MyCity » Ambulanta -> Arhiva Ambulante » malicious software

malicious software

Napisano na dan: 21.5.2017

malicious software

Odgovori

gogi100 Poslao: 21 Maj 2017 16:35 Idi na vrh
offline gogi100 Građanin Pridružio: 26 Jan 2006 Poruke: 233	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: dakle, imam racunar sa operativnim sistemom windows 7 x64 ultimate, anti virus software je bio microsoft security essentials. simptomi su sledeci. chrome se otvara sam od sebe. ja sam brisao sa malware bytes-om malware i od tada je stao sa iskakanjem, ali stalno mu se pojavljuju u dodacima neki ruski dodaci i dodatak splinter search. microsoft esentials ne moze da se azurira izbacuje neku gresku i ja sam ga deinstalirao. praznio sam sve temp fajlove i primetio sam da se u c:\users pojavljuje folder {username}. Takodje,show hidden files kad ukljucim nista se ne desava, ne pokazuje skrivene fajlove isto tako i sistemske fajlove. kad pokusam da nesto promenim u registry prikazuje mi da je access denied iako imam vlasnistvo nad tim kljucevima. u control panel uninnstal programs sklonio sam sumljive programe bar koje sam ja mislio da su sumljivi. frst.txt je Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-05-2017 Ran by Administrator (administrator) on HOME-PC (21-05-2017 15:43:12) Running from C:\Users\Administrator\Downloads Loaded Profiles: Administrator (Available Profiles: home & Administrator) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) C:\Windows\System32\Locator.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Sysinternals - www.sysinternals.com) C:\Users\Administrator\Downloads\ProcessExplorer\procexp64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6843024 2012-10-29] (Realtek Semiconductor) HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-03-21] (Advanced Micro Devices, Inc.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-05-20] (Oracle Corporation) HKU\S-1-5-21-891269962-2659327078-604941568-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation) ShellExecuteHooks: No Name - {F797446C-D3F2-11E6-AB72-64006A5CFC35} - C:\Users\home\AppData\Roaming\Terlcultclhach\Hejuck.dll -> No File ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\home\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\home\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\home\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\home\AppData\Local\MEGAsync\ShellExtX32.dll -> No File ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\home\AppData\Local\MEGAsync\ShellExtX32.dll -> No File ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\home\AppData\Local\MEGAsync\ShellExtX32.dll -> No File Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\pLBfEuNP.lnk [2015-12-27] Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Twitch.lnk [2017-04-11] ShortcutTarget: Twitch.lnk -> C:\Users\Administrator\AppData\Roaming\Curse Client\Bin\Twitch.exe (No File) Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\xBchppIcvKkI.lnk [2015-12-27] BootExecute: autocheck autochk * Partizan GroupPolicyScripts\User: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{AB0801C9-0579-42DD-935D-4B2453D6B2CA}: [DhcpNameServer] 212.200.191.166 212.200.190.166 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-891269962-2659327078-604941568-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-891269962-2659327078-604941568-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-891269962-2659327078-604941568-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-31] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-31] (Oracle Corporation) BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-02] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-02] (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-31] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-31] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-02] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-02] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-17] (Google Inc.) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx Opera: ======= StartMenuInternet: (HKLM) OPERASTABLE - Opera.exe ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed] R2 Auhardwaregl; C:\Windows\SysWow64\Auhardwaregl.dll [454440 2017-05-17] () S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-01-13] () S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [428056 2017-03-03] (BlueStack Systems, Inc.) S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [406040 2017-03-03] (BlueStack Systems, Inc.) S4 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [452632 2017-03-03] (BlueStack Systems, Inc.) S4 Disc Soft Lite Bus Service; E:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd) S4 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-04-19] (EasyAntiCheat Ltd) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [143872 2014-10-24] (Microsoft Corporation) [File not signed] S4 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3416584 2017-03-02] (LogMeIn Inc.) S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2017-02-27] (LogMeIn, Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation) S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation) S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [122368 2015-02-26] (Microsoft Corporation) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S4 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2017-03-21] (Sony) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.) S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X] S4 HnGSteamService; C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe [X] S4 netsvc; C:\Program Files (x86)\UtilTool\Antivirus\netsvc.exe [X] S4 Origin Client Service; "C:\Program Files (x86)\Origin\OriginClientService.exe" [X] S4 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [X] S4 SQLBrowser; "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) S3 AVFSFilter; C:\Windows\System32\DRIVERS\avfsfilter.sys [13720 2012-09-07] () R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-03-03] (BlueStack Systems) R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-03-03] (Bluestack