MyCity » Ambulanta -> Arhiva Ambulante » Mislim da imam malware.

Mislim da imam malware.

Napisano na dan: 21.3.2016

Strana:
1
2

Mislim da imam malware.

Sledeća strana

Pagination

Odgovori

Strana:
1
2

vrs1389 Poslao: 21 Mar 2016 23:59 Idi na vrh
offline vrs1389 Novi MyCity građanin Pridružio: 21 Mar 2016 Poruke: 15	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pozdrav svima. Nedavno mi se preko instalacije programa Nero Burning Rom instalirao i neki kineski program. Neru sam obrisao, ali je taj kineski program ostao. Pokusao sam preko control panela (nije uopste ocitavao taj program) i preko opcija u programu (ali kako je program na kineskom jeziku, skontao sam samo kako izaci iz njega) obrisati taj kineski program, ali nisam uspio. Uglavnom, nakon instalacije tog programa, poceli su problemi sa pretrazivacom. Koristim hrom, ali kad udjem na hrom, automatski mi otvara potpuno druge stranice sa reklamama i zatvara isti taj pretrazivac. Moguce je da nije do tog programa, da ja grijesim, da je potpuna slucajnost sto je pocelo u isto vrijeme jer mi ne ocitava nikakav virus kad skeniram racunar, ali bih svejedno volio da znam da li ga mogu obrisati taj program na neki drugi nacin. Skenirao sam preko Farbara i fajlove sam prikacio u ovu temu. Slike od kineskog programa sam takodje prikacio u ovu temu. Hvala. mycity.rs/must-login.png mycity.rs/must-login.png Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 Ran by Win10 (administrator) on DESKTOP-FCVLAPJ (21-03-2016 23:02:01) Running from C:\Users\Win10\Downloads Loaded Profiles: Win10 (Available Profiles: Win10) Platform: Windows 10 Pro (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\QQPCRTP.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe () C:\Users\Win10\AppData\Roaming\cpuminer\cpm.exe (MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\SearchesToYesbnd\bugreport.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [cpuminer] => C:\Users\Win10\AppData\Roaming\cpuminer\cpm.exe [1402880 2016-02-29] () HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-10-16] () HKLM-x32\...\Run: [apphide] => C:\Program Files (x86)\qq\qq.exe HKLM-x32\...\Run: [pcmgr] => C:\Program Files (x86)\qq\Uninst.exe [1571296 2015-12-28] (Tencent) HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\QQPCTRAY.EXE [355296 2016-03-01] (Tencent) HKU\S-1-5-21-4141768178-2677256371-3011144849-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity) HKU\S-1-5-21-4141768178-2677256371-3011144849-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4177784 2016-01-15] (Disc Soft Ltd) HKU\S-1-5-21-4141768178-2677256371-3011144849-1001\...\Run: [apphide] => C:\Program Files (x86)\qq\qq.exe HKU\S-1-5-21-4141768178-2677256371-3011144849-1001\...\MountPoints2: {683a27ba-d324-11e5-9bd6-d8c8c5c082fd} - "D:\Cossacks2Setup.exe" ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\QMGCShellExt64.dll [2016-03-01] (Tencent) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [S-1-5-21-4141768178-2677256371-3011144849-1001] => hxxp://un-stop.net/wpad.dat?217ee987a6b7301cff254953ab7f66777907261 Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{2c0272c6-460b-4241-adfe-5b99271948b0}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{2c0272c6-460b-4241-adfe-5b99271948b0}: [DhcpNameServer] 192.168.1.1 ManualProxies: 0hxxp://un-stop.net/wpad.dat?217ee987a6b7301cff254953ab7f66777907261 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hao.qq.com/?unc=o400493_1&s=o400493_1 HKU\S-1-5-21-4141768178-2677256371-3011144849-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hao.qq.com/?unc=o400493_1&s=o400493_1 BHO: TSearch -> {6E727987-C8EA-44DA-8749-310C0FBE3C3E} -> C:\Program Files (x86)\Torrent Search\IEEF\TnLSFmKPjXbx.dll [2016-03-20] () BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2016-01-12] (Oracle Corporation) BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\TSWebMon64.dat [2016-03-01] (Tencent) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-12] (Oracle Corporation) BHO-x32: Ó¦ÓĂ±¦Ň»Ľü°˛×°˛ĺĽţ -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司) BHO-x32: TSearch -> {6E727987-C8EA-44DA-8749-310C0FBE3C3E} -> C:\Program Files (x86)\Torrent Search\IEEF\uNaRp1RpKmSW.dll [2016-03-20] () BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-12] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-12] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Win10\AppData\Roaming\Mozilla\Firefox\Profiles\1u9vfzfi.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-10] () FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-12] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-12] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-10] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-12] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-12] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司) FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\npQMExtensionsMozilla.dll [2015-10-21] (Tencent Technology (Shenzhen) Company Limited) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Extension: TSearch - C:\Users\Win10\AppData\Roaming\Mozilla\Firefox\Profiles\1u9vfzfi.default\Extensions\{6E727987-C8EA-44DA-8749-310C0FBE3C3E} [2016-03-20] [not signed] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.ba/ CHR StartupUrls: Default -> "hxxp://www.google.ba/" CHR Profile: C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-12] CHR Extension: (Google Docs) - C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-12] CHR Extension: (Google Drive) - C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-12] CHR Extension: (YouTube) - C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-12] CHR Extension: (Google Search) - C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-12] CHR Extension: (Tampermonkey) - C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-01-28] CHR Extension: (Google Sheets) - C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-12] CHR Extension: (Google Docs Offline) - C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (AdBlock) - C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-12] CHR Extension: (TSearch) - C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default\Extensions\omhdndjjngapchpajkicnagllfgcelgp [2016-03-20] CHR Extension: (Gmail) - C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-12] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd) S2 ggbugreport; C:\Program Files (x86)\SearchesToYesbnd\bugreport.exe [1588408 2016-02-05] () R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.) R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\QQPCRTP.exe [301728 2016-03-01] (Tencent) U2 QQRepair75d; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepair75d [136512 2016-03-21] () S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepairFixSVC [136512 2016-03-21] () S3 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\TAOFrame.exe [297952 2016-03-01] (Tencent) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6940944 2016-02-16] (TeamViewer GmbH) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) S2 Winsere; C:\Program Files (x86)\Winsere\Winsere\Winsere.exe [302776 2016-02-03] () ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2016-01-12] (Advanced Micro Devices) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7593176 2015-07-10] (Broadcom Corporation) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-02-16] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-02-16] (Disc Soft Ltd) R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.) R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\QMUdisk64.sys [184536 2016-03-02] (Tencent) R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\QQSysMonX64.sys [138040 2016-03-01] (电脑管家) S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek ) R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [168568 2016-03-21] () R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [74040 2016-03-01] (Tencent) R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [274232 2016-03-01] (Tencent Technology(Shenzhen) Company Limited) R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2016-03-01] (电脑管家) R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\TS888x64.sys [38520 2016-03-21] (Tencent) S1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\TSDefenseBT64.sys [28984 2016-03-01] (Tencent) R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\TSSysKit64.sys [87352 2016-03-01] (电脑管家) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-21 23:02 - 2016-03-21 23:02 - 00016364 _____ C:\Users\Win10\Downloads\FRST.txt 2016-03-21 23:01 - 2016-03-21 23:02 - 00000000 ____D C:\FRST 2016-03-21 22:59 - 2016-03-21 22:59 - 02374144 _____ (Farbar) C:\Users\Win10\Downloads\FRST64.exe 2016-03-21 22:29 - 2016-03-21 22:29 - 00016148 _____ C:\Windows\system32\DESKTOP-FCVLAPJ_Win10_HistoryPrediction.bin 2016-03-21 21:56 - 2016-03-21 21:56 - 00000000 ____D C:\Users\Win10\AppData\LocalLow\BitTorrent 2016-03-21 20:38 - 2016-03-21 20:38 - 00285374 _____ C:\Users\Win10\Downloads\GD-Anywhere-5.4.6.zip 2016-03-21 20:27 - 2016-03-21 20:27 - 00034816 _____ (Microsoft) C:\Users\Win10\Downloads\GameDebatePcSystemChecker.exe 2016-03-21 16:11 - 2016-03-21 16:11 - 00000186 _____ C:\Users\Win10\Desktop\Buy RAR Password Recovery Now!.url 2016-03-21 16:11 - 2016-03-21 16:11 - 00000000 ____D C:\Users\Win10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery 2016-03-21 16:10 - 2016-03-21 16:10 - 00749404 _____ C:\Users\Win10\Downloads\rar-password-recovery.exe 2016-03-21 16:10 - 2016-03-21 16:10 - 00000000 ____D C:\Program Files (x86)\Intelore 2016-03-21 16:06 - 2016-03-21 16:06 - 00000000 ____D C:\Users\Win10\AppData\Roaming\SpringFiles 2016-03-21 16:03 - 2016-03-21 16:03 - 04263936 _____ C:\Users\Win10\Downloads\NBA.2K9_-_RELOADED.rar_password.iso 2016-03-21 08:19 - 2016-03-21 08:19 - 00000258 __RSH C:\Users\Win10\ntuser.pol 2016-03-20 16:53 - 2016-03-20 16:53 - 00000000 ____D C:\Users\Win10\Downloads\Minosta4u.com__29.01.2016_OFFICIALDownload 2016-03-20 16:50 - 2016-03-20 16:51 - 05739709 _____ C:\Users\Win10\Downloads\Minosta4u.com__29.01.2016_OFFICIALDownload.rar 2016-03-20 15:58 - 2016-03-21 22:29 - 00000362 _____ C:\Windows\Tasks\Update Service for Torrent Search.job 2016-03-20 15:58 - 2016-03-21 16:05 - 00000000 ____D C:\Users\Win10\AppData\LocalLow\TSearch 2016-03-20 15:58 - 2016-03-21 15:58 - 00000362 _____ C:\Windows\Tasks\Update Service for Torrent Search2.job 2016-03-20 15:58 - 2016-03-20 15:58 - 00003068 _____ C:\Windows\System32\Tasks\Update Service for Torrent Search2 2016-03-20 15:58 - 2016-03-20 15:58 - 00002764 _____ C:\Windows\System32\Tasks\Update Service for Torrent Search 2016-03-20 15:58 - 2016-03-20 15:58 - 00000000 ____D C:\Program Files (x86)\Torrent Search 2016-03-20 15:54 - 2016-03-20 15:55 - 06128213 _____ C:\Users\Win10\Downloads\PES 2013 Patch Full Transfers Newest 2015_2016.rar 2016-03-19 20:24 - 2016-03-19 20:24 - 00014167 _____ C:\Users\Win10\Downloads\NBA.2K9 - RELOADED.torrent 2016-03-19 20:22 - 2016-03-19 20:23 - 04646880 _____ (Visicom Media Inc.) C:\Users\Win10\Downloads\dlsecureTb_1.5.0.1.exe 2016-03-18 23:37 - 2016-03-18 23:37 - 00000000 ____D C:\Users\Win10\Documents\KONAMI 2016-03-18 23:30 - 2016-03-20 16:57 - 00001067 _____ C:\Users\Public\Desktop\PES 13.lnk 2016-03-18 23:30 - 2016-03-18 23:36 - 00000000 ____D C:\Program Files (x86)\PES 13 2016-03-18 23:30 - 2016-03-18 23:30 - 00001074 _____ C:\Users\Public\Desktop\PES 13 Setting.lnk 2016-03-18 23:30 - 2016-03-18 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PES 13 2016-03-12 18:51 - 2016-03-12 18:51 - 00251970 _____ C:\Users\Win10\Downloads\Zakonsko-nasljedno-pravo-1.pptx 2016-03-08 22:46 - 2016-02-23 15:53 - 01314496 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-03-08 22:46 - 2016-02-23 15:51 - 00633184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys 2016-03-08 22:46 - 2016-02-23 15:48 - 01294352 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-03-08 22:46 - 2016-02-23 15:48 - 01123952 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2016-03-08 22:46 - 2016-02-23 15:41 - 00299600 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL 2016-03-08 22:46 - 2016-02-23 15:41 - 00078040 _____ (Microsoft Corporation) C:\Windows\system32\wkscli.dll 2016-03-08 22:46 - 2016-02-23 15:40 - 00110584 _____ (Microsoft Corporation) C:\Windows\system32\srvcli.dll 2016-03-08 22:46 - 2016-02-23 15:38 - 00272752 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll 2016-03-08 22:46 - 2016-02-23 15:36 - 00080128 