MyCity » Ambulanta -> Arhiva Ambulante » Zemana AntiLogger otkrio hosts hijacker

Zemana AntiLogger otkrio hosts hijacker

Napisano na dan: 26.11.2016

Strana:
1
2

Zemana AntiLogger otkrio hosts hijacker

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Wisdomseeker Poslao: 26 Nov 2016 12:44 Idi na vrh
offline Wisdomseeker Super građanin Pridružio: 12 Feb 2007 Poruke: 1239	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Radnim danima nisam kod kuće pa brat koristi moj računar, ne znam šta je radio po netua ali jutros je Zemana AntiLogger otkrio hosts Hijacker. Posle popravke i restarta računara kod ponovnog skeniranja je opet otkrio isto. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2016 Ran by Viper (administrator) on BIOHAZARD (26-11-2016 12:37:48) Running from C:\Users\Viper\Desktop Loaded Profiles: Viper (Available Profiles: Viper) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: "C:\Program Files\Pale Moon\palemoon.exe" -osint -url "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Zemana Ltd.) C:\Program Files\Zemana AntiLogger\ZAM.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe (MyCity) C:\Program Files\MCShield\MCShieldRTM.exe (Performix LLC) C:\Program Files\Adguard\Adguard.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Performix LLC) C:\Program Files\Adguard\AdguardSvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe (Zemana Ltd.) C:\Program Files\Zemana AntiLogger\ZAM.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-19] (AVAST Software) HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiLogger\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.) HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2650576 2016-11-15] (Malwarebytes Corporation) HKLM Group Policy restriction on software: .jpeg.exe <====== ATTENTION HKLM Group Policy restriction on software: .zip.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.exe <====== ATTENTION HKLM Group Policy restriction on software: .rar.cmd <====== ATTENTION HKLM Group Policy restriction on software: .ppt.cmd <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\.pif <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.exe <====== ATTENTION HKLM Group Policy restriction on software: .divx.scr <====== ATTENTION HKLM Group Policy restriction on software: .avi.pif <====== ATTENTION HKLM Group Policy restriction on software: .mp3.pif <====== ATTENTION HKLM Group Policy restriction on software: .wma.bat <====== ATTENTION HKLM Group Policy restriction on software: .7z.jse <====== ATTENTION HKLM Group Policy restriction on software: .pdf.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.cmd <====== ATTENTION HKLM Group Policy restriction on software: .mp3.exe <====== ATTENTION HKLM Group Policy restriction on software: .xls.js <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.bat <====== ATTENTION HKLM Group Policy restriction on software: .gif.scr <====== ATTENTION HKLM Group Policy restriction on software: .pub.js <====== ATTENTION HKLM Group Policy restriction on software: .gif.cmd <====== ATTENTION HKLM Group Policy restriction on software: .pdf.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.pif <====== ATTENTION HKLM Group Policy restriction on software: .rtf.bat <====== ATTENTION HKLM Group Policy restriction on software: .bmp.pif <====== ATTENTION HKLM Group Policy restriction on software: .avi.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.js <====== ATTENTION HKLM Group Policy restriction on software: .gif.com <====== ATTENTION HKLM Group Policy restriction on software: .zip.bat <====== ATTENTION HKLM Group Policy restriction on software: .7z.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.bat <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.com <====== ATTENTION HKLM Group Policy restriction on software: .pptx.exe <====== ATTENTION HKLM Group Policy restriction on software: .rar.pif <====== ATTENTION HKLM Group Policy restriction on software: .png.com <====== ATTENTION HKLM Group Policy restriction on software: .txt.cmd <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.scr <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.com <====== ATTENTION HKLM Group Policy restriction on software: .divx.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.com <====== ATTENTION HKLM Group Policy restriction on software: .pub.pif <====== ATTENTION HKLM Group Policy restriction on software: .bmp.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.jse <====== ATTENTION HKLM Group Policy restriction on software: .mp4.com <====== ATTENTION HKLM Group Policy restriction on software: .jpg.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.jse <====== ATTENTION HKLM Group Policy restriction on software: .jpeg.scr <====== ATTENTION HKLM Group Policy restriction on software: .mp3.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.scr <====== ATTENTION HKLM Group Policy restriction on software: .doc.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.com <====== ATTENTION HKLM Group Policy restriction on software: .xls.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.com <====== ATTENTION HKLM Group Policy restriction on software: .jpeg.cmd <====== ATTENTION HKLM Group Policy restriction on software: .7z.com <====== ATTENTION HKLM Group Policy restriction on software: .pdf.pif <====== ATTENTION HKLM Group Policy restriction on software: .avi.com <====== ATTENTION HKLM Group Policy restriction on software: .mp3.bat <====== ATTENTION HKLM Group Policy restriction on software: .xls.scr <====== ATTENTION HKLM Group Policy restriction on software: .pptx.com <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.exe <====== ATTENTION HKLM Group Policy restriction on software: .jpeg.jse <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.jse <====== ATTENTION HKLM Group Policy restriction on software: .txt.exe <====== ATTENTION HKLM Group Policy restriction on software: .txt.js <====== ATTENTION HKLM Group Policy restriction on software: .xls.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.pif <====== ATTENTION HKLM Group Policy restriction on software: .pub.jse <====== ATTENTION HKLM Group Policy restriction on software: .jpg.jse <====== ATTENTION HKLM Group Policy restriction on software: .png.bat <====== ATTENTION HKLM Group Policy restriction on software: .doc.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.scr <====== ATTENTION HKLM Group Policy restriction on software: .avi.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.bat <====== ATTENTION HKLM Group Policy restriction on software: .txt.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.jse <====== ATTENTION HKLM Group Policy restriction on software: .xlsx.js <====== ATTENTION HKLM Group Policy restriction on software: .zip.exe <====== ATTENTION HKLM Group Policy restriction on software: .doc.pif <====== ATTENTION HKLM Group Policy restriction on software: .pdf.js <====== ATTENTION HKLM Group Policy restriction on software: .ppt.com <====== ATTENTION HKLM Group Policy restriction on software: .wmv.jse <====== ATTENTION HKLM Group Policy restriction on software: .wmv.exe <====== ATTENTION HKLM Group Policy restriction on software: .pub.com <====== ATTENTION HKLM Group Policy restriction on software: .wav.