Napunio se racunar malware

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Pozdrav drustvo,

Racunar je pun nekog malware plus sam zbog nekog (zabranjeno)a instalirao jos ko zna sta. Pa mi avira prijavljuje viruse, na chrome mi sam otvara neke stranice, racunar je usporen. Pa kad budete slobodni ako moze provera i ciscenje.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by ExplorerKL1 (administrator) on EXPLORERKL1-PC (10-03-2018 08:29:32)
Running from C:\Users\ExplorerKL1\Desktop
Loaded Profiles: ExplorerKL1 (Available Profiles: ExplorerKL1)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Window\Task.exe
() C:\Window\System.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Avira Operations Gmbh & Co. KG) C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-02-05] (Avira Operations GmbH & Co. KG)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8BFD7807-14D6-4D62-A0FA-602930D83C12}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-2395103546-697146390-1403670048-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180309__yaie
HKU\S-1-5-21-2395103546-697146390-1403670048-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2395103546-697146390-1403670048-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180309__yaie&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-09-19] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-19] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: ekbkqmrx.default
FF ProfilePath: C:\Users\ExplorerKL1\AppData\Roaming\Mozilla\Firefox\Profiles\ekbkqmrx.default [2018-03-09]
FF Homepage: Mozilla\Firefox\Profiles\ekbkqmrx.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180309__yaff
FF NewTab: Mozilla\Firefox\Profiles\ekbkqmrx.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180309__yaff
FF Extension: (Avira Browser Safety) - C:\Users\ExplorerKL1\AppData\Roaming\Mozilla\Firefox\Profiles\ekbkqmrx.default\Extensions\abs@avira.com.xpi [2018-01-11]
FF Extension: (Quick Searcher) - C:\Users\ExplorerKL1\AppData\Roaming\Mozilla\Firefox\Profiles\ekbkqmrx.default\Extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233 [2018-03-09]
FF Extension: (Avira Password Manager) - C:\Users\ExplorerKL1\AppData\Roaming\Mozilla\Firefox\Profiles\ekbkqmrx.default\Extensions\passwordmanager@avira.com.xpi [2018-01-11]
FF SearchPlugin: C:\Users\ExplorerKL1\AppData\Roaming\Mozilla\Firefox\Profiles\ekbkqmrx.default\searchplugins\yahoo-lavasoft.xml [2018-03-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-06] ()
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\dsengine.js [2018-03-09] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\dsengine.cfg [2018-03-09] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\ExplorerKL1\AppData\Local\Google\Chrome\User Data\Default [2018-03-10]
CHR Extension: (Avira Password Manager) - C:\Users\ExplorerKL1\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2018-03-08]
CHR Extension: (Avira Browser Safety) - C:\Users\ExplorerKL1\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-09-22]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\ExplorerKL1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2017-12-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ExplorerKL1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-22]
CHR Extension: (Quick Searcher) - C:\Users\ExplorerKL1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\ExplorerKL1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-24]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1136744 2018-02-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [492560 2018-02-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [492560 2018-02-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1533608 2018-02-16] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [449240 2018-02-05] (Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2938504 2018-02-15] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [338728 2018-02-06] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [102304 2018-01-22] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-12-14] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-12-14] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-02-26] (Dropbox, Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-08-25] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757552 2017-12-05] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-09-14] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [196344 