Poslao: 26 Nov 2016 12:44
|
offline
- Wisdomseeker
- Super građanin
- Pridružio: 12 Feb 2007
- Poruke: 1239
|
Radnim danima nisam kod kuće pa brat koristi moj računar, ne znam šta je radio po netua ali jutros je Zemana AntiLogger otkrio hosts Hijacker.
Posle popravke i restarta računara kod ponovnog skeniranja je opet otkrio isto.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2016
Ran by Viper (administrator) on BIOHAZARD (26-11-2016 12:37:48)
Running from C:\Users\Viper\Desktop
Loaded Profiles: Viper (Available Profiles: Viper)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Pale Moon\palemoon.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiLogger\ZAM.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Performix LLC) C:\Program Files\Adguard\Adguard.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Performix LLC) C:\Program Files\Adguard\AdguardSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiLogger\ZAM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-19] (AVAST Software)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiLogger\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2650576 2016-11-15] (Malwarebytes Corporation)
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKU\S-1-5-21-2862957678-608492330-2760606463-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2862957678-608492330-2760606463-1000\...\Run: [f.lux] => C:\Users\Viper\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2862957678-608492330-2760606463-1000\...\Run: [Adguard] => C:\Program Files\Adguard\Adguard.exe [5608440 2016-08-26] (Performix LLC)
HKU\S-1-5-21-2862957678-608492330-2760606463-1000\...\MountPoints2: {71b4c722-1d53-11e5-a58d-485b39b507fe} - G:\autorun\autorun.exe
HKU\S-1-5-21-2862957678-608492330-2760606463-1000\...\MountPoints2: {a5105961-ad6e-11e5-9cea-485b39b507fe} - H:\autorun.exe
HKU\S-1-5-21-2862957678-608492330-2760606463-1000\...\MountPoints2: {f8ad2c6a-1a45-11e5-93d3-485b39b507fe} - F:\Install.exe
AppInit_DLLs: C:\PROGRA~1\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files\KeyCryptSDK\KeyCrypt32(14).dll [86936 2016-08-10] (Zemana Ltd.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-02] (AVAST Software)
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 212.200.191.166 212.200.190.166
Tcpip\..\Interfaces\{839D1C35-079D-4FFA-8CB8-7EF17139E3AB}: [DhcpNameServer] 212.200.191.166 212.200.190.166
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2862957678-608492330-2760606463-1000 -> DefaultScope {FA448F4C-32CD-4222-A9D7-2530C806BD7D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2862957678-608492330-2760606463-1000 -> {FA448F4C-32CD-4222-A9D7-2530C806BD7D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
FireFox:
========
FF ProfilePath: C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default [2016-11-26]
FF Homepage: Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default -> about:home
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default -> type", 0
FF Extension: (Disconnect) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\2.0@disconnect.me.xpi [2016-04-28]
FF Extension: (Adblock Latitude) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\adblocklatitude@addons.palemoon.org.xpi [2016-10-23] [not signed]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-06-16]
FF Extension: (Facebook Disconnect) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\facebook@disconnect.me.xpi [2016-04-28]
FF Extension: (VTzilla) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\info@virustotal.com.xpi [2016-04-28]
FF Extension: (Flagfox) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-10-14]
FF Extension: (Clean Links) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2016-04-28]
FF Extension: (Encrypted Web) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\{4bf973fe-f2b7-43e1-b2ca-52f9c6f6fddf} [2016-04-16] [not signed]
FF Extension: (NoScript) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-10]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2016-10-04]
FF Extension: (DownloadHelper) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-06-16]
FF Extension: (BetterPrivacy) - C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-06-16]
FF SearchPlugin: C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\searchplugins\ixquick-https.xml [2015-08-21]
FF SearchPlugin: C:\Users\Viper\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\b3lkp9xk.default\searchplugins\startpage-ssl.xml [2015-08-21]
FF ProfilePath: C:\Users\Viper\AppData\Roaming\FossaMail\Profiles\4pq1k6nn.default [2016-08-19]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-29] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-12] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-12] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Adguard Service; C:\Program Files\Adguard\AdguardSvc.exe [149496 2016-08-26] (Performix LLC)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-02] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-09-02] (AVAST Software)
S3 cmcore; c:\program files\cmcm\Clean Master\cmcore.exe [315208 2016-11-12] (Kingsoft Corporation)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-18] (Hewlett-Packard Co.) [File not signed]
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [155600 2016-11-15] (Malwarebytes Corporation)
S3 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [154256 2016-09-22] (Sandboxie Holdings, LLC)
S3 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 VSStandardCollectorService140; C:\Program Files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [86760 2016-09-06] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiLogger\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 adgnetworktdidrv; C:\Windows\System32\drivers\adgnetworktdidrv.sys [58440 2016-07-21] ()
S3 amdhub30; C:\Windows\system32\drivers\amdhub30.sys [82560 2012-03-08] (Advanced Micro Devices, INC.)