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.com <====== ATTENTION HKLM Group Policy restriction on software: .wmv.com <====== ATTENTION HKLM Group Policy restriction on software: .rtf.pif <====== ATTENTION HKLM Group Policy restriction on software: .gif.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.exe <====== ATTENTION HKLM Group Policy restriction on software: .ppt.pif <====== ATTENTION HKLM Group Policy restriction on software: .wav.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.exe <====== ATTENTION HKLM Group Policy restriction on software: .doc.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.js <====== ATTENTION HKLM Group Policy restriction on software: .pub.scr <====== ATTENTION HKLM Group Policy restriction on software: .jpg.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\.exe <====== ATTENTION HKLM Group Policy restriction on software: .wma.pif <====== ATTENTION HKLM Group Policy restriction on software: .wma.scr <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\.cmd <====== ATTENTION HKLM Group Policy restriction on software: .wmv.scr <====== ATTENTION HKLM Group Policy restriction on software: .divx.pif <====== ATTENTION HKLM Group Policy restriction on software: .rtf.js <====== ATTENTION HKLM Group Policy restriction on software: .doc.js <====== ATTENTION HKLM Group Policy restriction on software: .wav.bat <====== ATTENTION HKLM Group Policy restriction on software: .png.js <====== ATTENTION HKLM Group Policy restriction on software: .bmp.scr <====== ATTENTION HKLM Group Policy restriction on software: .wav.cmd <====== ATTENTION HKLM Group Policy restriction on software: .gif.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.com <====== ATTENTION HKLM Group Policy restriction on software: .7z.js <====== ATTENTION HKLM Group Policy restriction on software: .pptx.cmd <====== ATTENTION HKLM Group Policy restriction on software: .ppt.exe <====== ATTENTION HKLM Group Policy restriction on software: .7z.cmd <====== ATTENTION HKLM Group Policy restriction on software: .pptx.bat <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.scr <====== ATTENTION HKLM Group Policy restriction on software: .rar.bat <====== ATTENTION HKLM Group Policy restriction on software: .rar.scr <====== ATTENTION HKLM Group Policy restriction on software: .wma.cmd <====== ATTENTION HKLM Group Policy restriction on software: .divx.jse <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.jse <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\.jse <====== ATTENTION HKLM Group Policy restriction on software: .zip.com <====== ATTENTION HKLM Group Policy restriction on software: .mp3.js <====== ATTENTION HKLM Group Policy restriction on software: .rtf.exe <====== ATTENTION HKLM Group Policy restriction on software: .wav.js <====== ATTENTION HKLM Group Policy restriction on software: .wav.com <====== ATTENTION HKLM Group Policy restriction on software: * <====== ATTENTION HKLM Group Policy restriction on software: .xlsx.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.scr <====== ATTENTION HKLM Group Policy restriction on software: .mp4.bat <====== ATTENTION HKLM Group Policy restriction on software: .xls.com <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.jse <====== ATTENTION HKLM Group Policy restriction on software: .pdf.exe <====== ATTENTION HKLM Group Policy restriction on software: .png.cmd <====== ATTENTION HKLM Group Policy restriction on software: .mp3.com <====== ATTENTION HKLM Group Policy restriction on software: .avi.bat <====== ATTENTION HKLM Group Policy restriction on software: .pdf.scr <====== ATTENTION HKLM Group Policy restriction on software: .jpeg.bat <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.bat <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\.jse <====== ATTENTION HKLM Group Policy restriction on software: .mp4.exe <====== ATTENTION HKLM Group Policy restriction on software: .zip.js <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: .wma.com <====== ATTENTION HKLM Group Policy restriction on software: .wmv.pif <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.pif <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.scr <====== ATTENTION HKLM Group Policy restriction on software: .7z.pif <====== ATTENTION HKLM Group Policy restriction on software: .gif.exe <====== ATTENTION HKLM Group Policy restriction on software: .txt.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.bat <====== ATTENTION HKLM Group Policy restriction on software: .avi.jse <====== ATTENTION HKLM Group Policy restriction on software: .png.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\.bat <====== ATTENTION HKLM Group Policy restriction on software: .mp4.jse <====== ATTENTION HKLM Group Policy restriction on software: .jpeg.js <====== ATTENTION HKLM Group Policy restriction on software: .mp4.js <====== ATTENTION HKLM Group Policy restriction on software: .ppt.jse <====== ATTENTION HKLM Group Policy restriction on software: .ppt.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.exe <====== ATTENTION HKLM Group Policy restriction on software: .wma.exe <====== ATTENTION HKLM Group Policy restriction on software: .rar.exe <====== ATTENTION HKLM Group Policy restriction on software: .doc.com <====== ATTENTION HKLM Group Policy restriction on software: .pptx.js <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.com <====== ATTENTION HKLM Group Policy restriction on software: .rar.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.cmd <====== ATTENTION HKLM Group Policy restriction on software: .xlsx.scr <====== ATTENTION HKLM Group Policy restriction on software: .jpg.pif <====== ATTENTION HKLM Group Policy restriction on software: .rar.com <====== ATTENTION HKLM Group Policy restriction on software: .pub.exe <====== ATTENTION HKLM Group Policy restriction on software: .gif.bat <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.bat <====== ATTENTION HKLM Group Policy restriction on software: .png.exe <====== ATTENTION HKLM Group Policy restriction on software: .avi.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.cmd <====== ATTENTION HKLM Group Policy restriction on software: .mp3.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.exe <====== ATTENTION HKLM Group Policy restriction on software: .rtf.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.jse <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\.bat <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.cmd <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.cmd <====== ATTENTION HKLM Group Policy restriction on software: .jpg.bat <====== ATTENTION HKLM Group Policy restriction on software: .7z.scr <====== ATTENTION HKLM Group Policy restriction on software: .zip.cmd <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.cmd <====== ATTENTION HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION HKLM Group Policy restriction on software: .rtf.scr <====== ATTENTION HKLM Group Policy restriction on software: .mp3.scr <====== ATTENTION HKLM Group Policy restriction on software: .txt.bat <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\.exe <====== ATTENTION HKLM Group Policy restriction on software: .wav.jse <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.pif <====== ATTENTION HKLM Group Policy restriction on software: .pptx.pif <====== ATTENTION HKLM Group Policy restriction on software: .wmv.js <====== ATTENTION HKLM Group Policy restriction on software: .jpeg.