2017-12-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153552 2018-02-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-09-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-09-14] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2017-09-14] (Avira Operations GmbH & Co. KG)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-05-27] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-05-27] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-05-27] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-08-22] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-08-22] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-08-22] (NVIDIA Corporation)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-10 08:29 - 2018-03-10 08:29 - 000016529 _____ C:\Users\ExplorerKL1\Desktop\FRST.txt
2018-03-10 08:29 - 2018-03-10 08:29 - 000000000 ____D C:\FRST
2018-03-10 08:28 - 2018-03-10 08:28 - 002403328 _____ (Farbar) C:\Users\ExplorerKL1\Desktop\FRST64.exe
2018-03-09 16:03 - 2018-03-10 07:56 - 000000004 _____ C:\ProgramData\lock.dat
2018-03-09 16:03 - 2018-03-09 16:03 - 000000004 _____ C:\ProgramData\rwi.jhad
2018-03-09 16:00 - 2018-03-09 16:00 - 000000000 ____D C:\Windows\pss
2018-03-09 15:43 - 2018-03-09 15:43 - 000003460 _____ C:\Windows\System32\Tasks\passtask
2018-03-09 15:41 - 2018-03-09 15:59 - 000000000 ___HD C:\Window
2018-03-09 15:41 - 2018-03-09 15:41 - 000003462 _____ C:\Windows\System32\Tasks\SystemMicrosoft
2018-03-09 15:41 - 2018-03-09 15:41 - 000003458 _____ C:\Windows\System32\Tasks\SystemMicrosof
2018-03-09 15:41 - 2018-03-09 15:41 - 000000000 ___HD C:\System64
2018-03-09 15:32 - 2018-03-09 15:32 - 000000000 ____D C:\Users\ExplorerKL1\AppData\Roaming\DreamScreen
2018-03-09 15:32 - 2018-03-09 15:32 - 000000000 ____D C:\ProgramData\DreamCompress
2018-03-09 15:32 - 2018-03-09 15:32 - 000000000 ____D C:\ProgramData\CupCheck
2018-03-09 15:29 - 2018-03-10 07:58 - 000000000 ____D C:\Windows\SysWOW64\dmdlseba
2018-03-09 15:29 - 2018-03-09 16:51 - 000000000 ____D C:\ProgramData\cca7751d26d04021b4252a8eddd9b6ff
2018-03-09 15:29 - 2018-03-09 16:42 - 000000000 ____D C:\Users\ExplorerKL1\AppData\Roaming\efcfd423f2f14d8495021cda25a983a5
2018-03-09 15:29 - 2018-03-09 16:02 - 000000410 __RSH C:\ProgramData\ntuser.pol
2018-03-09 15:29 - 2018-03-09 15:31 - 000000000 ____D C:\Program Files (x86)\texttotalk
2018-03-09 15:29 - 2018-03-09 15:29 - 000004564 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_VO
2018-03-09 15:29 - 2018-03-09 15:29 - 000004552 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_UA
2018-03-09 15:29 - 2018-03-09 15:29 - 000004552 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_AA
2018-03-09 15:29 - 2018-03-09 15:29 - 000004540 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_NJ
2018-03-09 15:29 - 2018-03-09 15:29 - 000004480 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_NM
2018-03-09 15:29 - 2018-03-09 15:29 - 000003640 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 2796787680
2018-03-09 15:29 - 2018-03-09 15:29 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2018-03-09 15:29 - 2018-03-09 15:29 - 000000000 ____D C:\Users\ExplorerKL1\AppData\Roaming\OneSystemCare
2018-03-09 15:29 - 2018-03-09 15:29 - 000000000 ____D C:\Users\ExplorerKL1\AppData\Roaming\d7d16848a28d4fe3bdea0fe630fe580d
2018-03-09 15:29 - 2018-03-09 15:29 - 000000000 ____D C:\Users\ExplorerKL1\AppData\Local\Optimizer
2018-03-09 15:29 - 2018-03-09 15:29 - 000000000 ____D C:\ProgramData\addaad60-4bf7-0
2018-03-09 15:29 - 2018-03-09 15:29 - 000000000 ____D C:\ProgramData\addaad60-0f53-1
2018-03-09 15:29 - 2018-03-09 15:29 - 000000000 ____D C:\ProgramData\40beea9d24604c1e865adc5cf2d8a300
2018-03-09 15:29 - 2018-03-09 15:29 - 000000000 ____D C:\ProgramData\00fddc1a57e944b8892e044145689415
2018-03-09 15:28 - 2018-03-10 07:58 - 000000000 ____D C:\ProgramData\dahjService
2018-03-09 15:28 - 2018-03-09 15:28 - 000003688 _____ C:\Windows\System32\Tasks\{0B3FCA9E-9E9C-4CA6-86C6-BE5595E2F366}
2018-03-09 15:28 - 2018-03-09 15:28 - 000003498 _____ C:\Windows\System32\Tasks\{190A9A6C-0823-4F05-922B-0223A1745E8D}
2018-03-09 15:28 - 2018-03-09 15:28 - 000000003 _____ C:\Users\ExplorerKL1\AppData\Local\wbem.ini
2018-03-09 15:28 - 2018-03-09 15:28 - 000000000 ____D C:\Users\ExplorerKL1\AppData\Local\FastDataX
2018-03-09 15:28 - 2018-03-09 15:28 - 000000000 ____D C:\ProgramData\423b5284-7fc7-0
