Iskakanje nepoznatih prozora

1

Iskakanje nepoznatih prozora

offline
  • eugrom  Male
  • Novi MyCity građanin
  • Student
  • Pridružio: 20 Okt 2014
  • Poruke: 18
  • Gde živiš: Beograd

Postovanje.
Koristim net na novom laptopu nekih 10 dana. Od juce su se poceli pojavljivati (iskakati) prozori, kao sto je za casino, neki download i slicno. Najcesce izlazi prozor sa casinom, Takodje sam primetio da po sajtovima ima vise reklama nego obicno. Prethodnih dana sam ulazio na sajt za onlajn igrice, mada nisam ulazio u nikakve reklame. Takodje, usao sam u sajt filmovizija, gde je krenula instalacija programa vaudix, koju nisam uspeo da zaustavim, ali sam je izbrisao iz programs i features. Koristim bezicni net, ne znam koje brzine, ali je jako brz. Koristim windows 8.1. i ESET koji nista ne pokazuje. Racunar je gotovo prazan, samo ima par slika, i gotovo nista nije dirano jer ga koristim oko mesec dana bez neta i 10 sa netom. Problem sam pokusao da resim sa adblock plus koji ne pokazuje rezultate. U nastavku prilazem FRST i Addition kao fajl.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014
Ran by Korisnik (administrator) on CLIENT on 20-10-2014 18:15:43
Running from C:\Users\Korisnik\Downloads
Loaded Profile: Korisnik (Available profiles: Korisnik)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5581888 2014-02-25] (ESET)
HKLM\...\Run: [TNOD UP] => C:\Program Files\ESET\TNod User & Password Finder\TNODUP.exe [1028800 2012-07-05] (Tukero[X]Team)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-766166941-1863158350-1466078941-1001\...\Run: [Google Update] => "C:\Users\Korisnik\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-766166941-1863158350-1466078941-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [21431912 2012-10-02] (Microsoft Corporation)
HKU\S-1-5-21-766166941-1863158350-1466078941-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5681449204E7CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.8,sr-Cyrl-RS;q=0.5,sr-Cyrl;q=0.3
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: NextCoup -> {1d4967af-6501-4d16-9b33-f7f337dffddd} -> C:\Program Files (x86)\NextCoup\rZ2RQfn98Qj7nT.dll ()
BHO-x32: NextCoup -> {2361e069-8d5c-4d1f-ae04-4f6491447461} -> C:\Program Files (x86)\NextCoup\IS0JPllOIi5dqM.dll ()
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 89.216.1.30 89.216.1.50

FireFox:
========
FF ProfilePath: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\3bzof60h.default
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Korisnik\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Korisnik\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Vaudix - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\3bzof60h.default\Extensions\4Y@LCD3.edu [2014-10-19]
FF Extension: NextCoup - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\3bzof60h.default\Extensions\fE@9l.org [2014-10-19]
FF Extension: NextCoup - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\3bzof60h.default\Extensions\GjWeMQzeu@la.org [2014-10-20]
FF Extension: YoutubeAdBlocke - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\3bzof60h.default\Extensions\x3fOg7I@N.com [2014-10-19]
FF Extension: Adblock Plus - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\3bzof60h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-20]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-08-09]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Vaudix) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf [2014-10-19]
CHR Extension: (Google документи) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-09]
CHR Extension: (Google диск) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-09]
CHR Extension: (YouTube) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-09]
CHR Extension: (Google претрага) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-09]
CHR Extension: (NextCoup) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci [2014-10-20]
CHR Extension: (Send to Kindle ) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan [2014-10-19]
CHR Extension: (Google новчаник) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-09]
CHR Extension: (NextCoup) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk [2014-10-19]
CHR Extension: (Gmail) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows (R) Win 7 DDK provider)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1343408 2014-02-25] (ESET)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [691480 2013-11-20] () [File not signed]
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-22] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [465624 2014-01-03] (Realsil Semiconductor Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 18:15 - 2014-10-20 18:17 - 00014180 _____ () C:\Users\Korisnik\Downloads\FRST.txt
2014-10-20 18:15 - 2014-10-20 18:15 - 00000000 ____D () C:\FRST
2014-10-20 18:14 - 2014-10-20 18:14 - 02111488 _____ (Farbar) C:\Users\Korisnik\Downloads\FRST64.exe
2014-10-20 17:59 - 2014-10-20 17:59 - 00000000 ___RD () C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-10-19 15:14 - 2014-10-20 17:57 - 00000000 ____D () C:\ProgramData\NextCoup
2014-10-19 15:14 - 2014-10-20 17:57 - 00000000 ____D () C:\Program Files (x86)\NextCoup
2014-10-19 15:14 - 2014-10-20 17:56 - 03750912 _____ () C:\Windows\SysWOW64\setup.exe
2014-10-19 15:09 - 2014-10-19 15:09 - 00000000 ____D () C:\ProgramData\APN