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.js <====== ATTENTION HKLM Group Policy restriction on software: .xlsx.jse <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\.scr <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.pif <====== ATTENTION HKLM Group Policy restriction on software: .docx.cmd <====== ATTENTION HKLM Group Policy restriction on software: .jpeg.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.scr <====== ATTENTION HKLM Group Policy restriction on software: .ppt.scr <====== ATTENTION HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.js <====== ATTENTION HKLM Group Policy restriction on software: .pptx.jse <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.bat <====== ATTENTION HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION HKLM Group Policy restriction on software: .mp4.scr <====== ATTENTION HKLM Group Policy restriction on software: :\$Recycle.Bin <====== ATTENTION HKLM Group Policy restriction on software: .xlsx.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.com <====== ATTENTION HKLM Group Policy restriction on software: .txt.jse <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\.bat <====== ATTENTION HKLM Group Policy restriction on software: .divx.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.exe <====== ATTENTION HKLM Group Policy restriction on software: .pub.cmd <====== ATTENTION HKLM Group Policy restriction on software: .docx.pif <====== ATTENTION HKLM Group Policy restriction on software: .divx.com <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\.scr <====== ATTENTION HKLM Group Policy restriction on software: .bmp.com <====== ATTENTION HKLM Group Policy restriction on software: .wav.pif <====== ATTENTION HKLM Group Policy restriction on software: %systemdrive%\\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.cmd <====== ATTENTION HKLM Group Policy restriction on software: .bmp.cmd <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\.com <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\.js <====== ATTENTION HKLM Group Policy restriction on software: .xlsx.cmd <====== ATTENTION HKLM Group Policy restriction on software: .doc.jse <====== ATTENTION HKLM Group Policy restriction on software: .mp4.cmd <====== ATTENTION HKLM Group Policy restriction on software: .wma.jse <====== ATTENTION HKLM Group Policy restriction on software: .docx.com <====== ATTENTION HKLM Group Policy restriction on software: .xlsx.bat <====== ATTENTION HKLM Group Policy restriction on software: .pub.bat <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\.jse <====== ATTENTION HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.bat <====== ATTENTION HKLM Group Policy restriction on software: .pdf.jse <====== ATTENTION HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION HKLM Group Policy restriction on software: .xlsx.exe <====== ATTENTION HKLM Group Policy restriction on software: %programfiles%\\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.jse <====== ATTENTION HKLM Group Policy restriction on software: .7z.exe <====== ATTENTION HKLM Group Policy restriction on software: .jpg.js <====== ATTENTION HKLM Group Policy restriction on software: .xls.cmd <====== ATTENTION HKLM Group Policy restriction on software: .rar.js <====== ATTENTION HKLM Group Policy restriction on software: .jpg.scr <====== ATTENTION HKLM Group Policy restriction on software: .txt.com <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\.pif <====== ATTENTION HKLM Group Policy restriction on software: .xls.jse <====== ATTENTION HKLM Group Policy restriction on software: .docx.scr <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.scr <====== ATTENTION HKLM Group Policy restriction on software: .pdf.bat <====== ATTENTION HKLM Group Policy restriction on software: .mp4.pif <====== ATTENTION HKLM Group Policy restriction on software: .bmp.jse <====== ATTENTION HKLM Group Policy restriction on software: .bmp.js <====== ATTENTION HKLM Group Policy restriction on software: .pptx.scr <====== ATTENTION HKLM Group Policy restriction on software: .wma.js <====== ATTENTION HKLM Group Policy restriction on software: .rtf.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.com <====== ATTENTION HKLM Group Policy restriction on software: .doc.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.js <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\.cmd <====== ATTENTION HKLM Group Policy restriction on software: .wmv.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.scr <====== ATTENTION HKLM Group Policy restriction on software: .zip.scr <====== ATTENTION HKLM Group Policy restriction on software: .avi.exe <====== ATTENTION HKLM Group Policy restriction on software: .bmp.exe <====== ATTENTION HKLM Group Policy restriction on software: .xls.pif <====== ATTENTION HKLM Group Policy restriction on software: .rtf.com <====== ATTENTION HKLM Group Policy restriction on software: .docx.bat <====== ATTENTION HKLM Group Policy restriction on software: .divx.exe <====== ATTENTION HKLM Group Policy restriction on software: .docx.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.scr <====== ATTENTION HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION HKLM Group Policy restriction on software: .gif.jse <====== ATTENTION HKLM Group Policy restriction on software: .png.jse <====== ATTENTION HKLM Group Policy restriction on software: .docx.js <====== ATTENTION HKLM Group Policy restriction on software: .png.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.cmd <====== ATTENTION HKLM Group Policy restriction on software: .docx.jse <====== ATTENTION HKLM Group Policy restriction on software: .zip.pif <====== ATTENTION HKLM Group Policy restriction on software: .jpg.com <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.js <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.cmd <====== ATTENTION HKLM Group Policy restriction on software: .divx.js <====== ATTENTION HKLM Group Policy restriction on software: .wmv.cmd <====== ATTENTION HKLM Group Policy restriction on software: .ppt*.js <====== ATTENTION HKU\S-1-5-21-2862957678-608492330-2760606463-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity) HKU\S-1-5-21-2862957678-608492330-2760606463-1000\...\Run: [f.lux] => C:\Users\Viper\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\S-1-5-21-2862957678-608492330-2760606463-1000\...\Run: [Adguard] => C:\Program Files\Adguard\Adguard.exe [5608440 2016-08-26] (Performix LLC) HKU\S-1-5-21-2862957678-608492330-2760606463-1000\...\MountPoints2: {71b4c722-1d53-11e5-a58d-485b39b507fe} - G:\autorun\autorun.exe HKU\S-1-5-21-2862957678-608492330-2760606463-1000\...\MountPoints2: {a5105961-ad6e-11e5-9cea-485b39b507fe} - H:\autorun.exe HKU\S-1-5-21-2862957678-608492330-2760606463-1000\...\MountPoints2: {f8ad2c6a-1a45-11e5-93d3-485b39b507fe} - F:\Install.exe AppInit_DLLs: C:\PROGRA~1\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files\KeyCryptSDK\KeyCrypt32(14).dll [86936 2016-08-10] (Zemana Ltd.