2020-03-25 22:20 - 2020-03-25 22:20 - 000069888 _____ () C:\Users\Vlado\AppData\Local\Config.xml
2020-03-25 22:20 - 2020-03-25 22:20 - 002160800 _____ () C:\Users\Vlado\AppData\Local\DingSunlight.tst
2020-03-25 22:19 - 2020-03-25 22:19 - 000016896 _____ () C:\Users\Vlado\AppData\Local\InstallationConfiguration.xml
2020-03-25 22:19 - 2020-03-25 22:19 - 000142336 _____ () C:\Users\Vlado\AppData\Local\installer.dat
2020-03-25 22:19 - 2020-03-25 22:19 - 000126464 _____ () C:\Users\Vlado\AppData\Local\lobby.dat
2020-03-25 22:20 - 2020-03-25 22:20 - 000018432 _____ () C:\Users\Vlado\AppData\Local\Main.dat
2020-03-25 22:19 - 2020-03-25 22:20 - 000005568 _____ () C:\Users\Vlado\AppData\Local\md.xml
2020-03-25 22:19 - 2020-03-25 22:19 - 000068471 _____ () C:\Users\Vlado\AppData\Local\Nimphase.tst
2020-03-25 22:20 - 2020-03-25 22:20 - 000126464 _____ () C:\Users\Vlado\AppData\Local\noah.dat
2020-03-25 22:20 - 2020-03-25 22:20 - 000000049 _____ () C:\Users\Vlado\AppData\Local\script.ps1
2020-03-25 22:20 - 2020-03-25 22:20 - 001895382 _____ () C:\Users\Vlado\AppData\Local\Xxx-tough.bin
2015-03-16 01:15 - 2015-03-16 01:15 - 000000000 _____ () C:\Users\Vlado\AppData\Local\{B14132B1-D467-4D75-945E-07FA3F98D56D}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-04-19 13:30
==================== End of FRST.txt ========================
mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nazalost, dobio si ransomware, koji je kriptovao sve tvoje fajlove.

https://www.mycity.rs/Zastita/Ransomware-kriptovir.....oWall.html

Mozes proveriti dostupnost alata za dekripciju na ovim sajtovima, ali mislim da je mrka kapa:

https://id-ransomware.malwarehunterteam.com/
https://www.nomoreransom.org/crypto-sheriff.php?lang=en
https://support.emsisoft.com/topic/33040-opqz-ransomware/
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/