S3 amdxhc; C:\Windows\system32\drivers\amdxhc.sys [173184 2012-03-08] (Advanced Micro Devices, INC.)
S3 asmthub3; C:\Windows\system32\drivers\asmthub3.sys [110920 2012-11-08] (ASMedia Technology Inc)
S3 asmtxhci; C:\Windows\system32\drivers\asmtxhci.sys [333128 2012-11-08] (ASMedia Technology Inc)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-09-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-09-02] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [26776 2016-05-28] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [338936 2016-09-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-09-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-09-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-09-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-14] (AVAST Software)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [59968 2016-11-15] ()
S3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [51328 2012-08-07] (Etron Technology Inc)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [26112 2012-08-07] (Etron Technology Inc)
S3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [71552 2012-08-07] (Etron Technology Inc)
S3 FLxHCIc; C:\Windows\system32\drivers\FLxHCIc.sys [205992 2013-02-25] (Fresco Logic)
S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [61608 2013-02-25] (Fresco Logic)
R0 iusb3hcs; C:\Windows\System32\drivers\iusb3hcs.sys [16880 2013-02-22] (Intel Corporation)
S3 iusb3hub; C:\Windows\system32\drivers\iusb3hub.sys [352752 2013-02-22] (Intel Corporation)
S3 iusb3xhc; C:\Windows\system32\drivers\iusb3xhc.sys [796656 2013-02-22] (Intel Corporation)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt32.sys [142344 2016-08-10] (Zemana Ltd.)
S3 ksapi; C:\Windows\system32\drivers\ksapi.sys [81768 2016-11-12] (Kingsoft Corporation)
S3 libwasys; C:\Windows\System32\DRIVERS\libwasys.sys [24368 2016-09-10] ()
R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.)
S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [86408 2012-08-27] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [178568 2012-08-27] (Renesas Electronics Corporation)
R0 oem-drv86; C:\Windows\System32\DRIVERS\oem-drv86.sys [28160 2016-11-26] (secr9tos) [File not signed]
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [177296 2016-09-22] (Sandboxie Holdings, LLC)
S4 secdrv; C:\Windows\system32\Drivers\secdrv.sys [28400 2016-11-05] () [File not signed]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31776 2015-06-02] (The OpenVPN Project)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [113904 2016-10-18] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [178352 2016-10-18] (Oracle Corporation)
S3 WiseHDInfo; C:\Windows\WiseHDInfo32.dll [13264 2015-07-01] (wisecleaner.com)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2016-09-02] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2016-09-02] (Zemana Ltd.)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog32.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-26 12:37 - 2016-11-26 12:38 - 00040819 _____ C:\Users\Viper\Desktop\FRST.txt
2016-11-26 12:37 - 2016-11-26 12:37 - 00000000 ____D C:\FRST
2016-11-26 12:36 - 2016-11-26 12:36 - 01761280 _____ (Farbar) C:\Users\Viper\Desktop\FRST.exe
2016-11-26 12:35 - 2016-11-26 12:35 - 00001108 _____ C:\Users\Viper\Desktop\sfdgsdfg.txt
2016-11-26 12:32 - 2016-11-26 12:32 - 01761280 _____ (Farbar) C:\Users\Viper\Desktop\Unconfirmed 343917.crdownload
2016-11-26 12:15 - 2016-11-26 12:15 - 00000481 _____ C:\Users\Viper\Desktop\hosts fajl lindza.txt
2016-11-26 10:19 - 2016-11-26 10:19 - 00000803 _____ C:\Users\Viper\Desktop\hosts fajl lindza
2016-11-25 18:57 - 2016-11-25 18:57 - 00001821 _____ C:\Users\Public\Desktop\Zemana AntiLogger.lnk
2016-11-25 18:57 - 2016-11-25 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger
2016-11-25 15:31 - 2016-11-25 15:31 - 00407440 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-21 18:57 - 2016-11-21 18:57 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-11-21 18:57 - 2016-11-21 18:57 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-11-20 21:29 - 2016-11-20 21:29 - 01148596 _____ C:\Users\Viper\Desktop\65870_1932597709_92wYE6m.mp4