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-11] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-11] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-11] (Google) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-02] (AVAST Software) GroupPolicy: Restriction ? <======= ATTENTION GroupPolicyScripts: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 212.200.191.166 212.200.190.166 Tcpip\..\Interfaces\{839D1C35-079D-4FFA-8CB8-7EF17139E3AB}: [DhcpNameServer] 212.200.191.166 212.200.190.166 Internet Explorer: ================== SearchScopes: HKU\S-1-5-21-2862957678-608492330-2760606463-1000 -> DefaultScope {FA448F4C-32CD-4222-A9D7-2530C806BD7D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-2862957678-608492330-2760606463-1000 -> {FA448F4C-32CD-4222-A9D7-2530C806BD7D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} FireFox: ======== FF ProfilePath: C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default [2016-11-26] FF Homepage: Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default -> about:home FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default -> type", 0 FF Extension: (Disconnect) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\2.0@disconnect.me.xpi [2016-04-28] FF Extension: (Adblock Latitude) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\adblocklatitude@addons.palemoon.org.xpi [2016-10-23] [not signed] FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-06-16] FF Extension: (Facebook Disconnect) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\facebook@disconnect.me.xpi [2016-04-28] FF Extension: (VTzilla) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\info@virustotal.com.xpi [2016-04-28] FF Extension: (Flagfox) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-10-14] FF Extension: (Clean Links) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2016-04-28] FF Extension: (Encrypted Web) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\{4bf973fe-f2b7-43e1-b2ca-52f9c6f6fddf} [2016-04-16] [not signed] FF Extension: (NoScript) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-10] FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2016-10-04] FF Extension: (DownloadHelper) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-06-16] FF Extension: (BetterPrivacy) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-06-16] FF SearchPlugin: C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\searchplugins\ixquick-https.xml [2015-08-21] FF SearchPlugin: C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\searchplugins\startpage-ssl.xml [2015-08-21] FF ProfilePath: C:\Users\Viper\AppData\Roaming\FossaMail\Profiles\4pq1k6nn.default [2016-08-19] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-29] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-12] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-12] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Adguard Service; C:\Program Files\Adguard\AdguardSvc.exe [149496 2016-08-26] (Performix LLC) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-02] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-09-02] (AVAST Software) S3 cmcore; c:\program files\cmcm\Clean Master\cmcore.exe [315208 2016-11-12] (Kingsoft Corporation) S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-18] (Hewlett-Packard Co.) [File not signed] R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [155600 2016-11-15] (Malwarebytes Corporation) S3 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [154256 2016-09-22] (Sandboxie Holdings, LLC) S3 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH) S3 VSStandardCollectorService140; C:\Program Files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [86760 2016-09-06] (Microsoft Corporation) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) R2 ZAMSvc; C:\Program Files\Zemana AntiLogger\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 adgnetworktdidrv; C:\Windows\System32\drivers\adgnetworktdidrv.sys [58440 2016-07-21] () S3 amdhub30; C:\Windows\system32\drivers\amdhub30.sys [82560 2012-03-08] (Advanced Micro Devices, INC.) S3 amdxhc; C:\Windows\system32\drivers\amdxhc.sys [173184 2012-03-08] (Advanced Micro Devices, INC.) S3 asmthub3; C:\Windows\system32\drivers\asmthub3.sys [110920 2012-11-08] (ASMedia Technology Inc) S3 asmtxhci; C:\Windows\system32\drivers\asmtxhci.sys [333128 2012-11-08] (ASMedia Technology Inc) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-09-02] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-09-02] (AVAST Software) R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [26776 2016-05-28] (AVAST Software) R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [338936 2016-09-02] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-09-02] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-09-02] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-23] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-09-02] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-14] (AVAST Software) R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [59968 2016-11-15] () S3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [51328 2012-08-07] (Etron Technology Inc) S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [26112 2012-08-07] (Etron Technology Inc) S3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [71552 2012-08-07] (Etron Technology Inc) S3 FLxHCIc; C:\Windows\system32\drivers\FLxHCIc.sys [205992 2013-02-25] (Fresco Logic) S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [61608 2013-02-25] (Fresco Logic) R0 iusb3hcs; C:\Windows\System32\drivers\iusb3hcs.sys [16880 2013-02-22] (Intel Corporation) S3 iusb3hub; C:\Windows\system32\drivers\iusb3hub.sys [352752 2013-02-22] (Intel Corporation) S3 iusb3xhc; C:\Windows\system32\drivers\iusb3xhc.sys [796656 2013-02-22] (Intel Corporation) R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt32.sys [142344 2016-08-10] (Zemana Ltd.) S3 ksapi; C:\Windows\system32\drivers\ksapi.sys [81768 2016-11-12] (Kingsoft Corporation) S3 libwasys; C:\Windows\System32\DRIVERS\libwasys.sys [24368 2016-09-10] () R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed] R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] () R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.) S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [86408 2012-08-27] (Renesas Electronics Corporation) S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [178568 2012-08-27] (Renesas Electronics Corporation) R0 oem-drv86; C:\Windows\System32\DRIVERS\oem-drv86.sys [28160 2016-11-26] (secr9tos) [File not signed] R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [177296 2016-09-22] (Sandboxie Holdings, LLC) S4 secdrv; C:\Windows\system32\Drivers\secdrv.sys [28400 2016-11-05] () [File not signed] S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31776 2015-06-02] (The OpenVPN Project) R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [113904 2016-10-18] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [178352 2016-10-18] (Oracle Corporation) S3 WiseHDInfo; C:\Windows\WiseHDInfo32.dll [13264 2015-07-01] (wisecleaner.com) R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2016-09-02] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2016-09-02] (Zemana Ltd.) S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog32.