MyCity » Ambulanta -> Arhiva Ambulante » Problem CryptoLocker RANSOMWARE

Problem CryptoLocker RANSOMWARE

Napisano na dan: 26.8.2016

Problem CryptoLocker RANSOMWARE

Sledeća strana

Pagination

Odgovori

tradex Poslao: 26 Avg 2016 16:56 Idi na vrh
offline tradex Novi MyCity građanin Pridružio: 26 Avg 2016 Poruke: 3	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Imao sam problem sa CryptoLockerom, na srecu i backup. Samo zelim da potvrdim da je uklonjen sa "osumnjicenog" racunara. Potrebna pomoc ! mycity.rs/must-login.png mycity.rs/must-login.png Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-08-2016 01 Ran by Kaca (administrator) on KACA-PC (26-08-2016 17:48:30) Running from C:\Users\Kaca\Desktop Loaded Profiles: Kaca & UpdatusUser (Available Profiles: Kaca & UpdatusUser) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe (Gemalto) C:\Program Files\Gemalto\Classic Client\BIN\GslShmSrvc.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Gemplus) C:\Program Files\Gemalto\Classic Client\BIN\GCardSrvNT.exe (Gemplus) C:\Program Files\Gemalto\Classic Client\BIN\GCardSrv.exe (A.E.T. Europe B.V.) C:\Windows\System32\aetcrss1.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation) C:\Program Files\Java\jre1.8.0_73\bin\javaw.exe () C:\Program Files\BancaIntesaTokenManager\BancaIntesaUser32.exe () C:\Program Files\BancaIntesaTokenManager\IntesaCertificateRemoval.exe (NetSeT Global Solutions d.o.o.) C:\Program Files\NetSeT\TrustEdgeID PKS\TokenUtil.exe (Dropbox, Inc.) C:\Users\Kaca\AppData\Roaming\Dropbox\bin\Dropbox.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Ransomware Tool for Business 1.1\anti_ransom.exe (AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Ransomware Tool for Business 1.1\anti_ransom_gui.exe (Google Inc.) C:\Users\Kaca\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Kaca\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Kaca\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Kaca\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Kaca\AppData\Local\Google\Chrome\Application\chrome.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat Reader DC\Reader\reader_sl.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [CertificateRegistration] => C:\Windows\system32\aetcrss1.exe [151552 2011-11-10] (A.E.T. Europe B.V.) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1795872 2014-08-19] (NVIDIA Corporation) HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" HKLM\...\Run: [SecurityTray] => C:\Program Files\SecurityTray\SecurityTray.exe [204976 2016-01-26] () HKLM Group Policy restriction on software: .divx.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\.zip\.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\.zip\.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz\.scr <====== ATTENTION HKLM Group Policy restriction on software: .rtf.com <====== ATTENTION HKLM Group Policy restriction on software: .rar.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.com <====== ATTENTION HKLM Group Policy restriction on software: .pptx.cmd <====== ATTENTION HKLM Group Policy restriction on software: .png.bat <====== ATTENTION HKLM Group Policy restriction on software: .wav.scr <====== ATTENTION HKLM Group Policy restriction on software: .wmv.js <====== ATTENTION HKLM Group Policy restriction on software: .jpg.cmd <====== ATTENTION HKLM Group Policy restriction on software: .zip.scr <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\.scr <====== ATTENTION HKLM Group Policy restriction on software: .docx.pif <====== ATTENTION HKLM Group Policy restriction on software: .jpg.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz\.bat <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\\.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.jse <====== ATTENTION HKLM Group Policy restriction on software: .jpeg.scr <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\\.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.com <====== ATTENTION HKLM Group Policy restriction on software: .avi.jse <====== ATTENTION HKLM Group Policy restriction on software: .mp4.bat <====== ATTENTION HKLM Group Policy restriction on software: .png.pif <====== ATTENTION HKLM Group Policy restriction on software: .mp3.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.com <====== ATTENTION HKLM Group Policy restriction on software: .ppt.scr <====== ATTENTION HKLM Group Policy restriction on software: .xls.jse <====== ATTENTION HKLM Group Policy restriction on software: .pub.scr <====== ATTENTION HKLM Group Policy restriction on software: .pub.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.cmd <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\\.bat <====== ATTENTION HKLM Group Policy restriction on software: %programfiles%\\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar\.bat <====== ATTENTION HKLM Group Policy restriction on software: .bmp.cmd <====== ATTENTION HKLM Group Policy restriction on software: .ppt.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.com <====== ATTENTION HKLM Group Policy restriction on software: .xlsx.com <====== ATTENTION HKLM Group Policy restriction on software: .mp4.jse <====== ATTENTION HKLM Group Policy restriction on software: .7z.exe <====== ATTENTION HKLM Group Policy restriction on software: .avi.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.bat <====== ATTENTION HKLM Group Policy restriction on software: .rar.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.bat <====== ATTENTION HKLM Group Policy restriction on software: .xls.exe <====== ATTENTION HKLM Group Policy restriction on software: .avi.bat <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.cmd <====== ATTENTION HKLM Group Policy restriction on software: .txt.