2018-03-09 15:28 - 2018-03-09 15:28 - 000000000 ____D C:\ProgramData\423b5284-5ec3-1
2018-03-09 15:24 - 2018-03-09 15:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-03-09 15:18 - 2018-03-09 15:18 - 003114288 _____ (BitTorrent Inc.) C:\Users\ExplorerKL1\Downloads\uTorrent.exe
2018-03-09 15:17 - 2018-03-09 15:17 - 002740672 _____ C:\Users\ExplorerKL1\Downloads\Password_Recovery_Bundle_2016_(zabranjeno)_Plus_Serial_Ke.exe
2018-03-09 15:16 - 2015-07-18 14:08 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-03-09 15:16 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-03-09 15:15 - 2018-03-09 15:15 - 000001812 _____ C:\Users\ExplorerKL1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
2018-03-09 15:04 - 2018-03-09 15:05 - 020159304 _____ C:\Users\ExplorerKL1\Downloads\utweb_installer.exe
2018-03-09 15:04 - 2018-03-09 15:04 - 000000547 _____ C:\Users\ExplorerKL1\Downloads\Password_Recovery_Bundle_2016_(zabranjeno)_Plus_Serial_Ke.torrent
2018-03-09 15:04 - 2018-03-09 15:04 - 000000547 _____ C:\Users\ExplorerKL1\Downloads\Password_Recovery_Bundle_2016_(zabranjeno)_Plus_Serial_Ke (1).torrent
2018-03-09 14:28 - 2018-03-09 14:29 - 042774208 _____ (Top Password Software, Inc. ) C:\Users\ExplorerKL1\Downloads\password_recovery_bundle_trial.exe
2018-03-09 09:01 - 2018-03-09 11:42 - 000000000 ____D C:\Users\ExplorerKL1\Desktop\Primopredaje Ljubica
2018-03-08 16:31 - 2018-03-08 16:31 - 000000000 ____D C:\Users\ExplorerKL1\Desktop\2018-03-08
2018-03-08 15:55 - 2018-03-09 08:38 - 000000000 ____D C:\Users\ExplorerKL1\Desktop\Suveniri
2018-03-08 15:55 - 2018-03-08 15:55 - 000000000 ____D C:\Users\ExplorerKL1\Desktop\Operativa i ostali
2018-03-07 20:38 - 2018-03-09 11:36 - 000000000 ____D C:\Users\ExplorerKL1\Desktop\POPIS
2018-03-07 13:03 - 2018-03-07 13:03 - 000027080 _____ C:\Users\ExplorerKL1\Downloads\BoardingCard_163597173_TGD_BUD.pkpass
2018-03-06 16:14 - 2018-03-06 16:14 - 001902382 _____ C:\Users\ExplorerKL1\Downloads\images (41).pdf
2018-03-06 08:00 - 2018-03-10 08:00 - 000000000 ____D C:\Users\Public\Speedup Sessions
2018-03-05 15:40 - 2018-03-05 15:40 - 001653844 _____ C:\Users\ExplorerKL1\Downloads\images (40).pdf
2018-03-01 11:29 - 2018-03-01 11:29 - 001716281 _____ C:\Users\ExplorerKL1\Downloads\images (39).pdf
2018-03-01 08:10 - 2018-03-01 08:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-02-26 12:24 - 2018-02-26 12:24 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-02-26 12:24 - 2018-02-26 12:24 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-02-26 12:24 - 2018-02-26 12:24 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-02-26 12:24 - 2018-02-26 12:24 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-02-21 08:14 - 2018-02-21 08:14 - 000001116 _____ C:\Users\Public\Desktop\Avira.lnk
2018-02-20 10:48 - 2018-02-20 10:48 - 000329793 _____ C:\Users\ExplorerKL1\Downloads\Zakon o zdravstvenom osiguranju.pdf
2018-02-20 09:07 - 2018-02-20 09:07 - 001418739 _____ C:\Users\ExplorerKL1\Downloads\ilovepdf_jpg_to_pdf (13).pdf
2018-02-19 10:09 - 2018-02-19 10:09 - 000410714 _____ C:\Users\ExplorerKL1\Downloads\ilovepdf_jpg_to_pdf (12).pdf
2018-02-19 10:08 - 2018-02-19 10:08 - 000475726 _____ C:\Users\ExplorerKL1\Downloads\ilovepdf_jpg_to_pdf (11).pdf
2018-02-19 10:05 - 2018-02-19 10:05 - 000475726 _____ C:\Users\ExplorerKL1\Downloads\ilovepdf_jpg_to_pdf (10).pdf
2018-02-17 15:19 - 2018-02-17 15:20 - 000000000 ____D C:\Users\ExplorerKL1\Desktop\QUADs and SNOWMOBILES
2018-02-16 17:58 - 2018-02-16 17:58 - 000012059 _____ C:\Users\ExplorerKL1\Downloads\2. MTO 7 osoba 17.02-24.02..xlsx
2018-02-16 17:58 - 2018-02-16 17:58 - 000011230 _____ C:\Users\ExplorerKL1\Downloads\1. MTO 8 osoba 17.02-24.02..xlsx
2018-02-16 14:56 - 2018-02-16 14:56 - 001518051 _____ C:\Users\ExplorerKL1\Downloads\images (38).pdf
2018-02-16 08:40 - 2018-02-16 08:40 - 000430942 _____ C:\Users\ExplorerKL1\Downloads\ecv_Slobodan Djurovic.pdf
2018-02-15 10:49 - 2018-02-15 10:49 - 000018511 _____ C:\Users\ExplorerKL1\Downloads\CE CACEIS Velicine.xlsx
2018-02-15 10:44 - 2018-02-15 10:44 - 000017538 _____ C:\Users\ExplorerKL1\Downloads\Luminalis Seraton 20-27.02. 88 osoba.xlsx
2018-02-14 12:17 - 2018-02-14 12:17 - 000018430 _____ C:\Users\ExplorerKL1\Downloads\Luminalis 90 osoba 20.02-27.02. Sheraton.xlsx
2018-02-12 18:20 - 2018-02-12 18:20 - 001413999 _____ C:\Users\ExplorerKL1\Downloads\RAFTING MEHR AKTIV (wecompress.com) (2).pptx
2018-02-12 17:35 - 2018-03-08 15:54 - 000000000 ____D C:\Users\ExplorerKL1\Desktop\Prezentacije