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-11-26 12:37 - 2016-11-26 12:38 - 00040819 _____ C:\Users\Viper\Desktop\FRST.txt 2016-11-26 12:37 - 2016-11-26 12:37 - 00000000 ____D C:\FRST 2016-11-26 12:36 - 2016-11-26 12:36 - 01761280 _____ (Farbar) C:\Users\Viper\Desktop\FRST.exe 2016-11-26 12:35 - 2016-11-26 12:35 - 00001108 _____ C:\Users\Viper\Desktop\sfdgsdfg.txt 2016-11-26 12:32 - 2016-11-26 12:32 - 01761280 _____ (Farbar) C:\Users\Viper\Desktop\Unconfirmed 343917.crdownload 2016-11-26 12:15 - 2016-11-26 12:15 - 00000481 _____ C:\Users\Viper\Desktop\hosts fajl lindza.txt 2016-11-26 10:19 - 2016-11-26 10:19 - 00000803 _____ C:\Users\Viper\Desktop\hosts fajl lindza 2016-11-25 18:57 - 2016-11-25 18:57 - 00001821 _____ C:\Users\Public\Desktop\Zemana AntiLogger.lnk 2016-11-25 18:57 - 2016-11-25 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger 2016-11-25 15:31 - 2016-11-25 15:31 - 00407440 _____ C:\Windows\system32\FNTCACHE.DAT 2016-11-21 18:57 - 2016-11-21 18:57 - 00000000 ____D C:\Users\Default\AppData\Local\Google 2016-11-21 18:57 - 2016-11-21 18:57 - 00000000 ____D C:\Users\Default User\AppData\Local\Google 2016-11-20 21:29 - 2016-11-20 21:29 - 01148596 _____ C:\Users\Viper\Desktop\65870_1932597709_92wYE6m.mp4 2016-11-20 03:01 - 2015-06-16 01:42 - 00000400 _____ C:\Users\Viper\Desktop\Local Area Connection.lnk 2016-11-19 18:13 - 2016-11-19 18:11 - 00103240 _____ C:\Users\Viper\Desktop\Zahtev2791017.pdf 2016-11-19 13:05 - 2016-07-21 17:30 - 00058440 _____ () C:\Windows\system32\Drivers\adgnetworktdidrv.sys 2016-11-19 13:04 - 2016-11-26 12:39 - 00000000 ____D C:\ProgramData\Adguard 2016-11-19 13:04 - 2016-11-26 12:18 - 00000000 ____D C:\Program Files\Adguard 2016-11-19 13:04 - 2016-11-19 13:04 - 00000899 _____ C:\Users\Public\Desktop\Adguard.lnk 2016-11-19 13:04 - 2016-11-19 13:04 - 00000000 ____D C:\Users\Viper\AppData\Roaming\Performix LLC 2016-11-19 13:04 - 2016-11-19 13:04 - 00000000 ____D C:\Users\Viper\AppData\Local\Performix_LLC 2016-11-19 13:04 - 2016-11-19 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adguard 2016-11-13 20:00 - 2016-11-25 19:53 - 98668915 _____ C:\Users\Viper\Desktop\Pak0.pk3 2016-11-13 13:33 - 2016-11-13 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2016-11-13 13:33 - 2016-10-18 16:10 - 00787232 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys 2016-11-13 13:29 - 2016-11-13 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics 2016-11-13 13:29 - 2016-11-13 13:29 - 00000000 ____D C:\Program Files\Auslogics 2016-11-13 01:35 - 2016-11-13 01:35 - 00000941 _____ C:\Users\Viper\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk 2016-11-13 01:35 - 2016-11-13 01:35 - 00000000 ____D C:\Users\Viper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber 2016-11-13 01:34 - 2016-11-13 01:35 - 00000000 ____D C:\Users\Viper\AppData\Local\Viber 2016-11-13 01:10 - 2016-11-13 01:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie 2016-11-12 21:22 - 2016-11-12 21:26 - 00000000 ____D C:\Users\Viper\AppData\Roaming\FileZilla 2016-11-12 18:22 - 2016-11-12 23:28 - 00000000 ___RD C:\Users\Viper\Google Drive 2016-11-12 18:22 - 2016-11-12 23:27 - 00001038 _____ C:\Users\Viper\Desktop\Google Drive.lnk 2016-11-12 18:22 - 2016-11-12 18:22 - 00001684 _____ C:\Users\Viper\Desktop\GDrive.lnk 2016-11-12 18:15 - 2016-11-21 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-11-12 18:14 - 2016-11-26 12:19 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-11-12 18:14 - 2016-11-26 12:18 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-11-12 18:14 - 2016-11-12 18:15 - 00000000 ____D C:\Program Files\Google 2016-11-12 09:40 - 2016-11-12 09:40 - 00000921 _____ C:\Users\Viper\Desktop\tahograf slike sa telefona.lnk 2016-11-10 00:27 - 2016-11-10 00:27 - 00000523 _____ C:\Users\Viper\Desktop\Biohazard (D).lnk 2016-11-09 08:53 - 2016-10-27 16:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-11-09 08:53 - 2016-10-22 17:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-11-09 08:53 - 2016-09-15 15:51 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2016-11-09 08:53 - 2016-08-21 14:05 - 00935424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2016-11-09 08:52 - 2016-11-02 16:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-11-09 08:52 - 2016-11-02 16:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2016-11-09 08:52 - 2016-11-02 16:16 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2016-11-09 08:52 - 2016-11-02 16:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2016-11-09 08:52 - 2016-11-02 15:53 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-11-09 08:52 - 2016-10-28 04:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-11-09 08:52 - 2016-10-27 15:16 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-11-09 08:52 - 2016-10-25 15:54 - 02399744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-11-09 08:52 - 2016-10-22 18:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-11-09 08:52 - 2016-10-22 18:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-11-09 08:52 - 2016-10-22 18:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-11-09 08:52 - 2016-10-22 18:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-11-09 08:52 - 2016-10-22 18:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-11-09 08:52 - 2016-10-22 18:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-11-09 08:52 - 2016-10-22 18:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-11-09 08:52 - 2016-10-22 18:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-11-09 08:52 - 2016-10-22 18:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-11-09 08:52 - 2016-10-22 18:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-11-09 08:52 - 2016-10-22 18:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-11-09 08:52 - 2016-10-22 18:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-11-09 08:52 - 2016-10-22 18:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-11-09 08:52 - 2016-10-22 18:21 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-11-09 08:52 - 2016-10-22 18:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-11-09 08:52 - 2016-10-22 18:13 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-11-09 08:52 - 2016-10-22 18:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-11-09 08:52 - 2016-10-22 18:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-11-09 08:52 - 2016-10-22 18:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-11-09 08:52 - 2016-10-22 17:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-11-09 08:52 - 2016-10-22 17:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-11-09 08:52 - 2016-10-22 17:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-11-09 08:52 - 2016-10-22 17:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-11-09 08:52 - 2016-10-22 17:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-11-09 08:52 - 2016-10-22 17:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-11-09 08:52 - 2016-10-22 17:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-11-09 08:52 - 2016-10-22 17:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-11-09 08:52 - 2016-10-22 17:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-11-09 