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll 2016-03-08 22:46 - 2016-02-23 15:11 - 00658784 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll 2016-03-08 22:46 - 2016-02-23 15:08 - 03622272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-03-08 22:46 - 2016-02-23 15:07 - 22322624 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2016-03-08 22:46 - 2016-02-23 14:30 - 01643872 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2016-03-08 22:46 - 2016-02-23 14:23 - 00952968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-03-08 22:46 - 2016-02-23 14:11 - 00249976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMASF.DLL 2016-03-08 22:46 - 2016-02-23 14:09 - 00229352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll 2016-03-08 22:46 - 2016-02-23 14:06 - 00069232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2016-03-08 22:46 - 2016-02-23 13:50 - 00395264 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll 2016-03-08 22:46 - 2016-02-23 13:42 - 00467296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll 2016-03-08 22:46 - 2016-02-23 13:39 - 02879024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-03-08 22:46 - 2016-02-23 13:38 - 20858360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2016-03-08 22:46 - 2016-02-23 13:20 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2016-03-08 22:46 - 2016-02-23 13:16 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-03-08 22:46 - 2016-02-23 12:59 - 00319488 _____ (Microsoft Corporation) C:\Windows\system32\NetworkBindingEngineMigPlugin.dll 2016-03-08 22:46 - 2016-02-23 12:59 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys 2016-03-08 22:46 - 2016-02-23 12:55 - 24592896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-03-08 22:46 - 2016-02-23 12:45 - 12504576 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-03-08 22:46 - 2016-02-23 12:45 - 06788608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2016-03-08 22:46 - 2016-02-23 12:42 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll 2016-03-08 22:46 - 2016-02-23 12:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2016-03-08 22:46 - 2016-02-23 12:38 - 02663424 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll 2016-03-08 22:46 - 2016-02-23 12:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll 2016-03-08 22:46 - 2016-02-23 12:17 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll 2016-03-08 22:46 - 2016-02-23 12:17 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll 2016-03-08 22:46 - 2016-02-23 12:14 - 00841728 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2016-03-08 22:46 - 2016-02-23 12:04 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe 2016-03-08 22:46 - 2016-02-23 12:03 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll 2016-03-08 22:46 - 2016-02-23 12:02 - 03587584 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys 2016-03-08 22:46 - 2016-02-23 11:55 - 19326464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-03-08 22:46 - 2016-02-23 11:55 - 14241792 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2016-03-08 22:46 - 2016-02-23 11:51 - 00915456 _____ (Microsoft Corporation) C:\Windows\system32\configurationclient.dll 2016-03-08 22:46 - 2016-02-23 11:51 - 00678912 _____ (Microsoft Corporation) C:\Windows\system32\scapi.dll 2016-03-08 22:46 - 2016-02-23 11:48 - 21859840 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll 2016-03-08 22:46 - 2016-02-23 11:48 - 05157376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2016-03-08 22:46 - 2016-02-23 11:46 - 00400384 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll 2016-03-08 22:46 - 2016-02-23 11:45 - 01844736 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe 2016-03-08 22:46 - 2016-02-23 11:45 - 00574464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll 2016-03-08 22:46 - 2016-02-23 11:45 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll 2016-03-08 22:46 - 2016-02-23 11:45 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2016-03-08 22:46 - 2016-02-23 11:44 - 01821696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll 2016-03-08 22:46 - 2016-02-23 11:38 - 07524864 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll 2016-03-08 22:46 - 2016-02-23 11:29 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll 2016-03-08 22:46 - 2016-02-23 11:17 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll 2016-03-08 22:46 - 2016-02-23 11:11 - 12589056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2016-03-08 22:46 - 2016-02-23 11:03 - 01495040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe 2016-03-08 22:46 - 2016-02-23 11:00 - 11263488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-03-08 22:46 - 2016-02-23 11:00 - 05457408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll 2016-03-08 22:46 - 2016-02-23 10:58 - 18800640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll 2016-03-08 22:45 - 2016-02-23 15:52 - 00858408 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2016-03-08 22:45 - 2016-02-23 15:51 - 00146784 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2016-03-08 22:45 - 2016-02-23 15:50 - 00630160 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2016-03-08 22:45 - 2016-02-23 15:48 - 08022368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-03-08 22:45 - 2016-02-23 15:41 - 01150816 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-03-08 22:45 - 2016-02-23 15:11 - 00781984 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll 2016-03-08 22:45 - 2016-02-23 15:11 - 00103776 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll 2016-03-08 22:45 - 2016-02-23 14:39 - 00607416 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe 2016-03-08 22:45 - 2016-02-23 14:25 - 01085632 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-03-08 22:45 - 2016-02-23 14:21 - 00529456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2016-03-08 22:45 - 2016-02-23 14:21 - 00141152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2016-03-08 22:45 - 2016-02-23 14:11 - 00073360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srvcli.dll 2016-03-08 22:45 - 2016-02-23 14:11 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wkscli.dll 2016-03-08 22:45 - 2016-02-23 13:58 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe 2016-03-08 22:45 - 2016-02-23 13:50 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\NetCfgNotifyObjectHost.exe 2016-03-08 22:45 - 2016-02-23 13:42 - 00658536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll 2016-03-08 22:45 - 2016-02-23 13:42 - 00078176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll 2016-03-08 22:45 - 2016-02-23 13:35 - 00365568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-03-08 22:45 - 2016-02-23 13:17 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll 2016-03-08 22:45 - 2016-02-23 13:15 - 00539728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe 2016-03-08 22:45 - 2016-02-23 13:15 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2016-03-08 22:45 - 2016-02-23 12:57 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll 2016-03-08 22:45 - 2016-02-23 12:37 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetCfgNotifyObjectHost.exe 2016-03-08 22:45 - 2016-02-23 12:25 - 00303104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2016-03-08 22:45 - 2016-02-23 12:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll 2016-03-08 22:45 - 2016-02-23 12:08 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll 2016-03-08 22:45 - 2016-02-23 12:03 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-03-08 22:45 - 2016-02-23 11:17 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2016-03-08 00:07 - 2016-03-08 00:07 - 00078624 _____ C:\Users\Win10\AppData\Roaming\835457.exe 2016-03-04 18:13 - 2016-03-04 18:13 - 00002619 _____ C:\Users\Public\Desktop\Cossacks - European Wars.lnk 2016-03-04 18:13 - 2016-03-04 18:13 - 00002601 _____ C:\Users\Public\Desktop\Cossacks - Back To War.lnk 2016-03-04 18:13 - 2016-03-04 18:13 - 00002524 _____ C:\Users\Public\Desktop\Cossacks - Art Of War.lnk 2016-03-04 18:13 - 2016-03-04 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2016-03-04 18:10 - 2016-03-04 18:10 - 00000000 ____D C:\Program Files (x86)\GOG.com 2016-03-04 16:12 - 2016-03-19 23:25 - 00000000 ____D C:\Windows\GJFix 2016-03-04 15:57 - 2016-03-04 16:00 - 39301963 _____ C:\Users\Win10\Downloads\c2_patch_v1_2.exe 2016-03-04 14:54 - 2016-03-04 14:54 - 00003216 _____ C:\Windows\System32\Tasks\{7699AA81-4158-48A1-B1DD-B1C2D2711B4A} 2016-03-04 14:35 - 2016-03-04 16:11 - 00000000 ____D C:\Program Files (x86)\GSC Game World 2016-03-04 12:31 - 2016-03-04 12:31 - 00037436 _____ C:\Users\Win10\Downloads\2016-01-03-Preliminarna_lista-Student_generacije-2015.pdf 2016-03-03 20:03 - 2016-03-03 20:03 - 00000000 ____D C:\ProgramData\Steam 2016-03-03 19:40 - 2016-03-03 19:40 - 00000000 ____D C:\Users\Win10\AppData\LocalLow\Z_Software GmbH 2016-03-03 12:19 - 2016-03-10 19:52 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics 2016-03-02 19:20 - 2016-03-02 19:20 - 00000000 ____D C:\Users\Win10\Documents\American Truck Simulator 2016-03-02 19:20 - 2016-03-02 19:20 - 00000000 ____D C:\Users\Win10\AppData\Roaming\Steam 2016-03-02 13:05 - 2016-03-02 13:05 - 00005120 ___SH C:\Users\Win10\Downloads\Thumbs.db 2016-03-01 19:21 - 2016-03-21 22:30 - 00038520 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys 2016-03-01 17:22 - 2016-03-01 17:22 - 00000000 ____D C:\Users\Win10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NBA 2K9 2016-03-01 17:16 - 2016-03-01 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件 2016-03-01 16:16 - 2016-03-21 22:29 - 00000000 ____D C:\ProgramData\TXQMPC 2016-03-01 16:14 - 2016-01-14 10:47 - 00128280 _____ (电脑管家) C:\Windows\SysWOW64\Drivers\TsFltMgr.sys 2016-03-01 14:39 - 2016-03-01 14:39 - 00000000 ____D C:\Users\Win10\AppData\Local\UCBrowser 2016-03-01 14:32 - 2016-03-01 14:32 - 00000000 ____D C:\Program Files\Common Files\Tencent 2016-03-01 14:32 - 2016-03-01 14:31 - 00074040 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys 2016-03-01 14:31 - 2016-03-01 17:14 - 00000000 ____D C:\Users\Win10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2016-03-01 14:31 - 2016-03-01 14:31 - 00274232 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys 2016-03-01 14:31 - 2016-03-01 14:31 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys 2016-03-01 14:30 - 2016-03-10 19:38 - 00000000 ____D C:\Users\Win10\AppData\Roaming\Tencent 2016-03-01 14:30 - 2016-03-01 16:15 - 00000000 ____D C:\ProgramData\Tencent 2016-03-01 14:30 - 2016-03-01 14:30 - 00000000 ____D C:\Program Files (x86)\Tencent 2016-03-01 14:23 - 2016-03-01 14:23 - 00000000 ____D C:\Users\Win10\AppData\Roaming\gplyra 2016-03-01 14:23 - 2016-03-01 14:23 - 00000000 ____D C:\Users\Win10\AppData\Roaming\cpuminer 2016-03-01 14:22 - 2016-03-04 17:27 - 00000000 ____D C:\Program Files (x86)\qq 2016-02-29 13:40 - 2016-02-29 13:40 - 00120599 _____ C:\Users\Win10\Downloads\[kat.cr]nba.2k9.reloaded.torrent 2016-02-29 00:35 - 2016-02-29 00:35 - 00000000 ____D C:\Users\Win10\Documents\Ashampoo Burning Studio 2015 2016-02-29 00:34 - 2016-02-29 00:34 - 00000000 ____D C:\Users\Win10\AppData\Roaming\Ashampoo 2016-02-29 00:30 - 2016-02-29 00:30 - 00001410 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 2015.lnk 2016-02-29 00:30 - 2016-02-29 00:30 - 00000214 _____ C:\Users\Public\Desktop\Your Software Deals.url 2016-02-29 00:30 - 2016-02-29 00:30 - 00000000 ____D C:\Users\Win10\AppData\Local\ashampoo 2016-02-29 00:30 - 2016-02-29 00:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2016-02-29 00:29 - 2016-02-29 00:30 - 00000000 ____D C:\ProgramData\Ashampoo 2016-02-29 00:29 - 2016-02-29 00:29 - 00000000 ____D C:\Program Files (x86)\Ashampoo 2016-02-29 00:05 - 2016-02-29 00:05 - 00000000 ____D C:\ProgramData\Canneverbe Limited 2016-02-28 23:38 - 2016-02-28 23:38 - 00024265 _____ C:\Users\Win10\Downloads\215852-insidious.chapter.3.2015.1080p.bluray.x264.anoxmous.zip 2016-02-28 23:36 - 2016-02-28 23:36 - 00024239 _____ C:\Users\Win10\Downloads\210931-insidious.chapter.3.2015.zip 2016-02-28 23:14 - 2016-02-28 23:14 - 00028891 _____ C:\Users\Win10\Downloads\219358-poltergeist2015.zip 2016-02-28 22:51 - 2016-02-28 22:51 - 00001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player PRO.lnk 2016-02-28 22:51 - 2016-02-28 22:51 - 00001230 _____ C:\Users\Public\Desktop\BS.Player PRO.lnk 2016-02-28 22:51 - 2016-02-28 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webteh 2016-02-28 22:49 - 2016-02-28 22:57 - 00000000 ____D C:\Users\Win10\AppData\Roaming\BSplayer PRO 2016-02-28 22:49 - 2016-02-28 22:49 - 00000000 ____D C:\Program Files (x86)\Webteh 2016-02-28 16:23 - 2016-02-28 16:23 - 00015072 _____ C:\Users\Win10\Downloads\Snakes.on.a.Plane.