2018-02-12 17:30 - 2018-02-12 17:30 - 001433204 _____ C:\Users\ExplorerKL1\Downloads\RAFTING MEHR AKTIV (wecompress.com) (1).pptx
2018-02-12 16:03 - 2018-02-12 16:03 - 001266157 _____ C:\Users\ExplorerKL1\Downloads\RAFTING MEHR AKTIV (wecompress.com).pptx
2018-02-12 12:58 - 2018-02-12 12:58 - 000385161 _____ C:\Users\ExplorerKL1\Downloads\ilovepdf_jpg_to_pdf (9).pdf
2018-02-12 08:22 - 2018-02-12 08:22 - 000038450 _____ C:\Users\ExplorerKL1\Downloads\instructions.pdf
2018-02-12 08:21 - 2018-02-12 08:21 - 000243478 _____ C:\Users\ExplorerKL1\Downloads\T21285787.pdf
2018-02-12 08:20 - 2018-02-12 08:20 - 000246141 _____ C:\Users\ExplorerKL1\Downloads\GoEuro_62b21c09_invoice.pdf
2018-02-12 08:19 - 2018-02-12 08:19 - 000103673 _____ C:\Users\ExplorerKL1\Downloads\GoEuro_62b21c09_tickets.pdf
2018-02-09 18:27 - 2018-03-08 15:54 - 000000000 ____D C:\Users\ExplorerKL1\Desktop\Troškovnici
2018-02-09 18:26 - 2018-03-08 15:56 - 000000000 ____D C:\Users\ExplorerKL1\Desktop\Fakture i profakture
2018-02-09 16:13 - 2018-02-09 16:13 - 000671731 _____ C:\Users\ExplorerKL1\Downloads\Novartis predračun.pdf
2018-02-08 14:19 - 2018-02-08 14:19 - 000817802 _____ C:\Users\ExplorerKL1\Downloads\images (37).pdf
2018-02-08 14:17 - 2018-02-08 14:17 - 000928436 _____ C:\Users\ExplorerKL1\Downloads\images (36).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-10 08:26 - 2017-09-18 18:05 - 000000000 ____D C:\Users\ExplorerKL1\Documents\Outlook Files
2018-03-10 08:15 - 2017-09-18 12:11 - 000003292 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray
2018-03-10 08:10 - 2017-09-18 10:48 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-10 08:02 - 2017-12-14 10:57 - 000000918 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-03-10 08:00 - 2017-12-14 10:57 - 000000914 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-03-10 08:00 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-10 07:59 - 2009-07-14 05:45 - 000020656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-10 07:59 - 2009-07-14 05:45 - 000020656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-09 15:50 - 2018-01-09 15:29 - 000000000 ____D C:\Users\ExplorerKL1\AppData\LocalLow\Mozilla
2018-03-09 15:45 - 2017-09-18 10:47 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-09 15:29 - 2017-11-03 08:48 - 000000000 ____D C:\Users\ExplorerKL1\AppData\Local\CrashDumps
2018-03-09 15:29 - 2017-10-16 11:38 - 000000000 ____D C:\Users\ExplorerKL1\AppData\Roaming\NVIDIA
2018-03-09 15:29 - 2017-09-18 11:21 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-09 15:29 - 2017-09-18 11:21 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-09 15:29 - 2017-09-18 07:34 - 000001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-03-09 15:29 - 2017-09-18 07:34 - 000001147 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-03-09 15:29 - 2009-07-14 06:32 - 000000000 ____D C:\Program Files\Windows Sidebar
2018-03-09 15:29 - 2009-07-14 06:32 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-03-09 15:29 - 2009-07-14 04:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-03-09 15:24 - 2017-12-29 10:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-09 11:11 - 2018-01-30 16:08 - 000000000 ____D C:\Users\ExplorerKL1\Desktop\Blagajna
2018-03-06 08:00 - 2017-09-18 12:10 - 000003660 _____ C:\Windows\System32\Tasks\AviraSystemSpeedupUpdate
2018-03-06 08:00 - 2017-09-18 12:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-03-06 08:00 - 2017-09-18 12:01 - 000000000 ____D C:\ProgramData\Avira
2018-03-06 08:00 - 2017-09-18 12:01 - 000000000 ____D C:\Program Files (x86)\Avira
2018-03-05 08:26 - 2017-12-14 11:02 - 000000000 ___RD C:\Users\ExplorerKL1\Dropbox
2018-03-05 08:26 - 2017-10-16 11:37 - 000000000 ____D C:\Users\ExplorerKL1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike
2018-03-01 15:06 - 2017-09-23 07:05 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-03-01 08:23 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2018-03-01 08:11 - 2017-12-14 10:57 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-02-27 08:12 - 2017-09-18 07:39 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-02-23 08:44 - 2018-01-15 12:54 - 000001306 _____ C:\Users\Public\Desktop\Skype.lnk
2018-02-23 08:44 - 2018-01-15 12:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-02-08 18:08 - 2018-01-15 12:54 - 000000000 ____D C:\Users\ExplorerKL1\AppData\Roaming\Skype