08:52 - 2016-10-22 17:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-11-09 08:52 - 2016-10-22 17:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-11-09 08:52 - 2016-10-22 17:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-11-09 08:52 - 2016-10-15 16:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-11-09 08:52 - 2016-10-15 16:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll 2016-11-09 08:52 - 2016-10-11 16:24 - 00250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2016-11-09 08:52 - 2016-10-11 16:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME 2016-11-09 08:52 - 2016-10-11 16:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2016-11-09 08:52 - 2016-10-11 16:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2016-11-09 08:52 - 2016-10-11 16:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime 2016-11-09 08:52 - 2016-10-11 16:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\input.dll 2016-11-09 08:52 - 2016-10-11 16:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime 2016-11-09 08:52 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime 2016-11-09 08:52 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime 2016-11-09 08:52 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime 2016-11-09 08:52 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime 2016-11-09 08:52 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime 2016-11-09 08:52 - 2016-10-11 16:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime 2016-11-09 08:52 - 2016-10-11 14:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2016-11-09 08:52 - 2016-10-10 16:21 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-11-09 08:52 - 2016-10-10 16:21 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-11-09 08:52 - 2016-10-10 16:16 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-11-09 08:52 - 2016-10-10 16:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-11-09 08:52 - 2016-10-10 16:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-11-09 08:52 - 2016-10-10 16:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-11-09 08:52 - 2016-10-10 16:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-11-09 08:52 - 2016-10-10 16:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-11-09 08:52 - 2016-10-10 16:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-11-09 08:52 - 2016-10-10 16:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-11-09 08:52 - 2016-10-10 16:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-11-09 08:52 - 2016-10-10 16:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-11-09 08:52 - 2016-10-10 16:16 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-11-09 08:52 - 2016-10-10 16:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-11-09 08:52 - 2016-10-10 16:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-11-09 08:52 - 2016-10-10 16:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-11-09 08:52 - 2016-10-10 16:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-11-09 08:52 - 2016-10-10 15:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-11-09 08:52 - 2016-10-10 15:50 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-11-09 08:52 - 2016-10-10 15:50 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-11-09 08:52 - 2016-10-10 15:50 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-11-09 08:52 - 2016-10-10 15:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-11-09 08:52 - 2016-10-10 15:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-11-09 08:52 - 2016-10-10 15:50 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-11-09 08:52 - 2016-10-07 16:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2016-11-09 08:52 - 2016-10-07 16:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-11-09 08:52 - 2016-10-07 16:15 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-11-09 08:52 - 2016-10-07 16:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll 2016-11-09 08:52 - 2016-10-07 16:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-11-09 08:52 - 2016-10-07 16:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2016-11-09 08:52 - 2016-10-07 16:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-11-09 08:52 - 2016-10-07 16:12 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll 2016-11-09 08:52 - 2016-10-07 16:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2016-11-09 08:52 - 2016-10-07 16:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-11-09 08:52 - 2016-10-07 16:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-11-09 08:52 - 2016-10-07 16:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-11-09 08:52 - 2016-10-07 16:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-11-09 08:52 - 2016-10-07 16:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-11-09 08:52 - 2016-10-07 15:54 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-11-09 08:52 - 2016-10-07 15:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-11-09 08:52 - 2016-10-07 15:54 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-11-09 08:52 - 2016-10-07 15:54 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-11-09 08:52 - 2016-10-07 15:51 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-11-09 08:52 - 2016-10-07 15:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-11-09 08:52 - 2016-10-05 15:50 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys 2016-11-09 08:52 - 2016-09-13 16:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-11-09 08:52 - 2016-09-09 19:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2016-11-07 02:14 - 2016-11-07 02:14 - 00483503 _____ C:\Users\Viper\Desktop\SPISAK RADIONICA ZA TAHOGRAFE.pdf 2016-11-06 02:57 - 2016-11-06 02:57 - 00000000 ____D C:\Users\Viper\.dnx 2016-11-06 02:27 - 2016-11-06 02:27 - 00000000 ____D C:\Program Files\AppInsights 2016-11-06 02:22 - 2016-11-06 02:22 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 11.0 2016-11-06 02:06 - 2016-11-06 02:06 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition 2016-11-06 02:05 - 2016-11-06 02:05 - 00000000 ____D C:\ProgramData\PreEmptive Solutions 2016-11-06 02:05 - 2016-11-06 02:05 - 00000000 ____D C:\Program Files\ShellDir 2016-11-06 02:03 - 2016-11-06 02:22 - 00000000 ____D C:\Program Files\Microsoft ASP.NET 2016-11-06 02:01 - 2016-11-06 02:01 - 00000000 ____D C:\ProgramData\Microsoft DNX 2016-11-06 02:01 - 2016-11-06 02:01 - 00000000 ____D C:\Program Files\Microsoft DNX 2016-11-06 01:54 - 2016-11-06 02:00 - 00000000 ____D C:\Program Files\Microsoft Web Tools 2016-11-06 01:51 - 2016-11-06 01:51 - 00000000 ____D C:\Program Files\IIS Express 2016-11-06 01:50 - 2016-11-06 01:50 - 00000000 ____D C:\Program Files\Microsoft Office365 Tools 2016-11-06 01:49 - 2016-11-06 01:49 - 00000000 ____D C:\ProgramData\NuGet 2016-11-06 01:49 - 2016-11-06 01:49 - 00000000 ____D C:\Program Files\NuGet 2016-11-06 01:49 - 2016-11-06 01:49 - 00000000 ____D C:\Program Files\Microsoft WCF Data Services 2016-11-06 01:48 - 2016-11-06 01:48 - 00000000 ____D C:\Program Files\IIS 2016-11-06 01:46 - 2016-11-06 01:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression 2016-11-06 01:45 - 2016-11-06 01:45 - 00001492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk 2016-11-06 01:42 - 2016-11-06 02:32 