2016-11-20 03:01 - 2015-06-16 01:42 - 00000400 _____ C:\Users\Viper\Desktop\Local Area Connection.lnk
2016-11-19 18:13 - 2016-11-19 18:11 - 00103240 _____ C:\Users\Viper\Desktop\Zahtev2791017.pdf
2016-11-19 13:05 - 2016-07-21 17:30 - 00058440 _____ () C:\Windows\system32\Drivers\adgnetworktdidrv.sys
2016-11-19 13:04 - 2016-11-26 12:39 - 00000000 ____D C:\ProgramData\Adguard
2016-11-19 13:04 - 2016-11-26 12:18 - 00000000 ____D C:\Program Files\Adguard
2016-11-19 13:04 - 2016-11-19 13:04 - 00000899 _____ C:\Users\Public\Desktop\Adguard.lnk
2016-11-19 13:04 - 2016-11-19 13:04 - 00000000 ____D C:\Users\Viper\AppData\Roaming\Performix LLC
2016-11-19 13:04 - 2016-11-19 13:04 - 00000000 ____D C:\Users\Viper\AppData\Local\Performix_LLC
2016-11-19 13:04 - 2016-11-19 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adguard
2016-11-13 20:00 - 2016-11-25 19:53 - 98668915 _____ C:\Users\Viper\Desktop\Pak0.pk3
2016-11-13 13:33 - 2016-11-13 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2016-11-13 13:33 - 2016-10-18 16:10 - 00787232 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2016-11-13 13:29 - 2016-11-13 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2016-11-13 13:29 - 2016-11-13 13:29 - 00000000 ____D C:\Program Files\Auslogics
2016-11-13 01:35 - 2016-11-13 01:35 - 00000941 _____ C:\Users\Viper\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
2016-11-13 01:35 - 2016-11-13 01:35 - 00000000 ____D C:\Users\Viper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
2016-11-13 01:34 - 2016-11-13 01:35 - 00000000 ____D C:\Users\Viper\AppData\Local\Viber
2016-11-13 01:10 - 2016-11-13 01:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2016-11-12 21:22 - 2016-11-12 21:26 - 00000000 ____D C:\Users\Viper\AppData\Roaming\FileZilla
2016-11-12 18:22 - 2016-11-12 23:28 - 00000000 ___RD C:\Users\Viper\Google Drive
2016-11-12 18:22 - 2016-11-12 23:27 - 00001038 _____ C:\Users\Viper\Desktop\Google Drive.lnk
2016-11-12 18:22 - 2016-11-12 18:22 - 00001684 _____ C:\Users\Viper\Desktop\GDrive.lnk
2016-11-12 18:15 - 2016-11-21 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-12 18:14 - 2016-11-26 12:19 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-12 18:14 - 2016-11-26 12:18 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-12 18:14 - 2016-11-12 18:15 - 00000000 ____D C:\Program Files\Google
2016-11-12 09:40 - 2016-11-12 09:40 - 00000921 _____ C:\Users\Viper\Desktop\tahograf slike sa telefona.lnk
2016-11-10 00:27 - 2016-11-10 00:27 - 00000523 _____ C:\Users\Viper\Desktop\Biohazard (D).lnk
2016-11-09 08:53 - 2016-10-27 16:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-09 08:53 - 2016-10-22 17:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-09 08:53 - 2016-09-15 15:51 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-09 08:53 - 2016-08-21 14:05 - 00935424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-09 08:52 - 2016-11-02 16:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-09 08:52 - 2016-11-02 16:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-09 08:52 - 2016-11-02 16:16 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-09 08:52 - 2016-11-02 16:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-09 08:52 - 2016-11-02 15:53 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-09 08:52 - 2016-10-28 04:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-09 08:52 - 2016-10-27 15:16 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-09 08:52 - 2016-10-25 15:54 - 02399744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-09 08:52 - 2016-10-22 18:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-09 08:52 - 2016-10-22 18:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-09 08:52 - 2016-10-22 18:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-09 08:52 - 2016-10-22 18:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-09 08:52 - 2016-10-22 18:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-09 08:52 - 2016-10-22 18:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-09 08:52 - 2016-10-22 18:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-09 08:52 - 2016-10-22 18:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-09 08:52 - 2016-10-22 18:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-09 08:52 - 2016-10-22 18:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-09 08:52 - 2016-10-22 18:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-09 08:52 - 2016-10-22 18:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-09 08:52 - 2016-10-22 18:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-09 08:52 - 2016-10-22 18:21 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-09 08:52 - 2016-10-22 18:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-09 08:52 - 2016-10-22 18:13 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-09 08:52 - 2016-10-22 18:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-09 08:52 - 2016-10-22 18:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-09 08:52 - 2016-10-22 18:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-09 08:52 - 2016-10-22 17:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-09 08:52 - 2016-10-22 17:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-09 08:52 - 2016-10-22 17:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-09 08:52 - 2016-10-22 17:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-09 08:52 - 2016-10-22 17:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-09 08:52 - 2016-10-22 17:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-09 08:52 - 2016-10-22 17:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-09 08:52 - 2016-10-22 17:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-09 08:52 - 2016-10-22 17:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-09 08:52 - 2016-10-22 17:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-09 08:52 - 2016-10-22 17:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-09 08:52 - 2016-10-22 17:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-09 08:52 - 2016-10-15 16:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-09 08:52 - 2016-10-15 16:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-09 08:52 - 2016-10-11 16:24 - 00250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-09 08:52 - 2016-10-11 16:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-09 08:52 - 2016-10-11 16:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-09 08:52 - 2016-10-11 16:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-09 08:52 - 2016-10-11 16:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-09 08:52 - 2016-10-11 16:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-09 08:52 - 2016-10-11 16:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-09 08:52 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-09 08:52 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-09 08:52 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-09 08:52 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-09 08:52 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-09 08:52 - 2016-10-11 16:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-09 08:52 - 2016-10-11 14:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-09 08:52 - 2016-10-10 16:21 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-09 08:52 - 2016-10-10 16:21 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-09 08:52 - 2016-10-10 16:16 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-09 08:52 - 2016-10-10 16:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-09 08:52 - 2016-10-10 15:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-09 08:52 - 2016-10-10 15:50 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-09 08:52 - 2016-10-10 15:50 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-09 08:52 - 2016-10-10 15:50 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-09 08:52 - 2016-10-10 15:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-09 08:52 - 2016-10-10 15:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-09 08:52 - 2016-10-10 15:50 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-09 08:52 - 2016-10-07 16:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-11-09 08:52 - 2016-10-07 16:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-09 08:52 - 2016-10-07 16:15 