==================== Files in the root of some directories =======

2018-03-09 16:03 - 2018-03-10 07:56 - 000000004 _____ () C:\ProgramData\lock.dat
1623-04-04 12:34 - 1623-04-04 12:34 - 000073216 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\fEdOyyEFqiE.exe
2018-03-09 15:28 - 2018-03-09 15:28 - 000000003 _____ () C:\Users\ExplorerKL1\AppData\Local\wbem.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 04:24] - [2017-09-18 07:29] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-21 04:24] - [2017-09-18 07:29] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-09 12:24

==================== End of FRST.txt ============================

https://www.mycity.rs/must-login.png

• 1Ovo se svidja korisniku: Springfield
  
  Registruj se da bi pohvalio/la poruku!

Deinstaliraj DreamCompress.






Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

() C:\Window\Task.exe
() C:\Window\System.exe
FF Extension: (Quick Searcher) - C:\Users\ExplorerKL1\AppData\Roaming\Mozilla\Firefox\Profiles\ekbkqmrx.default\Extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233 [2018-03-09]
FF SearchPlugin: C:\Users\ExplorerKL1\AppData\Roaming\Mozilla\Firefox\Profiles\ekbkqmrx.default\searchplugins\yahoo-lavasoft.xml [2018-03-09]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\dsengine.js [2018-03-09] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\dsengine.cfg [2018-03-09] <==== ATTENTION
Task: {21836575-1224-44A5-BF08-F2E313E4FF23} - System32\Tasks\passtask => C:\Window\pass.exe [2018-03-09] ()
Task: {388BBA53-0A24-41EA-9EE1-A23D2AD86954} - System32\Tasks\GoogleUpdateSecurityTaskMachine_AA => C:\Users\ExplorerKL1\AppData\Roaming\d7d16848a28d4fe3bdea0fe630fe580d\HandlerExecution.exe [2018-03-09] () <==== ATTENTION
Task: {66E2F186-B48B-4177-8630-44A4003EFF33} - System32\Tasks\GoogleUpdateSecurityTaskMachine_NJ => C:\Users\ExplorerKL1\AppData\Local\Temp\ecb2cbc238f5418db0ffc51d5f122cd8\HandlerExecution.exe [2018-03-09] () <==== ATTENTION
Task: {6C666DDD-706D-4BFD-904A-9DE642A472F2} - \Mwisoft Hotkey -> No File <==== ATTENTION
Task: {6E5C4E66-DB29-43B4-B3B4-2F184E0222FD} - System32\Tasks\GoogleUpdateSecurityTaskMachine_NM => C:\ProgramData\cca7751d26d04021b4252a8eddd9b6ff\HandlerExecution.exe <==== ATTENTION
Task: {75338F20-8463-44C0-AA18-E4DB64C3F328} - System32\Tasks\SystemMicrosof => C:\Window\Task.exe [2018-03-09] ()
Task: {81DB300E-D20F-43B6-8897-47560DBCA1E5} - System32\Tasks\GoogleUpdateSecurityTaskMachine_UA => C:\Users\ExplorerKL1\AppData\Roaming\efcfd423f2f14d8495021cda25a983a5\HandlerExecution.exe <==== ATTENTION
Task: {8359E4D1-1F93-4AE7-8415-30A25841E2EF} - System32\Tasks\SystemMicrosoft => C:\Window\System.exe [2018-03-09] () <==== ATTENTION
Task: {C02FDD32-0F27-4895-8F4F-A69A3851683D} - System32\Tasks\{190A9A6C-0823-4F05-922B-0223A1745E8D} => C:\Users\ExplorerKL1\AppData\Roaming\dEtESVye.exe <==== ATTENTION
Task: {C3E59990-82A1-44E8-BB78-0B36FBBCF095} - System32\Tasks\GoogleUpdateSecurityTaskMachine_VO => C:\Users\ExplorerKL1\AppData\Local\Temp\f3361f9b324141d3943a75ec6ad5bace\HandlerExecution.exe [2018-03-09] () <==== ATTENTION
Task: {EA047E34-31F8-41B0-BED2-82BBC8A0AE16} - System32\Tasks\Opera scheduled Autoupdate 2796787680 => C:\Windows\system32\cmd.exe /c start "" "C:\Users\ExplorerKL1\AppData\Roaming\Microsoft\Windows\feirdwda\gribwbtt.exe"
C:\System64
C:\ProgramData\423b5284-5ec3-1
C:\Window
C:\ProgramData\423b5284-7fc7-0
C:\Users\ExplorerKL1\AppData\Local\FastDataX
C:\ProgramData\dahjService
C:\ProgramData\00fddc1a57e944b8892e044145689415
C:\ProgramData\40beea9d24604c1e865adc5cf2d8a300
C:\ProgramData\addaad60-0f53-1
C:\ProgramData\addaad60-4bf7-0
C:\Users\ExplorerKL1\AppData\Local\Optimizer
C:\Users\ExplorerKL1\AppData\Roaming\d7d16848a28d4fe3bdea0fe630fe580d
C:\Users\ExplorerKL1\AppData\Roaming\OneSystemCare
C:\Users\Public\Documents\XMUpdate
C:\Program Files (x86)\texttotalk
C:\Users\ExplorerKL1\AppData\Roaming\efcfd423f2f14d8495021cda25a983a5
C:\ProgramData\cca7751d26d04021b4252a8eddd9b6ff
C:\Windows\SysWOW64\dmdlseba
C:\ProgramData\CupCheck
C:\ProgramData\DreamCompress
C:\Users\ExplorerKL1\AppData\Roaming\DreamScreen
C:\ProgramData\lock.dat
C:\Program Files (x86)\Common Files\fEdOyyEFqiE.exe
C:\Users\ExplorerKL1\AppData\Local\wbem.ini
C:\Users\ExplorerKL1\AppData\Local\Temp\f3361f9b324141d3943a75ec6ad5bace\HandlerExecution.exe
C:\Users\ExplorerKL1\AppData\Roaming\dEtESVye.exe
C:\Users\ExplorerKL1\AppData\Roaming\Microsoft\Windows\feirdwda