2014-10-19 15:08 - 2014-10-19 15:13 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\uTorrent
2014-10-19 15:00 - 2014-10-20 17:57 - 00000394 __RSH () C:\ProgramData\ntuser.pol
2014-10-19 15:00 - 2014-10-20 17:57 - 00000000 ____D () C:\ProgramData\YoutubeAdBlocke
2014-10-19 15:00 - 2014-10-20 17:57 - 00000000 ____D () C:\ProgramData\80165ca7ffaa3424
2014-10-19 15:00 - 2014-10-20 17:56 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdBlocke
2014-10-19 15:00 - 2014-10-19 15:15 - 00000000 ____D () C:\ProgramData\Vaudix
2014-10-19 15:00 - 2014-10-19 15:14 - 00000000 ____D () C:\Program Files (x86)\Vaudix
2014-10-19 15:00 - 2014-10-19 15:00 - 00000000 ____D () C:\Users\Korisnik\AppData\Local\Torch
2014-10-19 15:00 - 2014-10-19 15:00 - 00000000 ____D () C:\Users\Korisnik\AppData\Local\Comodo
2014-10-19 15:00 - 2014-10-19 15:00 - 00000000 ____D () C:\Users\Korisnik\AppData\Local\Chromatic Browser
2014-10-19 15:00 - 2014-10-19 15:00 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-10-19 15:00 - 2014-10-19 15:00 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-10-19 15:00 - 2014-10-19 15:00 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-10-19 15:00 - 2014-10-19 15:00 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-10-19 15:00 - 2014-10-19 15:00 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-10-19 15:00 - 2014-10-19 15:00 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-10-19 15:00 - 2014-10-19 15:00 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-10-19 15:00 - 2014-10-19 15:00 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-10-19 15:00 - 2014-10-19 15:00 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-10-19 15:00 - 2014-10-19 15:00 - 00000000 ____D () C:\Users\Guest
2014-10-19 15:00 - 2014-10-19 15:00 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-10-19 15:00 - 2014-10-19 15:00 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-10-19 15:00 - 2014-10-19 15:00 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-10-19 15:00 - 2014-10-19 15:00 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-10-19 15:00 - 2014-10-19 15:00 - 00000000 ____D () C:\Users\Administrator
2014-10-16 13:39 - 2014-10-16 13:39 - 00012288 ___SH () C:\Users\Korisnik\Desktop\Thumbs.db
2014-10-15 22:09 - 2014-10-15 22:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-15 22:09 - 2014-10-15 22:09 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-15 22:09 - 2014-10-15 22:09 - 00000000 ____D () C:\ProgramData\Sun
2014-10-15 22:08 - 2014-10-15 22:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-15 10:24 - 2014-08-29 01:56 - 02646016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-15 10:24 - 2014-08-29 01:47 - 02321920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-15 10:24 - 2014-08-23 09:48 - 02374784 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-10-15 10:24 - 2014-08-23 09:13 - 02084520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-10-15 10:24 - 2014-08-23 08:10 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-10-15 10:24 - 2014-08-23 07:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-10-15 10:24 - 2014-08-23 06:44 - 02860032 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-10-15 10:24 - 2014-08-23 06:34 - 13423104 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-10-15 10:24 - 2014-08-23 06:33 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-10-15 10:24 - 2014-08-23 06:31 - 01038336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-10-15 10:24 - 2014-08-23 06:20 - 11818496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-10-15 10:23 - 2014-09-28 00:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 10:23 - 2014-09-13 08:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 10:23 - 2014-09-13 07:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 10:23 - 2014-08-29 03:58 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-10-15 10:22 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 10:22 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 10:22 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 10:22 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 10:22 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 10:22 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 10:22 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 10:22 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 10:22 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 10:22 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 10:22 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 10:22 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 10:21 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 10:21 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 10:21 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 10:21 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 10:21 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 10:21 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 10:21 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 10:21 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 10:21 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 10:21 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 10:21 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 10:21 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 10:21 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 10:21 - 2014-09-19 02:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 10:21 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 10:21 - 2014-09-19 02:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 10:21 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 10:21 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 10:21 - 2014-09-04 01:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-15 10:21 - 2014-09-04 01:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-15 10:20 - 2014-09-08 05:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-15 10:20 - 2014-09-08 03:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-15 10:20 - 2014-09-08 03:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-15 10:20 - 2014-09-08 02:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-15 10:20 - 2014-09-08 02:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-15 10:20 - 2014-09-08 02:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-15 10:20 - 2014-09-08 02:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-15 10:20 - 2014-09-08 02:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-15 10:20 - 2014-09-08 02:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-15 10:20 - 2014-09-08 02:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-15 10:20 - 2014-09-08 01:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-15 10:20 - 2014-09-08 01:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-15 10:20 - 2014-09-08 01:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-15 10:20 - 2014-09-08 01:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-15 10:20 - 2014-09-04 02:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 10:20 - 2014-09-04 02:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-10-15 10:20 - 2014-09-04 02:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 10:20 - 2014-07-24 12:33 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-10-15 10:19 - 2014-10-10 00:16 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 10:19 - 2014-10-09 00:09 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 10:19 - 2014-09-19 03:24 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 10:19 - 2014-09-13 08:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 10:19 - 2014-09-13 07:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 10:19 - 2014-08-16 06:08 - 21195616 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-15 10:19 - 2014-08-16 06:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-10-15 10:19 - 2014-08-16 06:01 - 01710184 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-15 10:19 - 2014-08-16 05:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-15 10:19 - 2014-08-16 05:57 - 02498880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-15 10:19 - 2014-08-16 05:57 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-15 10:19 - 2014-08-16 05:16 - 18722600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-15 10:19 - 2014-08-16 05:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-10-15 10:19 - 2014-08-16 05:03 - 01467384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-15 10:19 - 2014-08-16 03:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-10-15 10:19 - 2014-08-16 03:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2014-10-15 10:19 - 2014-08-16 02:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-10-15 10:19 - 2014-08-16 02:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-10-15 10:19 - 2014-08-16 02:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2014-10-15 10:19 - 2014-08-16 02:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-10-15 10:19 - 2014-08-16 02:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2014-10-15 10:19 - 2014-08-16 02:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-10-15 10:19 - 2014-08-16 02:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-10-15 10:19 - 2014-08-16 02:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2014-10-15 10:19 - 2014-08-16 02:29 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 10:19 - 2014-08-16 02:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-10-15 10:19 - 2014-08-16 02:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-10-15 10:19 - 2014-08-16 02:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-10-15 10:19 - 2014-08-16 02:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 10:19 - 2014-08-16 02:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-10-15 10:19 - 2014-08-16 02:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-10-15 10:19 - 2014-08-16 02:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-10-15 10:19 - 2014-08-16 02:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 10:19 - 2014-08-16 02:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-10-15 10:19 - 2014-08-16 02:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-10-15 10:19 - 2014-08-16 02:11 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-10-15 10:19 - 2014-08-16 02:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-10-15 10:19 - 2014-08-16 02:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 10:19 - 2014-08-16 02:07 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-10-15 10:19 - 2014-08-01 01:22 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-15 10:19 - 2014-07-24 17:28 - 00468288 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-10-15 10:19 - 2014-07-24 13:42 - 01200640 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2014-10-15 10:19 - 2014-07-24 13:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys
