Zemana AntiLogger otkrio hosts hijacker

1

Zemana AntiLogger otkrio hosts hijacker

offline
  • Pridružio: 12 Feb 2007
  • Poruke: 1226

Radnim danima nisam kod kuće pa brat koristi moj računar, ne znam šta je radio po netua ali jutros je Zemana AntiLogger otkrio hosts Hijacker.

Posle popravke i restarta računara kod ponovnog skeniranja je opet otkrio isto.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2016
Ran by Viper (administrator) on BIOHAZARD (26-11-2016 12:37:48)
Running from C:\Users\Viper\Desktop
Loaded Profiles: Viper (Available Profiles: Viper)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Pale Moon\palemoon.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiLogger\ZAM.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Performix LLC) C:\Program Files\Adguard\Adguard.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Performix LLC) C:\Program Files\Adguard\AdguardSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiLogger\ZAM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-19] (AVAST Software)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiLogger\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2650576 2016-11-15] (Malwarebytes Corporation)
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKU\S-1-5-21-2862957678-608492330-2760606463-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2862957678-608492330-2760606463-1000\...\Run: [f.lux] => C:\Users\Viper\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2862957678-608492330-2760606463-1000\...\Run: [Adguard] => C:\Program Files\Adguard\Adguard.exe [5608440 2016-08-26] (Performix LLC)
HKU\S-1-5-21-2862957678-608492330-2760606463-1000\...\MountPoints2: {71b4c722-1d53-11e5-a58d-485b39b507fe} - G:\autorun\autorun.exe
HKU\S-1-5-21-2862957678-608492330-2760606463-1000\...\MountPoints2: {a5105961-ad6e-11e5-9cea-485b39b507fe} - H:\autorun.exe
HKU\S-1-5-21-2862957678-608492330-2760606463-1000\...\MountPoints2: {f8ad2c6a-1a45-11e5-93d3-485b39b507fe} - F:\Install.exe
AppInit_DLLs: C:\PROGRA~1\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files\KeyCryptSDK\KeyCrypt32(14).dll [86936 2016-08-10] (Zemana Ltd.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-02] (AVAST Software)
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 212.200.191.166 212.200.190.166
Tcpip\..\Interfaces\{839D1C35-079D-4FFA-8CB8-7EF17139E3AB}: [DhcpNameServer] 212.200.191.166 212.200.190.166

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2862957678-608492330-2760606463-1000 -> DefaultScope {FA448F4C-32CD-4222-A9D7-2530C806BD7D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2862957678-608492330-2760606463-1000 -> {FA448F4C-32CD-4222-A9D7-2530C806BD7D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