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.com <====== ATTENTION HKLM Group Policy restriction on software: .jpeg.cmd <====== ATTENTION HKLM Group Policy restriction on software: .mp3.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.bat <====== ATTENTION HKLM Group Policy restriction on software: .png.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar\.pif <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z\.pif <====== ATTENTION HKLM Group Policy restriction on software: .gif.js <====== ATTENTION HKLM Group Policy restriction on software: .wmv.bat <====== ATTENTION HKLM Group Policy restriction on software: bcdedit.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.bat <====== ATTENTION HKLM Group Policy restriction on software: .7z.scr <====== ATTENTION HKLM Group Policy restriction on software: .rar.com <====== ATTENTION HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION HKLM Group Policy restriction on software: .bmp.js <====== ATTENTION HKLM Group Policy restriction on software: .xls.com <====== ATTENTION HKLM Group Policy restriction on software: .doc.com <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.js <====== ATTENTION HKLM Group Policy restriction on software: .zip.pif <====== ATTENTION HKLM Group Policy restriction on software: .pub.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.cmd <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.bat <====== ATTENTION HKLM Group Policy restriction on software: .rar.cmd <====== ATTENTION HKLM Group Policy restriction on software: .rtf.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.bat <====== ATTENTION HKLM Group Policy restriction on software: .jpeg.com <====== ATTENTION HKLM Group Policy restriction on software: .xls.bat <====== ATTENTION HKLM Group Policy restriction on software: .mp3.scr <====== ATTENTION HKLM Group Policy restriction on software: .doc.jse <====== ATTENTION HKLM Group Policy restriction on software: .xlsx.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\.com <====== ATTENTION HKLM Group Policy restriction on software: .pdf.jse <====== ATTENTION HKLM Group Policy restriction on software: .pub.exe <====== ATTENTION HKLM Group Policy restriction on software: .wmv.pif <====== ATTENTION HKLM Group Policy restriction on software: .doc.js <====== ATTENTION HKLM Group Policy restriction on software: .txt.jse <====== ATTENTION HKLM Group Policy restriction on software: .jpeg.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.cmd <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\.bat <====== ATTENTION HKLM Group Policy restriction on software: .7z.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\.zip\.js <====== ATTENTION HKLM Group Policy restriction on software: .xlsx.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\\.com <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\.scr <====== ATTENTION HKLM Group Policy restriction on software: .jpg.scr <====== ATTENTION HKLM Group Policy restriction on software: .ppt.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz\.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\.com <====== ATTENTION HKLM Group Policy restriction on software: .divx.bat <====== ATTENTION HKLM Group Policy restriction on software: .wmv.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.pif <====== ATTENTION HKLM Group Policy restriction on software: .docx.scr <====== ATTENTION HKLM Group Policy restriction on software: .xls.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z\.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.cmd <====== ATTENTION HKLM Group Policy restriction on software: .divx.scr <====== ATTENTION HKLM Group Policy restriction on software: .zip.bat <====== ATTENTION HKLM Group Policy restriction on software: .wma.js <====== ATTENTION HKLM Group Policy restriction on software: .wav.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz\.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z\.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.js <====== ATTENTION HKLM Group Policy restriction on software: .zip.js <====== ATTENTION HKLM Group Policy restriction on software: .gif.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz\.com <====== ATTENTION HKLM Group Policy restriction on software: .avi.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.exe <====== ATTENTION HKLM Group Policy restriction on software: .wav.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\.exe <====== ATTENTION HKLM Group Policy restriction on software: .jpeg.bat <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.cmd <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.scr <====== ATTENTION HKLM Group Policy restriction on software: .bmp.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z\.js <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.cmd <====== ATTENTION HKLM Group Policy restriction on software: .zip.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz\.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\.zip\.cmd <====== ATTENTION HKLM Group Policy restriction on software: .wma.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.scr <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\.pif <====== ATTENTION HKLM Group Policy restriction on software: .gif.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.com <====== ATTENTION HKLM Group Policy restriction on software: .docx.js <====== ATTENTION HKLM Group Policy restriction on software: .mp4.js <====== ATTENTION HKLM Group Policy restriction on software: .pub.cmd <====== ATTENTION HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION HKLM Group Policy restriction on software: .ppt.