2014-10-15 10:19 - 2014-07-24 12:09 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-10-15 10:19 - 2014-07-24 11:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-10-14 23:40 - 2014-10-14 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-14 12:47 - 2014-09-30 00:45 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-14 12:47 - 2014-09-30 00:45 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-14 12:41 - 2014-10-19 11:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-13 19:58 - 2014-10-13 19:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-13 19:58 - 2014-10-13 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-13 19:49 - 2014-10-13 19:49 - 00000000 ____D () C:\Users\Korisnik\AppData\Local\Macromedia
2014-10-13 19:48 - 2014-10-20 18:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-13 19:48 - 2014-10-13 19:48 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-13 19:48 - 2014-10-13 19:48 - 00002182 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-10-13 19:48 - 2014-10-13 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-10-13 19:48 - 2014-10-13 19:48 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-13 19:48 - 2014-10-13 19:48 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-13 19:48 - 2014-10-13 19:48 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-10-13 18:13 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-13 17:42 - 2014-08-16 03:32 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-13 17:42 - 2014-08-16 03:25 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-13 17:42 - 2014-08-16 03:11 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-13 17:42 - 2014-08-16 03:03 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-13 17:42 - 2014-08-16 02:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-13 17:42 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-13 17:42 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-13 16:36 - 2014-09-05 04:36 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-10-13 16:36 - 2014-06-28 09:07 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-10-13 16:36 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-10-13 16:36 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-10-13 16:36 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-10-13 16:36 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-10-13 16:36 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-10-13 16:35 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\Windows\system32\mrt_map.dll
2014-10-13 16:35 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\Windows\system32\mrt100.dll
2014-10-13 16:35 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt_map.dll
2014-10-13 16:35 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt100.dll
2014-10-13 16:32 - 2014-05-13 09:01 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2014-10-13 16:32 - 2014-05-03 07:36 - 00997888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-10-13 16:32 - 2014-05-03 07:19 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll
2014-10-13 16:32 - 2014-05-03 07:08 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2014-10-13 16:32 - 2014-05-03 07:07 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2014-10-13 16:32 - 2014-05-03 06:46 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll
2014-10-13 16:32 - 2014-05-03 06:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2014-10-13 16:32 - 2014-05-03 06:37 - 00207360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2014-10-13 16:32 - 2014-05-03 01:26 - 00050745 _____ () C:\Windows\system32\srms.dat
2014-10-13 16:32 - 2014-05-01 07:44 - 01025536 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-10-13 16:32 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
2014-10-13 16:32 - 2014-04-30 08:41 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-10-13 16:32 - 2014-04-30 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2014-10-13 16:32 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2014-10-13 16:32 - 2014-04-30 07:45 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-10-13 16:32 - 2014-04-30 06:48 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-10-13 16:32 - 2014-04-30 06:24 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-10-13 16:32 - 2014-04-30 06:23 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2014-10-13 16:32 - 2014-04-30 06:23 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-10-13 16:32 - 2014-04-30 06:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2014-10-13 16:32 - 2014-04-30 06:14 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-10-13 16:32 - 2014-04-30 05:59 - 01063424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-10-13 16:32 - 2014-04-30 05:46 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2014-10-13 16:32 - 2014-04-30 05:46 - 00229888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-10-13 16:32 - 2014-04-30 05:46 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-10-13 16:32 - 2014-04-30 05:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2014-10-13 16:32 - 2014-04-30 05:42 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2014-10-13 16:32 - 2014-04-29 00:40 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2014-10-13 16:32 - 2014-04-27 00:03 - 02140888 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-10-13 16:32 - 2014-04-26 22:14 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-10-13 16:32 - 2014-04-26 20:41 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfg.exe