System Inc. ) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-04-14] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-04-14] (Disc Soft Ltd) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-05-09] () S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2017-04-16] (Sony Mobile Communications) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-05-19] () R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [187320 2017-05-18] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-05-21] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-21] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-21] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-05-21] (Malwarebytes) R1 netboostmaster; C:\Windows\system32\drivers\netboostmaster.sys [2894184 2017-05-18] () [File not signed] S3 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11973 2016-07-22] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2016-04-14] (Duplex Secure Ltd.) S3 tap0901_openvpn_accl; C:\Windows\System32\DRIVERS\tap0901_openvpn_accl.sys [37912 2016-11-10] (The OpenVPN Project) R2 Uefochubsrv; C:\Windows\system32\drivers\Uefochubsrv.sys [196640 2017-05-17] () R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-05-21] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-05-21] (Zemana Ltd.) U3 asqw883q; no ImagePath S1 aqhiqflc; \??\C:\Windows\system32\drivers\aqhiqflc.sys [X] U0 aswVmm; no ImagePath S1 lnsubgoh; \??\C:\Windows\system32\drivers\lnsubgoh.sys [X] S1 netcontroller; system32\drivers\netcontroller.sys [X] S1 p1483530829am; \??\C:\Users\home\AppData\Local\Temp\bk3BC8.tmp\p1483530829am.sys [X] <==== ATTENTION U0 Partizan; system32\drivers\Partizan.sys [X] S1 qaqjosyy; \??\C:\Windows\system32\drivers\qaqjosyy.sys [X] S3 TrojanKillerDriver; system32\DRIVERS\gtkdrv.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 VSPerfDrv100; \??\C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [X] S1 whklgyqq; \??\C:\Windows\system32\drivers\whklgyqq.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-22 01:26 - 2017-05-22 01:26 - 00005292 _____ C:\Users\Administrator\Documents\swprv.reg 2017-05-21 15:43 - 2017-05-21 15:43 - 00018672 _____ C:\Users\Administrator\Downloads\FRST.txt 2017-05-21 15:43 - 2017-05-21 15:43 - 00000000 ____D C:\FRST 2017-05-21 15:42 - 2017-05-21 15:42 - 02429952 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe 2017-05-21 15:31 - 2017-05-21 15:31 - 00000000 ____D C:\Users\{username} 2017-05-21 15:28 - 2017-05-21 15:43 - 00494578 _____ C:\Windows\ZAM.krnl.trace 2017-05-21 15:28 - 2017-05-21 15:43 - 00112193 _____ C:\Windows\ZAM_Guard.krnl.trace 2017-05-21 13:14 - 2017-05-21 13:14 - 00000406 _____ C:\Users\Administrator\Desktop\zemana.txt 2017-05-21 12:25 - 2017-05-21 12:29 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2017-05-21 12:25 - 2017-05-21 12:25 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys 2017-05-21 12:25 - 2017-05-21 12:25 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys 2017-05-21 12:25 - 2017-05-21 12:25 - 00001104 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2017-05-21 12:25 - 2017-05-21 12:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2017-05-21 12:24 - 2017-05-21 12:24 - 05774688 _____ (Zemana Ltd. ) C:\Users\Administrator\Downloads\Zemana.AntiMalware.Setup.exe 2017-05-21 10:26 - 2017-05-21 15:31 - 00002211 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk 2017-05-21 10:14 - 2017-05-21 10:14 - 00000000 ____D C:\Users\Administrator\Desktop\osam_autorun_manager_5_0_portable 2017-05-21 10:10 - 2017-05-21 10:11 - 04272474 _____ C:\Users\Administrator\Desktop\osam_autorun_manager_5_0_portable.rar 2017-05-21 10:10 - 2017-05-21 10:10 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.scr 2017-05-20 23:49 - 2017-05-21 00:00 - 00000000 ____D C:\Users\Public\Documents\regruninfo 2017-05-20 23:49 - 2017-05-20 23:56 - 00000000 ____D C:\Users\Administrator\Documents\RegRun2 2017-05-20 23:49 - 2017-05-20 23:52 - 00000000 ____D C:\Program Files (x86)\UnHackMe 2017-05-20 23:49 - 2017-05-20 23:49 - 00000963 _____ C:\Users\Administrator\Desktop\UnHackMe.lnk 2017-05-20 23:49 - 2017-05-20 23:49 - 00000418 _____ C:\Windows\Tasks\UnHackMe Task Scheduler.job 2017-05-20 23:49 - 2017-05-20 23:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe 2017-05-20 23:49 - 2017-04-14 12:48 - 00014984 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys 2017-05-20 23:45 - 2017-05-20 23:45 - 00000000 ____D C:\Users\Administrator\Downloads\unhackme 2017-05-20 23:44 - 2017-05-20 23:45 - 18656117 _____ C:\Users\Administrator\Downloads\unhackme.zip 2017-05-20 23:41 - 2017-05-20 23:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe 2017-05-20 23:24 - 2017-05-20 23:24 - 00000000 ____D C:\Users\Administrator\Downloads\ProcessExplorer 2017-05-20 23:18 - 2017-05-20 23:19 - 01931969 _____ C:\Users\Administrator\Downloads\ProcessExplorer.zip 2017-05-20 22:59 - 2017-05-20 22:59 - 11098008 _____ C:\Users\Administrator\Documents\1.reg 2017-05-20 22:58 - 2017-05-20 22:58 - 00000082 _____ C:\Users\Administrator\Documents\security.reg 2017-05-20 22:56 - 2017-05-20 22:56 - 03635734 _____ (Sergey Filippov ) C:\Users\Administrator\Downloads\RegistryFinderSetup2.19.exe 2017-05-20 22:56 - 2017-05-20 22:56 - 00000000 ____D C:\Registry Finder 2017-05-20 22:45 - 2017-05-20 22:47 - 00145568 _____ (Sysinternals) C:\Windows\PSEXESVC.exe 2017-05-20 22:43 - 2017-05-20 22:43 - 00000000 ____D C:\pstools 2017-05-20 22:42 - 2017-05-20 22:42 - 02823905 _____ C:\Users\Administrator\Downloads\PSTools.zip 2017-05-20 22:38 - 2017-05-20 22:38 - 02655480 _____ (Resplendence Software Projects Sp. ) C:\Users\Administrator\Downloads\RegistrarHomeV8.exe 2017-05-20 19:22 - 2017-05-20 19:22 - 00000000 ____D C:\Windows\system32\MpEngineStore 2017-05-19 22:45 - 2017-05-19 22:45 - 01048576 _____ C:\Users\Administrator\Downloads\msert.exe 2017-05-19 22:36 - 2017-05-19 22:36 - 06752896 _____ (ESET spol. s r.o.) C:\Users\Administrator\Downloads\esetonlinescanner_enu.exe 2017-05-19 22:33 - 2017-05-19 22:34 - 15065792 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\mseinstall.exe 2017-05-19 22:07 - 2017-05-19 22:18 - 00000000 ____D C:\Program Files\Attribute Changer 2017-05-19 22:07 - 2017-05-19 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Attribute Changer 2017-05-19 22:07 - 2017-05-19 22:07 - 05126250 _____ (Romain Petges ) C:\Users\Administrator\Downloads\ac-860.exe 2017-05-19 22:03 - 2017-05-19 22:03 - 00000258 __RSH C:\ProgramData\ntuser.pol 2017-05-19 21:50 - 2017-05-19 21:50 - 00001001 _____ C:\Users\Administrator\Desktop\Total Commander 64 bit.lnk 2017-05-19 21:50 - 2017-05-19 21:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander 2017-05-19 21:50 - 2017-05-19 21:50 - 00000000 ____D C:\Program Files\totalcmd 2017-05-19 21:49 - 2017-05-19 21:49 - 04987672 _____ (Ghisler Software GmbH) C:\Users\Administrator\Downloads\tcmd900ax64.exe 2017-05-19 21:31 - 2017-05-19 21:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-05-19 21:30 - 2017-05-19 21:30 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Administrator\Downloads\mbar-1.09.3.1001.exe 2017-05-19 21:10 - 2017-05-19 21:18 - 00000000 ____D C:\AdwCleaner 2017-05-19 21:10 - 2017-05-19 21:10 - 04110280 _____ C:\Users\Administrator\Downloads\adwcleaner_6.047.exe 2017-05-19 20:19 - 2017-05-19 20:22 - 00055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2017-05-19 20:19 - 2017-05-19 20:22 - 00001889 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2017-05-19 20:19 - 2017-05-19 20:19 - 00000000 ____D C:\Program Files\HitmanPro 2017-05-19 20:17 - 2017-05-19 20:20 - 00000000 ____D C:\ProgramData\HitmanPro 2017-05-19 20:17 - 2017-05-19 20:18 - 11584088 _____ (SurfRight B.V.) C:\Users\Administrator\Downloads\HitmanPro_x64.exe 2017-05-19 20:16 - 2017-05-19 20:16 - 11023528 _____ (SurfRight B.V.) C:\Users\Administrator\Downloads\HitmanPro.exe 2017-05-19 20:10 - 2017-05-19 20:10 - 00427648 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\unhide (1).exe 2017-05-19 19:32 - 2017-05-19 19:57 - 00000000 ____D C:\ComboFix 2017-05-19 19:30 - 2017-05-19 18:55 - 05659512 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe 2017-05-19 19:03 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2017-05-19 19:03 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2017-05-19 19:03 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2017-05-19 19:03 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2017-05-19 19:03 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2017-05-19 19:03 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2017-05-19 19:03 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2017-05-19 19:03 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2017-05-19 18:57 - 2017-05-19 21:21 - 00000000 ____D C:\Qoobox 2017-05-19 18:57 - 2017-05-19 19:54 - 00000000 ____D C:\Windows\erdnt 2017-05-19 18:55 - 2017-05-19 18:55 - 05659512 ____R (Swearware) C:\Users\Administrator\Downloads\ComboFix.exe 2017-05-19 18:49 - 2017-05-19 18:49 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill.exe 2017-05-19 18:33 - 2017-05-19 18:33 - 00000000 ____D C:\Users\Administrator\Downloads\backups 2017-05-19 18:31 - 2017-05-19 18:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\HijackThis.exe 2017-05-19 05:48 - 2017-05-19 05:48 - 00000000 ____D C:\found.000 2017-05-18 19:07 - 2017-05-18 19:07 - 00395171 _____ C:\Users\Administrator\Downloads\roex.zip 2017-05-18 19:07 - 2017-05-18 19:07 - 00000000 ____D C:\Users\Administrator\Downloads\roex 2017-05-18 18:55 - 2017-05-21 00:04 - 00521074 _____ C:\Windows\ntbtlog.txt 2017-05-18 18:47 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2017-05-18 18:47 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2017-05-18 18:40 - 2017-05-18 18:40 - 00427648 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\unhide.exe 2017-05-18 18:29 - 2017-05-18 18:29 - 00001189 _____ C:\Users\Administrator\Documents\show.reg 2017-05-18 17:47 - 2017-05-18 17:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite 2017-05-18 17:43 - 2017-05-18 17:43 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-05-18 17:43 - 2017-05-18 17:43 - 00000295 _____ C:\Windows\wininit.ini 2017-05-18 17:43 - 2017-05-18 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-05-18 17:43 - 2017-05-18 17:43 - 00000000 ____D C:\Program Files\CCleaner 2017-05-18 05:20 - 2017-05-21 13:47 - 00000000 ____D C:\ProgramData\XLiPlatform 2017-05-18 05:18 - 2015-07-30 20:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2017-05-18 05:18 - 2015-07-30 20:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2017-05-18 05:18 - 2015-07-30 20:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2017-05-18 05:18 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2017-05-18 05:18 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2017-05-18 05:17 - 2017-05-21 15:28 - 02785072 _____ C:\Windows\netboostmasterHelp.dll 2017-05-18 05:17 - 2017-05-18 05:17 - 02894184 _____ C:\Windows\system32\Drivers\netboostmaster.sys 2017-05-18 05:15 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2017-05-18 05:15 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2017-05-18 05:15 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2017-05-18 05:15 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2017-05-18 05:15 - 2015-12-08 23:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2017-05-18 05:15 - 2015-12-08 21:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2017-05-18 05:15 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2017-05-18 05:15 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2017-05-18 05:09 - 2017-05-18 05:17 - 00000000 ____D C:\ProgramData\Cache 2017-05-17 18:38 - 2017-05-17 18:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++ 2017-05-17 17:52 - 2017-05-21 15:29 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-05-17 17:52 - 2017-05-21 15:29 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-05-17 17:52 - 2017-05-21 15:29 - 00084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-05-17 17:52 - 2017-05-21 15:29 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-05-17 17:52 - 2017-05-18 19:12 - 00187320 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-05-17 17:52 - 2017-05-17 17:52 