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.js <====== ATTENTION HKLM Group Policy restriction on software: .avi.exe <====== ATTENTION HKLM Group Policy restriction on software: .7z.pif <====== ATTENTION HKLM Group Policy restriction on software: .gif.exe <====== ATTENTION HKLM Group Policy restriction on software: .doc.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\.bat <====== ATTENTION HKLM Group Policy restriction on software: .pub.bat <====== ATTENTION HKLM Group Policy restriction on software: .wmv.com <====== ATTENTION HKLM Group Policy restriction on software: ** <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.scr <====== ATTENTION HKLM Group Policy restriction on software: .bmp.jse <====== ATTENTION HKLM Group Policy restriction on software: .rtf.pif <====== ATTENTION HKLM Group Policy restriction on software: .png.jse <====== ATTENTION HKLM Group Policy restriction on software: .rtf.bat <====== ATTENTION HKLM Group Policy restriction on software: .bmp.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.com <====== ATTENTION HKLM Group Policy restriction on software: .txt.com <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\\.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.js <====== ATTENTION HKLM Group Policy restriction on software: .wav.bat <====== ATTENTION HKLM Group Policy restriction on software: .gif.cmd <====== ATTENTION HKLM Group Policy restriction on software: .wav.cmd <====== ATTENTION HKLM Group Policy restriction on software: .rar.scr <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.pif <====== ATTENTION HKLM Group Policy restriction on software: .wma.cmd <====== ATTENTION HKLM Group Policy restriction on software: .rtf.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.jse <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\.jse <====== ATTENTION HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION HKLM Group Policy restriction on software: .pdf.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\.zip\.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\\.scr <====== ATTENTION HKLM Group Policy restriction on software: .mp3.cmd <====== ATTENTION HKLM Group Policy restriction on software: .jpeg.exe <====== ATTENTION HKLM Group Policy restriction on software: :\$Recycle.Bin <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.jse <====== ATTENTION HKLM Group Policy restriction on software: .png.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.exe <====== ATTENTION HKLM Group Policy restriction on software: .zip.cmd <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\.exe <====== ATTENTION HKLM Group Policy restriction on software: .jpg.bat <====== ATTENTION HKLM Group Policy restriction on software: .7z.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\\.jse <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar\.jse <====== ATTENTION HKLM Group Policy restriction on software: .mp4.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\\.js <====== ATTENTION HKLM Group Policy restriction on software: .mp3.pif <====== ATTENTION HKLM Group Policy restriction on software: .7z.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar\.cmd <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\.jse <====== ATTENTION HKLM Group Policy restriction on software: .wma.scr <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.jse <====== ATTENTION HKLM Group Policy restriction on software: .pdf.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.pif <====== ATTENTION HKLM Group Policy restriction on software: .wav.pif <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\.js <====== ATTENTION HKLM Group Policy restriction on software: .xlsx.bat <====== ATTENTION HKLM Group Policy restriction on software: .ppt.js <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\.js <====== ATTENTION HKLM Group Policy restriction on software: .png.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.pif <====== ATTENTION HKLM Group Policy restriction on software: .gif.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.jse <====== ATTENTION HKLM Group Policy restriction on software: .ppt.jse <====== ATTENTION HKLM Group Policy restriction on software: .doc.cmd <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\.scr <====== ATTENTION HKLM Group Policy restriction on software: .rar.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.scr <====== ATTENTION HKLM Group Policy restriction on software: .wav.jse <====== ATTENTION HKLM Group Policy restriction on software: .docx.exe <====== ATTENTION HKLM Group Policy restriction on software: .png.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.com <====== ATTENTION HKLM Group Policy restriction on software: .7z.cmd <====== ATTENTION HKLM Group Policy restriction on software: .xlsx.exe <====== ATTENTION HKLM Group Policy restriction on software: .rar.pif <====== ATTENTION HKLM Group Policy restriction on software: .rar.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar\.js <====== ATTENTION HKLM Group Policy restriction on software: .txt.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\.bat <====== ATTENTION HKLM Group Policy restriction on software: .pdf.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.scr <====== ATTENTION HKLM Group Policy restriction on software: .divx.pif <====== ATTENTION HKLM Group Policy restriction on software: .txt.pif <====== ATTENTION HKLM Group Policy restriction on software: .bmp.com <====== ATTENTION HKLM Group Policy restriction on software: .wmv.jse <====== ATTENTION HKLM Group Policy restriction on software: .wav.exe <====== ATTENTION HKLM Group Policy restriction on software: .bmp.bat <====== ATTENTION HKLM Group Policy restriction on software: .doc.