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nisam siguran da li se DreamCompress unistalirao. Isao sam u Control Panel i na unistal on je odmah nestao iz Control Panela a Avira je prijavila kako je u Quarantine...

Fix result of Farbar Recovery Scan Tool (x64) Version: 11.03.2018 01
Ran by ExplorerKL1 (12-03-2018 08:14:12) Run:1
Running from C:\Users\ExplorerKL1\Desktop
Loaded Profiles: ExplorerKL1 (Available Profiles: ExplorerKL1)
Boot Mode: Normal
==============================================

fixlist content:
*****************
() C:\Window\Task.exe
() C:\Window\System.exe
FF Extension: (Quick Searcher) - C:\Users\ExplorerKL1\AppData\Roaming\Mozilla\Firefox\Profiles\ekbkqmrx.default\Extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233 [2018-03-09]
FF SearchPlugin: C:\Users\ExplorerKL1\AppData\Roaming\Mozilla\Firefox\Profiles\ekbkqmrx.default\searchplugins\yahoo-lavasoft.xml [2018-03-09]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\dsengine.js [2018-03-09] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\dsengine.cfg [2018-03-09] <==== ATTENTION
Task: {21836575-1224-44A5-BF08-F2E313E4FF23} - System32\Tasks\passtask => C:\Window\pass.exe [2018-03-09] ()
Task: {388BBA53-0A24-41EA-9EE1-A23D2AD86954} - System32\Tasks\GoogleUpdateSecurityTaskMachine_AA => C:\Users\ExplorerKL1\AppData\Roaming\d7d16848a28d4fe3bdea0fe630fe580d\HandlerExecution.exe [2018-03-09] () <==== ATTENTION
Task: {66E2F186-B48B-4177-8630-44A4003EFF33} - System32\Tasks\GoogleUpdateSecurityTaskMachine_NJ => C:\Users\ExplorerKL1\AppData\Local\Temp\ecb2cbc238f5418db0ffc51d5f122cd8\HandlerExecution.exe [2018-03-09] () <==== ATTENTION
Task: {6C666DDD-706D-4BFD-904A-9DE642A472F2} - \Mwisoft Hotkey -> No File <==== ATTENTION
Task: {6E5C4E66-DB29-43B4-B3B4-2F184E0222FD} - System32\Tasks\GoogleUpdateSecurityTaskMachine_NM => C:\ProgramData\cca7751d26d04021b4252a8eddd9b6ff\HandlerExecution.exe <==== ATTENTION
Task: {75338F20-8463-44C0-AA18-E4DB64C3F328} - System32\Tasks\SystemMicrosof => C:\Window\Task.exe [2018-03-09] ()
Task: {81DB300E-D20F-43B6-8897-47560DBCA1E5} - System32\Tasks\GoogleUpdateSecurityTaskMachine_UA => C:\Users\ExplorerKL1\AppData\Roaming\efcfd423f2f14d8495021cda25a983a5\HandlerExecution.exe <==== ATTENTION
Task: {8359E4D1-1F93-4AE7-8415-30A25841E2EF} - System32\Tasks\SystemMicrosoft => C:\Window\System.exe [2018-03-09] () <==== ATTENTION
Task: {C02FDD32-0F27-4895-8F4F-A69A3851683D} - System32\Tasks\{190A9A6C-0823-4F05-922B-0223A1745E8D} => C:\Users\ExplorerKL1\AppData\Roaming\dEtESVye.exe <==== ATTENTION
Task: {C3E59990-82A1-44E8-BB78-0B36FBBCF095} - System32\Tasks\GoogleUpdateSecurityTaskMachine_VO => C:\Users\ExplorerKL1\AppData\Local\Temp\f3361f9b324141d3943a75ec6ad5bace\HandlerExecution.exe [2018-03-09] () <==== ATTENTION
Task: {EA047E34-31F8-41B0-BED2-82BBC8A0AE16} - System32\Tasks\Opera scheduled Autoupdate 2796787680 => C:\Windows\system32\cmd.exe /c start "" "C:\Users\ExplorerKL1\AppData\Roaming\Microsoft\Windows\feirdwda\gribwbtt.exe"
C:\System64
C:\ProgramData\423b5284-5ec3-1
C:\Window
C:\ProgramData\423b5284-7fc7-0
C:\Users\ExplorerKL1\AppData\Local\FastDataX
C:\ProgramData\dahjService
C:\ProgramData\00fddc1a57e944b8892e044145689415
C:\ProgramData\40beea9d24604c1e865adc5cf2d8a300
C:\ProgramData\addaad60-0f53-1
C:\ProgramData\addaad60-4bf7-0
C:\Users\ExplorerKL1\AppData\Local\Optimizer
C:\Users\ExplorerKL1\AppData\Roaming\d7d16848a28d4fe3bdea0fe630fe580d
C:\Users\ExplorerKL1\AppData\Roaming\OneSystemCare
C:\Users\Public\Documents\XMUpdate
C:\Program Files (x86)\texttotalk
C:\Users\ExplorerKL1\AppData\Roaming\efcfd423f2f14d8495021cda25a983a5
C:\ProgramData\cca7751d26d04021b4252a8eddd9b6ff
C:\Windows\SysWOW64\dmdlseba
C:\ProgramData\CupCheck
C:\ProgramData\DreamCompress
C:\Users\ExplorerKL1\AppData\Roaming\DreamScreen
C:\ProgramData\lock.dat
C:\Program Files (x86)\Common Files\fEdOyyEFqiE.exe
C:\Users\ExplorerKL1\AppData\Local\wbem.ini
C:\Users\ExplorerKL1\AppData\Local\Temp\f3361f9b324141d3943a75ec6ad5bace\HandlerExecution.exe
C:\Users\ExplorerKL1\AppData\Roaming\dEtESVye.exe
C:\Users\ExplorerKL1\AppData\Roaming\Microsoft\Windows\feirdwda
*****************

