MyCity » Ambulanta -> Arhiva Ambulante » Provjera od virusa

Provjera od virusa

Napisano na dan: 3.12.2016

Strana:
1
2

Provjera od virusa

Sledeća strana

Pagination

Odgovori

Strana:
1
2

TheSpringEagle Poslao: 03 Dec 2016 07:03 Idi na vrh
offline TheSpringEagle AMF student Anunnaki Pridružio: 20 Apr 2012 Poruke: 1645	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pozdrav mislim da sam pokupio viruse kad sam nesto skido sa neta pa ako mozete da provjerite. Izvjestaj Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2016 Ran by AnunnakiFox (administrator) on DESKTOP-CFRJGIG (03-12-2016 06:59:50) Running from C:\Users\AnunnakiFox\Desktop Loaded Profiles: AnunnakiFox (Available Profiles: AnunnakiFox) Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe (Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Users\AnunnakiFox\AppData\Local\Temp\79C6.tmp.exe () C:\Users\AnunnakiFox\AppData\Local\Temp\e.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-26] (Microsoft Corporation) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd) HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\Run: [uTorrent] => C:\Users\AnunnakiFox\AppData\Roaming\uTorrent\uTorrent.exe [2145984 2016-11-27] (BitTorrent Inc.) HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation) HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\Run: [mailruhomesearch] => C:\Users\AnunnakiFox\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe [3036376 2016-12-03] () HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\Run: [qeyxegvfqx] => explorer "hxxp://imatiro.ru/?utm_source=uoua03&utm_content=2ab9a970874b6c3a100ddbe365669ec3&utm_term=4B68B10C94E01EDEC55268D5447BEC68&utm_d=20161203" <===== ATTENTION HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\RunOnce: [Uninstall C:\Users\AnunnakiFox\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\AnunnakiFox\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64" HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\RunOnce: [lugegllsni] => C:\Users\AnunnakiFox\AppData\Local\Temp\DM7s39EtwBFq.exe [848896 2016-12-03] () <===== ATTENTION HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\RunOnce: [rcldtcshof] => C:\Users\AnunnakiFox\AppData\Local\Temp\e.exe [803824 2016-12-03] () <===== ATTENTION HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\RunOnce: [speeddialmaker_delete_self] => C:\Users\AnunnakiFox\AppData\Local\Temp\U57ajvL99auW.exe [848896 2016-12-03] () <===== ATTENTION HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\RunOnce: [hflnhwxwiy] => C:\Users\AnunnakiFox\AppData\Local\Temp\3nrXc8cz7eMc.exe [848896 2016-12-03] () <===== ATTENTION HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\RunOnce: [wmdfnjcycn] => C:\Users\AnunnakiFox\AppData\Local\Temp\e.exe [803824 2016-12-03] () <===== ATTENTION HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\Winlogon: [Shell] c:\windows\explorer.exe [4673296 2016-09-15] (Microsoft Corporation) <==== ATTENTION Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-06-25] ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () GroupPolicy: Restriction <======= ATTENTION GroupPolicy\User: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{97e2d7b9-0239-4080-8af7-607c7d8fcacc}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=818405 SearchScopes: HKU\S-1-5-21-2028377596-1738238198-4291754873-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B056BB1A9-A2E1-4230-ABB9-4D8CC0718057%7D&gp=811014 SearchScopes: HKU\S-1-5-21-2028377596-1738238198-4291754873-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B056BB1A9-A2E1-4230-ABB9-4D8CC0718057%7D&gp=811014 BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-10-30] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-10-30] (Microsoft Corporation) BHO-x32: Ïîèñê@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\AnunnakiFox\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2016-12-03] (Mail.Ru) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: mizzs6r0.default FF ProfilePath: C:\Users\AnunnakiFox\AppData\Roaming\Mozilla\Firefox\Profiles\r1mj2ed7.default [2016-12-03] FF NetworkProxy: Mozilla\Firefox\Profiles\r1mj2ed7.default -> type", FF ProfilePath: C:\Users\AnunnakiFox\AppData\Roaming\Profiles\mizzs6r0.default [2016-12-03] FF DefaultSearchEngine: Profiles\mizzs6r0.default -> Поиск@Mail.Ru FF SelectedSearchEngine: Profiles\mizzs6r0.default -> Поиск@Mail.Ru FF Homepage: Profiles\mizzs6r0.default -> hxxp://mail.ru/cnt/10445?gp=818405 FF Keyword.URL: Profiles\mizzs6r0.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7BE4DC0C57-BFE6-42A6-AB28-E5562AE91FA8%7D&gp=811014 FF Extension: (Firefox Hotfix) - C:\Users\AnunnakiFox\AppData\Roaming\Profiles\mizzs6r0.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-10-15] FF Extension: (Домашняя страница Mail.Ru) - C:\Users\AnunnakiFox\AppData\Roaming\Profiles\mizzs6r0.default\Extensions\homepage@mail.ru [2016-12-03] FF Extension: (Поиск@Mail.Ru) - C:\Users\AnunnakiFox\AppData\Roaming\Profiles\mizzs6r0.default\Extensions\search@mail.ru [2016-12-03] FF Extension: (Визуальные закладки @Mail.Ru) - C:\Users\AnunnakiFox\AppData\Roaming\Profiles\mizzs6r0.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2016-12-03] FF SearchPlugin: C:\Users\AnunnakiFox\AppData\Roaming\Profiles\mizzs6r0.default\searchplugins\mailru.xml [2016-12-03] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-30] (Microsoft Corporation) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-10-30] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-10-30] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-24] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-24] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-05] (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Profile: C:\Users\AnunnakiFox\AppData\Local\Google\Chrome\User Data\Default [2016-12-03] CHR Extension: (Google Drive) - C:\Users\AnunnakiFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-05] CHR Extension: (YouTube) - C:\Users\AnunnakiFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-05] CHR Extension: (AdBlock) - C:\Users\AnunnakiFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-30] CHR Extension: (Chrome Web Store Payments) - C:\Users\AnunnakiFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-05] CHR Extension: (Gmail) - C:\Users\AnunnakiFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-05] CHR Extension: (Chrome Media Router) - C:\Users\AnunnakiFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-05] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2016-10-30] (Microsoft Corporation) R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-24] (NVIDIA Corporation) R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-17] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2118664 2016-11-30] (Electronic Arts) R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180112 2016-11-30] (Electronic Arts) S3 PAExec; C:\Windows\PAExec.exe [189112 2016-09-23] (Power Admin LLC) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-16] (Malwarebytes) R1 MpKsldb6673a5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{610583C9-CA3F-42E9-9ACF-E922C14D3698}\MpKsldb6673a5.sys [44928 2016-11-30] (Microsoft Corporation) R1 MpKslDrv; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{610583C9-CA3F-42E9-9ACF-E922C14D3698}\MpKslDrv.sys [44928 2016-11-29] (Microsoft Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 netr28ux; C:\WINDOWS\system32\DRIVERS\netr28ux.sys [2244944 2016-05-09] (MediaTek Inc.) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3696fe4b96482e60\nvlddmkm.sys [14182960 2016-11-25] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-11-17] (NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] () S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-07-18] (Anchorfree Inc.) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-10-05] (Zemana Ltd.) S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-03 06:59 - 2016-12-03 07:00 - 00018463 _____ C:\Users\AnunnakiFox\Desktop\FRST.txt 2016-12-03 06:59 - 2016-12-03 06:59 - 00000000 ____D C:\FRST 2016-12-03 06:58 - 2016-12-03 06:58 - 02411520 _____ (Farbar) C:\Users\AnunnakiFox\Desktop\FRST64.exe 2016-12-03 06:48 - 2016-12-03 06:48 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Local\Вoйти в Интeрнет 2016-12-03 06:47 - 2016-12-03 06:47 - 00003506 _____ C:\WINDOWS\System32\Tasks\fupdate 2016-12-03 06:47 - 2016-12-03 06:47 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Local\fupdate 2016-12-03 06:46 - 2016-12-03 06:57 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Local\syslog 2016-12-03 06:46 - 2016-12-03 06:46 - 00003654 _____ C:\WINDOWS\System32\Tasks\syslog 2016-12-03 06:45 - 2016-12-03 06:45 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Local\Поиcк в Интeрнете 2016-12-03 06:43 - 2016-12-03 06:43 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Local\Mail.Ru 2016-12-03 06:43 - 2016-12-03 06:43 - 00000000 ____D C:\ProgramData\Mail.Ru 2016-12-03 06:39 - 2016-12-03 06:39 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Local\Steam 2016-12-03 06:33 - 2016-12-03 06:44 - 00000000 ____D C:\Program Files (x86)\Steam 2016-12-03 06:33 - 2016-12-03 06:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2016-12-03 02:48 - 2016-12-03 02:48 - 00001824 _____ C:\Users\AnunnakiFox\Desktop\Counter-Strike Global Offensive.lnk 2016-12-01 12:35 - 2016-12-01 12:35 - 00000000 ____D C:\Users\AnunnakiFox\Documents\My Games 2016-12-01 12:31 - 2016-12-01 12:31 - 00000000 ____D C:\ProgramData\Codemasters 2016-12-01 12:29 - 2016-12-01 12:29 - 00001581 _____ C:\Users\Public\Desktop\F1 2015.lnk 2016-12-01 12:29 - 2016-12-01 12:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F1 2015 2016-12-01 04:01 - 2016-11-24 20:22 - 00134712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2016-12-01 04:00 - 2016-12-01 04:00 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2016-12-01 04:00 - 2016-09-09 19:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2016-12-01 04:00 - 2016-09-09 19:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll 2016-12-01 04:00 - 2016-09-09 19:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2016-12-01 04:00 - 2016-09-09 19:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe 2016-12-01 03:58 - 2016-11-24 21:53 - 40123840 _____ C:\WINDOWS\system32\nvcompiler.dll 2016-12-01 03:58 - 2016-11-24 21:53 - 35224632 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll 2016-12-01 03:58 - 2016-11-24 21:53 - 34711096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 2016-12-01 03:58 - 2016-11-24 21:53 - 28202040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2016-12-01 03:58 - 2016-11-24 21:53 - 10912744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll 2016-12-01 03:58 - 2016-11-24 21:53 - 10804064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2016-12-01 03:58 - 2016-11-24 21:53 - 10354800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2016-12-01 03:58 - 2016-11-24 21:53 - 09158616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2016-12-01 03:58 - 2016-11-24 21:53 - 08913512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll 2016-12-01 03:58 - 2016-11-24 21:53 - 08762072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2016-12-01 03:58 - 2016-11-24 21:53 - 02953152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2016-12-01 03:58 - 2016-11-24 21:53 - 02586048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2016-12-01 03:58 - 2016-11-24 21:53 - 01951680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437609.dll 2016-12-01 03:58 - 2016-11-24 21:53 - 01586744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437609.dll 2016-12-01 03:58 - 2016-11-24 21:53 - 01037248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2016-12-01 03:58 - 2016-11-24 21:53 - 00975296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2016-12-01 03:58 - 2016-11-24 21:53 - 00945208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2016-12-01 03:58 - 2016-11-24 21:53 - 00895424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2016-12-01 03:58 - 2016-11-24 21:53 - 00683640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll 2016-12-01 03:58 - 2016-11-24 21:53 - 