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.jse <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.bat <====== ATTENTION HKLM Group Policy restriction on software: .docx.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\.scr <====== ATTENTION HKLM Group Policy restriction on software: .mp3.bat <====== ATTENTION HKLM Group Policy restriction on software: .divx.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz\.cmd <====== ATTENTION HKLM Group Policy restriction on software: .avi.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\.zip\.bat <====== ATTENTION HKLM Group Policy restriction on software: .avi.cmd <====== ATTENTION HKLM Group Policy restriction on software: .doc.bat <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\.bat <====== ATTENTION HKLM Group Policy restriction on software: %systemdrive%\\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: .pdf.com <====== ATTENTION HKLM Group Policy restriction on software: .zip.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar\.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.bat <====== ATTENTION HKLM Group Policy restriction on software: .mp4.exe <====== ATTENTION HKLM Group Policy restriction on software: .mp4.pif <====== ATTENTION HKLM Group Policy restriction on software: .xls.pif <====== ATTENTION HKLM Group Policy restriction on software: .ppt.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\.cmd <====== ATTENTION HKLM Group Policy restriction on software: .xls.js <====== ATTENTION HKLM Group Policy restriction on software: .txt.exe <====== ATTENTION HKLM Group Policy restriction on software: .wma.exe <====== ATTENTION HKLM Group Policy restriction on software: .docx.cmd <====== ATTENTION HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION HKLM Group Policy restriction on software: .docx.bat <====== ATTENTION HKLM Group Policy restriction on software: .pub.jse <====== ATTENTION HKLM Group Policy restriction on software: .doc.pif <====== ATTENTION HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION HKLM Group Policy restriction on software: .jpg.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.com <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\.cmd <====== ATTENTION HKLM Group Policy restriction on software: .pptx.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz\.js <====== ATTENTION HKLM Group Policy restriction on software: .pptx.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.scr <====== ATTENTION HKLM Group Policy restriction on software: .wmv.cmd <====== ATTENTION HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\.zip\.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.js <====== ATTENTION HKLM Group Policy restriction on software: .rtf.jse <====== ATTENTION HKLM Group Policy restriction on software: .txt.cmd <====== ATTENTION HKLM Group Policy restriction on software: .jpeg.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.cmd <====== ATTENTION HKLM Group Policy restriction on software: .wma.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z\.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.com <====== ATTENTION HKLM Group Policy restriction on software: .pdf.pif <====== ATTENTION HKLM Group Policy restriction on software: .xlsx.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.cmd <====== ATTENTION HKLM Group Policy restriction on software: .pptx.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.js <====== ATTENTION HKLM Group Policy restriction on software: .7z.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.js <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.scr <====== ATTENTION HKLM Group Policy restriction on software: .pptx.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.pif <====== ATTENTION HKLM Group Policy restriction on software: .divx.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.exe <====== ATTENTION HKLM Group Policy restriction on software: .pub.com <====== ATTENTION HKLM Group Policy restriction on software: .jpg.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.js <====== ATTENTION HKLM Group Policy restriction on software: .gif.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.exe <====== ATTENTION HKLM Group Policy restriction on software: .pptx.pif <====== ATTENTION HKLM Group Policy restriction on software: .avi.scr <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.scr <====== ATTENTION HKLM Group Policy restriction on software: .rtf.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\.cmd <====== ATTENTION HKLM Group Policy restriction on software: .pptx.js <====== ATTENTION HKLM Group Policy restriction on software: .jpg.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar\.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.exe <====== ATTENTION HKLM Group Policy restriction on software: .wmv.scr <====== ATTENTION HKLM Group Policy restriction on software: .xls.cmd <====== ATTENTION HKLM Group Policy restriction on software: .mp3.com <====== ATTENTION HKLM Group Policy restriction on software: .ppt.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.cmd <====== ATTENTION HKLM Group Policy restriction on software: .xlsx.scr <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.cmd <====== ATTENTION HKLM Group Policy restriction on software: .wma.jse <====== ATTENTION HKLM Group Policy restriction on software: .mp4.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z\.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z\.