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-05-17 17:52 - 2017-05-17 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-05-17 17:51 - 2017-05-17 17:52 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla 2017-05-17 17:51 - 2017-05-17 17:51 - 00000000 ____D C:\Program Files\Malwarebytes 2017-05-17 17:51 - 2017-05-09 16:37 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-05-17 17:50 - 2017-05-17 17:50 - 00000000 ____D C:\Users\Public\Documents\Google 2017-05-17 17:43 - 2017-05-17 17:43 - 00454440 _____ C:\Windows\SysWOW64\Auhardwaregl.dll 2017-05-17 17:43 - 2017-05-17 17:43 - 00196640 _____ C:\Windows\system32\Drivers\Uefochubsrv.sys 2017-05-17 17:43 - 2017-05-17 17:43 - 00000000 ____D C:\Users\Public\Documents\XMUpdate 2017-05-17 17:39 - 2017-05-17 17:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla 2017-05-17 17:37 - 2017-05-17 21:33 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Opera Software 2017-05-17 17:37 - 2017-05-17 17:37 - 00000000 ____D C:\Program Files\Common Files\JOS26Z5TB4 2017-05-17 17:29 - 2017-05-17 17:29 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR 2017-04-29 20:56 - 2017-04-29 20:56 - 00000000 ____D C:\Users\home\Documents\Flight Simulator X Files 2017-04-29 18:18 - 2017-05-01 11:12 - 00000000 ____D C:\Users\home\AppData\LocalLow\uTorrent 2017-04-29 11:26 - 2017-04-29 11:28 - 00000000 ____D C:\Users\home\Desktop\Drugi Svetski rat 2017-04-28 08:38 - 2017-04-28 08:38 - 00000000 ___SD C:\Windows\SysWOW64\{A24B87CE-67C9-49D1-B0A5-F06A1C73BC58} 2017-04-27 22:03 - 2017-04-27 22:03 - 00000222 _____ C:\Users\home\Desktop\Euro Truck Simulator 2.url 2017-04-27 21:04 - 2017-04-27 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2017-04-27 21:04 - 2017-04-27 21:04 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2017-04-27 20:58 - 2017-04-27 20:59 - 09777152 _____ C:\Users\home\Downloads\hamachi.msi 2017-04-27 19:15 - 2017-04-27 21:21 - 00000000 ___SD C:\Windows\SysWOW64\{D28A6CAB-8746-4CDE-9D38-C5395B6DEFCD} 2017-04-26 13:08 - 2017-04-26 13:08 - 00000000 ___SD C:\Windows\SysWOW64\{FA70E676-D02E-4F59-967B-2091A253A5FF} 2017-04-26 10:33 - 2017-04-26 10:34 - 00000000 ____D C:\Users\home\AppData\Roaming\discord 2017-04-26 10:33 - 2017-04-26 10:33 - 00002154 _____ C:\Users\home\Desktop\Discord.lnk 2017-04-26 10:33 - 2017-04-26 10:33 - 00000000 ____D C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc 2017-04-26 10:31 - 2017-04-26 10:32 - 52553728 _____ (Hammer & Chisel, Inc.) C:\Users\home\Downloads\DiscordSetup.exe 2017-04-26 09:08 - 2017-04-26 09:08 - 00120601 _____ C:\Users\home\Downloads\Outlast.2-CODEX.torrent 2017-04-23 18:32 - 2017-04-23 18:32 - 00019016 _____ C:\Users\home\Downloads\Die Hard with a Vengeance (1995) [720p] [YTS.AG] (1).torrent 2017-04-21 14:50 - 2017-04-21 14:50 - 00000000 ____D C:\Users\home\AppData\LocalLow\Bossa Studios 2017-04-21 14:36 - 2017-04-21 14:36 - 00000222 _____ C:\Users\home\Desktop\Surgeon Simulator.url ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-21 15:33 - 2016-10-26 10:20 - 00000000 ____D C:\Users\Administrator 2017-05-21 15:28 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-05-21 15:28 - 2009-07-14 06:45 - 00503136 _____ C:\Windows\system32\FNTCACHE.DAT 2017-05-21 14:18 - 2016-04-18 20:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0 2017-05-21 14:10 - 2016-01-16 23:49 - 00000000 ____D C:\Windows\system32\1033 2017-05-21 14:10 - 2016-01-16 23:49 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 10.0 2017-05-21 14:10 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2017-05-21 14:05 - 2009-07-14 06:45 - 00047104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-05-21 14:05 - 2009-07-14 06:45 - 00047104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-05-21 14:02 - 2013-11-26 21:49 - 00000000 ____D C:\Program Files (x86)\WinRAR 2017-05-21 10:26 - 2015-11-03 22:56 - 00002227 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-05-21 00:23 - 2016-10-26 10:22 - 00001405 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2017-05-21 00:23 - 2016-10-26 10:22 - 00001399 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-05-20 23:49 - 2015-11-03 23:52 - 00000002 RSHOT C:\Windows\winstart.bat 2017-05-20 23:49 - 2015-11-03 23:52 - 00000002 __SOT C:\Windows\SysWOW64\CONFIG.NT 2017-05-20 23:49 - 2015-11-03 23:52 - 00000002 __SOT C:\Windows\SysWOW64\AUTOEXEC.NT 2017-05-20 23:12 - 2016-10-19 17:32 - 00001945 _____ C:\Windows\epplauncher.mif 2017-05-20 00:33 - 2016-03-17 23:33 - 00000000 ____D C:\Users\Public\Documents\Wondershare 2017-05-19 21:32 - 2015-11-01 13:51 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-05-19 21:16 - 2017-04-17 11:08 - 00000000 ____D C:\Windows\Update 2017-05-19 19:53 - 2017-03-07 19:21 - 00000000 _____ C:\Windows\system.ini 2017-05-19 19:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2017-05-19 19:28 - 2009-07-14 04:34 - 37486592 _____ C:\Windows\system32\config\system.bak 2017-05-19 19:28 - 2009-07-14 04:34 - 143130624 _____ C:\Windows\system32\config\software.bak 2017-05-19 19:28 - 2009-07-14 04:34 - 04980736 _____ C:\Windows\system32\config\default.bak 2017-05-19 19:28 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak 2017-05-19 19:28 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\sam.bak 2017-05-18 23:46 - 2013-11-26 21:02 - 00000000 ____D C:\Users\home 2017-05-18 22:24 - 2017-01-05 12:53 - 00001908 _____ C:\Windows\diagwrn.xml 2017-05-18 22:24 - 2017-01-05 12:53 - 00001908 _____ C:\Windows\diagerr.xml 2017-05-18 22:18 - 2016-01-17 17:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2017-05-18 22:00 - 2016-01-17 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2017-05-18 21:59 - 2016-01-17 17:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2017-05-18 21:57 - 2016-06-05 13:07 - 156335152 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-05-18 21:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2017-05-18 17:43 - 2016-05-12 21:15 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2017-05-18 17:43 - 2013-11-27 05:49 - 00000000 ____D C:\Windows\Panther 2017-05-18 17:28 - 2016-01-17 17:32 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs 2017-05-18 17:22 - 2016-04-30 18:22 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information 2017-05-18 17:07 - 2014-06-02 21:09 - 00000000 ____D C:\Windows\system32\appmgmt 2017-05-18 05:00 - 2016-12-27 20:43 - 00000000 ____D C:\Program Files (x86)\Courkaripack Center 2017-05-18 02:34 - 2015-11-01 19:16 - 00002328 _____ C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-05-18 02:27 - 2017-01-18 21:09 - 00001956 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-05-18 02:27 - 2017-01-18 21:09 - 00001886 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-05-17 21:35 - 2017-01-22 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2017-05-17 21:35 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2017-05-17 21:34 - 2017-03-07 19:22 - 00000000 ____D C:\Program Files\Opera 2017-05-17 21:32 - 2017-04-19 20:51 - 00000000 ____D C:\Program Files\FACEIT Client 2017-05-17 21:27 - 2017-02-23 15:41 - 00000000 ____D C:\Program Files\City Car Driving 2017-05-17 17:56 - 2017-04-13 11:16 - 00000000 ____D C:\Users\home\AppData\Roaming\Ckozoghgrrucult 2017-05-17 17:51 - 2015-11-01 13:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2017-05-17 17:21 - 2015-11-03 22:56 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-05-17 17:21 - 2015-11-03 22:56 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-05-01 11:33 - 2015-09-20 13:12 - 00000000 ____D C:\Users\home\AppData\Roaming\uTorrent 2017-05-01 11:15 - 2016-07-11 11:57 - 00000000 ____D C:\Users\home\AppData\Roaming\Curse Client 2017-04-30 23:37 - 2017-01-18 21:09 - 00000000 ____D C:\Users\home\AppData\LocalLow\Mozilla 2017-04-30 22:26 - 2015-05-20 14:07 - 00000000 ____D C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2017-04-28 22:51 - 2014-02-12 18:42 - 00000000 ____D C:\Users\home\AppData\Roaming\Skype 2017-04-28 21:31 - 2016-07-11 12:57 - 00000000 ____D C:\Users\home\AppData\Roaming\.minecraft 2017-04-28 21:04 - 2017-03-05 17:21 - 00000000 ____D C:\Users\home\Documents\Euro Truck Simulator 2 2017-04-27 08:59 - 2016-09-21 20:33 - 00000000 ____D C:\Users\home\Desktop\Cope 2017-04-25 20:19 - 2017-01-13 21:31 - 00000000 ____D C:\Users\home\AppData\Roaming\TS3Client 2017-04-25 19:06 - 2016-07-27 12:56 - 00000000 ____D C:\Users\home\Desktop\FPS ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. LastRegBack: 2016-05-01 12:22 ==================== End of FRST.txt ============================ https://www.mycity.rs/must-login.png

Profil

Sass Drake Poslao: 21 Maj 2017 20:31 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ubuduće ne pokreći ComboFix na svoju ruku. Deinstaliraj KMP Service. Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja. Start ShellExecuteHooks: No Name - {F797446C-D3F2-11E6-AB72-64006A5CFC35} - C:\Users\home\AppData\Roaming\Terlcultclhach\Hejuck.dll -> No File Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\pLBfEuNP.lnk [2015-12-27] Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\xBchppIcvKkI.lnk [2015-12-27] GroupPolicyScripts\User: Restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-891269962-2659327078-604941568-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [No File] R1 netboostmaster; C:\Windows\system32\drivers\netboostmaster.sys [2894184 2017-05-18] () [File not signed] C:\Windows\system32\drivers\netboostmaster.sys R2 Uefochubsrv; C:\Windows\system32\drivers\Uefochubsrv.sys [196640 2017-05-17] () C:\Windows\system32\drivers\Uefochubsrv.sys 3 asqw883q; no ImagePath S1 aqhiqflc; \??\C:\Windows\system32\drivers\aqhiqflc.sys [X] S1 lnsubgoh; \??\C:\Windows\system32\drivers\lnsubgoh.sys [X] S1 netcontroller; system32\drivers\netcontroller.sys [X] S1 p1483530829am; \??\C:\Users\home\AppData\Local\Temp\bk3BC8.tmp\p1483530829am.sys [X] <==== ATTENTION S1 qaqjosyy; \??\C:\Windows\system32\drivers\qaqjosyy.sys [X] S1 whklgyqq; \??\C:\Windows\system32\drivers\whklgyqq.sys [X] C:\Users\home\AppData\Roaming\Ckozoghgrrucult C:\Windows\netboostmasterHelp.dll C:\Program Files\Common Files\JOS26Z5TB4 C:\Windows\winstart.bat Task: {021C4957-C686-453D-BD97-A66E26541E43} - \{F6CFA049-C08E-4CFC-86EE-63F98121EEA3} -> No File <==== ATTENTION Task: {0268EC37-1431-45DD-9DC7-0C27735ADF90} - \{F7F89A4C-C82A-4438-8F50-CEC78FD18EB1} -> No File <==== ATTENTION Task: {04A1325A-8D93-44CD-A2C9-818ED9A22B77} - \{24B6AC44-C107-451E-A4DA-078451DE4AF2} -> No File <==== ATTENTION Task: {0787CB74-F597-45F5-BB22-F6CA555B81C6} - \{FCD313EF-D517-4934-BDE0-D7A85EFBBE7B} -> No File <==== ATTENTION Task: {07DAED8E-402E-460F-AEDB-3BEFD367E3BF} - \{94356EF3-D734-405A-B4C9-559EDF7A9B18} -> No File <==== ATTENTION Task: {0A83CAC4-1F2C-4D68-A343-7836CA1160B0} - \{427C1731-1D98-4DC9-9EB6-C5F90371C640} -> No File <==== ATTENTION Task: {0B81A675-E446-4595-9850-29A67CDECA44} - \{73122A63-0E63-4FBF-8F9B-F627E8BCC1F3} -> No File <==== ATTENTION Task: {0C221DD8-8C7E-46B9-808A-E8033662E30D} - \{F95A9FED-2A82-4DF1-AB64-E843D8AB82A0} -> No File <==== ATTENTION Task: {1158C734-B394-4536-8EEC-4396E234F5EC} - \Update\Updater -> No File <==== ATTENTION Task: {11A25F9B-07CA-45AA-9E25-3498E25CB468} - \{9C9BB2DD-9439-4FD0-84C9-C7C85FABEBA8} -> No File <==== ATTENTION Task: {11B01798-6D7B-4F00-A7EF-CAB02AC18E1C} - \{03EB0363-EC0B-4B8C-A9D8-2025D5449D9C} -> No File <==== ATTENTION Task: {11BC7A69-6E31-4880-AB9B-70A78C57831E} - \{389F22FB-3E7F-4D1E-8940-D501B77ABB3B} -> No File <==== ATTENTION Task: {12E87865-0062-4784-ADCD-67CB2ECE08A8} - \{8C6D75DB-DAFF-4FAF-AB04-7D050C6E93FF} -> No File <==== ATTENTION Task: {12EE9DA0-5A07-4EC8-873F-61234C24A311} - \{8F3326B4-DB70-424E-B545-0C9F3A36A2E8} -> No File <==== ATTENTION Task: {15846F7D-0E03-4F29-9880-FE07DE53C503} - \{E3A79E4C-0BB0-4A1D-9CA9-B3109D5F88C4} -> No File <==== ATTENTION Task: {1657006A-B482-4D29-B6E3-3C63A54D999A} - \{6D2E81D6-124E-486A-AA10-EB285E6BE5B4} -> No File <==== ATTENTION Task: {19CCC563-61D9-4700-839A-363BAE7514B1} - \{78F2655C-F6EC-4FBB-95EE-4F0D87FDD5C0} -> No File <==== ATTENTION Task: {1C69C4BA-E0B2-4964-BA00-332F517CC7CE} - \{700CCB98-C22B-438A-86C8-90526553E5EE} -> No File <==== ATTENTION Task: {1C8282BA-FC63-4B6F-A081-D1FABC0EF971} - \{7624EE48-5567-4747-903D-1850C68D71EA} -> No File <==== ATTENTION Task: {1D317CFE-95FF-4C71-B570-22675D0A316E} - \{27E97674-BF6D-4907-9A21-73B7AEE9827C} -> No File <==== ATTENTION Task: {213EEF9E-A9BF-45D4-94B5-7F0672D69B86} - \{23CE292F-0B03-4FE6-B281-B44E0AFAAB27} -> No File <==== ATTENTION Task: {22AC9075-AA99-4A84-9C89-DEEB2AE47BD0} - \{2843C4F8-D8FD-4839-9AB4-D06BDCF52D19} -> No File <==== ATTENTION Task: {2334D3C2-E9DD-4A32-986A-2F5A07B6EC66} - \{C48651E0-16C3-417D-B75D-D59BAEBD69E5} -> No File <==== ATTENTION Task: {25D942F3-AB4A-4FA2-8DD3-0BAEAB0F5413} - \{E4BB30FD-3ADF-4D4C-A39E-E6ADBD588A94} -> No File <==== ATTENTION Task: {28DD2185-73A6-49E1-9984-CC53976E14FE} - \{3D0F34FC-0E1F-4E31-ADC8-6E4C9BFD9398} -> No File <==== ATTENTION Task: {299510A9-5B1D-40C5-AA39-91C26EEDB337} - \{5ABCC03E-72A9-40E9-B774-7860FB1FD3EB} -> No File <==== ATTENTION Task: {2AE1E351-E9AB-4D9B-99E6-6734EFCB31B7} - \{DB2C459F-9B23-4422-9303-C3F115D827AC} -> No File <==== ATTENTION Task: {2B120F5C-E9E5-4443-BAEA-F0C0A036987C} - \{86FA567A-92BE-45C5-B323-E899F5653BDA} -> No File <==== ATTENTION Task: {2D097F08-6CA1-46E1-B35B-CA9C35934F18} - \{FEF9877C-F04D-4344-AC63-F36378F2B5E7} -> No File <==== ATTENTION Task: {2DDC946B-D8EA-4387-BB01-55A21327F547} - \{43815921-8980-4422-B0D0-173D4829BD06} -> No File <==== ATTENTION Task: {310AC1CB-BAA5-4A1B-90E0-D6FD3C1DFF6F} - \{3D08D6E2-80BB-4EA2-9F8A-6420F50ECF63} -> No File <==== ATTENTION Task: {315DCF8D-1499-4E38-B473-0A0CC63682DB} - \{AD59F8AE-7E07-460E-9109-BB6F389F30F0} -> No File <==== ATTENTION Task: {35321151-885E-4B54-A10F-6189D18BBEB2} - \{01262B77-5FB6-495B-97EE-27F154522AA3} -> No File <==== ATTENTION Task: {369275DE-1BE3-4FB7-8710-DF9C8596B15F} - \Logic Bassbackpot -> No File <==== ATTENTION Task: {37BE735E-15CF-4F3D-AAA4-00D25222C7BD} - \{38369675-750A-47A9-AFD2-30D2EA3C24E4} -> No File <==== ATTENTION Task: {38EC7978-69FC-4F5B-B1E2-DB744E48A808} - \{009B5D71-9547-4842-BB2E-8A90542BA57B} -> No File <==== ATTENTION Task: {395E7783-6E5A-4F5A-BA52-7CE727A631C8} - \{FFDA3A34-4FD6-4C2F-9CAB-11BB0296A920} -> No File <==== ATTENTION Task: {399D3726-3517-404F-ADAB-F0AE68DACFC9} - \{95234E6B-6841-4EC0-A456-1C02AED6390C} -> No File <==== ATTENTION Task: {3A87B0B1-70FF-4F1F-B32B-2ABC7E5FA1CE} - \{F2E92004-2383-42B4-B368-7A4663C906B6} -> No File <==== ATTENTION Task: {3EBADDC8-0469-45DF-AFD2-F334E8BA4FF3} - \{47BC10E1-4D5C-4F2B-A447-4949BA6127CE} -> No File <==== ATTENTION Task: {40152C18-E02E-45DE-B504-5FBC80D85D42} - \{6CC11460-A0B7-41FC-9647-D6E59AEEBA01} -> No File <==== ATTENTION Task: {41040F92-74BA-4FF6-BE21-19564F0D5684} - \{35B19280-BF9E-4E04-94FD-CB5B7D6F58D8} -> No File <==== ATTENTION Task: {42DDDD9C-E08F-432C-B9E7-4CA1F23C42F1} - \{D0821C58-F7C7-408E-9353-541B863B6645} -> No File <==== ATTENTION Task: {43289BAB-AC88-4A93-8321-03D67B0DA86A} - \{36FCD34C-F42D-4663-B876-0A1569BBB5B9} -> No File <==== ATTENTION Task: {438FAFA7-208F-45E0-AE26-EA7EB50BA204} - \{4BDFC975-6AE8-4FE0-AC32-5805339193C1} -> No File <==== ATTENTION Task: {44E80608-507D-4CE6-876A-574D66CCD5C1} - \{BCEF3977-414A-4383-B832-A44771CE7A1E} -> No File <==== ATTENTION Task: {44F60783-C46E-41C1-9C50-F01CDDB874DF} - \{F66304BD-6A26-41BA-9D14-75368E4E9BDF} -> No File <==== ATTENTION Task: {452E5E3A-3C66-4C85-BCE6-7C675B42756D} - \{1F49CB54-F98A-42BD-87D4-D6A0DB593277} -> No File <==== ATTENTION Task: {466B2988-F55B-4049-91A6-60C3267D9391} - \{9FE45E16-78A7-4FDE-817A-381A8E5AABD8} -> No File <==== ATTENTION Task: {4EEA8BB4-657E-4B0B-84E3-B9A4C8236809} - \{E3D20143-DB69-4F24-B6FA-961CDE04C63F} -> No File <==== ATTENTION Task: {4F171B57-8388-49B3-8D6A-F2B75BAD8E5F} - \CMEClient -> No File <==== ATTENTION Task: {518E5831-E9C4-43D3-8678-127F1A62A383} - \{8B534022-41C8-4E48-B27A-91F6FCB35584} -> No File <==== ATTENTION Task: {52D1F8CF-E25F-4DD1-9697-9C244A2CBFFC} - \{153951CF-F55F-492B-A8EF-F91AD3916FE5} -> No File <==== ATTENTION Task: {54BEF785-FDF3-4FF4-B264-0CD4BC897EC5} - \{B21AA131-0883-4070-9ABB-3BF9A9D6EDE3} -> No File <==== ATTENTION Task: {54F8CD3A-21CD-4F2D-A498-8402F1777188} - \{0FB69A1C-A51D-41E6-ABC7-D27EC02CA0FE} -> No File <==== ATTENTION Task: {5534713C-2181-4AE5-B5F5-BFE88A5AF12A} - \Timesy -> No File <==== ATTENTION Task: {5B67C233-0D8E-448F-BAA1-0FB41BC4DD5A} - \{73CA0C02-BD44-4D02-9E41-BF2A027F706B} -> No File <==== ATTENTION Task: {5E89A5D6-AEC1-450D-B8E5-A9B16948FBB3} - \{14BFC73B-A8EF-48C1-A40A-20C2AC7C83D3} -> No File <==== ATTENTION Task: {5EAA541C-C063-4868-8576-43F66AC33FA6} - \{78BAA4A5-01EA-4951-9D45-CB2C97CCA56E} -> No File <==== ATTENTION Task: {5F2088AB-A85E-4542-8CEF-8281DA685356} - \{BCB5727A-FC57-469B-A966-71342A3924A8} -> No File <==== ATTENTION Task: {5F6DF262-8DC7-4821-9F92-7BBBBBDB53EC} - \{9781F516-BAB2-46EB-9074-15207D52A8A3} -> No File <==== ATTENTION Task: {5FCAE301-B644-463D-B3FB-E294F9A72623} - \Update\chrome -> No File <==== ATTENTION Task: {606774B8-B2DA-44A1-A3B7-B7AB086C592F} - \{71B3850B-3ACE-4D70-A238-2280A89D72F7} -> No File <==== ATTENTION Task: {60CCC08D-CE3E-4DB1-9370-90C03D9FE0BC} - \{6D4BC6F9-FEFD-4D1D-88D3-C09A390868F7} -> No File <==== ATTENTION Task: {625F3F09-DA8F-4D23-9A2D-64122F9775ED} - \{F594B291-7678-4578-A441-63DA2C9DC34A} -> No File <==== ATTENTION Task: {6263ED15-5E75-4A91-ADC3-937203CCAE69} - \{A609F35C-04DB-408F-A66C-36788AB0E610} -> No File <==== ATTENTION Task: {628265FD-3492-4F05-8744-61CBA7A09C5E} - \{58B04F95-F089-40BB-853A-0FE943499A5E} -> No File <==== ATTENTION Task: {62DCD9F9-4FAF-4B51-9002-E784ECB94E85} - \{AC81CFA9-EBEE-4052-9DB3-3E4B292851C2} -> No File <==== ATTENTION Task: {6321355F-40F0-4517-A0A4-C24659D2EBDF} - \RestoreSearch -> No File <==== ATTENTION Task: {676C0A8B-D51D-487D-BCE9-4D20F53C2338} - \{59F48C20-8D6B-4CF3-A829-D9D782ADE708} -> No File <==== ATTENTION Task: {67D30E8B-5ABA-47E5-B0FC-5A8463FD9177} - \{FCF913AC-63A3-4B47-B20A-84EB47BF9A62} -> No File <==== ATTENTION Task: {694122B9-9310-4E71-A633-E98913D44C85} - \{DDAAF7F6-489B-4367-ACE9-6B5DA4BCCEAC} -> No File <==== ATTENTION Task: {6964A134-99F3-488D-B418-57B8D88096E7} - \{7DE087E5-1089-4F48-9805-C9702283890F} -> No File <==== ATTENTION Task: {6AE5BF76-6347-4110-8B63-EF772468D21E} - \{6E5C8B73-CA6F-4E19-A489-FAE095EA3191} -> No File <==== ATTENTION Task: {6C809F9D-A8D8-464A-804D-E5A572A7BA3C} - \{5C11A6CC-EFFE-4928-932E-F22AAA29F54F} -> No File <==== ATTENTION Task: {6DE8F599-3777-492B-96CB-7FF633D27490} - \{79C16E31-3F5F-458C-AD00-2E2BC6C63A0A} -> No File <==== ATTENTION Task: {6FE61E75-3A56-4909-BC70-127DF5266A14} - \{33E8DC49-90B4-4265-9778-FD3D7F41D848} -> No File <==== ATTENTION Task: {7112AE87-6A6C-4055-9D86-6B626A63445D} - \{C34EB7DD-ED9D-4D51-85DF-24AF460D35E7} -> No File <==== ATTENTION Task: {7384DAF5-6082-48D5-B8AE-DD724C0ABA6E} - \{9893F4A9-510A-43EE-90CE-F8E1AC28AAE4} -> No File <==== ATTENTION Task: {752C8B01-3AF6-468B-89AB-83BB102BB7E7} - \{88D19BF8-D23C-44D3-8C4B-FC1480E45934} -> No File <==== ATTENTION Task: {767A1E62-7ABC-4A34-8DD9-C40271F11450} - \{01577AE0-BDFB-4E42-AB57-A8A74314B8AD} -> No File <==== ATTENTION Task: {76D76043-3116-4CB1-BCC1-8C9A9FE66476} - \{D1DDCCF3-85A8-4712-8801-1E3D362A0650} -> No File <==== ATTENTION Task: {78F4BF09-6033-4608-AC24-E783F8280F6B} - \{0CB1D5F3-92A3-481B-A65B-6A9EDEF00966} -> No File <==== ATTENTION Task: {7D6B779B-443A-4172-B65C-86AE9AA3C5EB} - \{D8F9C081-AA0F-47C7-B584-23B655C8EC69} -> No File <==== ATTENTION Task: {7FC325A9-A41E-45FC-B13E-706E6E41AE0A} - \GridinSoft Anti-Malware -> No File <==== ATTENTION Task: {808B3929-459F-4A2A-B4B4-01B1714B46C1} - \{68AFB766-E03B-4A14-B9C1-8DC184B4A0B1} -> No File <==== ATTENTION Task: {80A00316-EE09-4814-A770-4BC79A4022DA} - \{ED9D075E-B974-4C02-A800-55F61758957D} -> No File <==== ATTENTION Task: {83E6705B-06F6-4CF8-8533-77EF4E8026C9} - \Shawosataleent Cloud -> No File <==== ATTENTION Task: {862B1AAA-60EB-40CB-A7F4-0E9D5B75477C} - \{E1475237-D29B-4BAB-9798-67BCD0F9EFD6} -> No File <==== ATTENTION Task: {86368A01-38E3-413B-9061-C3BA096A45F4} - \{334CCA02-2E0A-44F2-8768-7F8A593ADD9A} -> No File <==== ATTENTION Task: {868C3BD3-631D-4041-A3BB-34B3F6820EAE} - \{045BF733-EB7A-4C92-9A4D-3CC9A533F0DA} -> No File <==== ATTENTION Task: {87AE5DA7-3B44-4993-B246-37C9AFB289CA} - \{DD52D378-7CB6-4103-B7CB-CEB8F713E300} -> No File <==== ATTENTION Task: {87DAD38E-1C20-48EA-AAEB-08AC4739DC7D} - \{8CE2615C-6AC0-4030-A887-E42B94BFA9D6} -> No File <==== ATTENTION Task: {9061F53A-D83E-4C4C-8DA3-8828AB66933D} - \{290B5832-29A8-4102-B459-E30303DD0EB1} -> No File <==== ATTENTION Task: {906C166C-17CC-44B9-8F31-F9397F8CFF4D} - \{95AF7C6C-0D22-4097-A0BA-2115195ABE40} -> No File <==== ATTENTION Task: {90904650-488E-475C-98E3-F58B67318F9B} - \coupons_and_fun_updating_service -> No File <==== ATTENTION Task: {91536AF1-F484-46E7-B6B2-7D60EBB8CD4F} - \{FDCBD0CC-816D-46A0-9E6C-BD2E0F6DA37D} -> No File <==== ATTENTION Task: {94205AF7-0FBB-467A-8876-4E200A967598} - \{7437A165-B02E-4AAF-AAEB-B092DE8494EA} -> No File <==== ATTENTION Task: {94881163-641A-4A62-A6C8-8F6B63C8370A} - \{12333994-9EC9-4422-A640-CCC1ACA8AB1B} -> No File <==== ATTENTION Task: {98D38215-B7F0-41BB-8D57-3C7CAB79D653} - \{BD27B57D-DB8E-4DDC-AAF2-61D5AF9686A1} -> No File <==== ATTENTION Task: {99553831-921F-4CC7-AF74-4327DA32035A} - \{DBC3418B-1DE9-44FE-84BF-64B1973B56D7} -> No File <==== ATTENTION Task: {9A109CC5-D9B4-4BE4-8AEF-393F8C2B8173} - \{FDF2D748-1C5B-4280-8473-AAB32D20CF76} -> No File <==== ATTENTION Task: {9A449F88-9F49-4B3F-927A-7440B7EF8DE3} - \{07C70E3D-8BE3-41A9-830E-E491D9058401} -> No File <==== ATTENTION Task: {9B10E5E6-F464-4E4D-B03D-F87240F54A8F} - \coupons_and_fun_notification_service -> No File <==== ATTENTION Task: {9B6F8B34-85EA-44E2-9BD6-EA315D746569} - \{299DD45D-47D7-4C9D-BDF5-480CAA6302F6} -> No File <==== ATTENTION Task: {9D462400-312F-49E9-B9F2-BC139103459A} - \{43639429-14DC-48D1-BF78-1987A1BB864E} -> No File <==== ATTENTION Task: {9FA33983-7B4A-47E3-9BE3-F576C8BA33DF} - \{642C71FA-DCB4-4F75-B659-34EE9570F8D3} -> No File <==== ATTENTION Task: {9FE6D745-2EA4-425D-B718-8661C57FAD75} - \{4CD0F658-AABF-40F2-A701-D1CBC68E7AF5} -> No File <==== ATTENTION Task: {A040AD14-515A-4014-B66F-3975D92835FC} - \{561272E7-898C-4E50-A001-C727A7DBBF79} -> No File <==== ATTENTION Task: {A1D603F9-F83B-49E4-824B-5B8ED922484D} - \{773DBD55-3BE1-4709-834A-EF28DA0DFEA3} -> No File <==== ATTENTION Task: {A524C7A8-FD0E-4B5B-9381-975464C5748A} - \{5391EC33-AEFC-4950-8F95-32A7873E4882} -> No File <==== ATTENTION Task: {A5B01224-EBB6-4A7E-B17D-49429F330104} - \{5131064A-5B24-4E9B-B40C-E42C890A10D5} -> No File <==== ATTENTION Task: {A5F1A4C7-92D6-4578-8573-48531ABDACBB} - \{0C39D59B-64C6-4E6B-84C6-AB556C129457} -> No File <==== ATTENTION Task: {A64F46F6-EC0E-491C-B0E5-F28DFE108C28} - \{D51392F9-FBA5-4083-8041-F06093568E46} -> No File <==== ATTENTION Task: {AA1C1FD3-DF32-434A-8183-AD2DE31A02E1} - \{28A1E884-0527-43F2-ADB0-84CFB9B3C154} -> No File <==== ATTENTION Task: {ACAAE61A-EA69-46F0-B9EC-3D49732E83C2} - \{C849BB67-932F-49BC-9939-BC60C5A25066} -> No File <==== ATTENTION Task: {AED1B781-66DB-4AE7-8E9D-0838E255A7D0} - \{7341FAA7-1FCE-414E-9EA5-E9EEA188D6CE} -> No File <==== ATTENTION Task: {AF53A491-0991-4606-8CC0-E77AD6E5BC62} - \{D522F370-A345-47DE-A74D-5A932F3705F4} -> No File <==== ATTENTION Task: {B0982C98-F420-4B6F-AB9C-AEF909E0389D} - \{E50759DE-ACEC-435E-9CEA-FF942C9ED51D} -> No File <==== ATTENTION Task: {B1062B71-0EB2-40A2-885E-FBAF93EA0B76} - \{86BFCAEA-FDF2-4FD6-9C42-645A56ED90B1} -> No File <==== ATTENTION Task: {B15BC34C-DB97-4265-B869-B8B8FCE9E959} - \{A57A6081-5972-4FCF-8D2B-D793867341E2} -> No File <==== ATTENTION Task: {B3B7B041-8FBE-443D-872A-E02EC330435E} - \{CB2747D4-01AC-4126-8FBF-CF6372A1B545} -> No File <==== ATTENTION Task: {B4F13F0B-5510-4D04-AAF5-E6D7662014B1} - \{779A1025-9DAC-4907-9806-6AD0298EA532} -> No File <==== ATTENTION Task: {BA5EA2B9-037E-402C-9CDC-76ED3144AFE8} - \{0B2E8D38-E2F4-4664-9ED5-2F65AD204AEC} -> No File <==== ATTENTION Task: {BC63F092-3085-4230-8E35-FA61D8D8C7C5} - \{AD60BBB4-E956-4EA4-93C7-D6236328B21E} -> No File <==== ATTENTION Task: {C013D968-E173-4B8A-A2AB-D1F978F52B5D} - \{D95DA88E-D1BD-41CE-8B93-0AE7C9229CE7} -> No File <==== ATTENTION Task: {C0922C5B-27C4-4373-96AA-362CBCA7A228} - \{2570E579-544B-4476-B415-804957ABA4DA} -> No File <==== ATTENTION Task: {C733F075-83C5-4815-A5B6-91F49D9BAFA6} - \{7A27D2EF-A219-49B9-9AE8-F260C76BCEC9} -> No File <==== ATTENTION Task: {C86CD957-10C7-432B-9BEA-AAFE4F7755E6} - \{474D12C5-9E5C-4282-8229-3F734F98586C} -> No File <==== ATTENTION Task: {C8A2ADBB-C4AB-48EE-A846-E4D5C82104E4} - \{32EBD1BF-8D5A-4778-9270-CDA181859C39} -> No File <==== ATTENTION Task: {C9A3BFE3-D53F-46DF-935F-43E19D746CE9} - \{F4788590-2878-4246-9B65-997F436B1CE7} -> No File <==== ATTENTION Task: {CB53B909-83D8-44BF-B11C-D94529186A30} - \{183E2C26-DE4A-43BE-83DF-7DB8EC808242} -> No File <==== ATTENTION Task: {CDAFA60E-FC0E-4896-9D08-5F78F4663A1D} - \{DE7265C2-5B4E-403F-B90D-65D115F186C7} -> No File <==== ATTENTION Task: {D08EF97B-0031-4E6F-826C-9F658D5DB1A3} - \{5CCEAA64-D75E-4BAF-BAA7-077EBA0F6D7E} -> No File <==== ATTENTION Task: {D266B3CB-4EC3-43DA-9A78-AAC6C8F3A53F} - System32\Tasks\Norton Security Scan for home => C:\PROGRA~2\NORTON~2\Engine\420~1.38\Nss.exe Task: {D3E55202-7584-488A-8567-E962501E73A2} - \{1FE525F5-9A9C-4BE0-A017-8C831E5E7E06} -> No File <==== ATTENTION Task: {D774E6E4-BDB7-48DA-AEF9-7B89E4B2E917} - \{5E3C9803-0ABD-4BD1-BD6B-0D036EF107C6} -> No File <==== ATTENTION Task: {D8AA1DA3-3C6A-4E6B-9DAE-3D3A072DEE3C} - \{BB4B2CBE-9F89-4B03-BEFA-30C2B0283936} -> No File <==== ATTENTION Task: {D9141D10-FD8E-403D-A17E-99FD4D44CEBF} - \{90A6E678-98E9-4835-8FC7-3225E0878DE1} -> No File <==== ATTENTION Task: {DACE5D1F-42B6-4ED3-B49C-BBA07A8A8E4F} - \{23ACFCAB-24DE-4D71-BB56-0121D15C9854} -> No File <==== ATTENTION Task: {DEAE654C-724F-4C1E-9451-0D1399F15709} - \{7A6DBB70-ACE8-4BEF-AE40-0C74D35C3E3D} -> No File <==== ATTENTION Task: {DF280203-FBEF-4DF6-B812-3806AABA4013} - \update-sys -> No File <==== ATTENTION Task: {DFDB715A-39DE-47A0-800E-4C6AB8BE1F29} - \{26459E4A-3952-408A-B1C5-5ADD14DCF284} -> No File <==== ATTENTION Task: {E401BC0F-53D9-4B28-AA6E-B1FA6527EA2E} - \{96CEAA70-C8B6-404C-B285-494EE7555670} -> No File <==== ATTENTION Task: {E4F98165-1938-49EB-9C85-0988817B4F98} - \{8495F13A-38A9-4978-BA78-193F345D31FE} -> No File <==== ATTENTION Task: {E5BC2D54-130A-43AD-A53F-545F77C95C36} - \{7F658C86-2B36-45D1-94D8-4D1E5ACADCBE} -> No File <==== ATTENTION Task: {E6CFA8CC-BEDB-4685-8A47-F5BB9A5B7F34} - \{AA3DBA3F-71D6-484B-880A-54ABDF62C5D3} -> No File <==== ATTENTION Task: {E8BA350F-DDD1-4A8D-BB0D-7C5D26CE6C6C} - \Bidaily Synchronize Task[973b] -> No File <==== ATTENTION Task: {ED330281-44BB-410B-892B-7E074BA59184} - \{1BF87C55-2F88-45E8-9BAD-DF0F7E7D9C6F} -> No File <==== ATTENTION Task: {EDDAB509-3037-42EF-BC49-A55743E8DC8A} - \{F6C3CCBA-79E8-4D43-BE04-BE15D6D8B58A} -> No File <==== ATTENTION Task: {EE258BCB-564F-4DF1-A3C0-B2CEC098E9B8} - \{B4A21FD2-832A-4908-AD2A-6B38EC02D4AE} -> No File <==== ATTENTION Task: {F174762F-70C0-4E7F-AE1D-E0BEC0253A36} - \UtilTool Antivirus Uninstallation task -> No File <==== ATTENTION Task: {F22D5EB5-1E51-4FB1-ACA2-71CEB34AC400} - \{D2BA58CB-45A0-49BC-8B56-E98FF95E109A} -> No File <==== ATTENTION Task: {F2397D82-3932-4DE2-ACE5-D558FF68651F} - \{62A89521-D82E-49A5-836B-6F5F121E7949} -> No File <==== ATTENTION Task: {F27DB97D-892E-4C3C-8130-79A820D48563} - \{BC2AF270-358B-4662-A9C8-89EE38688826} -> No File <==== ATTENTION Task: {F64BFCD1-BCB2-4A10-B8B3-8603D0B36129} - \{9E0E9A39-6A52-4322-98F7-825F10C2F1C9} -> No File <==== ATTENTION Task: {F7ADF2F9-8CC8-4A91-B051-12116D4E078D} - \{191F0379-CC41-447E-BD4B-AE10DBF7D3DF} -> No File <==== ATTENTION Task: {F8530F81-6AA9-4AA9-B2AD-DEC192D929AC} - no filepath Task: {FAA3241D-CA85-4A20-A6C5-5F677E78EA6E} - \{E0AAE885-7FCF-4A2C-BA19-96CA5E6EE21B} -> No File <==== ATTENTION Task: {FAF269ED-29A5-4509-AC44-70E9F6C0E6C8} - \{2E97BB2A-B64E-4E25-AE7A-303022D72EB5} -> No File <==== ATTENTION Task: {FC4E7752-5966-45D7-ADAC-538F7431FEBF} - \{2AFF3FFF-C0C7-496D-9532-AA76389FF8E1} -> No File <==== ATTENTION Task: {FC5B0757-55E1-4646-B036-7A47CBA1B012} - \{A5791B10-2C91-4460-B01D-31759DD53E9C} -> No File <==== ATTENTION Task: {FE107C6A-91C2-48B5-B8B1-099DCDE12898} - \update-S-1-5-21-891269962-2659327078-604941568-1000 -> No File <==== ATTENTION Task: {FE926D2E-8C67-40E6-B2B5-D3F6E50047C8} - \{CDEFA47E-F98A-4418-AE96-AE94152A81BB} -> No File <==== ATTENTION ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> C:\Windows\netboostmasterHelp.dll c:\windows\syswow64\auhardwaregl.dll AlternateDataStreams: C:\Users\home:Heroes & Generals [38] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service" FirewallRules: [{70FD5DB9-A671-43E2-94D8-9E65DB3ED14A}] => (Allow) C:\Users\home\AppData\Local\iLivid\iLivid.exe FirewallRules: [{B7EB6C5C-F8E2-49B8-A0F9-1ADFA184195F}] => (Allow) C:\Users\home\AppData\Local\iLivid\iLivid.exe FirewallRules: [{6137EFAD-4868-4962-878E-8742618C04A3}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe FirewallRules: [{86F245D9-ED2D-46F8-BCF4-0DDEAE818BD6}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe FirewallRules: [{2CC1DDD6-83E7-41A3-8845-AC1697E8C043}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe FirewallRules: [{F0DDA18D-BFAC-422C-BE95-AD7497A2DAE1}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe FirewallRules: [{0F331CC1-EA79-4E50-A4AD-A9C2D5F3F4C8}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe FirewallRules: [{F7CDAA92-AFD1-4FF2-96C3-D208D12CB8BB}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe FirewallRules: [{DE2F1828-8885-4EE8-80FE-4C3C1B5006DE}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe FirewallRules: [{0C49A716-F777-4113-A047-E8B9E12EB716}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe C:\Users\home\AppData\Roaming\Terlcultclhach End U okviru Notepad-a klikni na File --> Save As Pod Encoding izaberi UTF-8. Fajl nazovi Fixlist i sačuvaj na Desktop Dvoklikom ponovo pokreni FRST.exe Klikni na Fix i sačekaj dok program ne završi. Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi. Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu. Takođe, na Desktop-u će se nalaziti (fixlog.txt).

Profil

MyCity » Ambulanta -> Arhiva Ambulante » malicious software

Ko je trenutno na forumu

Ukupno su 516 korisnika na forumu :: 6 registrovanih, 0 sakrivenih i 510 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Dorcolac, milenko crazy north, nenad81, Shilok, TBF1D, vukovi

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by