00572888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll 2016-12-01 03:43 - 2016-12-01 03:59 - 00000000 ____D C:\WINDOWS\LastGood 2016-12-01 03:43 - 2016-11-17 14:45 - 00101824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll 2016-12-01 03:43 - 2016-11-17 14:45 - 00091584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll 2016-11-30 00:50 - 2016-11-30 00:50 - 00000026 _____ C:\Users\AnunnakiFox\Downloads\fifa 17 account 6.txt 2016-11-29 12:28 - 2016-12-01 04:14 - 00000000 ____D C:\Users\AnunnakiFox\Desktop\fifa 17 2016-11-27 16:29 - 2016-11-27 16:29 - 00000000 ____D C:\Users\AnunnakiFox\Documents\KONAMI 2016-11-27 13:24 - 2016-11-30 20:06 - 00002238 _____ C:\Users\AnunnakiFox\Desktop\Pro Evolution Soccer 2017.lnk 2016-11-26 16:05 - 2016-11-26 16:05 - 00000021 _____ C:\Users\AnunnakiFox\Desktop\Battelfile 1 account.txt 2016-11-26 15:44 - 2016-11-26 15:45 - 00000000 ____D C:\Users\AnunnakiFox\Documents\Battlefield 1 2016-11-26 14:44 - 2016-11-26 14:44 - 00000757 _____ C:\Users\Public\Desktop\Battlefield 1.lnk 2016-11-26 14:44 - 2016-11-26 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1 2016-11-23 23:02 - 2016-11-23 23:02 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Roaming\GTAV Enhanced Native Trainer 2016-11-23 09:14 - 2016-11-23 09:15 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Local\MegaDownloader 2016-11-23 09:14 - 2016-09-16 08:55 - 02165541 _____ C:\Users\AnunnakiFox\Desktop\AntiLimite.exe 2016-11-20 23:12 - 2016-11-20 23:12 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Roaming\NVIDIA 2016-11-20 01:22 - 2016-11-20 01:22 - 00000000 ____D C:\Users\AnunnakiFox\.QtWebEngineProcess 2016-11-20 01:22 - 2016-11-20 01:22 - 00000000 ____D C:\Users\AnunnakiFox\.Origin 2016-11-20 00:37 - 2016-11-17 03:06 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437595.dll 2016-11-20 00:37 - 2016-11-17 03:06 - 01585088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437595.dll 2016-11-18 20:14 - 2016-11-18 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.6 2016-11-18 20:13 - 2016-11-18 20:14 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.6 2016-11-17 00:12 - 2016-11-17 00:12 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2016-11-16 17:19 - 2016-11-16 17:19 - 00000080 _____ C:\Users\AnunnakiFox\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 2016-11-16 17:15 - 2016-11-23 22:38 - 00000613 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto V.lnk 2016-11-16 17:15 - 2016-11-23 22:38 - 00000601 _____ C:\Users\Public\Desktop\Grand Theft Auto V.lnk 2016-11-16 17:06 - 2016-11-16 17:06 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Roaming\Grand Theft Auto V 2016-11-16 17:06 - 2016-11-16 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics 2016-11-05 23:16 - 2016-11-05 23:16 - 00000000 __SHD C:\ProgramData\SecuROM 2016-11-05 22:51 - 2016-11-05 23:16 - 00001711 _____ C:\Users\Public\Desktop\Grand Theft Auto IV.lnk 2016-11-05 22:51 - 2016-11-05 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto IV 2016-11-05 01:40 - 2016-11-14 23:45 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-11-05 01:39 - 2016-11-05 17:02 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-11-05 01:39 - 2016-11-05 17:02 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-11-05 01:39 - 2016-11-05 01:39 - 00003998 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-11-05 01:39 - 2016-11-05 01:39 - 00003766 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-03 07:00 - 2016-10-05 21:23 - 00746553 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2016-12-03 06:43 - 2016-06-26 16:51 - 00000400 __RSH C:\ProgramData\ntuser.pol 2016-12-03 06:38 - 2016-09-14 02:54 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Roaming\Origin 2016-12-03 06:38 - 2016-09-09 18:28 - 00000000 ____D C:\ProgramData\Origin 2016-12-03 06:37 - 2016-10-06 00:50 - 00004180 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1F213B35-2911-406D-BF02-4EE7679EE333} 2016-12-03 06:32 - 2016-09-25 22:00 - 00000000 ____D C:\ProgramData\NVIDIA 2016-12-03 04:15 - 2016-09-25 22:04 - 00000000 ____D C:\Users\AnunnakiFox 2016-12-03 04:15 - 2016-09-25 21:58 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-12-03 03:11 - 2016-10-08 04:05 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Local\CrashDumps 2016-12-03 02:48 - 2016-09-12 02:08 - 00000000 ____D C:\Games 2016-12-03 02:22 - 2016-06-26 00:09 - 00000000 ____D C:\ProgramData\Package Cache 2016-12-02 04:16 - 2016-06-25 14:21 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Roaming\uTorrent 2016-12-01 13:26 - 2016-06-25 13:32 - 03244936 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-12-01 04:01 - 2016-09-25 22:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-12-01 04:01 - 2016-09-23 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2016-12-01 04:01 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF 2016-12-01 03:44 - 2016-09-25 22:20 - 00003950 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2016-12-01 03:43 - 2016-09-25 22:20 - 00004014 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2016-12-01 03:43 - 2016-09-25 22:20 - 00003986 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2016-12-01 03:43 - 2016-09-25 22:20 - 00003924 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2016-12-01 03:43 - 2016-09-25 22:20 - 00003762 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2016-12-01 03:43 - 2016-09-25 22:20 - 00003720 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2016-12-01 03:43 - 2016-09-25 22:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-12-01 03:43 - 2016-09-25 22:00 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2016-11-30 23:12 - 2016-09-25 22:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-11-30 23:11 - 2016-06-25 13:45 - 00000000 __SHD C:\Users\AnunnakiFox\IntelGraphicsProfiles 2016-11-30 20:02 - 2016-10-07 17:56 - 00000000 ____D C:\Users\AnunnakiFox\Downloads\GAMES 2016-11-30 19:42 - 2016-10-28 22:47 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pesgalaxy.com Patch 2017 2016-11-30 00:11 - 2016-09-14 02:53 - 00000000 ____D C:\Program