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-09 08:52 - 2016-10-07 16:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-09 08:52 - 2016-10-07 16:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-09 08:52 - 2016-10-07 16:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-09 08:52 - 2016-10-07 16:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-09 08:52 - 2016-10-07 16:12 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2016-11-09 08:52 - 2016-10-07 16:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-09 08:52 - 2016-10-07 16:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-09 08:52 - 2016-10-07 16:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-09 08:52 - 2016-10-07 16:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-09 08:52 - 2016-10-07 16:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-09 08:52 - 2016-10-07 16:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-09 08:52 - 2016-10-07 15:54 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-09 08:52 - 2016-10-07 15:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-09 08:52 - 2016-10-07 15:54 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-09 08:52 - 2016-10-07 15:54 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-09 08:52 - 2016-10-07 15:51 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-09 08:52 - 2016-10-07 15:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-09 08:52 - 2016-10-05 15:50 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-09 08:52 - 2016-09-13 16:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-09 08:52 - 2016-09-09 19:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-07 02:14 - 2016-11-07 02:14 - 00483503 _____ C:\Users\Viper\Desktop\SPISAK RADIONICA ZA TAHOGRAFE.pdf
2016-11-06 02:57 - 2016-11-06 02:57 - 00000000 ____D C:\Users\Viper\.dnx
2016-11-06 02:27 - 2016-11-06 02:27 - 00000000 ____D C:\Program Files\AppInsights
2016-11-06 02:22 - 2016-11-06 02:22 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 11.0
2016-11-06 02:06 - 2016-11-06 02:06 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2016-11-06 02:05 - 2016-11-06 02:05 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2016-11-06 02:05 - 2016-11-06 02:05 - 00000000 ____D C:\Program Files\ShellDir
2016-11-06 02:03 - 2016-11-06 02:22 - 00000000 ____D C:\Program Files\Microsoft ASP.NET
2016-11-06 02:01 - 2016-11-06 02:01 - 00000000 ____D C:\ProgramData\Microsoft DNX
2016-11-06 02:01 - 2016-11-06 02:01 - 00000000 ____D C:\Program Files\Microsoft DNX
2016-11-06 01:54 - 2016-11-06 02:00 - 00000000 ____D C:\Program Files\Microsoft Web Tools
2016-11-06 01:51 - 2016-11-06 01:51 - 00000000 ____D C:\Program Files\IIS Express
2016-11-06 01:50 - 2016-11-06 01:50 - 00000000 ____D C:\Program Files\Microsoft Office365 Tools
2016-11-06 01:49 - 2016-11-06 01:49 - 00000000 ____D C:\ProgramData\NuGet
2016-11-06 01:49 - 2016-11-06 01:49 - 00000000 ____D C:\Program Files\NuGet
2016-11-06 01:49 - 2016-11-06 01:49 - 00000000 ____D C:\Program Files\Microsoft WCF Data Services
2016-11-06 01:48 - 2016-11-06 01:48 - 00000000 ____D C:\Program Files\IIS
2016-11-06 01:46 - 2016-11-06 01:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2016-11-06 01:45 - 2016-11-06 01:45 - 00001492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
2016-11-06 01:42 - 2016-11-06 02:32 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2016-11-06 01:39 - 2016-11-06 01:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2016-11-06 01:28 - 2016-11-06 03:00 - 00000000 ____D C:\Users\Viper\Documents\Visual Studio 2015
2016-11-06 01:13 - 2016-11-06 02:22 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-11-06 01:13 - 2016-11-06 01:41 - 00000000 ____D C:\Windows\system32\1033
2016-11-06 01:13 - 2016-11-06 01:13 - 00001493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
2016-11-06 01:13 - 2016-11-06 01:13 - 00000000 ____D C:\Program Files\Common Files\Merge Modules
2016-11-06 01:11 - 2016-11-06 02:16 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 14.0
2016-11-06 01:08 - 2016-11-06 02:06 - 00000000 ____D C:\Program Files\Windows Kits