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0 2016-11-06 01:39 - 2016-11-06 01:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015 2016-11-06 01:28 - 2016-11-06 03:00 - 00000000 ____D C:\Users\Viper\Documents\Visual Studio 2015 2016-11-06 01:13 - 2016-11-06 02:22 - 00000000 ____D C:\Program Files\Microsoft SQL Server 2016-11-06 01:13 - 2016-11-06 01:41 - 00000000 ____D C:\Windows\system32\1033 2016-11-06 01:13 - 2016-11-06 01:13 - 00001493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk 2016-11-06 01:13 - 2016-11-06 01:13 - 00000000 ____D C:\Program Files\Common Files\Merge Modules 2016-11-06 01:11 - 2016-11-06 02:16 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 14.0 2016-11-06 01:08 - 2016-11-06 02:06 - 00000000 ____D C:\Program Files\Windows Kits 2016-11-06 00:57 - 2016-11-06 00:57 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-11-05 10:07 - 2016-11-05 14:59 - 00002014 _____ C:\Users\Public\Desktop\Medal of Honor Allied Assault.lnk 2016-11-05 10:05 - 2016-11-05 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES 2016-10-29 23:52 - 2016-10-29 23:52 - 00000000 ____D C:\Users\Viper\AppData\Roaming\de.hueber.menschena1izu 2016-10-29 23:37 - 2016-11-19 14:02 - 00000000 ____D C:\Users\Viper\Desktop\fleska sredjivanje ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-11-26 12:38 - 2015-11-15 09:14 - 00185887 _____ C:\Windows\ZAM_Guard.krnl.trace 2016-11-26 12:38 - 2015-11-15 09:14 - 00100993 _____ C:\Windows\ZAM.krnl.trace 2016-11-26 12:28 - 2015-06-15 19:52 - 00000000 ____D C:\Users\Viper 2016-11-26 12:26 - 2009-07-14 05:34 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-11-26 12:26 - 2009-07-14 05:34 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-11-26 12:18 - 2015-06-16 05:36 - 00028160 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv86.sys 2016-11-26 12:18 - 2015-06-16 02:04 - 00000000 ____D C:\ProgramData\MCShield 2016-11-26 12:18 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-11-26 09:58 - 2015-06-16 03:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-11-26 07:41 - 2016-07-16 15:34 - 00000000 ____D C:\ProgramData\Auslogics 2016-11-26 03:31 - 2015-06-16 01:14 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-11-25 23:25 - 2015-07-02 23:54 - 00000000 ____D C:\Program Files\KeyCryptSDK 2016-11-25 21:41 - 2015-06-16 01:19 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2016-11-25 18:57 - 2016-08-05 20:58 - 00000000 ____D C:\Program Files\Zemana AntiLogger 2016-11-25 16:15 - 2015-06-15 20:37 - 00000000 ____D C:\Program Files\Pale Moon 2016-11-25 15:51 - 2015-07-31 00:24 - 00000000 ____D C:\Program Files\Slimjet 2016-11-22 01:05 - 2015-06-16 02:36 - 00000000 ____D C:\Users\Viper\AppData\Roaming\Thunderbird 2016-11-22 01:05 - 2015-06-16 02:36 - 00000000 ____D C:\Users\Viper\AppData\Local\Thunderbird 2016-11-22 01:05 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf 2016-11-22 00:10 - 2015-06-16 01:36 - 00000000 ____D C:\Users\Viper\.VirtualBox 2016-11-21 19:32 - 2015-06-16 06:29 - 00000000 ____D C:\Users\Viper\AppData\Roaming\vlc 2016-11-21 17:39 - 2015-06-16 01:50 - 00002392 _____ C:\Windows\Sandboxie.ini 2016-11-19 18:15 - 2013-04-14 09:27 - 00724324 _____ C:\Windows\system32\perfh019.dat 2016-11-19 18:15 - 2013-04-14 09:27 - 00150626 _____ C:\Windows\system32\perfc019.dat 2016-11-19 18:15 - 2010-11-20 22:01 - 01648402 _____ C:\Windows\system32\PerfStringBackup.INI 2016-11-19 13:03 - 2013-04-14 14:34 - 00000000 ____D C:\ProgramData\Package Cache 2016-11-19 02:51 - 2015-06-16 01:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2016-11-19 02:50 - 2015-06-16 01:19 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit 2016-11-13 14:24 - 2015-06-18 07:26 - 00000000 ____D C:\ProgramData\Skype 2016-11-13 13:39 - 2016-01-01 02:20 - 00000000 ___RD C:\Program Files\Skype 2016-11-13 13:39 - 2015-06-18 07:27 - 00000000 ____D C:\Users\Viper\AppData\Roaming\Skype 2016-11-13 13:09 - 2015-06-16 19:55 - 00000000 ____D C:\Program Files\7-Zip 2016-11-13 01:35 - 2015-12-30 18:23 - 00000000 ____D C:\Users\Viper\AppData\Roaming\ViberPC 2016-11-13 01:35 - 2015-12-30 18:22 - 00000000 ____D C:\Users\Viper\AppData\Local\Package Cache 2016-11-12 18:15 - 2015-07-30 12:10 - 00000000 ____D C:\Users\Viper\AppData\Local\Google 2016-11-12 18:06 - 2015-07-25 18:04 - 00081768 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys 2016-11-12 18:06 - 2015-07-25 18:04 - 00056680 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys 2016-11-09 20:58 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF 2016-11-09 12:44 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache 2016-11-09 11:14 - 2015-06-15 22:12 - 00000000 ____D C:\Windows\system32\MRT 2016-11-09 11:08 - 2013-04-14 15:02 - 138444440 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-11-06 02:37 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-11-06 02:22 - 2015-06-21 04:27 - 00000000 ____D C:\Program Files\Microsoft SDKs 2016-11-06 01:36 - 2015-06-21 04:42 - 00000000 ____D C:\Program Files\Microsoft Help Viewer 2016-11-06 01:26 - 2009-07-14 05:53 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-11-06 01:08 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\MSBuild 2016-11-05 10:13 - 2009-07-14 03:05 - 00028400 _____ C:\Windows\system32\Drivers\secdrv.sys 2016-11-05 10:09 - 2015-06-25 05:59 - 00000000 ____D C:\Users\Viper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2016-11-05 10:05 - 2016-06-19 11:43 - 00000000 ____D C:\Program Files\EA Games 2016-11-05 10:05 - 2015-06-15 20:03 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2016-10-30 03:06 - 2015-08-22 20:04 - 00000000 ____D C:\Users\Viper\AppData\Local\CrashDumps 2016-10-29 23:53 - 2015-07-26 14:07 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR 2016-10-29 23:45 - 2016-01-08 05:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hueber 2016-10-29 23:44 - 2016-01-08 05:23 - 00000000 ____D C:\Program Files\Hueber 2016-10-29 01:29 - 2016-09-24 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Return to Castle Wolfenstein 2016-10-29 01:29 - 2016-09-16 18:33 - 00000600 _____ C:\Windows\Rtcw.INI 2016-10-29 01:21 - 2015-06-16 03:48 - 00000000 ____D C:\Users\Viper\AppData\Local\Adobe 2016-10-29 01:20 - 2015-06-16 03:49 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-10-29 01:20 - 2015-06-16 03:49 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-10-29 01:20 - 2015-06-16 03:49 - 00000000 ____D C:\Windows\system32\Macromed ==================== Files in the root of some directories ======= 2016-10-08 23:30 - 2016-10-08 23:32 - 0000008 _____ () C:\Users\Viper\AppData\Roaming\pdfdrawcodec.dll 2016-09-10 23:48 - 2016-09-11 12:27 - 0000487 _____ () C:\Users\Viper\AppData\Local\infection.log 2016-01-24 15:21 - 2016-01-24 15:21 - 0000218 _____ () C:\Users\Viper\AppData\Local\recently-used.xbel 2015-06-19 23:11 - 2016-05-21 00:45 - 0000260 _____ () C:\ProgramData\fontcacheev1.dat 2016-10-14 18:05 - 2016-10-14 18:19 - 0001911 _____ () C:\ProgramData\hpzinstall.log Files to move or delete: ==================== C:\ProgramData\fontcacheev1.dat ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-11-26 01:18 ==================== End of FRST.txt ============================ https://www.mycity.rs/must-login.png