FireFox:
========
FF ProfilePath: C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default [2016-11-26]
FF Homepage: Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default -> about:home
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default -> type", 0
FF Extension: (Disconnect) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\2.0@disconnect.me.xpi [2016-04-28]
FF Extension: (Adblock Latitude) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\adblocklatitude@addons.palemoon.org.xpi [2016-10-23] [not signed]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-06-16]
FF Extension: (Facebook Disconnect) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\facebook@disconnect.me.xpi [2016-04-28]
FF Extension: (VTzilla) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\info@virustotal.com.xpi [2016-04-28]
FF Extension: (Flagfox) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-10-14]
FF Extension: (Clean Links) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2016-04-28]
FF Extension: (Encrypted Web) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\{4bf973fe-f2b7-43e1-b2ca-52f9c6f6fddf} [2016-04-16] [not signed]
FF Extension: (NoScript) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-10]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2016-10-04]
FF Extension: (DownloadHelper) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-06-16]
FF Extension: (BetterPrivacy) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-06-16]
FF SearchPlugin: C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\searchplugins\ixquick-https.xml [2015-08-21]
FF SearchPlugin: C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\searchplugins\startpage-ssl.xml [2015-08-21]
FF ProfilePath: C:\Users\Viper\AppData\Roaming\FossaMail\Profiles\4pq1k6nn.default [2016-08-19]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-29] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-12] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-12] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Adguard Service; C:\Program Files\Adguard\AdguardSvc.exe [149496 2016-08-26] (Performix LLC)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-02] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-09-02] (AVAST Software)
S3 cmcore; c:\program files\cmcm\Clean Master\cmcore.exe [315208 2016-11-12] (Kingsoft Corporation)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-18] (Hewlett-Packard Co.) [File not signed]
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [155600 2016-11-15] (Malwarebytes Corporation)
S3 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [154256 2016-09-22] (Sandboxie Holdings, LLC)
S3 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 VSStandardCollectorService140; C:\Program Files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [86760 2016-09-06] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiLogger\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworktdidrv; C:\Windows\System32\drivers\adgnetworktdidrv.sys [58440 2016-07-21] ()
S3 amdhub30; C:\Windows\system32\drivers\amdhub30.sys [82560 2012-03-08] (Advanced Micro Devices, INC.)
S3 amdxhc; C:\Windows\system32\drivers\amdxhc.sys [173184 2012-03-08] (Advanced Micro Devices, INC.)
S3 asmthub3; C:\Windows\system32\drivers\asmthub3.sys [110920 2012-11-08] (ASMedia Technology Inc)
S3 asmtxhci; C:\Windows\system32\drivers\asmtxhci.sys [333128 2012-11-08] (ASMedia Technology Inc)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-09-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-09-02] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [26776 2016-05-28] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [338936 2016-09-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-09-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-09-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-09-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-14] (AVAST Software)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [59968 2016-11-15] ()
S3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [51328 2012-08-07] (Etron Technology Inc)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [26112 2012-08-07] (Etron Technology Inc)
S3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [71552 2012-08-07] (Etron Technology Inc)
S3 FLxHCIc; C:\Windows\system32\drivers\FLxHCIc.sys [205992 2013-02-25] (Fresco Logic)
S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [61608 2013-02-25] (Fresco Logic)
R0 iusb3hcs; C:\Windows\System32\drivers\iusb3hcs.sys [16880 2013-02-22] (Intel Corporation)
S3 iusb3hub; C:\Windows\system32\drivers\iusb3hub.sys [352752 2013-02-22] (Intel Corporation)
S3 iusb3xhc; C:\Windows\system32\drivers\iusb3xhc.sys [796656 2013-02-22] (Intel Corporation)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt32.sys [142344 2016-08-10] (Zemana Ltd.)
S3 ksapi; C:\Windows\system32\drivers\ksapi.sys [81768 2016-11-12] (Kingsoft Corporation)
S3 libwasys; C:\Windows\System32\DRIVERS\libwasys.sys [24368 2016-09-10] ()