(2006).torrent 2016-02-28 14:54 - 2016-02-28 14:54 - 00015685 _____ C:\Users\Win10\Downloads\[kat.cr]orphan.2009.720p.brrip.yify.torrent 2016-02-28 11:58 - 2016-02-28 11:58 - 00001126 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2016-02-28 11:58 - 2016-02-28 11:58 - 00001114 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk 2016-02-28 11:55 - 2016-02-28 11:57 - 09786744 _____ (TeamViewer GmbH) C:\Users\Win10\Downloads\TeamViewer_Setup_sr.exe 2016-02-27 15:30 - 2016-02-27 15:30 - 00000000 ____D C:\Users\Win10\AppData\Local\Comms 2016-02-24 15:09 - 2016-02-24 15:12 - 00000000 ____D C:\Users\Win10\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 2016-02-24 14:15 - 2016-02-24 14:15 - 00000000 ____D C:\Windows\system32\appmgmt 2016-02-24 08:09 - 2016-02-24 08:09 - 00000000 ____D C:\Program Files (x86)\KONAMI 2016-02-23 15:55 - 2016-02-23 15:55 - 00502362 _____ C:\Users\Win10\Downloads\Лед расвета, уштеда електричне енергије.pptx 2016-02-21 12:17 - 2016-02-21 12:17 - 00000000 ____D C:\Users\Win10\AppData\Local\Free_Picture_Solutions 2016-02-21 12:11 - 2016-02-21 12:11 - 00409168 _____ (Free Picture Solutions ) C:\Users\Win10\Downloads\pictureresizer_setup [1].exe 2016-02-21 12:11 - 2016-02-21 12:11 - 00001234 _____ C:\Users\Public\Desktop\Free Picture Resizer.lnk 2016-02-21 12:11 - 2016-02-21 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Picture Resizer 2016-02-21 12:11 - 2016-02-21 12:11 - 00000000 ____D C:\Program Files (x86)\Free Picture Resizer 2016-02-21 12:10 - 2016-02-16 02:05 - 01022480 _____ (web ) C:\Users\Win10\AppData\Local\pictureresizer_setup.exe 2016-02-21 12:09 - 2016-02-21 12:10 - 03299840 _____ C:\Users\Win10\Downloads\Picture-Resizer_1490.msi 2016-02-21 12:07 - 2016-03-21 21:51 - 00000420 _____ C:\Windows\Tasks\update-sys.job 2016-02-21 12:07 - 2016-03-21 20:55 - 00000420 _____ C:\Windows\Tasks\update-S-1-5-21-4141768178-2677256371-3011144849-1001.job 2016-02-21 12:07 - 2016-02-21 12:07 - 00003410 _____ C:\Windows\System32\Tasks\update-S-1-5-21-4141768178-2677256371-3011144849-1001 2016-02-21 12:07 - 2016-02-21 12:07 - 00003346 _____ C:\Windows\System32\Tasks\update-sys 2016-02-21 12:07 - 2016-02-21 12:07 - 00000424 _____ C:\Users\Win10\AppData\Local\UserProducts.xml 2016-02-21 12:07 - 2016-02-21 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot 2016-02-21 12:07 - 2016-02-21 12:07 - 00000000 ____D C:\Program Files (x86)\Skillbrains 2016-02-21 12:06 - 2016-02-21 12:07 - 02530408 _____ (Skillbrains ) C:\Users\Win10\Downloads\setup-lightshot.exe 2016-02-20 16:39 - 2016-02-20 17:30 - 00000000 ____D C:\Users\Win10\AppData\Roaming\PhotoScape 2016-02-20 16:38 - 2016-02-20 16:39 - 00000000 ____D C:\Program Files (x86)\PhotoScape 2016-02-20 16:38 - 2016-02-20 16:38 - 00001114 _____ C:\Users\Win10\Desktop\PhotoScape.lnk 2016-02-20 16:38 - 2016-02-20 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape 2016-02-20 16:35 - 2016-02-20 16:37 - 21025552 _____ (Mooii) C:\Users\Win10\Downloads\PhotoScapeSetup_V3.7.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-21 22:44 - 2016-01-12 10:33 - 00000972 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-21 22:34 - 2016-02-16 16:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-03-21 22:33 - 2016-02-06 23:51 - 00000000 ____D C:\Users\Win10\AppData\Local\LogMeIn Hamachi 2016-03-21 22:31 - 2016-01-12 11:08 - 00002966 _____ C:\Windows\System32\Tasks\AutoKMS 2016-03-21 22:31 - 2016-01-12 11:08 - 00000306 _____ C:\Windows\Tasks\AutoKMS.job 2016-03-21 22:30 - 2016-01-15 23:35 - 00000000 ____D C:\ProgramData\MCShield 2016-03-21 22:30 - 2016-01-12 10:33 - 00000968 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-03-21 22:28 - 2015-07-10 13:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-21 22:28 - 2015-07-10 10:05 - 00262144 ___SH C:\Windows\system32\config\BBI 2016-03-21 22:27 - 2016-01-30 12:48 - 00000000 ____D C:\Users\Win10\AppData\Roaming\BitTorrent 2016-03-21 20:36 - 2015-07-10 11:55 - 00000000 ____D C:\Windows\CbsTemp 2016-03-21 17:10 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\NDF 2016-03-21 16:05 - 2016-01-12 10:33 - 00002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-03-21 16:05 - 2016-01-12 10:33 - 00002474 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-03-21 08:19 - 2016-01-12 10:21 - 00000000 ____D C:\Users\Win10 2016-03-20 23:29 - 2016-01-22 18:48 - 00141312 ___SH C:\Users\Win10\Desktop\Thumbs.db 2016-03-20 15:58 - 2016-02-16 15:36 - 00001094 __RSH C:\ProgramData\ntuser.pol 2016-03-20 15:58 - 2015-07-10 12:04 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2016-03-19 12:17 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\AppReadiness 2016-03-18 10:37 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps 2016-03-17 09:26 - 2016-01-12 10:21 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-03-17 09:25 - 2015-07-10 13:20 - 00350104 _____ C:\Windows\system32\FNTCACHE.DAT 2016-03-17 09:22 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Windows Portable Devices 2016-03-17 09:22 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Windows Multimedia Platform 2016-03-17 09:22 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2016-03-17 09:22 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform 2016-03-17 09:22 - 2015-07-10 12:02 - 00000000 ____D C:\Windows\INF 2016-03-11 00:11 - 2016-01-12 17:56 - 00000000 ____D C:\Windows\system32\MRT 2016-03-10 23:49 - 2016-01-12 17:56 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-03-10 22:35 - 2016-02-16 16:07 - 00003816 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-03-08 13:47 - 2016-02-06 22:49 - 00000000 ____D C:\Users\Win10\AppData\Local\ElevatedDiagnostics 2016-03-08 11:37 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\rescache 2016-03-08 08:10 - 2016-01-12 18:00 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-03-08 08:10 - 2016-01-12 18:00 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-03-04 22:10 - 2016-02-07 22:53 - 00000617 _____ C:\Users\Win10\Desktop\New Text Document.txt 2016-03-04 15:37 - 2015-07-10 11:59 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00395264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe 2016-03-04 15:37 - 2015-07-10 11:59 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe 2016-03-04 15:37 - 2015-07-10 11:59 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe 2016-03-04 15:37 - 2015-07-10 11:59 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\dpnlobby.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnlobby.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll 2016-03-01 14:35 - 2016-01-12 10:24 - 00000000 ____D C:\Program Files\KMSpico 2016-03-01 14:32 - 2016-01-12 10:21 - 00000000 ____D C:\Users\Win10\AppData\Local\VirtualStore 2016-02-29 01:59 - 2016-01-12 10:13 - 00830266 _____ C:\Windows\system32\PerfStringBackup.INI 2016-02-28 11:58 - 2016-02-18 20:52 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-02-27 14:40 - 2016-02-16 15:34 - 00000000 ____D C:\Program Files (x86)\SearchesToYesbnd ==================== Files in the root of some directories ======= 2016-01-12 17:46 - 2016-01-12 17:46 - 0000000 _____ () C:\Program Files (x86)\Common Files\AMD 2016-03-08 00:07 - 2016-03-08 00:07 - 0078624 _____ () C:\Users\Win10\AppData\Roaming\835457.exe 2016-02-16 02:05 - 2016-02-16 02:05 - 0970512 _____ () C:\Users\Win10\AppData\Local\Picture-Resizer_1490.rar 2016-02-21 12:10 - 2016-02-16 02:05 - 1022480 _____ (web ) C:\Users\Win10\AppData\Local\pictureresizer_setup.exe 2016-02-07 00:48 - 2016-02-07 00:48 - 0000017 _____ () C:\Users\Win10\AppData\Local\resmon.resmoncfg 2016-02-21 12:07 - 2016-02-21 12:07 - 0000003 _____ () C:\Users\Win10\AppData\Local\updater.log 2016-02-21 12:07 - 2016-02-21 12:07 - 0000424 _____ () C:\Users\Win10\AppData\Local\UserProducts.xml Some files in TEMP: ==================== C:\Users\Win10\AppData\Local\Temp\bitool.dll C:\Users\Win10\AppData\Local\Temp\Browser_V5.5.10106.5_r_4648_(Build1601261105).exe C:\Users\Win10\AppData\Local\Temp\CmdLineExt03.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-107054822150219079.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-1072400062475750900.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-1179064842325943540.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-1376279452559632766.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-1401263502221677697.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-1416282405126093164.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-1597618507237370838.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-1693662093071563194.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-2050303346404906055.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-2152234046758340195.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-2322170681159992527.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-2579393391082860801.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-2655139116462408370.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-2660685190265881163.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-2693958625766715759.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-2772359582838461993.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-277633226366441785.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-2966875361752626942.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-3285418261363569930.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-3368967736869851954.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-3883104774149210185.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-3927388871820235375.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-4357901798214817552.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-4435137094810706469.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-4867719907207584056.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-4915119198541620948.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-497691325044718060.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-5041571139663821346.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-5298583771613684351.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-5404596176792619336.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-5436230519259046926.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-5488970788518023421.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-5926867053411731920.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-5978009775714110788.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-5992259482951055293.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-6211726812930805704.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-679030288533355575.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-7271536439227443934.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-7419660240408400280.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-7535356345719708816.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-7583108576729096068.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-7731944208952284032.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-7796913836854001295.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-7842786112265413190.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-7847080536876798360.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-7858429047933700470.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-7939326032951974649.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-8092300151113432685.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-8259428039757108982.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-866201577470803534.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-8746450723210389972.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-9016622423493612609.dll C:\Users\Win10\AppData\Local\Temp\jre-8u73-windows-au.exe C:\Users\Win10\AppData\Local\Temp\PCMgr_Setup_11_3_17207_222.exe C:\Users\Win10\AppData\Local\Temp\PhLt3Q09xf.exe C:\Users\Win10\AppData\Local\Temp\qqpcmgr_v11.0.16779.224_74672_Silence.exe C:\Users\Win10\AppData\Local\Temp\set.exe C:\Users\Win10\AppData\Local\Temp\setup.dll C:\Users\Win10\AppData\Local\Temp\unrar.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-03-12 20:14 ==================== End of FRST.txt ============================