2014-10-13 16:32 - 2014-04-26 20:22 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll
2014-10-13 16:32 - 2014-04-26 20:04 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2014-10-13 16:32 - 2014-04-26 19:36 - 00794112 _____ (Microsoft Corporation) C:\Windows\system32\fvewiz.dll
2014-10-13 16:32 - 2014-04-26 18:39 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2014-10-13 16:32 - 2014-04-14 11:37 - 02125344 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-10-13 16:32 - 2014-04-14 10:08 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-10-13 16:32 - 2014-04-14 07:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2014-10-13 16:32 - 2014-04-09 08:11 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-10-13 16:32 - 2014-04-09 07:20 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-10-13 16:29 - 2014-04-18 16:57 - 00032600 _____ (Microsoft Corporation) C:\Windows\system32\ploptin.dll
2014-10-13 16:29 - 2014-04-18 11:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\energyprov.dll
2014-10-13 16:29 - 2014-04-18 10:32 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-10-13 16:29 - 2014-04-14 11:20 - 00324888 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2014-10-13 16:29 - 2014-04-14 10:01 - 00285144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2014-10-13 16:29 - 2014-04-11 06:51 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-10-13 16:29 - 2014-04-11 06:23 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-10-13 16:29 - 2014-04-11 05:30 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2014-10-13 16:29 - 2014-04-09 13:53 - 00337240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-10-13 16:29 - 2014-04-09 08:39 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2014-10-13 16:29 - 2014-04-09 07:44 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2014-10-13 16:29 - 2014-04-09 05:33 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2014-10-13 16:29 - 2014-04-08 04:01 - 00589656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-10-13 16:29 - 2014-04-06 18:34 - 00372568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-10-13 16:29 - 2014-04-06 18:34 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-10-13 16:29 - 2014-04-06 18:32 - 00125496 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-10-13 16:29 - 2014-04-06 18:30 - 00201920 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2014-10-13 16:29 - 2014-04-06 18:24 - 00360792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2014-10-13 16:29 - 2014-04-06 18:20 - 01403856 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2014-10-13 16:29 - 2014-04-06 18:20 - 01379064 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2014-10-13 16:29 - 2014-04-06 18:20 - 00881616 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-13 16:29 - 2014-04-06 18:20 - 00765408 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-10-13 16:29 - 2014-04-06 18:20 - 00609448 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-13 16:29 - 2014-04-06 18:20 - 00491744 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2014-10-13 16:29 - 2014-04-06 18:20 - 00467496 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-13 16:29 - 2014-04-06 18:20 - 00463256 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-13 16:29 - 2014-04-06 18:20 - 00364640 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-13 16:29 - 2014-04-06 18:20 - 00244880 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-13 16:29 - 2014-04-06 18:20 - 00028408 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-13 16:29 - 2014-04-06 17:23 - 00098584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-10-13 16:29 - 2014-04-06 17:22 - 00178184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2014-10-13 16:29 - 2014-04-06 17:16 - 01209616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2014-10-13 16:29 - 2014-04-06 17:16 - 00707048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-13 16:29 - 2014-04-06 17:16 - 00669856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-10-13 16:29 - 2014-04-06 17:16 - 00518544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-13 16:29 - 2014-04-06 17:16 - 00406504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-13 16:29 - 2014-04-06 17:16 - 00387896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2014-10-13 16:29 - 2014-04-06 17:16 - 00326024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-13 16:29 - 2014-04-06 17:16 - 00305768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-13 16:29 - 2014-04-06 14:58 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-13 16:29 - 2014-04-06 14:51 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-13 16:29 - 2014-04-06 14:33 - 00335872 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe
2014-10-13 16:29 - 2014-04-06 14:24 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-13 16:29 - 2014-04-06 14:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-13 16:29 - 2014-04-06 13:26 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\BootMenuUX.dll