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\.zip\.com <====== ATTENTION HKLM Group Policy restriction on software: .wma.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.pif <====== ATTENTION HKLM Group Policy restriction on software: .zip.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\.js <====== ATTENTION HKLM Group Policy restriction on software: .bmp.exe <====== ATTENTION HKLM Group Policy restriction on software: .mp4.cmd <====== ATTENTION HKLM Group Policy restriction on software: .xlsx.js <====== ATTENTION HKLM Group Policy restriction on software: .txt.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.js <====== ATTENTION HKLM Group Policy restriction on software: .docx.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.pif <====== ATTENTION HKLM Group Policy restriction on software: .divx.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z\.scr <====== ATTENTION HKLM Group Policy restriction on software: .jpg.com <====== ATTENTION HKLM Group Policy restriction on software: .jpeg.pif <====== ATTENTION HKLM Group Policy restriction on software: .pptx.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar\.exe <====== ATTENTION HKLM Group Policy restriction on software: .rtf.scr <====== ATTENTION HKLM Group Policy restriction on software: .mp3.exe <====== ATTENTION HKLM Group Policy restriction on software: .pdf.scr <====== ATTENTION HKLM Group Policy restriction on software: .png.scr <====== ATTENTION HKLM Group Policy restriction on software: .pdf.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.bat <====== ATTENTION HKLM Group Policy restriction on software: .divx.exe <====== ATTENTION HKLM Group Policy restriction on software: .gif.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\.jse <====== ATTENTION HKU\S-1-5-21-1297279793-3049069924-718101289-1000\...\Run: [Dropbox Update] => C:\Users\Kaca\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.) HKU\S-1-5-21-1297279793-3049069924-718101289-1000\...\Run: [Google Update] => C:\Users\Kaca\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.) HKU\S-1-5-21-1297279793-3049069924-718101289-1000\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart HKU\S-1-5-21-1297279793-3049069924-718101289-1001\...\Run: [Google Update] => C:\Users\Kaca\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kaca\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kaca\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kaca\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kaca\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kaca\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kaca\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kaca\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kaca\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kaca\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kaca\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BancaIntesaUser32.lnk [2014-04-29] ShortcutTarget: BancaIntesaUser32.lnk -> C:\Windows\Installer\{AB62895B-7626-4F60-BB0D-6BA34064192A}\_D0349562EC7AC44E86A810.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IntesaCertificateRemoval.lnk [2014-04-29] ShortcutTarget: IntesaCertificateRemoval.lnk -> C:\Windows\Installer\{AB62895B-7626-4F60-BB0D-6BA34064192A}\_AD47E27423CD7A61D4A06D.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Token Manager.lnk [2016-03-12] ShortcutTarget: Token Manager.lnk -> C:\Program Files\NetSeT\TrustEdgeID PKS\TokenUtil.exe (NetSeT Global Solutions d.o.o.) Startup: C:\Users\Kaca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\arh.bat [2016-08-23] () Startup: C:\Users\Kaca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-08-25] ShortcutTarget: Dropbox.lnk -> C:\Users\Kaca\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) GroupPolicyScripts: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{DA9D0424-3851-4B68-87F0-6D010874C67F}: [NameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 HKU\S-1-5-21-1297279793-3049069924-718101289-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP HKU\S-1-5-21-1297279793-3049069924-718101289-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?pc=UE07&ocid=UE07DHP HKU\S-1-5-21-1297279793-3049069924-718101289-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/?LinkId=69157 BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-03-07] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-07-05] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-07] (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Kaca\AppData\Roaming\Mozilla\Firefox\Profiles\9p1vrw4p.default FF SearchEngineOrder.1: Ask.com FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/?o=APN10640A&gct=hp&d=473-102&v=a12627-191&t=4 FF Keyword.URL: hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] () FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-07] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-07] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-18] (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1297279793-3049069924-718101289-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Kaca\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin HKU\S-1-5-21-1297279793-3049069924-718101289-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Kaca\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF user.js: detected! => C:\Users\Kaca\AppData\Roaming\Mozilla\Firefox\Profiles\9p1vrw4p.default\user.js [2013-11-09] FF Extension: (Bing Search) - C:\Users\Kaca\AppData\Roaming\Mozilla\Firefox\Profiles\9p1vrw4p.default\Extensions\bingsearch.full@microsoft.com [2015-08-13] [not signed] Chrome: ======= CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-102&v=n10249-191&t=4 CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Kaca\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google документи) - C:\Users\Kaca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05] CHR Extension: (Google диск) - C:\Users\Kaca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Kaca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google Search) - C:\Users\Kaca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28] CHR Extension: (Full Screen Weather) - C:\Users\Kaca\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-05-13] CHR Extension: (Google документи офлајн) - C:\Users\Kaca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (Cycling the Alps) - C:\Users\Kaca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihklobncbkangkiiamccfgnlihbmjhlh [2014-05-21] CHR Extension: (Calculator) - C:\Users\Kaca\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdkgihpbaofhkiliohfepioflkkbapao [2015-03-17] CHR Extension: (Simple Calc) - C:\Users\Kaca\AppData\Local\Google\Chrome\User Data\Default\Extensions\lielcaaanjpaflmhpeiljoinemmfnajc [2014-04-23] CHR Extension: (Numerics Calculator & Converter) - C:\Users\Kaca\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2014-04-23] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Kaca\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-24] CHR Extension: (Google мапе) - C:\Users\Kaca\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-19] CHR Extension: (Melanto Calculator) - C:\Users\Kaca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nioffklpggjkmgpndbfklpnclpohpjid [2014-04-23] CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Kaca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04] CHR Extension: (Elegant Calculator) - C:\Users\Kaca\AppData\Local\Google\Chrome\User Data\Default\Extensions\oimhajmcdpnegdjkhihjfjciigahabcn [2014-04-23] CHR Extension: (Gmail) - C:\Users\Kaca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31] CHR Extension: (Chrome Media Router) - C:\Users\Kaca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-20] CHR HKLM\...\Chrome\Extension: [lbidgdoiglndbjlcnnifemecdhnpeabo] - C:\Users\Kaca\AppData\Roaming\okitSpace\Chrome\OKitSpace.crx <not found> CHR HKU\S-1-5-21-1297279793-3049069924-718101289-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx StartMenuInternet: Google Chrome.EQXGBK2D3IYWMU7S5QX5EVG63Y - C:\Users\Kaca\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiRansom; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Ransomware Tool for Business 1.1\anti_ransom.exe [693720 2016-07-19] (AO Kaspersky Lab) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [2128624 2016-07-05] (Microsoft Corporation) R2 GemSAFE Card Server; C:\Program Files\Gemalto\Classic Client\BIN\GCardSrvNT.exe [118784 2008-04-14] (Gemplus) [File not signed] R2 GslShmSrvc ; C:\Program Files\Gemalto\Classic Client\BIN\GslShmSrvc.exe [57344 2007-10-19] (Gemalto) [File not signed] R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 758D8C6A; C:\Windows\System32\drivers\758D8C6A.sys [153784 2016-08-22] (Kaspersky Lab ZAO) R3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [99968 2014-11-10] (Gemalto) S3 GEMPC430; C:\Windows\System32\Drivers\gemusb.sys [53568 2001-12-04] (Gemplus) R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [40936 2013-01-19] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [165296 2016-06-02] (AO Kaspersky Lab) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [149840 2016-06-26] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [111440 2016-06-28] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [799112 2016-06-26] (AO Kaspersky Lab) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41392 2016-05-31] (AO Kaspersky Lab) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [108888 2016-06-02] (AO Kaspersky Lab) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation) S4 PsBoot; C:\Windows\System32\Drivers\PsBoot.sys [36896 2014-03-11] (Panda Security, S.L.) R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-26 17:48 - 2016-08-26 17:48 - 01746432 _____ (Farbar) C:\Users\Kaca\Desktop\FRST.exe 2016-08-26 17:48 - 2016-08-26 17:48 - 00049476 _____ C:\Users\Kaca\Desktop\FRST.txt 2016-08-26 17:48 - 2016-08-26 17:48 - 00000000 ____D C:\FRST 2016-08-26 17:41 - 2016-08-26 17:41 - 00002405 _____ C:\Users\Public\Desktop\Kaspersky Anti-Ransomware Tool for Business.lnk 2016-08-26 17:41 - 2016-08-26 17:41 - 00000000 ____D C:\Windows\system32\%PersonalRootCertificateFolder% 2016-08-26 17:41 - 2016-08-26 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Ransomware Tool for Business 2016-08-26 17:41 - 2016-08-26 17:41 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2016-08-26 17:41 - 2016-08-26 17:41 - 00000000 ____D C:\Program Files\Kaspersky Lab 2016-08-26 17:40 - 2016-06-28 12:28 - 00111440 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2016-08-26 17:40 - 2016-06-26 15:10 - 00799112 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2016-08-26 17:40 - 2016-06-26 15:10 - 00149840 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys 2016-08-26 17:37 - 2016-08-26 17:37 - 00001170 _____ C:\Users\Public\Desktop\CryptoPrevent.lnk 2016-08-26 17:37 - 2016-08-26 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT 2016-08-26 17:37 - 2016-08-26 17:37 - 00000000 ____D C:\Program Files\Foolish IT 2016-08-26 12:29 - 2016-08-26 12:29 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-08-26 12:28 - 2016-08-26 12:28 - 22851472 _____ (Malwarebytes ) C:\Users\Kaca\Desktop\mbam-setup-2.2.1.1043.exe 2016-08-25 08:04 - 2016-08-25 08:04 - 00000000 ____D C:\Users\Kaca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-08-22 