Profil

helen1 Poslao: 22 Mar 2016 00:11 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, Deinstaliraj preko Control Panela: TSearch ---------- Preuzmi Zemana AntiMalware i sacuvaj ga na Deskop. Kada preuzimanje bude zavrseno: Dvoklikom pokreni instalaciju i prati uputstva. Instalacija je standardna bez ikakvih dodatnih opcija. Nakon instalacije, program ce se automatski pokrenuti i sada je potrebno klikniti na Scan. Kada se skeniranje zavrsi, klikni Next kako bi uklonio sve pronadjene stavke. Ako ti zatrazi da restartujes racunar, klikni na Reboot. Ukoliko je racunar ozbiljno inficiran, nakon restarta ce uslediti jos jedno skeniranje. Nakon toga, potrebno je da dostavis izvestaj/e: Na tastaturi pritisni + R u isto vreme. Kopiraj sledecu komandu i potvrdi sa OK: `%USERPROFILE%\AppData\Local\Zemana\Zemana AntiMalware\reports` Najnovji izvestaj/e kopiraj na Deskop, a zatim ga prikaci u sledecoj poruci.

Profil

vrs1389 Poslao: 23 Mar 2016 20:01 Idi na vrh
offline vrs1389 Novi MyCity građanin Pridružio: 21 Mar 2016 Poruke: 15	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Obrisao sam sve. Hrom normalno radi, a Zemana je obrisao i kineski program (a nije bila opcija da se obrise u control panelu, cak ga tamo uopste nije ocitavao). Hvala puno na pomoci. mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

helen1 Poslao: 23 Mar 2016 21:11 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Odlicno, postavi mi novi FRST log i novi Addition log kao prvi put, da vidim da li je sve cisto.