Files (x86)\Origin 2016-11-29 22:09 - 2015-10-30 08:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2016-11-29 06:27 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2016-11-29 05:53 - 2016-07-11 11:57 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Local\JDownloader v2.0 2016-11-26 14:44 - 2016-09-23 19:22 - 00000000 ___HD C:\Program Files\Common Files\EAInstaller 2016-11-24 21:53 - 2016-09-23 19:07 - 03934320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2016-11-24 21:53 - 2016-09-23 19:07 - 03474064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2016-11-24 21:53 - 2016-09-23 19:07 - 00042296 _____ C:\WINDOWS\system32\nvinfo.pb 2016-11-24 20:39 - 2016-09-25 22:00 - 06384576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2016-11-24 20:39 - 2016-09-25 22:00 - 02477624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2016-11-24 20:39 - 2016-09-25 22:00 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2016-11-24 20:39 - 2016-09-25 22:00 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2016-11-24 20:39 - 2016-09-25 22:00 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2016-11-24 20:39 - 2016-09-25 22:00 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2016-11-24 20:39 - 2016-09-25 22:00 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2016-11-24 20:39 - 2016-09-23 18:12 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat 2016-11-23 23:43 - 2016-10-07 01:52 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Roaming\New Technology Studio 2016-11-23 13:58 - 2016-09-25 22:00 - 07538847 _____ C:\WINDOWS\system32\nvcoproc.bin 2016-11-23 13:29 - 2016-10-29 22:11 - 00000000 ____D C:\ProgramData\Steam 2016-11-21 17:03 - 2016-06-25 15:03 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Local\ElevatedDiagnostics 2016-11-18 20:14 - 2016-06-27 15:03 - 00001158 _____ C:\Users\AnunnakiFox\Desktop\Cheat Engine.lnk 2016-11-17 14:45 - 2016-09-23 18:12 - 01854400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2016-11-17 14:45 - 2016-09-23 18:12 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll 2016-11-17 14:45 - 2016-09-23 18:12 - 01452480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2016-11-17 14:45 - 2016-09-23 18:12 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2016-11-17 14:45 - 2016-09-23 18:12 - 00120256 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll 2016-11-17 14:45 - 2016-09-23 18:12 - 00046016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys 2016-11-17 03:06 - 2016-09-23 19:07 - 03934504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\SET8A03.tmp 2016-11-17 03:06 - 2016-09-23 19:07 - 03474064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\SET9838.tmp 2016-11-17 00:12 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-11-17 00:12 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-11-17 00:11 - 2016-06-30 14:26 - 00000000 ____D C:\Program Files\Microsoft Office 2016-11-16 17:14 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-11-16 17:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-11-15 22:24 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps 2016-11-11 20:44 - 2016-06-25 14:11 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-11-11 20:44 - 2016-06-25 14:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-11-09 02:58 - 2016-09-25 22:20 - 00003994 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2016-11-09 02:58 - 2016-09-25 22:20 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2016-11-09 02:58 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2016-11-09 02:58 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2016-11-07 00:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-11-05 23:23 - 2016-10-12 16:19 - 00000000 ____D C:\Users\AnunnakiFox\Documents\Rockstar Games 2016-11-05 23:16 - 2016-06-29 12:57 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Local\Rockstar Games 2016-11-05 22:20 - 2016-10-19 20:51 - 00000000 ___HD C:\WINDOWS\msdownld.tmp 2016-11-05 22:20 - 2016-10-02 17:25 - 00000000 ____D C:\WINDOWS\SysWOW64\directx 2016-11-05 01:40 - 2016-06-25 13:55 - 00000000 ____D C:\Users\AnunnakiFox\AppData\Local\Google 2016-11-05 01:40 - 2016-06-25 13:55 - 00000000 ____D C:\Program Files (x86)\Google Files to move or delete: ==================== C:\Users\AnunnakiFox\AppData\Local\Temp\DM7s39EtwBFq.exe C:\Users\AnunnakiFox\AppData\Local\Temp\e.exe C:\Users\AnunnakiFox\AppData\Local\Temp\U57ajvL99auW.exe C:\Users\AnunnakiFox\AppData\Local\Temp\3nrXc8cz7eMc.exe Some files in TEMP: ==================== C:\Users\AnunnakiFox\AppData\Local\Temp\3nrXc8cz7eMc.exe C:\Users\AnunnakiFox\AppData\Local\Temp\40CB.tmp.exe C:\Users\AnunnakiFox\AppData\Local\Temp\6mQKZ6mKKv6q.exe C:\Users\AnunnakiFox\AppData\Local\Temp\79C6.tmp.exe C:\Users\AnunnakiFox\AppData\Local\Temp\BOOgBLmVi64t.exe C:\Users\AnunnakiFox\AppData\Local\Temp\DM7s39EtwBFq.exe C:\Users\AnunnakiFox\AppData\Local\Temp\e.exe C:\Users\AnunnakiFox\AppData\Local\Temp\i4pT0T2DJnOO.exe C:\Users\AnunnakiFox\AppData\Local\Temp\libeay32.dll C:\Users\AnunnakiFox\AppData\Local\Temp\msvcr120.dll C:\Users\AnunnakiFox\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\AnunnakiFox\AppData\Local\Temp\nvStInst.exe C:\Users\AnunnakiFox\AppData\Local\Temp\otdCrG3QdIqQ.exe C:\Users\AnunnakiFox\AppData\Local\Temp\ovi-uninstall.exe C:\Users\AnunnakiFox\AppData\Local\Temp\piFPyCm5k4fo.exe C:\Users\AnunnakiFox\AppData\Local\Temp\proxy_vole4085582568329282538.dll C:\Users\AnunnakiFox\AppData\Local\Temp\proxy_vole5742762188718867726.dll C:\Users\AnunnakiFox\AppData\Local\Temp\proxy_vole7696562017030193127.dll C:\Users\AnunnakiFox\AppData\Local\Temp\proxy_vole932107075804250899.dll C:\Users\AnunnakiFox\AppData\Local\Temp\sqlite3.dll C:\Users\AnunnakiFox\AppData\Local\Temp\U57ajvL99auW.exe C:\Users\AnunnakiFox\AppData\Local\Temp\_Uninstall_0.exe C:\Users\AnunnakiFox\AppData\Local\Temp\_Uninstall_1.exe C:\Users\AnunnakiFox\AppData\Local\Temp\_Uninstall_2.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-11-27 22:43 ==================== End of FRST.txt ============================ https://www.mycity.rs/must-login.png