15:39 - 2016-08-22 15:39 - 00153784 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\758D8C6A.sys 2016-08-17 12:38 - 2016-08-17 12:38 - 02106400 _____ (Kaspersky Lab) C:\Users\Kaca\Desktop\kis16.0.1.445abcsr-latn_sr-cyrl_10687.exe 2016-08-17 12:11 - 2016-08-26 17:37 - 00000000 ____D C:\ProgramData\Foolish IT 2016-08-17 12:11 - 2016-08-17 12:11 - 00053248 _____ C:\Windows\system32\zlib.dll 2016-08-17 11:58 - 2016-08-17 11:58 - 02619784 _____ (Foolish IT LLC ) C:\Users\Kaca\Desktop\CryptoPreventSetup.exe 2016-08-17 11:57 - 2016-08-17 11:58 - 165237184 _____ (Kaspersky Lab) C:\Users\Kaca\Desktop\kts16.0.1.445en-gb_full.exe 2016-08-17 11:31 - 2016-08-23 14:00 - 00000000 ____D C:\KVRT_Data 2016-08-17 11:30 - 2016-08-17 11:31 - 102929240 _____ (Kaspersky Lab ZAO) C:\Users\Kaca\Desktop\KVRT.exe 2016-08-17 09:06 - 2016-08-17 09:06 - 00021317 _____ C:\Users\Kaca\Desktop\TRADEX JUL.XML 2016-08-17 08:10 - 2016-07-08 17:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-08-10 08:42 - 2016-08-02 16:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-08-10 08:42 - 2016-08-02 08:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-08-10 08:42 - 2016-08-02 08:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-08-10 08:42 - 2016-08-02 07:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-08-10 08:42 - 2016-08-02 07:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-08-10 08:42 - 2016-08-02 07:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-08-10 08:42 - 2016-08-02 07:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-08-10 08:42 - 2016-08-02 07:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-08-10 08:42 - 2016-08-02 07:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-08-10 08:42 - 2016-08-02 07:41 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-08-10 08:42 - 2016-08-02 07:36 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-08-10 08:42 - 2016-08-02 07:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-08-10 08:42 - 2016-08-02 07:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-08-10 08:42 - 2016-08-02 07:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-08-10 08:42 - 2016-08-02 07:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-08-10 08:42 - 2016-08-02 07:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-08-10 08:42 - 2016-08-02 07:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-08-10 08:42 - 2016-08-02 07:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-08-10 08:42 - 2016-08-02 07:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-08-10 08:42 - 2016-08-02 07:14 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-08-10 08:42 - 2016-08-02 06:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-08-10 08:42 - 2016-08-02 06:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-08-10 08:42 - 2016-08-02 06:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-08-10 08:42 - 2016-07-08 17:22 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-08-10 08:42 - 2016-07-08 17:22 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-08-10 08:42 - 2016-07-08 17:16 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-08-10 08:42 - 2016-07-08 17:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-08-10 08:42 - 2016-07-08 17:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-08-10 08:42 - 2016-07-08 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-08-10 08:42 - 2016-07-08 17:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-08-10 08:42 - 2016-07-08 17:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-08-10 08:42 - 2016-07-08 17:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-08-10 08:42 - 2016-07-08 17:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-08-10 08:42 - 2016-07-08 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-08-10 08:42 - 2016-07-08 17:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-08-10 08:42 - 2016-07-08 17:16 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-08-10 08:42 - 2016-07-08 17:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-08-10 08:42 - 2016-07-08 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-08-10 08:42 - 2016-07-08 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-08-10 08:42 - 2016-07-08 17:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-08-10 08:42 - 2016-07-08 16:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-08-10 08:42 - 2016-07-08 16:53 - 02399232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-08-10 08:42 - 2016-07-08 16:51 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-08-10 08:42 - 2016-07-08 16:51 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-08-10 08:42 - 2016-07-08 16:51 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-08-10 08:42 - 2016-07-08 16:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-08-10 08:42 - 2016-07-08 16:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-08-10 08:42 - 2016-07-08 16:50 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-08-10 08:41 - 2016-08-02 07:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-08-10 08:41 - 2016-08-02 07:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-08-10 08:41 - 2016-08-02 07:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-08-10 08:41 - 2016-08-02 07:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-08-10 08:41 - 2016-08-02 07:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-08-10 08:41 - 2016-08-02 07:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-08-10 08:41 - 2016-08-02 07:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-08-10 08:41 - 2016-08-02 07:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-08-10 08:41 - 2016-08-02 07:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-08-10 