R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.)
S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [86408 2012-08-27] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [178568 2012-08-27] (Renesas Electronics Corporation)
R0 oem-drv86; C:\Windows\System32\DRIVERS\oem-drv86.sys [28160 2016-11-26] (secr9tos) [File not signed]
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [177296 2016-09-22] (Sandboxie Holdings, LLC)
S4 secdrv; C:\Windows\system32\Drivers\secdrv.sys [28400 2016-11-05] () [File not signed]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31776 2015-06-02] (The OpenVPN Project)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [113904 2016-10-18] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [178352 2016-10-18] (Oracle Corporation)
S3 WiseHDInfo; C:\Windows\WiseHDInfo32.dll [13264 2015-07-01] (wisecleaner.com)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2016-09-02] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2016-09-02] (Zemana Ltd.)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog32.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-26 12:37 - 2016-11-26 12:38 - 00040819 _____ C:\Users\Viper\Desktop\FRST.txt
2016-11-26 12:37 - 2016-11-26 12:37 - 00000000 ____D C:\FRST
2016-11-26 12:36 - 2016-11-26 12:36 - 01761280 _____ (Farbar) C:\Users\Viper\Desktop\FRST.exe
2016-11-26 12:35 - 2016-11-26 12:35 - 00001108 _____ C:\Users\Viper\Desktop\sfdgsdfg.txt
2016-11-26 12:32 - 2016-11-26 12:32 - 01761280 _____ (Farbar) C:\Users\Viper\Desktop\Unconfirmed 343917.crdownload
2016-11-26 12:15 - 2016-11-26 12:15 - 00000481 _____ C:\Users\Viper\Desktop\hosts fajl lindza.txt
2016-11-26 10:19 - 2016-11-26 10:19 - 00000803 _____ C:\Users\Viper\Desktop\hosts fajl lindza
2016-11-25 18:57 - 2016-11-25 18:57 - 00001821 _____ C:\Users\Public\Desktop\Zemana AntiLogger.lnk
2016-11-25 18:57 - 2016-11-25 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger
2016-11-25 15:31 - 2016-11-25 15:31 - 00407440 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-21 18:57 - 2016-11-21 18:57 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-11-21 18:57 - 2016-11-21 18:57 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-11-20 21:29 - 2016-11-20 21:29 - 01148596 _____ C:\Users\Viper\Desktop\65870_1932597709_92wYE6m.mp4
2016-11-20 03:01 - 2015-06-16 01:42 - 00000400 _____ C:\Users\Viper\Desktop\Local Area Connection.lnk
2016-11-19 18:13 - 2016-11-19 18:11 - 00103240 _____ C:\Users\Viper\Desktop\Zahtev2791017.pdf
2016-11-19 13:05 - 2016-07-21 17:30 - 00058440 _____ () C:\Windows\system32\Drivers\adgnetworktdidrv.sys
2016-11-19 13:04 - 2016-11-26 12:39 - 00000000 ____D C:\ProgramData\Adguard
2016-11-19 13:04 - 2016-11-26 12:18 - 00000000 ____D C:\Program Files\Adguard
2016-11-19 13:04 - 2016-11-19 13:04 - 00000899 _____ C:\Users\Public\Desktop\Adguard.lnk
2016-11-19 13:04 - 2016-11-19 13:04 - 00000000 ____D C:\Users\Viper\AppData\Roaming\Performix LLC
2016-11-19 13:04 - 2016-11-19 13:04 - 00000000 ____D C:\Users\Viper\AppData\Local\Performix_LLC
2016-11-19 13:04 - 2016-11-19 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adguard
2016-11-13 20:00 - 2016-11-25 19:53 - 98668915 _____ C:\Users\Viper\Desktop\Pak0.pk3
2016-11-13 13:33 - 2016-11-13 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2016-11-13 13:33 - 2016-10-18 16:10 - 00787232 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2016-11-13 13:29 - 2016-11-13 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2016-11-13 13:29 - 2016-11-13 13:29 - 00000000 ____D C:\Program Files\Auslogics
2016-11-13 01:35 - 2016-11-13 01:35 - 00000941 _____ C:\Users\Viper\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
2016-11-13 01:35 - 2016-11-13 01:35 - 00000000 ____D C:\Users\Viper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
2016-11-13 01:34 - 2016-11-13 01:35 - 00000000 ____D C:\Users\Viper\AppData\Local\Viber
2016-11-13 01:10 - 2016-11-13 01:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2016-11-12 21:22 - 2016-11-12 21:26 - 00000000 ____D C:\Users\Viper\AppData\Roaming\FileZilla
2016-11-12 18:22 - 2016-11-12 23:28 - 00000000 ___RD C:\Users\Viper\Google Drive
2016-11-12 18:22 - 2016-11-12 23:27 - 00001038 _____ C:\Users\Viper\Desktop\Google Drive.lnk
2016-11-12 18:22 - 2016-11-12 18:22 - 00001684 _____ C:\Users\Viper\Desktop\GDrive.lnk
2016-11-12 18:15 - 2016-11-21 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-12 18:14 - 2016-11-26 12:19 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-12 18:14 - 2016-11-26 12:18 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-12 18:14 - 2016-11-12 18:15 - 00000000 ____D C:\Program Files\Google
2016-11-12 09:40 - 2016-11-12 09:40 - 00000921 _____ C:\Users\Viper\Desktop\tahograf slike sa telefona.lnk
2016-11-10 00:27 - 2016-11-10 00:27 - 00000523 _____ C:\Users\Viper\Desktop\Biohazard (D).lnk