Profil

magna86 Poslao: 03 Dec 2016 09:31 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav TSE, 1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod: Start CreateRestorePoint: CMD: dir /a "C:\Program Files (x86)\Internet Explorer" CMD: dir /a "C:\Program Files (x86)\Google\Chrome\Application" CMD: dir /a "C:\Program Files (x86)\Mozilla Firefox" CloseProcesses: HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\Run: [qeyxegvfqx] => explorer "hxxp://imatiro.ru/?utm_source=uoua03&utm_content=2ab9a970874b6c3a100ddbe365669ec3&utm_term=4B68B10C94E01EDEC55268D5447BEC68&utm_d=20161203" <===== ATTENTION HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\RunOnce: [lugegllsni] => C:\Users\AnunnakiFox\AppData\Local\Temp\DM7s39EtwBFq.exe [848896 2016-12-03] () <===== ATTENTION HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\RunOnce: [rcldtcshof] => C:\Users\AnunnakiFox\AppData\Local\Temp\e.exe [803824 2016-12-03] () <===== ATTENTION HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\RunOnce: [speeddialmaker_delete_self] => C:\Users\AnunnakiFox\AppData\Local\Temp\U57ajvL99auW.exe [848896 2016-12-03] () <===== ATTENTION HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\RunOnce: [hflnhwxwiy] => C:\Users\AnunnakiFox\AppData\Local\Temp\3nrXc8cz7eMc.exe [848896 2016-12-03] () <===== ATTENTION HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\RunOnce: [wmdfnjcycn] => C:\Users\AnunnakiFox\AppData\Local\Temp\e.exe [803824 2016-12-03] () <===== ATTENTION HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\Winlogon: [Shell] c:\windows\explorer.exe [4673296 2016-09-15] (Microsoft Corporation) <==== ATTENTION GroupPolicy: Restriction <======= ATTENTION GroupPolicy\User: Restriction <======= ATTENTION Task: {7F35192B-E3F5-473F-A24A-B5697D983825} - System32\Tasks\fupdate => C:\Users\AnunnakiFox\AppData\Local\fupdate\fupdate.exe [2016-12-03] () <==== ATTENTION Task: {F3DB65C1-8754-4D7B-8421-095319F093DB} - System32\Tasks\syslog => C:\Users\AnunnakiFox\AppData\Local\syslog\syslog.exe [2016-12-03] () <==== ATTENTION HKLM\...\StartupApproved\Run: => "88a3f2174281af74dff06070fe6017be" HKLM\...\StartupApproved\Run: => "24ad1f0ceb139609d085894b0f44d4cb" HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\StartupApproved\StartupFolder: => "POEhVZUhZGWY.lnk" HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\StartupApproved\Run: => "88a3f2174281af74dff06070fe6017be" HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\StartupApproved\Run: => "24ad1f0ceb139609d085894b0f44d4cb" Hosts: C:\WINDOWS\System32\Tasks\fupdate C:\Users\AnunnakiFox\AppData\Local\fupdate C:\Users\AnunnakiFox\AppData\Local\syslog C:\WINDOWS\System32\Tasks\syslog AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [80850] AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [360536] AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1156450] EmptyTemp: End 2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi. 3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj. Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema. Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku. Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Profil