[2248] C:\Window\Task.exe => process closed successfully.
[2240] C:\Window\System.exe => process closed successfully.
C:\Users\ExplorerKL1\AppData\Roaming\Mozilla\Firefox\Profiles\ekbkqmrx.default\Extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233 => moved successfully
C:\Users\ExplorerKL1\AppData\Roaming\Mozilla\Firefox\Profiles\ekbkqmrx.default\searchplugins\yahoo-lavasoft.xml => moved successfully
C:\Program Files (x86)\mozilla firefox\defaults\pref\dsengine.js => moved successfully
C:\Program Files (x86)\mozilla firefox\dsengine.cfg => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21836575-1224-44A5-BF08-F2E313E4FF23}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21836575-1224-44A5-BF08-F2E313E4FF23}" => removed successfully
C:\Windows\System32\Tasks\passtask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\passtask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{388BBA53-0A24-41EA-9EE1-A23D2AD86954}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{388BBA53-0A24-41EA-9EE1-A23D2AD86954}" => removed successfully
"C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_AA" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_AA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66E2F186-B48B-4177-8630-44A4003EFF33}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66E2F186-B48B-4177-8630-44A4003EFF33}" => removed successfully
"C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_NJ" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_NJ" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{6C666DDD-706D-4BFD-904A-9DE642A472F2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C666DDD-706D-4BFD-904A-9DE642A472F2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mwisoft Hotkey" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E5C4E66-DB29-43B4-B3B4-2F184E0222FD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E5C4E66-DB29-43B4-B3B4-2F184E0222FD}" => removed successfully
"C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_NM" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_NM" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75338F20-8463-44C0-AA18-E4DB64C3F328}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75338F20-8463-44C0-AA18-E4DB64C3F328}" => removed successfully
C:\Windows\System32\Tasks\SystemMicrosof => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemMicrosof" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81DB300E-D20F-43B6-8897-47560DBCA1E5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81DB300E-D20F-43B6-8897-47560DBCA1E5}" => removed successfully
"C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_UA" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_UA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8359E4D1-1F93-4AE7-8415-30A25841E2EF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8359E4D1-1F93-4AE7-8415-30A25841E2EF}" => removed successfully
C:\Windows\System32\Tasks\SystemMicrosoft => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemMicrosoft" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C02FDD32-0F27-4895-8F4F-A69A3851683D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C02FDD32-0F27-4895-8F4F-A69A3851683D}" => removed successfully
C:\Windows\System32\Tasks\{190A9A6C-0823-4F05-922B-0223A1745E8D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{190A9A6C-0823-4F05-922B-0223A1745E8D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3E59990-82A1-44E8-BB78-0B36FBBCF095}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3E59990-82A1-44E8-BB78-0B36FBBCF095}" => removed successfully