08:41 - 2016-08-02 07:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-08-10 08:41 - 2016-08-02 07:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-08-10 08:41 - 2016-08-02 07:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-08-02 09:09 - 2016-08-02 09:06 - 00006600 _____ C:\STOP07K.XML 2016-08-02 08:50 - 2016-08-02 08:50 - 00055498 _____ C:\Users\Kaca\Downloads\paymentDataReport(2).pdf 2016-08-02 08:48 - 2016-08-02 08:48 - 00002394 _____ C:\BAC07K.XML 2016-07-28 14:00 - 2016-07-28 14:00 - 00000000 ____D C:\Windows\EOONotify ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-26 17:45 - 2015-04-23 10:14 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-08-26 17:42 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf 2016-08-26 17:41 - 2013-11-09 12:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-08-26 17:40 - 2010-11-20 23:01 - 00794338 _____ C:\Windows\system32\PerfStringBackup.INI 2016-08-26 17:38 - 2013-11-09 12:57 - 00000000 ___RD C:\Users\Kaca\Dropbox 2016-08-26 17:37 - 2016-03-12 10:04 - 00000000 ____D C:\Users\Kaca\SecurityTrayLog 2016-08-26 17:36 - 2015-04-23 10:14 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-08-26 17:36 - 2013-11-09 11:58 - 00000000 ____D C:\ProgramData\NVIDIA 2016-08-26 17:36 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-08-26 17:35 - 2009-07-14 06:34 - 00025936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-08-26 17:35 - 2009-07-14 06:34 - 00025936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-08-26 17:28 - 2015-03-12 13:21 - 00469146 _____ C:\Windows\ntbtlog.txt 2016-08-26 16:11 - 2013-11-09 13:30 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1297279793-3049069924-718101289-1000UA.job 2016-08-26 15:59 - 2015-06-17 08:45 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1297279793-3049069924-718101289-1000UA.job 2016-08-26 14:41 - 2015-10-01 10:17 - 00000000 ____D C:\Users\Kaca\AppData\Local\Deployment 2016-08-26 14:34 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\security 2016-08-26 08:59 - 2015-06-17 08:45 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1297279793-3049069924-718101289-1000Core.job 2016-08-25 08:05 - 2013-11-12 18:08 - 00000000 ____D C:\Users\Kaca\AppData\Roaming\Dropbox 2016-08-23 14:06 - 2015-03-12 16:15 - 00000000 ____D C:\Program Files\AnyDesk 2016-08-23 14:01 - 2013-12-09 10:29 - 00000000 ____D C:\ProgramData\Wincert 2016-08-23 14:01 - 2013-11-09 12:48 - 00000000 ____D C:\Users\Kaca\Desktop\In Soft 2016-08-23 02:11 - 2013-11-09 13:30 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1297279793-3049069924-718101289-1000Core.job 2016-08-19 09:24 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache 2016-08-18 09:08 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp 2016-08-17 15:21 - 2013-11-09 14:10 - 00000000 ____D C:\Users\Kaca\Downloads\Corel Draw X5 with Keygen + (zabranjeno) 2016-08-17 14:26 - 2015-05-25 14:10 - 00012788 _____ C:\Users\Kaca\Desktop\AUTO SLEP TIMA.xlsx 2016-08-17 14:04 - 2013-11-09 11:35 - 00118256 _____ C:\Users\Kaca\AppData\Local\GDIPFONTCACHEV1.DAT 2016-08-17 12:54 - 2009-07-14 06:33 - 00443576 _____ C:\Windows\system32\FNTCACHE.DAT 2016-08-17 12:45 - 2013-11-09 11:39 - 00000000 ____D C:\Users\Kaca\AppData\Roaming\Panda Security 2016-08-17 12:45 - 2013-11-09 11:39 - 00000000 ____D C:\ProgramData\Panda Security 2016-08-17 12:45 - 2013-11-09 11:39 - 00000000 ____D C:\Program Files\Panda Security 2016-08-17 12:16 - 2009-07-14 06:53 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-08-17 08:22 - 2015-06-18 13:07 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-08-17 08:21 - 2015-06-18 13:04 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-08-17 08:06 - 2013-11-09 11:58 - 00000000 ____D C:\Users\UpdatusUser 2016-08-10 14:06 - 2013-11-09 12:34 - 00000000 ____D C:\Windows\system32\MRT 2016-08-10 14:01 - 2013-11-09 12:34 - 144884648 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-08-09 08:19 - 2013-11-09 13:31 - 00002368 _____ C:\Users\Kaca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-08-09 08:19 - 2013-11-09 13:31 - 00002360 _____ C:\Users\Kaca\Desktop\Google Chrome.lnk 2016-08-04 08:18 - 2015-12-05 10:34 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-08-03 09:53 - 2016-03-12 10:04 - 00000000 ____D C:\Program Files\SecurityTray 2016-07-28 14:00 - 2015-04-04 14:06 - 00000000 ___SD C:\Windows\system32\GWX ==================== Files in the root of some directories ======= 2013-11-11 18:31 - 2013-11-11 18:31 - 0000000 _____ () C:\ProgramData\0x0304A000.sfl 2013-11-09 13:23 - 2013-11-09 13:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-03-14 09:13 - 2016-04-19 08:10 - 0000401 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Files to move or delete: ==================== C:\Users\Kaca\pkcs11wrapper_32.dll Some files in TEMP: ==================== C:\Users\Kaca\AppData\Local\Temp\jre-8u101-windows-au.exe C:\Users\Kaca\AppData\Local\Temp\ose00000.exe C:\Users\Kaca\AppData\Local\Temp\sbbjni32.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. LastRegBack: 2016-08-26 08:50 ==================== End of FRST.txt ============================

Profil

Sass Drake Poslao: 28 Avg 2016 09:31 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne vidim u izvještajima aktivan ransomware. Da li si imao rezervnu kopiju podataka?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem CryptoLocker RANSOMWARE

Ko je trenutno na forumu

Ukupno su 833 korisnika na forumu :: 4 registrovanih, 0 sakrivenih i 829 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: draggan, MilosKop, Shilok, zlaya011

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by