2016-11-09 08:53 - 2016-10-27 16:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-09 08:53 - 2016-10-22 17:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-09 08:53 - 2016-09-15 15:51 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-09 08:53 - 2016-08-21 14:05 - 00935424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-09 08:52 - 2016-11-02 16:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-09 08:52 - 2016-11-02 16:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-09 08:52 - 2016-11-02 16:16 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-09 08:52 - 2016-11-02 16:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-09 08:52 - 2016-11-02 15:53 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-09 08:52 - 2016-10-28 04:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-09 08:52 - 2016-10-27 15:16 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-09 08:52 - 2016-10-25 15:54 - 02399744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-09 08:52 - 2016-10-22 18:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-09 08:52 - 2016-10-22 18:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-09 08:52 - 2016-10-22 18:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-09 08:52 - 2016-10-22 18:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-09 08:52 - 2016-10-22 18:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-09 08:52 - 2016-10-22 18:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-09 08:52 - 2016-10-22 18:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-09 08:52 - 2016-10-22 18:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-09 08:52 - 2016-10-22 18:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-09 08:52 - 2016-10-22 18:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-09 08:52 - 2016-10-22 18:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-09 08:52 - 2016-10-22 18:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-09 08:52 - 2016-10-22 18:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-09 08:52 - 2016-10-22 18:21 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-09 08:52 - 2016-10-22 18:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-09 08:52 - 2016-10-22 18:13 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-09 08:52 - 2016-10-22 18:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-09 08:52 - 2016-10-22 18:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-09 08:52 - 2016-10-22 18:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-09 08:52 - 2016-10-22 17:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-09 08:52 - 2016-10-22 17:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-09 08:52 - 2016-10-22 17:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-09 08:52 - 2016-10-22 17:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-09 08:52 - 2016-10-22 17:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-09 08:52 - 2016-10-22 17:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-09 08:52 - 2016-10-22 17:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-09 08:52 - 2016-10-22 17:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-09 08:52 - 2016-10-22 17:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-09 08:52 - 2016-10-22 17:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-09 08:52 - 2016-10-22 17:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-09 08:52 - 2016-10-22 17:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-09 08:52 - 2016-10-15 16:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-09 08:52 - 2016-10-15 16:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-09 08:52 - 2016-10-11 16:24 - 00250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-09 08:52 - 2016-10-11 16:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-09 08:52 - 2016-10-11 16:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-09 08:52 - 2016-10-11 16:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-09 08:52 - 2016-10-11 16:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-09 08:52 - 2016-10-11 16:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-09 08:52 - 2016-10-11 16:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-09 08:52 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-09 08:52 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-09 08:52 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-09 08:52 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-09 08:52 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-09 08:52 - 2016-10-11 16:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-09 08:52 - 2016-10-11 14:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-09 08:52 - 2016-10-10 16:21 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-09 08:52 - 2016-10-10 16:21 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-09 08:52 - 2016-10-10 16:16 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-09 08:52 - 2016-10-10 15:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-09 08:52 - 2016-10-10 15:50 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-09 08:52 - 2016-10-10 15:50 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-09 08:52 - 2016-10-10 15:50 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-09 