TheSpringEagle Poslao: 03 Dec 2016 15:33 Idi na vrh
offline TheSpringEagle AMF student Anunnaki Pridružio: 20 Apr 2012 Poruke: 1645	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Fix result of Farbar Recovery Scan Tool (x64) Version: 02-12-2016 Ran by AnunnakiFox (03-12-2016 15:28:13) Run:1 Running from C:\Users\AnunnakiFox\Desktop Loaded Profiles: AnunnakiFox (Available Profiles: AnunnakiFox) Boot Mode: Normal ============================================== fixlist content: *************** Start CreateRestorePoint: CMD: dir /a "C:\Program Files (x86)\Internet Explorer" CMD: dir /a "C:\Program Files (x86)\Google\Chrome\Application" CMD: dir /a "C:\Program Files (x86)\Mozilla Firefox" CloseProcesses: HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\Run: [qeyxegvfqx] => explorer "hxxp://imatiro.ru/?utm_source=uoua03&utm_content=2ab9a970874b6c3a100ddbe365669ec3&utm_term=4B68B10C94E01EDEC55268D5447BEC68&utm_d=20161203" <===== ATTENTION HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\RunOnce: [lugegllsni] => C:\Users\AnunnakiFox\AppData\Local\Temp\DM7s39EtwBFq.exe [848896 2016-12-03] () <===== ATTENTION HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\RunOnce: [rcldtcshof] => C:\Users\AnunnakiFox\AppData\Local\Temp\e.exe [803824 2016-12-03] () <===== ATTENTION HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\RunOnce: [speeddialmaker_delete_self] => C:\Users\AnunnakiFox\AppData\Local\Temp\U57ajvL99auW.exe [848896 2016-12-03] () <===== ATTENTION HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\RunOnce: [hflnhwxwiy] => C:\Users\AnunnakiFox\AppData\Local\Temp\3nrXc8cz7eMc.exe [848896 2016-12-03] () <===== ATTENTION HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\RunOnce: [wmdfnjcycn] => C:\Users\AnunnakiFox\AppData\Local\Temp\e.exe [803824 2016-12-03] () <===== ATTENTION HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\Winlogon: [Shell] c:\windows\explorer.exe [4673296 2016-09-15] (Microsoft Corporation) <==== ATTENTION GroupPolicy: Restriction <======= ATTENTION GroupPolicy\User: Restriction <======= ATTENTION Task: {7F35192B-E3F5-473F-A24A-B5697D983825} - System32\Tasks\fupdate => C:\Users\AnunnakiFox\AppData\Local\fupdate\fupdate.exe [2016-12-03] () <==== ATTENTION Task: {F3DB65C1-8754-4D7B-8421-095319F093DB} - System32\Tasks\syslog => C:\Users\AnunnakiFox\AppData\Local\syslog\syslog.exe [2016-12-03] () <==== ATTENTION HKLM\...\StartupApproved\Run: => "88a3f2174281af74dff06070fe6017be" HKLM\...\StartupApproved\Run: => "24ad1f0ceb139609d085894b0f44d4cb" HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\StartupApproved\StartupFolder: => "POEhVZUhZGWY.lnk" HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\StartupApproved\Run: => "88a3f2174281af74dff06070fe6017be" HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\...\StartupApproved\Run: => "24ad1f0ceb139609d085894b0f44d4cb" Hosts: C:\WINDOWS\System32\Tasks\fupdate C:\Users\AnunnakiFox\AppData\Local\fupdate C:\Users\AnunnakiFox\AppData\Local\syslog C:\WINDOWS\System32\Tasks\syslog AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [80850] AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [360536] AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1156450] EmptyTemp: End *************** Restore point was successfully created. ========= dir /a "C:\Program Files (x86)\Internet Explorer" ========= Volume in drive C has no label. Volume Serial Number is D6F7-B131 Directory of C:\Program Files (x86)\Internet Explorer 09/30/2016 04:01 <DIR> . 09/30/2016 04:01 <DIR> .. 07/16/2016 15:13 <DIR> en-US 07/16/2016 12:44 32,256 ExtExport.exe 07/16/2016 12:44 50,688 hmmapi.dll 07/16/2016 12:43 2,963 ie9props.propdesc 09/15/2016 17:56 478,720 ieinstal.exe 07/16/2016 12:43 221,696 ielowutil.exe 07/16/2016 12:43 331,264 IEShims.dll 07/16/2016 12:43 825,536 iexplore.exe 07/16/2016 12:47 <DIR> images 09/25/2016 22:15 <DIR> SIGNUP 07/16/2016 12:44 34,128 sqmapi.dll 8 File(s) 1,977,251 bytes 5 Dir(s) 104,281,223,168 bytes free ========= End of CMD: ========= ========= dir /a "C:\Program Files (x86)\Google\Chrome\Application" ========= Volume in drive C has no label. Volume Serial Number is D6F7-B131 Directory of C:\Program Files (x86)\Google\Chrome\Application 11/15/2016 02:13 <DIR> . 11/15/2016 02:13 <DIR> .. 11/05/2016 01:40 <DIR> 54.0.2840.87 11/14/2016 23:45 <DIR> 54.0.2840.99 11/08/2016 22:03 1,082,472 chrome.exe 11/14/2016 23:45 407 chrome.VisualElementsManifest.xml 11/05/2016 01:40 75,700 master_preferences 11/14/2016 23:45 <DIR> SetupMetrics 3 File(s) 1,158,579 bytes 5 Dir(s) 104,281,223,168 bytes free ========= End of CMD: ========= ========= dir /a "C:\Program Files (x86)\Mozilla Firefox" ========= Volume in drive C has no label. Volume Serial Number is D6F7-B131 Directory of C:\Program Files (x86) File Not Found ========= End of CMD: ========= Processes closed successfully. HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\Software\Microsoft\Windows\CurrentVersion\Run\\qeyxegvfqx => value removed successfully HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\lugegllsni => value not found. HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\rcldtcshof => value not found. HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\speeddialmaker_delete_self => value not found. HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\hflnhwxwiy => value not found. HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\wmdfnjcycn => value not found. HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\WINDOWS\system32\GroupPolicy\User => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F35192B-E3F5-473F-A24A-B5697D983825}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F35192B-E3F5-473F-A24A-B5697D983825}" => key removed successfully C:\WINDOWS\System32\Tasks\fupdate => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fupdate" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3DB65C1-8754-4D7B-8421-095319F093DB}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3DB65C1-8754-4D7B-8421-095319F093DB}" => key removed successfully C:\WINDOWS\System32\Tasks\syslog => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\syslog" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\88a3f2174281af74dff06070fe6017be => value removed successfully HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\88a3f2174281af74dff06070fe6017be => value not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\24ad1f0ceb139609d085894b0f44d4cb => value removed successfully HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\24ad1f0ceb139609d085894b0f44d4cb => value not found. C:\Users\AnunnakiFox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\POEhVZUhZGWY.lnk => not found. HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\POEhVZUhZGWY.lnk => value removed successfully HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\88a3f2174281af74dff06070fe6017be => value removed successfully HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\88a3f2174281af74dff06070fe6017be => value not found. HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\24ad1f0ceb139609d085894b0f44d4cb => value removed successfully HKU\S-1-5-21-2028377596-1738238198-4291754873-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\24ad1f0ceb139609d085894b0f44d4cb => value not found. C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. "C:\WINDOWS\System32\Tasks\fupdate" => not found. C:\Users\AnunnakiFox\AppData\Local\fupdate => moved successfully C:\Users\AnunnakiFox\AppData\Local\syslog => moved successfully "C:\WINDOWS\System32\Tasks\syslog" => not found. C:\WINDOWS\system32\drivers => ":ucdrv-x64.sys" ADS removed successfully. C:\WINDOWS\system32\drivers => ":x64" ADS removed successfully. C:\WINDOWS\system32\drivers => ":x86" ADS removed successfully. =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 42672538 B Java, Flash, Steam htmlcache => 1193 B Windows/system/drivers => 21826333 B Edge => 2533920 B Chrome => 780631143 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 334834 B AnunnakiFox => 493563310 B RecycleBin => 0 B EmptyTemp: => 1.2 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 15:30:11 ====