2016-11-06 00:57 - 2016-11-06 00:57 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-05 10:07 - 2016-11-05 14:59 - 00002014 _____ C:\Users\Public\Desktop\Medal of Honor Allied Assault.lnk
2016-11-05 10:05 - 2016-11-05 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2016-10-29 23:52 - 2016-10-29 23:52 - 00000000 ____D C:\Users\Viper\AppData\Roaming\de.hueber.menschena1izu
2016-10-29 23:37 - 2016-11-19 14:02 - 00000000 ____D C:\Users\Viper\Desktop\fleska sredjivanje
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-26 12:38 - 2015-11-15 09:14 - 00185887 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-11-26 12:38 - 2015-11-15 09:14 - 00100993 _____ C:\Windows\ZAM.krnl.trace
2016-11-26 12:28 - 2015-06-15 19:52 - 00000000 ____D C:\Users\Viper
2016-11-26 12:26 - 2009-07-14 05:34 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-26 12:26 - 2009-07-14 05:34 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-26 12:18 - 2015-06-16 05:36 - 00028160 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv86.sys
2016-11-26 12:18 - 2015-06-16 02:04 - 00000000 ____D C:\ProgramData\MCShield
2016-11-26 12:18 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-26 09:58 - 2015-06-16 03:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-26 07:41 - 2016-07-16 15:34 - 00000000 ____D C:\ProgramData\Auslogics
2016-11-26 03:31 - 2015-06-16 01:14 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-25 23:25 - 2015-07-02 23:54 - 00000000 ____D C:\Program Files\KeyCryptSDK
2016-11-25 21:41 - 2015-06-16 01:19 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-11-25 18:57 - 2016-08-05 20:58 - 00000000 ____D C:\Program Files\Zemana AntiLogger
2016-11-25 16:15 - 2015-06-15 20:37 - 00000000 ____D C:\Program Files\Pale Moon
2016-11-25 15:51 - 2015-07-31 00:24 - 00000000 ____D C:\Program Files\Slimjet
2016-11-22 01:05 - 2015-06-16 02:36 - 00000000 ____D C:\Users\Viper\AppData\Roaming\Thunderbird
2016-11-22 01:05 - 2015-06-16 02:36 - 00000000 ____D C:\Users\Viper\AppData\Local\Thunderbird
2016-11-22 01:05 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-11-22 00:10 - 2015-06-16 01:36 - 00000000 ____D C:\Users\Viper\.VirtualBox
2016-11-21 19:32 - 2015-06-16 06:29 - 00000000 ____D C:\Users\Viper\AppData\Roaming\vlc
2016-11-21 17:39 - 2015-06-16 01:50 - 00002392 _____ C:\Windows\Sandboxie.ini
2016-11-19 18:15 - 2013-04-14 09:27 - 00724324 _____ C:\Windows\system32\perfh019.dat
2016-11-19 18:15 - 2013-04-14 09:27 - 00150626 _____ C:\Windows\system32\perfc019.dat
2016-11-19 18:15 - 2010-11-20 22:01 - 01648402 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-19 13:03 - 2013-04-14 14:34 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-19 02:51 - 2015-06-16 01:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-11-19 02:50 - 2015-06-16 01:19 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2016-11-13 14:24 - 2015-06-18 07:26 - 00000000 ____D C:\ProgramData\Skype
2016-11-13 13:39 - 2016-01-01 02:20 - 00000000 ___RD C:\Program Files\Skype
2016-11-13 13:39 - 2015-06-18 07:27 - 00000000 ____D C:\Users\Viper\AppData\Roaming\Skype
2016-11-13 13:09 - 2015-06-16 19:55 - 00000000 ____D C:\Program Files\7-Zip
2016-11-13 01:35 - 2015-12-30 18:23 - 00000000 ____D C:\Users\Viper\AppData\Roaming\ViberPC
2016-11-13 01:35 - 2015-12-30 18:22 - 00000000 ____D C:\Users\Viper\AppData\Local\Package Cache
2016-11-12 18:15 - 2015-07-30 12:10 - 00000000 ____D C:\Users\Viper\AppData\Local\Google
2016-11-12 18:06 - 2015-07-25 18:04 - 00081768 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2016-11-12 18:06 - 2015-07-25 18:04 - 00056680 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys
2016-11-09 20:58 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2016-11-09 12:44 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2016-11-09 11:14 - 2015-06-15 22:12 - 00000000 ____D C:\Windows\system32\MRT
2016-11-09 11:08 - 2013-04-14 15:02 - 138444440 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-06 02:37 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-11-06 02:22 - 2015-06-21 04:27 - 00000000 ____D C:\Program Files\Microsoft SDKs
2016-11-06 01:36 - 2015-06-21 04:42 - 00000000 ____D C:\Program Files\Microsoft Help Viewer