Profil

vrs1389 Poslao: 24 Mar 2016 02:15 Idi na vrh
offline vrs1389 Novi MyCity građanin Pridružio: 21 Mar 2016 Poruke: 15	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: mycity.rs/must-login.png mycity.rs/must-login.png Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 Ran by Win10 (administrator) on DESKTOP-FCVLAPJ (24-03-2016 02:11:45) Running from C:\Users\Win10\Desktop Loaded Profiles: Win10 (Available Profiles: Win10) Platform: Windows 10 Pro (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe () C:\Users\Win10\AppData\Roaming\cpuminer\cpm.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [cpuminer] => C:\Users\Win10\AppData\Roaming\cpuminer\cpm.exe [1402880 2016-02-29] () HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12776176 2016-03-10] (Zemana Ltd.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-10-16] () HKLM-x32\...\Run: [apphide] => C:\Program Files (x86)\qq\qq.exe HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\QQPCTRAY.EXE" /regrun /qqrepair HKU\S-1-5-21-4141768178-2677256371-3011144849-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity) HKU\S-1-5-21-4141768178-2677256371-3011144849-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4177784 2016-01-15] (Disc Soft Ltd) HKU\S-1-5-21-4141768178-2677256371-3011144849-1001\...\Run: [apphide] => C:\Program Files (x86)\qq\qq.exe HKU\S-1-5-21-4141768178-2677256371-3011144849-1001\...\MountPoints2: {683a27ba-d324-11e5-9bd6-d8c8c5c082fd} - "D:\Autorun.exe" ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File Startup: C:\Users\Win10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NHL® 09 Registration.lnk [2016-03-23] ShortcutTarget: NHL® 09 Registration.lnk -> C:\Program Files (x86)\EA Sports\NHL 09\Support\EAregister.exe (Leader Technologies) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [S-1-5-21-4141768178-2677256371-3011144849-1001] => hxxp://un-stop.net/wpad.dat?217ee987a6b7301cff254953ab7f66777907261 Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{2c0272c6-460b-4241-adfe-5b99271948b0}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{2c0272c6-460b-4241-adfe-5b99271948b0}: [DhcpNameServer] 192.168.1.1 ManualProxies: 0hxxp://un-stop.net/wpad.dat?217ee987a6b7301cff254953ab7f66777907261 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hao.qq.com/?unc=o400493_1&s=o400493_1 BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2016-01-12] (Oracle Corporation) BHO: No Name -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> No File BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-12] (Oracle Corporation) BHO-x32: No Name -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-12] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-12] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Win10\AppData\Roaming\Mozilla\Firefox\Profiles\1u9vfzfi.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-23] () FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-12] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-12] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-23] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-12] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-12] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.ba/ CHR StartupUrls: Default -> "hxxp://www.google.ba/" CHR Profile: C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-12] CHR Extension: (Google Docs) - C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-12] CHR Extension: (Google Drive) - C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-12] CHR Extension: (YouTube) - C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-12] CHR Extension: (Google Search) - C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-12] CHR Extension: (Tampermonkey) - C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-01-28] CHR Extension: (Google Sheets) - C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-12] CHR Extension: (Google Docs Offline) - C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (AdBlock) - C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-12] CHR Extension: (Gmail) - C:\Users\Win10\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-12] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6940944 2016-02-16] (TeamViewer GmbH) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12776176 2016-03-10] (Zemana Ltd.) S2 QQPCRTP; "C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\QQPCRTP.exe" -r [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2016-01-12] (Advanced Micro Devices) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7593176 2015-07-10] (Broadcom Corporation) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-02-16] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-02-16] (Disc Soft Ltd) R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.) R1 MpKsl22bc9b82; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F05C7AA8-7E24-4DF1-BEDE-880BC0D653E4}\MpKsl22bc9b82.sys [44928 2016-03-23] (Microsoft Corporation) S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek ) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) R1 ZAM; C:\Windows\System32\drivers\zam64.sys [202144 2016-03-23] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [202144 2016-03-23] (Zemana Ltd.) S2 QQSysMonX64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\QQSysMonX64.sys [X] S3 TFsFlt; system32\Drivers\TFsFltX64.sys [X] S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\TSDefenseBT64.sys [X] S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-24 02:11 - 2016-03-24 02:12 - 00014151 _____ C:\Users\Win10\Desktop\FRST.txt 2016-03-24 02:11 - 2016-03-24 02:10 - 02374144 _____ (Farbar) C:\Users\Win10\Desktop\FRST64.exe 2016-03-24 02:10 - 2016-03-24 02:10 - 02374144 _____ (Farbar) C:\Users\Win10\Downloads\FRST64 (1).exe 2016-03-24 00:03 - 2016-03-24 00:25 - 00000000 ____D C:\Users\Win10\Documents\NHL09 2016-03-23 22:25 - 2016-03-23 22:25 - 00016148 _____ C:\Windows\system32\DESKTOP-FCVLAPJ_Win10_HistoryPrediction.bin 2016-03-23 21:01 - 2016-03-23 21:02 - 00002067 _____ C:\Users\Public\Desktop\NHL® 09.lnk 2016-03-23 21:01 - 2016-03-23 21:01 - 00000000 ____D C:\Users\Win10\AppData\Roaming\Leadertech 2016-03-23 20:55 - 2016-03-23 20:55 - 00000000 ____D C:\Program Files (x86)\EA Sports 2016-03-23 20:55 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2016-03-23 20:55 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll 2016-03-23 20:55 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll 2016-03-23 20:55 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2016-03-23 20:55 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2016-03-23 20:55 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll 2016-03-23 20:55 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll 2016-03-23 20:55 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2016-03-23 20:54 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2016-03-23 20:54 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll 2016-03-23 20:54 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2016-03-23 20:54 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll 2016-03-23 20:54 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2016-03-23 20:54 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll 2016-03-23 20:54 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2016-03-23 20:54 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll 2016-03-23 20:54 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll 2016-03-23 20:54 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2016-03-23 20:54 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2016-03-23 20:54 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll 2016-03-23 20:54 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2016-03-23 20:54 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll 2016-03-23 20:54 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2016-03-23 20:54 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll 2016-03-23 20:54 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2016-03-23 20:54 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll 2016-03-23 20:54 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2016-03-23 20:54 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll 2016-03-23 20:54 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2016-03-23 20:54 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll 2016-03-23 20:54 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2016-03-23 20:54 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll 2016-03-23 20:54 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2016-03-23 20:54 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll 2016-03-23 20:54 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2016-03-23 20:54 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll 2016-03-23 20:54 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2016-03-23 20:54 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll 2016-03-23 20:54 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2016-03-23 20:54 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll 2016-03-23 20:54 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2016-03-23 20:54 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll 2016-03-23 20:54 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2016-03-23 20:54 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll 2016-03-23 20:54 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2016-03-23 20:54 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2016-03-23 20:54 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2016-03-23 20:54 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2016-03-23 20:54 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2016-03-23 20:54 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2016-03-23 20:54 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2016-03-23 20:54 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2016-03-23 20:54 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2016-03-23 20:54 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2016-03-23 20:54 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2016-03-23 20:54 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2016-03-23 20:54 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2016-03-23 20:54 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2016-03-23 20:54 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2016-03-23 20:54 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll 2016-03-23 20:54 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2016-03-23 20:54 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2016-03-23 20:54 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2016-03-23 20:54 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2016-03-23 20:54 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2016-03-23 20:54 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2016-03-23 20:54 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2016-03-23 20:54 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2016-03-23 20:54 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2016-03-23 20:54 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2016-03-23 20:54 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2016-03-23 20:54 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2016-03-23 20:54 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2016-03-23 20:54 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2016-03-23 20:54 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2016-03-23 20:54 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2016-03-23 20:54 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2016-03-23 20:54 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2016-03-23 20:54 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2016-03-23 20:54 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2016-03-23 20:54 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2016-03-23 20:54 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2016-03-23 20:53 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2016-03-23 20:53 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2016-03-23 20:53 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2016-03-23 20:53 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2016-03-23 20:53 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2016-03-23 20:53 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2016-03-23 20:53 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2016-03-23 20:53 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2016-03-23 20:53 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2016-03-23 20:53 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2016-03-23 20:53 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2016-03-23 20:53 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2016-03-23 20:53 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2016-03-23 20:53 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2016-03-23 20:01 - 2016-03-23 20:01 - 00001994 _____ C:\Users\Win10\Downloads\564987_1323565833_2016.03.23-19.35.54-i1-t4294967295-d1.txt 2016-03-23 20:01 - 2016-03-23 20:01 - 00001136 _____ C:\Users\Win10\Downloads\564987_859864399_2016.03.23-19.56.54-i0-t92-d0.txt 2016-03-23 18:36 - 2016-03-23 21:29 - 00002269 _____ C:\Windows\ZAM_Guard.krnl.trace 2016-03-23 18:36 - 2016-03-23 19:57 - 00018039 _____ C:\Windows\ZAM.krnl.trace 2016-03-23 18:36 - 2016-03-23 18:36 - 00202144 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys 2016-03-23 18:36 - 2016-03-23 18:36 - 00202144 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys 2016-03-23 18:36 - 2016-03-23 18:36 - 00001231 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2016-03-23 18:36 - 2016-03-23 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2016-03-23 18:36 - 2016-03-23 18:36 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2016-03-23 18:31 - 2016-03-23 18:31 - 00000000 ____D C:\Users\Win10\AppData\Local\Zemana 2016-03-23 18:27 - 2016-03-23 18:28 - 05219864 _____ ( ) C:\Users\Win10\Downloads\Zemana.AntiMalware.Setup (1).exe 2016-03-22 17:58 - 2016-03-22 17:58 - 00020799 _____ C:\Users\Win10\Downloads\Servirka.pdf 2016-03-22 17:54 - 2016-03-22 17:54 - 00059199 _____ C:\Users\Win10\Downloads\PRAVILNIK O ZAPOŠLJAVANJU.pdf 2016-03-22 17:53 - 2016-03-22 17:53 - 00019881 _____ C:\Users\Win10\Downloads\ćIRILICA Javni poziv volonteri.pdf 2016-03-22 17:49 - 2016-03-22 17:49 - 00019745 _____ C:\Users\Win10\Downloads\Šef obezbjeđenja i tehničkog održavanja.pdf 2016-03-22 00:01 - 2016-03-22 00:01 - 00000000 ____D C:\Users\Win10\Desktop\my city 2016-03-21 23:43 - 2016-03-21 23:43 - 00000000 ____D C:\Users\Win10\Documents\Lightshot 2016-03-21 23:03 - 2016-03-21 23:04 - 00032038 _____ C:\Users\Win10\Downloads\Addition.txt 2016-03-21 23:02 - 2016-03-21 23:04 - 00049883 _____ C:\Users\Win10\Downloads\FRST.txt 2016-03-21 23:01 - 2016-03-24 02:11 - 00000000 ____D C:\FRST 2016-03-21 22:59 - 2016-03-21 22:59 - 02374144 _____ (Farbar) C:\Users\Win10\Downloads\FRST64.exe 2016-03-21 20:38 - 2016-03-21 20:38 - 00285374 _____ C:\Users\Win10\Downloads\GD-Anywhere-5.4.6.zip 2016-03-21 20:27 - 2016-03-21 20:27 - 00034816 _____ (Microsoft) C:\Users\Win10\Downloads\GameDebatePcSystemChecker.exe 2016-03-21 16:11 - 2016-03-21 16:11 - 00000186 _____ C:\Users\Win10\Desktop\Buy RAR Password Recovery Now!.url 2016-03-21 16:11 - 2016-03-21 16:11 - 00000000 ____D C:\Users\Win10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery 2016-03-21 16:10 - 2016-03-21 16:10 - 00749404 _____ C:\Users\Win10\Downloads\rar-password-recovery.exe 2016-03-21 16:10 - 2016-03-21 16:10 - 00000000 ____D C:\Program Files (x86)\Intelore 2016-03-21 16:06 - 2016-03-21 16:06 - 00000000 ____D C:\Users\Win10\AppData\Roaming\SpringFiles 2016-03-21 16:03 - 2016-03-21 16:03 - 04263936 _____ C:\Users\Win10\Downloads\NBA.2K9_-_RELOADED.rar_password.iso 2016-03-21 08:19 - 2016-03-21 08:19 - 00000258 __RSH C:\Users\Win10\ntuser.pol 2016-03-20 16:53 - 2016-03-20 16:53 - 00000000 ____D C:\Users\Win10\Downloads\Minosta4u.com__29.01.2016_OFFICIALDownload 2016-03-20 16:50 - 2016-03-20 16:51 - 05739709 _____ C:\Users\Win10\Downloads\Minosta4u.com__29.01.2016_OFFICIALDownload.rar 2016-03-20 15:54 - 2016-03-20 15:55 - 06128213 _____ C:\Users\Win10\Downloads\PES 2013 Patch Full Transfers Newest 2015_2016.rar 2016-03-19 20:24 - 2016-03-19 20:24 - 00014167 _____ C:\Users\Win10\Downloads\NBA.2K9 - RELOADED.torrent 2016-03-18 23:37 - 2016-03-18 23:37 - 00000000 ____D C:\Users\Win10\Documents\KONAMI 2016-03-12 18:51 - 2016-03-12 18:51 - 00251970 _____ C:\Users\Win10\Downloads\Zakonsko-nasljedno-pravo-1.pptx 2016-03-08 22:46 - 2016-02-23 15:53 - 01314496 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-03-08 22:46 - 2016-02-23 15:51 - 00633184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys 2016-03-08 22:46 - 2016-02-23 15:48 - 01294352 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-03-08 22:46 - 2016-02-23 15:48 - 01123952 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2016-03-08 22:46 - 2016-02-23 15:41 - 00299600 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL 2016-03-08 22:46 - 2016-02-23 15:41 - 00078040 _____ (Microsoft Corporation) C:\Windows\system32\wkscli.dll 2016-03-08 22:46 - 2016-02-23 15:40 - 00110584 _____ (Microsoft Corporation) C:\Windows\system32\srvcli.dll 2016-03-08 22:46 - 2016-02-23 15:38 - 00272752 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll 2016-03-08 22:46 - 2016-02-23 15:36 - 00080128 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll 2016-03-08 22:46 - 2016-02-23 15:11 - 00658784 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll 2016-03-08 22:46 - 2016-02-23 15:08 - 03622272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-03-08 22:46 - 2016-02-23 15:07 - 22322624 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2016-03-08 22:46 - 2016-02-23 14:30 - 01643872 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2016-03-08 22:46 - 2016-02-23 14:23 - 00952968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-03-08 22:46 - 2016-02-23 14:11 - 00249976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMASF.DLL 2016-03-08 22:46 - 2016-02-23 14:09 - 00229352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll 2016-03-08 22:46 - 2016-02-23 14:06 - 00069232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2016-03-08 22:46 - 2016-02-23 13:50 - 00395264 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll 2016-03-08 22:46 - 2016-02-23 13:42 - 00467296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll 2016-03-08 22:46 - 2016-02-23 13:39 - 02879024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-03-08 22:46 - 2016-02-23 13:38 - 20858360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2016-03-08 22:46 - 2016-02-23 13:20 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2016-03-08 22:46 - 2016-02-23 13:16 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-03-08 22:46 - 2016-02-23 12:59 - 00319488 _____ (Microsoft Corporation) C:\Windows\system32\NetworkBindingEngineMigPlugin.dll 2016-03-08 22:46 - 2016-02-23 12:59 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys 2016-03-08 22:46 - 2016-02-23 12:55 - 24592896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-03-08 22:46 - 2016-02-23 12:45 - 12504576 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-03-08 22:46 - 2016-02-23 12:45 - 06788608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2016-03-08 22:46 - 2016-02-23 12:42 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll 2016-03-08 22:46 - 2016-02-23 12:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2016-03-08 22:46 - 2016-02-23 12:38 - 02663424 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll 2016-03-08 22:46 - 2016-02-23 12:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll 2016-03-08 22:46 - 2016-02-23 12:17 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll 2016-03-08 22:46 - 2016-02-23 12:17 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll 2016-03-08 22:46 - 2016-02-23 12:14 - 00841728 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2016-03-08 22:46 - 2016-02-23 12:04 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe 2016-03-08 22:46 - 2016-02-23 12:03 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll 2016-03-08 22:46 - 2016-02-23 12:02 - 03587584 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys 2016-03-08 22:46 - 2016-02-23 11:55 - 19326464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-03-08 22:46 - 2016-02-23 11:55 - 14241792 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2016-03-08 22:46 - 2016-02-23 11:51 - 00915456 _____ (Microsoft Corporation) C:\Windows\system32\configurationclient.dll 2016-03-08 22:46 - 2016-02-23 11:51 - 00678912 _____ (Microsoft Corporation) C:\Windows\system32\scapi.dll 2016-03-08 22:46 - 2016-02-23 11:48 - 21859840 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll 2016-03-08 22:46 - 2016-02-23 11:48 - 05157376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2016-03-08 22:46 - 2016-02-23 11:46 - 00400384 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll 2016-03-08 22:46 - 2016-02-23 11:45 - 01844736 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe 2016-03-08 22:46 - 2016-02-23 11:45 - 00574464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll 2016-03-08 22:46 - 2016-02-23 11:45 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll 2016-03-08 22:46 - 2016-02-23 11:45 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2016-03-08 22:46 - 2016-02-23 11:44 - 01821696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll 2016-03-08 22:46 - 2016-02-23 11:38 - 07524864 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll 2016-03-08 22:46 - 2016-02-23 11:29 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll 2016-03-08 22:46 - 2016-02-23 11:17 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll 2016-03-08 22:46 - 2016-02-23 11:11 - 12589056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2016-03-08 22:46 - 2016-02-23 11:03 - 01495040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe 2016-03-08 22:46 - 2016-02-23 11:00 - 11263488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-03-08 22:46 - 2016-02-23 11:00 - 05457408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll 2016-03-08 22:46 - 2016-02-23 10:58 - 18800640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll 2016-03-08 22:45 - 2016-02-23 15:52 - 00858408 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2016-03-08 22:45 - 2016-02-23 15:51 - 00146784 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2016-03-08 22:45 - 2016-02-23 15:50 - 00630160 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2016-03-08 22:45 - 2016-02-23 15:48 - 08022368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-03-08 22:45 - 2016-02-23 15:41 - 01150816 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-03-08 22:45 - 2016-02-23 15:11 - 00781984 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll 2016-03-08 22:45 - 2016-02-23 15:11 - 00103776 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll 2016-03-08 22:45 - 2016-02-23 14:39 - 00607416 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe 2016-03-08 22:45 - 2016-02-23 14:25 - 01085632 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-03-08 22:45 - 2016-02-23 14:21 - 00529456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2016-03-08 22:45 - 2016-02-23 14:21 - 00141152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2016-03-08 22:45 - 2016-02-23 14:11 - 00073360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srvcli.dll 2016-03-08 22:45 - 2016-02-23 14:11 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wkscli.dll 2016-03-08 22:45 - 2016-02-23 13:58 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe 2016-03-08 22:45 - 2016-02-23 13:50 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\NetCfgNotifyObjectHost.exe 2016-03-08 22:45 - 2016-02-23 13:42 - 00658536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll 2016-03-08 22:45 - 2016-02-23 13:42 - 00078176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll 2016-03-08 22:45 - 2016-02-23 13:35 - 00365568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-03-08 22:45 - 2016-02-23 13:17 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll 2016-03-08 22:45 - 2016-02-23 13:15 - 00539728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe 2016-03-08 22:45 - 2016-02-23 13:15 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2016-03-08 22:45 - 2016-02-23 12:57 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll 2016-03-08 22:45 - 2016-02-23 12:37 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetCfgNotifyObjectHost.exe 2016-03-08 22:45 - 2016-02-23 12:25 - 00303104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2016-03-08 22:45 - 2016-02-23 12:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll 2016-03-08 22:45 - 2016-02-23 12:08 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll 2016-03-08 22:45 - 2016-02-23 12:03 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-03-08 22:45 - 2016-02-23 11:17 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2016-03-04 18:13 - 2016-03-04 18:13 - 00002619 _____ C:\Users\Public\Desktop\Cossacks - European Wars.lnk 2016-03-04 18:13 - 2016-03-04 18:13 - 00002601 _____ C:\Users\Public\Desktop\Cossacks - Back To War.lnk 2016-03-04 18:13 - 2016-03-04 18:13 - 00002524 _____ C:\Users\Public\Desktop\Cossacks - Art Of War.lnk 2016-03-04 18:13 - 2016-03-04 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2016-03-04 18:10 - 2016-03-04 18:10 - 00000000 ____D C:\Program Files (x86)\GOG.com 2016-03-04 16:12 - 2016-03-19 23:25 - 00000000 ____D C:\Windows\GJFix 2016-03-04 15:57 - 2016-03-04 16:00 - 39301963 _____ C:\Users\Win10\Downloads\c2_patch_v1_2.exe 2016-03-04 14:54 - 2016-03-04 14:54 - 00003216 _____ C:\Windows\System32\Tasks\{7699AA81-4158-48A1-B1DD-B1C2D2711B4A} 2016-03-04 14:35 - 2016-03-04 16:11 - 00000000 ____D C:\Program Files (x86)\GSC Game World 2016-03-04 12:31 - 2016-03-04 12:31 - 00037436 _____ C:\Users\Win10\Downloads\2016-01-03-Preliminarna_lista-Student_generacije-2015.pdf 2016-03-03 20:03 - 2016-03-03 20:03 - 00000000 ____D C:\ProgramData\Steam 2016-03-03 19:40 - 2016-03-03 19:40 - 00000000 ____D C:\Users\Win10\AppData\LocalLow\Z_Software GmbH 2016-03-03 12:19 - 2016-03-10 19:52 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics 2016-03-02 19:20 - 2016-03-02 19:20 - 00000000 ____D C:\Users\Win10\Documents\American Truck Simulator 2016-03-02 19:20 - 2016-03-02 19:20 - 00000000 ____D C:\Users\Win10\AppData\Roaming\Steam 2016-03-02 13:05 - 2016-03-02 13:05 - 00005120 ___SH C:\Users\Win10\Downloads\Thumbs.db 2016-03-01 17:22 - 2016-03-01 17:22 - 00000000 ____D C:\Users\Win10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NBA 2K9 2016-03-01 17:16 - 2016-03-01 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件 2016-03-01 16:16 - 2016-03-22 00:16 - 00000000 ____D C:\ProgramData\TXQMPC 2016-03-01 14:39 - 2016-03-01 14:39 - 00000000 ____D C:\Users\Win10\AppData\Local\UCBrowser 2016-03-01 14:32 - 2016-03-01 14:32 - 00000000 ____D C:\Program Files\Common Files\Tencent 2016-03-01 14:31 - 2016-03-01 17:14 - 00000000 ____D C:\Users\Win10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2016-03-01 14:30 - 2016-03-10 19:38 - 00000000 ____D C:\Users\Win10\AppData\Roaming\Tencent 2016-03-01 14:30 - 2016-03-01 16:15 - 00000000 ____D C:\ProgramData\Tencent 2016-03-01 14:30 - 2016-03-01 14:30 - 00000000 ____D C:\Program Files (x86)\Tencent 2016-03-01 14:23 - 2016-03-01 14:23 - 00000000 ____D C:\Users\Win10\AppData\Roaming\gplyra 2016-03-01 14:23 - 2016-03-01 14:23 - 00000000 ____D C:\Users\Win10\AppData\Roaming\cpuminer 2016-03-01 14:22 - 2016-03-23 19:22 - 00000000 ____D C:\Program Files (x86)\qq 2016-02-29 13:40 - 2016-02-29 13:40 - 00120599 _____ C:\Users\Win10\Downloads\[kat.cr]nba.2k9.reloaded.torrent 2016-02-29 00:35 - 2016-02-29 00:35 - 00000000 ____D C:\Users\Win10\Documents\Ashampoo Burning Studio 2015 2016-02-29 00:34 - 2016-02-29 00:34 - 00000000 ____D C:\Users\Win10\AppData\Roaming\Ashampoo 2016-02-29 00:30 - 2016-02-29 00:30 - 00001410 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 2015.lnk 2016-02-29 00:30 - 2016-02-29 00:30 - 00000214 _____ C:\Users\Public\Desktop\Your Software Deals.url 2016-02-29 00:30 - 2016-02-29 00:30 - 00000000 ____D C:\Users\Win10\AppData\Local\ashampoo 2016-02-29 00:30 - 2016-02-29 00:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2016-02-29 00:29 - 2016-02-29 00:30 - 00000000 ____D C:\ProgramData\Ashampoo 2016-02-29 00:29 - 2016-02-29 00:29 - 00000000 ____D C:\Program Files (x86)\Ashampoo 2016-02-29 00:05 - 2016-02-29 00:05 - 00000000 ____D C:\ProgramData\Canneverbe Limited 2016-02-28 23:38 - 2016-02-28 23:38 - 00024265 _____ C:\Users\Win10\Downloads\215852-insidious.chapter.3.2015.1080p.bluray.x264.anoxmous.zip 2016-02-28 23:36 - 2016-02-28 23:36 - 00024239 _____ C:\Users\Win10\Downloads\210931-insidious.chapter.3.2015.zip 2016-02-28 23:14 - 2016-02-28 23:14 - 00028891 _____ C:\Users\Win10\Downloads\219358-poltergeist2015.zip 2016-02-28 22:51 - 2016-02-28 22:51 - 00001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player PRO.lnk 2016-02-28 22:51 - 2016-02-28 22:51 - 00001230 _____ C:\Users\Public\Desktop\BS.Player PRO.lnk 2016-02-28 22:51 - 2016-02-28 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webteh 2016-02-28 22:49 - 2016-02-28 22:57 - 00000000 ____D C:\Users\Win10\AppData\Roaming\BSplayer PRO 2016-02-28 22:49 - 2016-02-28 22:49 - 00000000 ____D C:\Program Files (x86)\Webteh 2016-02-28 16:23 - 2016-02-28 16:23 - 00015072 _____ C:\Users\Win10\Downloads\Snakes.on.a.Plane.(2006).torrent 2016-02-28 14:54 - 2016-02-28 14:54 - 00015685 _____ C:\Users\Win10\Downloads\[kat.cr]orphan.2009.720p.brrip.yify.torrent 2016-02-28 11:58 - 2016-02-28 11:58 - 00001126 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2016-02-28 11:58 - 2016-02-28 11:58 - 00001114 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk 2016-02-28 11:55 - 2016-02-28 11:57 - 09786744 _____ (TeamViewer GmbH) C:\Users\Win10\Downloads\TeamViewer_Setup_sr.exe 2016-02-27 15:30 - 2016-02-27 15:30 - 00000000 ____D C:\Users\Win10\AppData\Local\Comms 2016-02-24 15:09 - 2016-02-24 15:12 - 00000000 ____D C:\Users\Win10\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 2016-02-24 14:15 - 2016-02-24 14:15 - 00000000 ____D C:\Windows\system32\appmgmt 2016-02-23 15:55 - 2016-02-23 15:55 - 00502362 _____ C:\Users\Win10\Downloads\Лед расвета, уштеда електричне енергије.pptx ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-24 01:51 - 2016-02-21 12:07 - 00000420 _____ C:\Windows\Tasks\update-sys.job 2016-03-24 01:44 - 2016-01-12 10:33 - 00000972 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-24 01:34 - 2016-02-16 16:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-03-24 00:55 - 2016-02-21 12:07 - 00000420 _____ C:\Windows\Tasks\update-S-1-5-21-4141768178-2677256371-3011144849-1001.job 2016-03-23 20:58 - 2016-01-30 12:48 - 00000000 ____D C:\Users\Win10\AppData\Roaming\BitTorrent 2016-03-23 20:52 - 2016-02-06 23:51 - 00000000 ____D C:\Users\Win10\AppData\Local\LogMeIn Hamachi 2016-03-23 19:25 - 2016-01-15 23:35 - 00000000 ____D C:\ProgramData\MCShield 2016-03-23 19:25 - 2016-01-12 10:33 - 00000968 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-03-23 19:24 - 2015-07-10 13:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-23 19:23 - 2015-07-10 10:05 - 00262144 ___SH C:\Windows\system32\config\BBI 2016-03-23 19:22 - 2016-02-16 15:34 - 00000000 ____D C:\Program Files (x86)\SearchesToYesbnd 2016-03-23 19:22 - 2016-01-12 11:08 - 00000000 ____D C:\Windows\AutoKMS 2016-03-23 19:22 - 2016-01-12 10:33 - 00001253 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-03-23 19:22 - 2016-01-12 10:33 - 00001253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-03-23 19:00 - 2016-01-22 18:48 - 00169472 ___SH C:\Users\Win10\Desktop\Thumbs.db 2016-03-23 09:25 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps 2016-03-23 09:25 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\AppReadiness 2016-03-22 01:04 - 2016-01-12 10:21 - 00000000 ____D C:\Users\Win10 2016-03-21 20:36 - 2015-07-10 11:55 - 00000000 ____D C:\Windows\CbsTemp 2016-03-21 17:10 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\NDF 2016-03-20 15:58 - 2016-02-16 15:36 - 00001094 __RSH C:\ProgramData\ntuser.pol 2016-03-20 15:58 - 2015-07-10 12:04 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2016-03-17 09:26 - 2016-01-12 10:21 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-03-17 09:25 - 2015-07-10 13:20 - 00350104 _____ C:\Windows\system32\FNTCACHE.DAT 2016-03-17 09:22 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Windows Portable Devices 2016-03-17 09:22 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Windows Multimedia Platform 2016-03-17 09:22 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2016-03-17 09:22 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform 2016-03-17 09:22 - 2015-07-10 12:02 - 00000000 ____D C:\Windows\INF 2016-03-11 00:11 - 2016-01-12 17:56 - 00000000 ____D C:\Windows\system32\MRT 2016-03-10 23:49 - 2016-01-12 17:56 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-03-10 22:35 - 2016-02-16 16:07 - 00003816 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-03-08 13:47 - 2016-02-06 22:49 - 00000000 ____D C:\Users\Win10\AppData\Local\ElevatedDiagnostics 2016-03-08 11:37 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\rescache 2016-03-08 08:10 - 2016-01-12 18:00 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-03-08 08:10 - 2016-01-12 18:00 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-03-04 22:10 - 2016-02-07 22:53 - 00000617 _____ C:\Users\Win10\Desktop\New Text Document.txt 2016-03-04 15:37 - 2015-07-10 11:59 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00395264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe 2016-03-04 15:37 - 2015-07-10 11:59 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe 2016-03-04 15:37 - 2015-07-10 11:59 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe 2016-03-04 15:37 - 2015-07-10 11:59 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\dpnlobby.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnlobby.dll 2016-03-04 15:37 - 2015-07-10 11:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll 2016-03-01 14:35 - 2016-01-12 10:24 - 00000000 ____D C:\Program Files\KMSpico 2016-03-01 14:32 - 2016-01-12 10:21 - 00000000 ____D C:\Users\Win10\AppData\Local\VirtualStore 2016-02-29 01:59 - 2016-01-12 10:13 - 00830266 _____ C:\Windows\system32\PerfStringBackup.INI 2016-02-28 11:58 - 2016-02-18 20:52 - 00000000 ____D C:\Program Files (x86)\TeamViewer ==================== Files in the root of some directories ======= 2016-01-12 17:46 - 2016-01-12 17:46 - 0000000 _____ () C:\Program Files (x86)\Common Files\AMD 2016-02-16 02:05 - 2016-02-16 02:05 - 0970512 _____ () C:\Users\Win10\AppData\Local\Picture-Resizer_1490.rar 2016-02-07 00:48 - 2016-02-07 00:48 - 0000017 _____ () C:\Users\Win10\AppData\Local\resmon.resmoncfg 2016-02-21 12:07 - 2016-02-21 12:07 - 0000003 _____ () C:\Users\Win10\AppData\Local\updater.log 2016-02-21 12:07 - 2016-02-21 12:07 - 0000424 _____ () C:\Users\Win10\AppData\Local\UserProducts.xml Some files in TEMP: ==================== C:\Users\Win10\AppData\Local\Temp\bitool.dll C:\Users\Win10\AppData\Local\Temp\Browser_V5.5.10106.5_r_4648_(Build1601261105).exe C:\Users\Win10\AppData\Local\Temp\CmdLineExt03.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-107054822150219079.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-1072400062475750900.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-1179064842325943540.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-1376279452559632766.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-1401263502221677697.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-1416282405126093164.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-1597618507237370838.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-1693662093071563194.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-2050303346404906055.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-2152234046758340195.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-2322170681159992527.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-2579393391082860801.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-2655139116462408370.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-2660685190265881163.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-2693958625766715759.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-2772359582838461993.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-277633226366441785.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-2966875361752626942.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-3285418261363569930.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-3368967736869851954.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-3883104774149210185.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-3927388871820235375.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-4357901798214817552.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-4435137094810706469.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-4867719907207584056.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-4915119198541620948.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-497691325044718060.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-5041571139663821346.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-5298583771613684351.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-5404596176792619336.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-5436230519259046926.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-5488970788518023421.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-5926867053411731920.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-5978009775714110788.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-5992259482951055293.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-6211726812930805704.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-679030288533355575.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-7271536439227443934.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-7419660240408400280.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-7535356345719708816.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-7583108576729096068.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-7731944208952284032.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-7796913836854001295.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-7842786112265413190.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-7847080536876798360.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-7858429047933700470.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-7939326032951974649.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-8092300151113432685.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-8259428039757108982.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-866201577470803534.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-8746450723210389972.dll C:\Users\Win10\AppData\Local\Temp\jansi-64-9016622423493612609.dll C:\Users\Win10\AppData\Local\Temp\jre-8u73-windows-au.exe C:\Users\Win10\AppData\Local\Temp\setup.dll C:\Users\Win10\AppData\Local\Temp\unrar.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-03-22 13:46 ==================== End of FRST.txt ============================