Profil

return void Poslao: 26 Nov 2016 21:13 Idi na vrh
offline return void Anti Malware Fighter Rank 1 Pridružio: 02 Jan 2008 Poruke: 2167	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! 1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod: `CreateRestorePoint: 2015-06-19 23:11 - 2016-05-21 00:45 - 0000260 _____ () C:\ProgramData\fontcacheev1.dat EmptyTemp:` 2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi. 3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj. Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema. Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku. Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a. Nakon toga, Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop Dvoklikom pokreni program. U EULA prozoru klikni na I agree. U Options isključi Reset Winsock settings ako je uključen. Klikni na dugme Scan i sačekaj da se završi skeniranje. Klikni na dugme Cleaning i pričekaj da program završi. Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu. Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem. Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Profil

Wisdomseeker Poslao: 26 Nov 2016 21:55 Idi na vrh
offline Wisdomseeker Super građanin Pridružio: 12 Feb 2007 Poruke: 1239	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Kod mene je System Restore isključen. Fix result of Farbar Recovery Scan Tool (x86) Version: 23-11-2016 Ran by Viper (26-11-2016 21:39:48) Run:1 Running from C:\Users\Viper\Desktop Loaded Profiles: Viper (Available Profiles: Viper) Boot Mode: Normal ============================================== fixlist content: *************** CreateRestorePoint: 2015-06-19 23:11 - 2016-05-21 00:45 - 0000260 _____ () C:\ProgramData\fontcacheev1.dat EmptyTemp: *************** Error: (0) Failed to create a restore point. C:\ProgramData\fontcacheev1.dat => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12637216 B Java, Flash, Steam htmlcache => 506 B Windows/system/drivers => 35045637 B Edge => 0 B Chrome => 0 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 16674 B LocalService => 0 B NetworkService => 0 B Viper => 87418 B Coleman => 0 B RecycleBin => 0 B EmptyTemp: => 53.6 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 21:39:51 ==== https://www.mycity.rs/must-login.png

Profil

return void Poslao: 26 Nov 2016 23:17 Idi na vrh
offline return void Anti Malware Fighter Rank 1 Pridružio: 02 Jan 2008 Poruke: 2167	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop. Dvoklikom pokreni MBAR () na ikonicu programa: - Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u; - mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.; - U uvodnom prozoru klikni dugme Next ukoliko si saglasan; • Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next; • Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan; Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka: - 'Could not load protection driver' => u tom slucaju klikni OK. - 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta. >> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje. >> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje. - Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja. Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe: - Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ... - Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem. Sledeci izvestaji ce biti formirani u mbar folderu. 1. mbar-log-year-month-day (hour-minute-second).txt 2. system-log.txt Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

Profil

Wisdomseeker Poslao: 26 Nov 2016 23:47 Idi na vrh
offline Wisdomseeker Super građanin Pridružio: 12 Feb 2007 Poruke: 1239	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png

Profil

return void Poslao: 27 Nov 2016 17:04 Idi na vrh
offline return void Anti Malware Fighter Rank 1 Pridružio: 02 Jan 2008 Poruke: 2167	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje?

Profil

Wisdomseeker Poslao: 27 Nov 2016 18:24 Idi na vrh
offline Wisdomseeker Super građanin Pridružio: 12 Feb 2007 Poruke: 1239	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Radi sve normalno, osim što je ZAL ponovo prilikom skeniranja otkrio Hosts Hijack.

Profil

return void Poslao: 27 Nov 2016 19:28 Idi na vrh
offline return void Anti Malware Fighter Rank 1 Pridružio: 02 Jan 2008 Poruke: 2167	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hajd odradi skeniranje, pa mi dostavi log po uputstvu Preuzmi Zemana AntiMalware i sacuvaj ga na Deskop. Kada preuzimanje bude zavrseno: Dvoklikom pokreni instalaciju i prati uputstva. Instalacija je standardna bez ikakvih dodatnih opcija. Nakon instalacije, program ce se automatski pokrenuti i sada je potrebno klikniti na Scan. Kada se skeniranje zavrsi, klikni Next kako bi uklonio sve pronadjene stavke. Ako ti zatrazi da restartujes racunar, klikni na Reboot. Ukoliko je racunar ozbiljno inficiran, nakon restarta ce uslediti jos jedno skeniranje. Nakon toga, potrebno je da dostavis izvestaj/e: Na tastaturi pritisni + R u isto vreme. Kopiraj sledecu komandu i potvrdi sa OK: `%USERPROFILE%\AppData\Local\Zemana\Zemana AntiMalware\reports` Najnovji izvestaj/e kopiraj na Deskop, a zatim ga prikaci u sledecoj poruci.

Profil

Wisdomseeker Poslao: 27 Nov 2016 20:02 Idi na vrh
offline Wisdomseeker Super građanin Pridružio: 12 Feb 2007 Poruke: 1239	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: https://www.mycity.rs/must-login.png

Profil

return void Poslao: 27 Nov 2016 20:18 Idi na vrh
offline return void Anti Malware Fighter Rank 1 Pridružio: 02 Jan 2008 Poruke: 2167	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Odradi ovaj fix, pa javi kakvo je stanje za Zemanom. Da li i dalje prijavljuje host hijack? 1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod: `CreateRestorePoint: Hosts:` 2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi. 3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj. Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema. Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku. Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Zemana AntiLogger otkrio hosts hijacker

Ko je trenutno na forumu

Ukupno su 1070 korisnika na forumu :: 32 registrovanih, 5 sakrivenih i 1033 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: amaterSRB, Boris90, cenejac111, cuculo, debeli, DPera, dushan, esx66, HogarStrashni, janbo, laki_bb, Litostroton, MB120mm, mercedesamg, Millennium, Milometer, milutin134, mrav pesadinac, nuke92, operniki, Pikac-47, raketaš, Sumadija34, Tragač, Trpe Grozni, vathra, Vlada1389, vladulns, zlaya011, šumar bk2, 1107, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by