2014-10-13 16:29 - 2014-04-06 13:20 - 00201216 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-10-13 16:29 - 2014-04-06 13:01 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-13 16:29 - 2014-04-06 12:52 - 00955904 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-10-13 16:29 - 2014-04-06 12:51 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2014-10-13 16:29 - 2014-04-06 12:37 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-10-13 16:29 - 2014-04-06 12:36 - 00888320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2014-10-13 16:29 - 2014-04-06 12:05 - 01222656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2014-10-13 16:29 - 2014-04-06 11:59 - 00982016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2014-10-13 16:29 - 2014-04-03 10:12 - 00307304 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-13 16:29 - 2014-04-03 10:12 - 00130144 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2014-10-13 16:29 - 2014-04-03 06:03 - 00230808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-13 16:29 - 2014-04-03 06:03 - 00111528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2014-10-13 16:29 - 2014-04-03 04:53 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-10-13 16:29 - 2014-04-03 04:51 - 01584128 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2014-10-13 16:29 - 2014-04-03 04:23 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tlscsp.dll
2014-10-13 16:29 - 2014-04-03 04:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\tlscsp.dll
2014-10-13 16:29 - 2014-04-01 08:23 - 00384856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-10-13 16:29 - 2014-03-31 07:42 - 07425368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-13 16:29 - 2014-03-31 02:01 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2014-10-13 16:29 - 2014-03-31 01:43 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2014-10-13 16:29 - 2014-03-31 00:54 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2014-10-13 16:29 - 2014-03-31 00:49 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2014-10-13 16:29 - 2014-03-31 00:35 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2014-10-13 16:29 - 2014-03-28 17:58 - 00407016 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2014-10-13 16:29 - 2014-03-27 08:16 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-10-13 16:29 - 2014-03-27 07:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2014-10-13 16:29 - 2014-03-27 06:59 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-10-13 16:29 - 2014-03-27 06:48 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2014-10-13 16:29 - 2014-03-27 06:19 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-10-13 16:29 - 2014-03-27 05:46 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-10-13 16:29 - 2014-03-27 05:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2014-10-13 16:29 - 2014-03-27 05:10 - 01436160 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-10-13 16:29 - 2014-03-21 06:14 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\tscfgwmi.dll
2014-10-13 16:29 - 2014-03-20 05:48 - 00263424 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2014-10-13 16:29 - 2014-03-19 10:15 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2014-10-13 16:29 - 2014-03-19 10:07 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2014-10-13 16:29 - 2014-03-19 09:24 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-13 16:29 - 2014-03-19 09:17 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2014-10-13 16:29 - 2014-03-19 07:45 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2014-10-13 16:29 - 2014-03-19 07:19 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2014-10-13 16:29 - 2014-03-19 07:07 - 00370176 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2014-10-13 16:29 - 2014-03-19 07:02 - 01527296 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2014-10-13 16:29 - 2014-03-19 07:00 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2014-10-13 16:29 - 2014-03-19 06:51 - 00300544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2014-10-13 16:29 - 2014-03-19 06:31 - 02100736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2014-10-13 16:29 - 2014-03-19 06:18 - 02688000 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-10-13 16:29 - 2014-03-18 10:19 - 00077312 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-10-13 16:29 - 2014-03-18 07:00 - 07173120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2014-10-13 16:29 - 2014-03-18 06:52 - 05104640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2014-10-13 16:29 - 2014-03-17 07:09 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-10-13 16:29 - 2014-03-17 06:11 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-10-13 16:29 - 2014-03-17 05:01 - 00486912 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-10-13 16:29 - 2014-03-17 04:45 - 00370176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-10-13 16:29 - 2014-03-14 08:26 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2014-10-13 16:29 - 2014-03-14 08:10 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2014-10-13 16:29 - 2014-03-06 14:42 - 00310616 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-10-13 16:24 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-10-13 16:21 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-10-13 16:21 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-10-13 16:21 - 2014-06-20 03:48 - 01273184 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-10-13 16:21 - 2014-06-20 01:52 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-10-13 16:21 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-10-13 16:21 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-10-13 