Profil

helen1 Poslao: 24 Mar 2016 13:37 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kinez se ne predaje jos. 1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod: CreateRestorePoint: C:\Users\Win10\AppData\Roaming\cpuminer HKLM\...\Run: [cpuminer] => C:\Users\Win10\AppData\Roaming\cpuminer\cpm.exe [1402880 2016-02-29] () HKLM-x32\...\Run: [apphide] => C:\Program Files (x86)\qq\qq.exe HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\QQPCTRAY.EXE" /regrun /qqrepair C:\Program Files (x86)\Tencent C:\Program Files (x86)\qq HKU\S-1-5-21-4141768178-2677256371-3011144849-1001\...\Run: [apphide] => C:\Program Files (x86)\qq\qq.exe HKU\S-1-5-21-4141768178-2677256371-3011144849-1001\...\MountPoints2: {683a27ba-d324-11e5-9bd6-d8c8c5c082fd} - "D:\Autorun.exe" ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File AutoConfigURL: [S-1-5-21-4141768178-2677256371-3011144849-1001] => hxxp://un-stop.net/wpad.dat?217ee987a6b7301cff254953ab7f66777907261 ManualProxies: 0hxxp://un-stop.net/wpad.dat?217ee987a6b7301cff254953ab7f66777907261 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hao.qq.com/?unc=o400493_1&s=o400493_1 BHO: No Name -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> No File BHO-x32: No Name -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> No File S2 QQPCRTP; "C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\QQPCRTP.exe" -r [X] S2 QQSysMonX64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\QQSysMonX64.sys [X] S3 TFsFlt; system32\Drivers\TFsFltX64.sys [X] S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\TSDefenseBT64.sys [X] S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件 C:\ProgramData\TXQMPC C:\Program Files\Common Files\Tencent C:\Users\Win10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 C:\Users\Win10\AppData\Roaming\Tencent C:\ProgramData\Tencent C:\Program Files (x86)\Tencent C:\Users\Win10\AppData\Roaming\gplyra C:\Users\Win10\AppData\Roaming\cpuminer C:\Program Files (x86)\qq C:\Program Files (x86)\SearchesToYesbnd Task: {967BBB21-E977-452D-951B-FCA1BD5D734F} - \WinTaske -> No File <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service" EmptyTemp: 2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi. 3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj. Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema. Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku. Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Profil

vrs1389 Poslao: 25 Mar 2016 21:47 Idi na vrh
offline vrs1389 Novi MyCity građanin Pridružio: 21 Mar 2016 Poruke: 15	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by Win10 (2016-03-25 21:46:12) Run:1 Running from C:\Users\Win10\Desktop Loaded Profiles: Win10 (Available Profiles: Win10) Boot Mode: Normal ============================================== fixlist content: *************** *************** ==== End of Fixlog 21:46:22 ====

Profil

helen1 Poslao: 25 Mar 2016 21:54 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da li si siguran da si uradio sve kako je trebalo, posto je izvestaj prazan? To mozemo proveriti i tako sto ces mi dostaviti novi FRST izvestaj.

Profil

vrs1389 Poslao: 25 Mar 2016 22:37 Idi na vrh
offline vrs1389 Novi MyCity građanin Pridružio: 21 Mar 2016 Poruke: 15	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradio sam sada fix sa novim FRST izvjestajem, prosli put je bio od juce. Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by Win10 (2016-03-25 22:28:48) Run:2 Running from C:\Users\Win10\Desktop Loaded Profiles: Win10 (Available Profiles: Win10) Boot Mode: Normal ============================================== fixlist content: *************** CreateRestorePoint: C:\Users\Win10\AppData\Roaming\cpuminer HKLM\...\Run: [cpuminer] => C:\Users\Win10\AppData\Roaming\cpuminer\cpm.exe [1402880 2016-02-29] () HKLM-x32\...\Run: [apphide] => C:\Program Files (x86)\qq\qq.exe HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\QQPCTRAY.EXE" /regrun /qqrepair C:\Program Files (x86)\Tencent C:\Program Files (x86)\qq HKU\S-1-5-21-4141768178-2677256371-3011144849-1001\...\Run: [apphide] => C:\Program Files (x86)\qq\qq.exe HKU\S-1-5-21-4141768178-2677256371-3011144849-1001\...\MountPoints2: {683a27ba-d324-11e5-9bd6-d8c8c5c082fd} - "D:\Autorun.exe" ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File AutoConfigURL: [S-1-5-21-4141768178-2677256371-3011144849-1001] => hxxp://un-stop.net/wpad.dat?217ee987a6b7301cff254953ab7f66777907261 ManualProxies: 0hxxp://un-stop.net/wpad.dat?217ee987a6b7301cff254953ab7f66777907261 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hao.qq.com/?unc=o400493_1&s=o400493_1 BHO: No Name -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> No File BHO-x32: No Name -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> No File S2 QQPCRTP; "C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\QQPCRTP.exe" -r [X] S2 QQSysMonX64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\QQSysMonX64.sys [X] S3 TFsFlt; system32\Drivers\TFsFltX64.sys [X] S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\TSDefenseBT64.sys [X] S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???? C:\ProgramData\TXQMPC C:\Program Files\Common Files\Tencent C:\Users\Win10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???? C:\Users\Win10\AppData\Roaming\Tencent C:\ProgramData\Tencent C:\Program Files (x86)\Tencent C:\Users\Win10\AppData\Roaming\gplyra C:\Users\Win10\AppData\Roaming\cpuminer C:\Program Files (x86)\qq C:\Program Files (x86)\SearchesToYesbnd Task: {967BBB21-E977-452D-951B-FCA1BD5D734F} - \WinTaske -> No File <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service" EmptyTemp: *************** Restore point was successfully created. C:\Users\Win10\AppData\Roaming\cpuminer => moved successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\cpuminer => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\apphide => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ QQPCTray => value removed successfully C:\Program Files (x86)\Tencent => moved successfully C:\Program Files (x86)\qq => moved successfully HKU\S-1-5-21-4141768178-2677256371-3011144849-1001\Software\Microsoft\Windows\CurrentVersion\Run\\apphide => value removed successfully "HKU\S-1-5-21-4141768178-2677256371-3011144849-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{683a27ba-d324-11e5-9bd6-d8c8c5c082fd}" => key removed successfully HKCR\CLSID\{683a27ba-d324-11e5-9bd6-d8c8c5c082fd} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon" => key removed successfully HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6} => key not found. HKU\S-1-5-21-4141768178-2677256371-3011144849-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}" => key removed successfully HKCR\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904}" => key removed successfully HKCR\Wow6432Node\CLSID\{50F4150A-48B2-417A-BE4C-C83F580FB904} => key not found. QQPCRTP => service removed successfully QQSysMonX64 => service removed successfully TFsFlt => service removed successfully TSDefenseBt => service removed successfully wfpcapture => service removed successfully =========== "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????" ========== not found ========= End -> "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????" ======== C:\ProgramData\TXQMPC => moved successfully C:\Program Files\Common Files\Tencent => moved successfully =========== "C:\Users\Win10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????" ========== not found ========= End -> "C:\Users\Win10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????" ======== C:\Users\Win10\AppData\Roaming\Tencent => moved successfully C:\ProgramData\Tencent => moved successfully "C:\Program Files (x86)\Tencent" => not found. C:\Users\Win10\AppData\Roaming\gplyra => moved successfully "C:\Users\Win10\AppData\Roaming\cpuminer" => not found. "C:\Program Files (x86)\qq" => not found. C:\Program Files (x86)\SearchesToYesbnd => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{967BBB21-E977-452D-951B-FCA1BD5D734F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{967BBB21-E977-452D-951B-FCA1BD5D734F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinTaske" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP" => key removed successfully EmptyTemp: => 1.1 GB temporary data Removed. The system needed a reboot. ==== End of Fixlog 22:30:39 ====

Profil

helen1 Poslao: 25 Mar 2016 23:01 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! E, sad izgleda dobro. Aj mi samo uploaduj sve izvestaje koje nadjes na ovoj adresi: C:\Users\Win10\AppData\Local\Zemana\Zemana AntiMalware\reports

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Mislim da imam malware.

Ko je trenutno na forumu

Ukupno su 906 korisnika na forumu :: 48 registrovanih, 8 sakrivenih i 850 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, Alexandar-1973, amaterSRB, bankulen, Ben Roj, Bobrock1, bojcistv, Brana01, BSD, bufanje, cavatina, CikaKURE, comi_pfc, darionis, deLacy, djboj, dzoni19, Excalibur13, FOX, Frunze, Kaplar2, kikisp, Krvava Devetka, libellule_dk, Lubica, MB120mm, Mi lao shu, MIg, mikrimaus, milos.cbr, MilosKop, milutin134, misa2, mocnijogurt, nebojsag, nemkea71, powSrb, repac, RJ, rodoljub, Romibrat, Singidunumac, Sirius, vladaa012, vobo, YugoSlav, zbazin, 1107

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by