08:52 - 2016-10-10 15:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-09 08:52 - 2016-10-10 15:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-09 08:52 - 2016-10-10 15:50 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-09 08:52 - 2016-10-07 16:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-11-09 08:52 - 2016-10-07 16:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-09 08:52 - 2016-10-07 16:15 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-09 08:52 - 2016-10-07 16:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-09 08:52 - 2016-10-07 16:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-09 08:52 - 2016-10-07 16:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-09 08:52 - 2016-10-07 16:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-09 08:52 - 2016-10-07 16:12 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2016-11-09 08:52 - 2016-10-07 16:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-09 08:52 - 2016-10-07 16:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-09 08:52 - 2016-10-07 16:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-09 08:52 - 2016-10-07 16:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-09 08:52 - 2016-10-07 16:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-09 08:52 - 2016-10-07 16:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-09 08:52 - 2016-10-07 15:54 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-09 08:52 - 2016-10-07 15:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-09 08:52 - 2016-10-07 15:54 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-09 08:52 - 2016-10-07 15:54 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-09 08:52 - 2016-10-07 15:51 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-09 08:52 - 2016-10-07 15:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-09 08:52 - 2016-10-05 15:50 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-09 08:52 - 2016-09-13 16:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-09 08:52 - 2016-09-09 19:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-07 02:14 - 2016-11-07 02:14 - 00483503 _____ C:\Users\Viper\Desktop\SPISAK RADIONICA ZA TAHOGRAFE.pdf
2016-11-06 02:57 - 2016-11-06 02:57 - 00000000 ____D C:\Users\Viper\.dnx
2016-11-06 02:27 - 2016-11-06 02:27 - 00000000 ____D C:\Program Files\AppInsights
2016-11-06 02:22 - 2016-11-06 02:22 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 11.0
2016-11-06 02:06 - 2016-11-06 02:06 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2016-11-06 02:05 - 2016-11-06 02:05 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2016-11-06 02:05 - 2016-11-06 02:05 - 00000000 ____D C:\Program Files\ShellDir
2016-11-06 02:03 - 2016-11-06 02:22 - 00000000 ____D C:\Program Files\Microsoft ASP.NET
2016-11-06 02:01 - 2016-11-06 02:01 - 00000000 ____D C:\ProgramData\Microsoft DNX
2016-11-06 02:01 - 2016-11-06 02:01 - 00000000 ____D C:\Program Files\Microsoft DNX
2016-11-06 01:54 - 2016-11-06 02:00 - 00000000 ____D C:\Program Files\Microsoft Web Tools
2016-11-06 01:51 - 2016-11-06 01:51 - 00000000 ____D C:\Program Files\IIS Express
2016-11-06 01:50 - 2016-11-06 01:50 - 00000000 ____D C:\Program Files\Microsoft Office365 Tools
2016-11-06 01:49 - 2016-11-06 01:49 - 00000000 ____D C:\ProgramData\NuGet
2016-11-06 01:49 - 2016-11-06 01:49 - 00000000 ____D C:\Program Files\NuGet
2016-11-06 01:49 - 2016-11-06 01:49 - 00000000 ____D C:\Program Files\Microsoft WCF Data Services
2016-11-06 01:48 - 2016-11-06 01:48 - 00000000 ____D C:\Program Files\IIS
2016-11-06 01:46 - 2016-11-06 01:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2016-11-06 01:45 - 2016-11-06 01:45 - 00001492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
2016-11-06 01:42 - 2016-11-06 02:32 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2016-11-06 01:39 - 2016-11-06 01:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2016-11-06 01:28 - 2016-11-06 03:00 - 00000000 ____D C:\Users\Viper\Documents\Visual Studio 2015
2016-11-06 01:13 - 2016-11-06 02:22 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-11-06 01:13 - 2016-11-06 01:41 - 00000000 ____D C:\Windows\system32\1033
2016-11-06 01:13 - 2016-11-06 01:13 - 00001493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
2016-11-06 01:13 - 2016-11-06 01:13 - 00000000 ____D C:\Program Files\Common Files\Merge Modules
2016-11-06 01:11 - 2016-11-06 02:16 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 14.0
2016-11-06 01:08 - 2016-11-06 02:06 - 00000000 ____D C:\Program Files\Windows Kits
2016-11-06 00:57 - 2016-11-06 00:57 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-05 10:07 - 2016-11-05 14:59 - 00002014 _____ C:\Users\Public\Desktop\Medal of Honor Allied Assault.lnk
2016-11-05 10:05 - 2016-11-05 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2016-10-29 23:52 - 2016-10-29 23:52 - 00000000 ____D C:\Users\Viper\AppData\Roaming\de.hueber.menschena1izu
2016-10-29 23:37 - 2016-11-19 14:02 - 00000000 ____D C:\Users\Viper\Desktop\fleska sredjivanje