"C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_VO" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_VO" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA047E34-31F8-41B0-BED2-82BBC8A0AE16}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA047E34-31F8-41B0-BED2-82BBC8A0AE16}" => removed successfully
C:\Windows\System32\Tasks\Opera scheduled Autoupdate 2796787680 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 2796787680" => removed successfully
C:\System64 => moved successfully
C:\ProgramData\423b5284-5ec3-1 => moved successfully
C:\Window => moved successfully
C:\ProgramData\423b5284-7fc7-0 => moved successfully
C:\Users\ExplorerKL1\AppData\Local\FastDataX => moved successfully
C:\ProgramData\dahjService => moved successfully
"C:\ProgramData\00fddc1a57e944b8892e044145689415" => not found
C:\ProgramData\40beea9d24604c1e865adc5cf2d8a300 => moved successfully
C:\ProgramData\addaad60-0f53-1 => moved successfully
C:\ProgramData\addaad60-4bf7-0 => moved successfully
C:\Users\ExplorerKL1\AppData\Local\Optimizer => moved successfully
"C:\Users\ExplorerKL1\AppData\Roaming\d7d16848a28d4fe3bdea0fe630fe580d" => not found
C:\Users\ExplorerKL1\AppData\Roaming\OneSystemCare => moved successfully
C:\Users\Public\Documents\XMUpdate => moved successfully
C:\Program Files (x86)\texttotalk => moved successfully
C:\Users\ExplorerKL1\AppData\Roaming\efcfd423f2f14d8495021cda25a983a5 => moved successfully
C:\ProgramData\cca7751d26d04021b4252a8eddd9b6ff => moved successfully
C:\Windows\SysWOW64\dmdlseba => moved successfully
C:\ProgramData\CupCheck => moved successfully
C:\ProgramData\DreamCompress => moved successfully
C:\Users\ExplorerKL1\AppData\Roaming\DreamScreen => moved successfully
C:\ProgramData\lock.dat => moved successfully
C:\Program Files (x86)\Common Files\fEdOyyEFqiE.exe => moved successfully
C:\Users\ExplorerKL1\AppData\Local\wbem.ini => moved successfully
"C:\Users\ExplorerKL1\AppData\Local\Temp\f3361f9b324141d3943a75ec6ad5bace\HandlerExecution.exe" => not found
"C:\Users\ExplorerKL1\AppData\Roaming\dEtESVye.exe" => not found
C:\Users\ExplorerKL1\AppData\Roaming\Microsoft\Windows\feirdwda => moved successfully

==== End of Fixlog 08:14:19 ====

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Potrebno je da spakuješ folder C:\FRST\Quarantine u arhivu i pošalješ nam ga.

Uđi u folder C:\FRST
Desnim tasterom miša klini na folder Quarantine i izaberi opciju Add to archive... kao na slici



Kao Archive format izaberi RAR5 ili RAR
Za Compression method odaberi Best
U polje Split to volumes, bytes unesi 5000000 (slovima: pet miliona)
Na desnoj strani označi opciju Create Solid Archive (pogledaj sliku dole)



Klikni na OK
Kada WinRAR završi sa kompresovanjem, dobijene fajlove uploaduj (jedan po jedan) na:
https://www.mycity.rs/ambulanta-upload.php

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Dobio sam ovo upozorenje i isao sam na Close. Medjutim dobio sma i 3 zapakovana fajla koja sma uspjesno uploadovao. Quarantine 1 2 i 3

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish

Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.

• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.

Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.

Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.


• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sad stanje sistema?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pa sada na izgled, djeluje sve ok. Ne pojavljuju mi se reklame i radi normalno. Ako u međuvremenu bude nešto čudno javit ću.

• 1Ovo se svidja korisniku: Springfield
  
  Registruj se da bi pohvalio/la poruku!

• Sledeća procedura će implementirati završno čišćenje.

Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.