Profil

magna86 Poslao: 03 Dec 2016 17:40 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U redu, hajde sada ponovo pokreni FRST, proveri da li je stiklirana Addition.txt opcija ako nije (treba mi i taj log) i lupi Scan. Ovaj put, kada te alat obavesti da su izvestaji spremni, i prikaze ti ih u notepad-u, ovaj put idi na File > Save Us i dole u desnom uglu, pod Encoding: u padajucem meniju izaberi Unicode zapis (defaults je ANSI). Sacuvaj promene. Prebaci u Unicode zapis oba FRST.txt i Addition.txt i u takvom formatu ih prikaci (ne kopirati) uz poruku koristeci opciju Prikači fajl. + Slikovit prikaz primera

Profil

TheSpringEagle Poslao: 03 Dec 2016 18:58 Idi na vrh
offline TheSpringEagle AMF student Anunnaki Pridružio: 20 Apr 2012 Poruke: 1645	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png Izlazi mi dosta reklama sta bilo da kliknem

Profil

magna86 Poslao: 04 Dec 2016 11:26 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, Reci mi da li ovaj fix resava problem? `Start C:\Users\AnunnakiFox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехрlоrеr.lnk C:\Users\AnunnakiFox\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5b766fcf6fe7a71f\Gооglе Сhrоmе.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk End` Ponovo pokreni FRST, stikliraj Shortcut opciju, idi na Scan i postavi mi sveze Additions.txt i Shortcut.txt izvestaje uz poruku. Isto ih sacuvaj u unicode formatu.