2016-11-06 01:26 - 2009-07-14 05:53 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-06 01:08 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\MSBuild
2016-11-05 10:13 - 2009-07-14 03:05 - 00028400 _____ C:\Windows\system32\Drivers\secdrv.sys
2016-11-05 10:09 - 2015-06-25 05:59 - 00000000 ____D C:\Users\Viper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-11-05 10:05 - 2016-06-19 11:43 - 00000000 ____D C:\Program Files\EA Games
2016-11-05 10:05 - 2015-06-15 20:03 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-10-30 03:06 - 2015-08-22 20:04 - 00000000 ____D C:\Users\Viper\AppData\Local\CrashDumps
2016-10-29 23:53 - 2015-07-26 14:07 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2016-10-29 23:45 - 2016-01-08 05:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hueber
2016-10-29 23:44 - 2016-01-08 05:23 - 00000000 ____D C:\Program Files\Hueber
2016-10-29 01:29 - 2016-09-24 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Return to Castle Wolfenstein
2016-10-29 01:29 - 2016-09-16 18:33 - 00000600 _____ C:\Windows\Rtcw.INI
2016-10-29 01:21 - 2015-06-16 03:48 - 00000000 ____D C:\Users\Viper\AppData\Local\Adobe
2016-10-29 01:20 - 2015-06-16 03:49 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-10-29 01:20 - 2015-06-16 03:49 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-10-29 01:20 - 2015-06-16 03:49 - 00000000 ____D C:\Windows\system32\Macromed
==================== Files in the root of some directories =======
2016-10-08 23:30 - 2016-10-08 23:32 - 0000008 _____ () C:\Users\Viper\AppData\Roaming\pdfdrawcodec.dll
2016-09-10 23:48 - 2016-09-11 12:27 - 0000487 _____ () C:\Users\Viper\AppData\Local\infection.log
2016-01-24 15:21 - 2016-01-24 15:21 - 0000218 _____ () C:\Users\Viper\AppData\Local\recently-used.xbel
2015-06-19 23:11 - 2016-05-21 00:45 - 0000260 _____ () C:\ProgramData\fontcacheev1.dat
2016-10-14 18:05 - 2016-10-14 18:19 - 0001911 _____ () C:\ProgramData\hpzinstall.log
Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-11-26 01:18
==================== End of FRST.txt ============================
https://www.mycity.rs/must-login.png
|
|
|
|
Poslao: 26 Nov 2016 21:13
|
offline
- return void
- Anti Malware Fighter
Rank 1
- Pridružio: 02 Jan 2008
- Poruke: 2167
|
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
CreateRestorePoint:
2015-06-19 23:11 - 2016-05-21 00:45 - 0000260 _____ () C:\ProgramData\fontcacheev1.dat
EmptyTemp:
2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.
3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.
Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.
Nakon toga,
Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"
|
|
|
|
Poslao: 26 Nov 2016 21:55
|
offline
- Wisdomseeker
- Super građanin
- Pridružio: 12 Feb 2007
- Poruke: 1239
|
Kod mene je System Restore isključen.
Fix result of Farbar Recovery Scan Tool (x86) Version: 23-11-2016
Ran by Viper (26-11-2016 21:39:48) Run:1
Running from C:\Users\Viper\Desktop
Loaded Profiles: Viper (Available Profiles: Viper)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
2015-06-19 23:11 - 2016-05-21 00:45 - 0000260 _____ () C:\ProgramData\fontcacheev1.dat
EmptyTemp:
*****************
Error: (0) Failed to create a restore point.
C:\ProgramData\fontcacheev1.dat => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12637216 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 35045637 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16674 B
LocalService => 0 B
NetworkService => 0 B
Viper => 87418 B
Coleman => 0 B
RecycleBin => 0 B
EmptyTemp: => 53.6 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 21:39:51 ====
https://www.mycity.rs/must-login.png
|
|
|
|
|
|
|
|
|
|
Poslao: 27 Nov 2016 20:18
|
offline
- return void
- Anti Malware Fighter
Rank 1
- Pridružio: 02 Jan 2008
- Poruke: 2167
|
Odradi ovaj fix, pa javi kakvo je stanje za Zemanom. Da li i dalje prijavljuje host hijack?
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
CreateRestorePoint:
Hosts:
2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.
3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.
Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.
|
|
|
|