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-26 12:38 - 2015-11-15 09:14 - 00185887 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-11-26 12:38 - 2015-11-15 09:14 - 00100993 _____ C:\Windows\ZAM.krnl.trace
2016-11-26 12:28 - 2015-06-15 19:52 - 00000000 ____D C:\Users\Viper
2016-11-26 12:26 - 2009-07-14 05:34 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-26 12:26 - 2009-07-14 05:34 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-26 12:18 - 2015-06-16 05:36 - 00028160 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv86.sys
2016-11-26 12:18 - 2015-06-16 02:04 - 00000000 ____D C:\ProgramData\MCShield
2016-11-26 12:18 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-26 09:58 - 2015-06-16 03:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-26 07:41 - 2016-07-16 15:34 - 00000000 ____D C:\ProgramData\Auslogics
2016-11-26 03:31 - 2015-06-16 01:14 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-25 23:25 - 2015-07-02 23:54 - 00000000 ____D C:\Program Files\KeyCryptSDK
2016-11-25 21:41 - 2015-06-16 01:19 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-11-25 18:57 - 2016-08-05 20:58 - 00000000 ____D C:\Program Files\Zemana AntiLogger
2016-11-25 16:15 - 2015-06-15 20:37 - 00000000 ____D C:\Program Files\Pale Moon
2016-11-25 15:51 - 2015-07-31 00:24 - 00000000 ____D C:\Program Files\Slimjet
2016-11-22 01:05 - 2015-06-16 02:36 - 00000000 ____D C:\Users\Viper\AppData\Roaming\Thunderbird
2016-11-22 01:05 - 2015-06-16 02:36 - 00000000 ____D C:\Users\Viper\AppData\Local\Thunderbird
2016-11-22 01:05 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-11-22 00:10 - 2015-06-16 01:36 - 00000000 ____D C:\Users\Viper\.VirtualBox
2016-11-21 19:32 - 2015-06-16 06:29 - 00000000 ____D C:\Users\Viper\AppData\Roaming\vlc
2016-11-21 17:39 - 2015-06-16 01:50 - 00002392 _____ C:\Windows\Sandboxie.ini
2016-11-19 18:15 - 2013-04-14 09:27 - 00724324 _____ C:\Windows\system32\perfh019.dat
2016-11-19 18:15 - 2013-04-14 09:27 - 00150626 _____ C:\Windows\system32\perfc019.dat
2016-11-19 18:15 - 2010-11-20 22:01 - 01648402 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-19 13:03 - 2013-04-14 14:34 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-19 02:51 - 2015-06-16 01:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-11-19 02:50 - 2015-06-16 01:19 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2016-11-13 14:24 - 2015-06-18 07:26 - 00000000 ____D C:\ProgramData\Skype
2016-11-13 13:39 - 2016-01-01 02:20 - 00000000 ___RD C:\Program Files\Skype
2016-11-13 13:39 - 2015-06-18 07:27 - 00000000 ____D C:\Users\Viper\AppData\Roaming\Skype
2016-11-13 13:09 - 2015-06-16 19:55 - 00000000 ____D C:\Program Files\7-Zip
2016-11-13 01:35 - 2015-12-30 18:23 - 00000000 ____D C:\Users\Viper\AppData\Roaming\ViberPC
2016-11-13 01:35 - 2015-12-30 18:22 - 00000000 ____D C:\Users\Viper\AppData\Local\Package Cache
2016-11-12 18:15 - 2015-07-30 12:10 - 00000000 ____D C:\Users\Viper\AppData\Local\Google
2016-11-12 18:06 - 2015-07-25 18:04 - 00081768 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2016-11-12 18:06 - 2015-07-25 18:04 - 00056680 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys
2016-11-09 20:58 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2016-11-09 12:44 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2016-11-09 11:14 - 2015-06-15 22:12 - 00000000 ____D C:\Windows\system32\MRT
2016-11-09 11:08 - 2013-04-14 15:02 - 138444440 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-06 02:37 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-11-06 02:22 - 2015-06-21 04:27 - 00000000 ____D C:\Program Files\Microsoft SDKs
2016-11-06 01:36 - 2015-06-21 04:42 - 00000000 ____D C:\Program Files\Microsoft Help Viewer
2016-11-06 01:26 - 2009-07-14 05:53 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-06 01:08 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\MSBuild
2016-11-05 10:13 - 2009-07-14 03:05 - 00028400 _____ C:\Windows\system32\Drivers\secdrv.sys
2016-11-05 10:09 - 2015-06-25 05:59 - 00000000 ____D C:\Users\Viper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-11-05 10:05 - 2016-06-19 11:43 - 00000000 ____D C:\Program Files\EA Games
2016-11-05 10:05 - 2015-06-15 20:03 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-10-30 03:06 - 2015-08-22 20:04 - 00000000 ____D C:\Users\Viper\AppData\Local\CrashDumps
2016-10-29 23:53 - 2015-07-26 14:07 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2016-10-29 23:45 - 2016-01-08 05:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hueber
2016-10-29 23:44 - 2016-01-08 05:23 - 00000000 ____D C:\Program Files\Hueber
2016-10-29 01:29 - 2016-09-24 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Return to Castle Wolfenstein
2016-10-29 01:29 - 2016-09-16 18:33 - 00000600 _____ C:\Windows\Rtcw.INI
2016-10-29 01:21 - 2015-06-16 03:48 - 00000000 ____D C:\Users\Viper\AppData\Local\Adobe
2016-10-29 01:20 - 2015-06-16 03:49 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-10-29 01:20 - 2015-06-16 03:49 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-10-29 01:20 - 2015-06-16 03:49 - 00000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2016-10-08 23:30 - 2016-10-08 23:32 - 0000008 _____ () C:\Users\Viper\AppData\Roaming\pdfdrawcodec.dll
2016-09-10 23:48 - 2016-09-11 12:27 - 0000487 _____ () C:\Users\Viper\AppData\Local\infection.log
2016-01-24 15:21 - 2016-01-24 15:21 - 0000218 _____ () C:\Users\Viper\AppData\Local\recently-used.xbel
2015-06-19 23:11 - 2016-05-21 00:45 - 0000260 _____ () C:\ProgramData\fontcacheev1.dat
2016-10-14 18:05 - 2016-10-14 18:19 - 0001911 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-26 01:18