16:21 - 2014-06-13 03:15 - 00517528 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-10-13 16:21 - 2014-06-13 03:14 - 01557848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-10-13 16:21 - 2014-06-13 02:10 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-10-13 16:21 - 2014-06-06 13:34 - 02133504 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-10-13 16:21 - 2014-05-10 05:46 - 02151424 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-10-13 16:21 - 2014-05-10 05:22 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-10-13 16:21 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-10-13 16:21 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-10-13 16:19 - 2014-08-02 02:18 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-10-13 16:19 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2014-10-13 16:19 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-10-13 16:19 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2014-10-13 16:19 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-10-13 16:19 - 2014-05-31 08:27 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-10-13 16:19 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-10-13 16:19 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-10-13 16:19 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-10-13 16:19 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-10-13 16:19 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-10-13 16:19 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-13 16:19 - 2014-05-05 06:02 - 03360256 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-13 16:11 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-10-13 16:11 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-10-13 16:11 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-10-13 16:11 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-10-13 16:11 - 2014-06-04 11:27 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-10-13 16:11 - 2014-06-04 07:31 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-10-13 16:11 - 2014-06-04 06:43 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-10-13 16:11 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-10-13 16:11 - 2014-05-31 12:07 - 00440664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-10-13 16:11 - 2014-05-31 12:07 - 00419672 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-10-13 16:11 - 2014-05-31 12:07 - 00089944 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-10-13 16:11 - 2014-05-31 12:07 - 00027480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-10-13 16:11 - 2014-05-31 08:30 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-10-13 16:11 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-10-13 16:11 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-10-13 16:11 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-10-13 16:11 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-10-13 16:11 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-10-13 16:11 - 2014-05-29 08:21 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2014-10-13 16:11 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\DaOtpCredentialProvider.dll
2014-10-13 16:11 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2014-10-13 16:11 - 2014-05-19 08:31 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\drvcfg.exe
2014-10-13 16:11 - 2014-05-19 08:21 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe
2014-10-13 16:11 - 2014-05-19 07:23 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2014-10-13 16:11 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-10-13 16:11 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-10-13 16:11 - 2014-04-30 06:43 - 01975296 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-10-13 16:11 - 2014-04-30 06:30 - 00668160 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2014-10-13 16:11 - 2014-04-30 06:26 - 01345536 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-10-13 16:11 - 2014-04-30 05:52 - 00590336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2014-10-13 16:11 - 2014-04-30 05:47 - 01509888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-10-13 16:10 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-10-13 16:10 - 2014-05-01 15:31 - 00055328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wpcfltr.sys
2014-10-13 16:10 - 2014-05-01 07:24 - 02834944 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2014-10-13 16:09 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-10-13 16:09 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-10-13 16:08 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-10-13 16:08 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-10-13 16:08 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-10-13 16:08 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2014-10-13 16:08 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 18:09 - 2014-08-09 16:56 - 01865890 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 18:05 - 2014-08-09 17:01 - 00818732 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 18:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-20 17:59 - 2014-08-09 17:09 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\ClassicShell
2014-10-20 17:57 - 2014-08-09 16:52 - 00009814 _____ () C:\Windows\PFRO.log