Profil

TheSpringEagle Poslao: 04 Dec 2016 12:29 Idi na vrh
offline TheSpringEagle AMF student Anunnaki Pridružio: 20 Apr 2012 Poruke: 1645	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 04 Dec 2016 12:28 https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png Evo i Fixloga Fix result of Farbar Recovery Scan Tool (x64) Version: 02-12-2016 Ran by AnunnakiFox (04-12-2016 12:24:57) Run:2 Running from C:\Users\AnunnakiFox\Desktop Loaded Profiles: AnunnakiFox (Available Profiles: AnunnakiFox) Boot Mode: Normal ============================================== fixlist content: *************** Start C:\Users\AnunnakiFox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ???l?r?r.lnk C:\Users\AnunnakiFox\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5b766fcf6fe7a71f\G??gl? ?hr?m?.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Fir?f??.lnk End *************** "C:\Users\AnunnakiFox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ???l?r?r.lnk" => not found. "C:\Users\AnunnakiFox\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5b766fcf6fe7a71f\G??gl? ?hr?m?.lnk" => not found. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Fir?f??.lnk" => not found. ==== End of Fixlog 12:24:57 ==== Dopuna: 04 Dec 2016 12:29 Odmah se vidi poboljsanje @magna86

Profil

magna86 Poslao: 04 Dec 2016 12:53 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Nije jos dobro... znas kako, malware nije upisan u standardnom formatu te imam problem da ga ciljam jer ga i ne vidim u originalnom zapisu, samim tim FRST ne vidi datoteke koje ciljam... ako ovo sto sam sada napisao tebi ima i malo smisla. ...pokreni sada ovaj fix i postavi mi svez Addition.txt i Shortcut.txt izvestaj (FRST.txt mi nije potreban). Isto unicode zapis... https://www.mycity.rs/must-login.png (forum automacki menja naziv, kada preuzmes fixlist, promeni mu i naziv u fixlist.txt) edit: typo

Profil

TheSpringEagle Poslao: 04 Dec 2016 13:06 Idi na vrh
offline TheSpringEagle AMF student Anunnaki Pridružio: 20 Apr 2012 Poruke: 1645	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Sta drugo da ti kazem @magna86 bez hvala, da znam ne bi ovoliko virusa nakupio Fix result of Farbar Recovery Scan Tool (x64) Version: 02-12-2016 Ran by AnunnakiFox (04-12-2016 13:03:11) Run:3 Running from C:\Users\AnunnakiFox\Desktop Loaded Profiles: AnunnakiFox (Available Profiles: AnunnakiFox) Boot Mode: Normal ============================================== fixlist content: *************** C:\Users\AnunnakiFox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехрlоrеr.lnk C:\Users\AnunnakiFox\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5b766fcf6fe7a71f\Gооglе Сhrоmе.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器\UC浏览器.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器\卸载UC浏览器.lnk C:\Users\AnunnakiFox\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk *************** C:\Users\AnunnakiFox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехрlоrеr.lnk => moved successfully C:\Users\AnunnakiFox\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5b766fcf6fe7a71f\Gооglе Сhrоmе.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器\UC浏览器.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器\卸载UC浏览器.lnk => moved successfully C:\Users\AnunnakiFox\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk => moved successfully ==== End of Fixlog 13:03:11 ==== https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png

Profil

magna86 Poslao: 04 Dec 2016 13:29 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo sada izgleda dobro. Sledeci korak je nista drugo nego provera ima li nekih zaostalih unosa jer malware je cini se uklonjen. Preuzmi AdwCleaner () i sacuvaj ga na Desktop Dvoklikom pokreni program > klik I Agree Klikni na dugme [Scan] i pricekaj da program zavrsi. Klikni na dugme [Clean] Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu. Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok Racunar ce se restartovati a potom otvoriti notepad (C:\adwcleaner\AdwCleaner[S1].txt) sa izvestajem. Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl" Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[C0].txt Potom, postavi sve svoje browsere na defaults podesavanja; https://support.google.com/chrome/answer/3296214?hl=en https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings https://support.microsoft.com/en-us/kb/923737 Uploaduj mi C:\FRST\Quarantine preko ovog linka; http://www.mycity.rs/ambulanta-upload.php Obavesti me kada to uradis. Potvrdi mi stanje?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Provjera od virusa

Ko je trenutno na forumu

Ukupno su 983 korisnika na forumu :: 29 registrovanih, 2 sakrivenih i 952 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Aleksandar Tomić, aramis s, babaroga, ccoogg123, cuculo, Dimitrije Paunovic, Dorcolac, esx66, galerija, Georgius, Hexe, hyla, JOntra, kolle.the.kid, krkalon, maiden6657, nemkea71, nenad81, nesa1962, Ripanjac, ruma, Sir Budimir, Sloven, stegonosa, tubular, vathra, vladaa012, zlatkoa987

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by