==================== End of FRST.txt ============================
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
2015-06-19 23:11 - 2016-05-21 00:45 - 0000260 _____ () C:\ProgramData\fontcacheev1.dat
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.



Nakon toga,


Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

offline
  • Pridružio: 12 Feb 2007
  • Poruke: 1226

Kod mene je System Restore isključen.

Fix result of Farbar Recovery Scan Tool (x86) Version: 23-11-2016
Ran by Viper (26-11-2016 21:39:48) Run:1
Running from C:\Users\Viper\Desktop
Loaded Profiles: Viper (Available Profiles: Viper)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
2015-06-19 23:11 - 2016-05-21 00:45 - 0000260 _____ () C:\ProgramData\fontcacheev1.dat
EmptyTemp:
*****************

Error: (0) Failed to create a restore point.
C:\ProgramData\fontcacheev1.dat => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12637216 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 35045637 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16674 B
LocalService => 0 B
NetworkService => 0 B
Viper => 87418 B
Coleman => 0 B

RecycleBin => 0 B
EmptyTemp: => 53.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:39:51 ====
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Arrow Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 12 Feb 2007
  • Poruke: 1226

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Kakvo je sada stanje?

offline
  • Pridružio: 12 Feb 2007
  • Poruke: 1226

Radi sve normalno, osim što je ZAL ponovo prilikom skeniranja otkrio Hosts Hijack.

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Hajd odradi skeniranje, pa mi dostavi log po uputstvu

Preuzmi Zemana AntiMalware i sacuvaj ga na Deskop.


Arrow Kada preuzimanje bude zavrseno:

Dvoklikom pokreni instalaciju i prati uputstva. Instalacija je standardna bez ikakvih dodatnih opcija.
Nakon instalacije, program ce se automatski pokrenuti i sada je potrebno klikniti na Scan.
Kada se skeniranje zavrsi, klikni Next kako bi uklonio sve pronadjene stavke.
Ako ti zatrazi da restartujes racunar, klikni na Reboot.
Ukoliko je racunar ozbiljno inficiran, nakon restarta ce uslediti jos jedno skeniranje.


Arrow Nakon toga, potrebno je da dostavis izvestaj/e:

Na tastaturi pritisni + R u isto vreme.
Kopiraj sledecu komandu i potvrdi sa OK:
%USERPROFILE%\AppData\Local\Zemana\Zemana AntiMalware\reports
Najnovji izvestaj/e kopiraj na Deskop, a zatim ga prikaci u sledecoj poruci.

offline
  • Pridružio: 12 Feb 2007
  • Poruke: 1226

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Odradi ovaj fix, pa javi kakvo je stanje za Zemanom. Da li i dalje prijavljuje host hijack?

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
Hosts:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Ko je trenutno na forumu
 

Ukupno su 814 korisnika na forumu :: 39 registrovanih, 6 sakrivenih i 769 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amstel2, Bane san, bankulen, Battlehammer, branko7, Brankoni, crnitrn, darkangel, Despot1, Doca, dragon986, dule clio, havoc995, helen1, Hoegaarden, Insan, Joja, kalca65, Koca Popovic, KS, m0nstrum_, milos.cbr, Milovan1111, moonshine, mrkanidja, Nekicoveculjak, Nikoloff, Panonsky, Recce, rovac, Snorks, sovanova95, stringer bell, USSVoyager, vathra, Vezista, zixmix, zlaya011, Živković