2014-10-20 17:57 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-20 17:57 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-20 17:55 - 2014-08-09 17:40 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-766166941-1863158350-1466078941-1001UA.job
2014-10-20 16:42 - 2014-08-09 17:15 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D7D39209-2059-4EB2-BCEA-018927F7A558}
2014-10-20 16:25 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-20 15:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-10-19 23:15 - 2014-08-09 17:43 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\Skype
2014-10-19 17:02 - 2014-08-09 17:03 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-766166941-1863158350-1466078941-1001
2014-10-19 15:55 - 2014-08-09 17:40 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-766166941-1863158350-1466078941-1001Core.job
2014-10-19 15:00 - 2014-08-11 14:34 - 00000000 ____D () C:\Users\Korisnik\AppData\Local\CrashDumps
2014-10-19 15:00 - 2014-08-09 17:40 - 00000000 ____D () C:\Users\Korisnik\AppData\Local\Google
2014-10-19 15:00 - 2013-08-22 17:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-19 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-10-19 11:41 - 2013-08-22 16:44 - 00410296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-19 11:40 - 2014-08-09 17:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-19 11:38 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-10-19 11:38 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-10-19 11:38 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-19 11:38 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\FileManager
2014-10-19 11:38 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera
2014-10-19 11:36 - 2014-08-09 17:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-19 11:29 - 2014-08-09 17:13 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-18 23:29 - 2014-08-09 16:57 - 00000000 ____D () C:\Users\Korisnik\AppData\Local\Packages
2014-10-18 16:03 - 2014-08-09 17:40 - 00002433 _____ () C:\Users\Korisnik\Desktop\Google Chrome.lnk
2014-10-18 15:50 - 2014-08-09 17:40 - 00003886 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-766166941-1863158350-1466078941-1001UA
2014-10-18 15:50 - 2014-08-09 17:40 - 00003506 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-766166941-1863158350-1466078941-1001Core
2014-10-16 18:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-16 13:44 - 2014-08-17 22:48 - 00000000 ____D () C:\Program Files (x86)\3DO
2014-10-15 02:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-14 13:00 - 2014-08-09 16:57 - 00000000 ____D () C:\Users\Korisnik
2014-10-14 12:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-14 12:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-14 12:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-14 12:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-14 12:41 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-10-14 12:41 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-10-14 12:40 - 2013-08-22 21:11 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-14 12:40 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-10-14 12:40 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-14 12:40 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\oobe
2014-10-13 20:01 - 2014-08-09 18:20 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-13 19:58 - 2014-08-09 17:43 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-13 19:58 - 2014-08-09 17:43 - 00000000 ____D () C:\ProgramData\Skype
2014-10-13 19:48 - 2014-08-12 15:26 - 00000000 ____D () C:\Users\Korisnik\AppData\Local\Adobe
2014-10-13 17:43 - 2014-08-09 17:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-13 17:43 - 2014-08-09 17:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-13 17:43 - 2014-08-09 17:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-13 17:43 - 2014-08-09 17:12 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-13 17:43 - 2014-08-09 17:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-13 17:43 - 2014-08-09 17:12 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-13 17:43 - 2014-08-09 17:12 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-13 17:43 - 2014-08-09 17:12 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-13 17:43 - 2014-08-09 17:12 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-13 17:43 - 2014-08-09 17:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-13 17:43 - 2014-08-09 17:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-13 17:43 - 2014-08-09 17:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-13 17:43 - 2014-08-09 17:12 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-13 17:43 - 2014-08-09 17:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-13 16:00 - 2014-08-09 17:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-13 15:47 - 2014-08-09 18:47 - 00000000 ____D () C:\Users\Korisnik\Documents\Bluetooth Folder

Some content of TEMP:
====================
C:\Users\Korisnik\AppData\Local\Temp\47a10deCef.exe
C:\Users\Korisnik\AppData\Local\Temp\Softonic_EN_1-5-11_EN-Production_10_CleanRelease.exe
C:\Users\Korisnik\AppData\Local\Temp\utt5849.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-20 15:00

==================== End Of Log ============================
mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe:

McAfee Security Scan Plus
NextCoup



Arrow Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO-x32: NextCoup -> {1d4967af-6501-4d16-9b33-f7f337dffddd} -> C:\Program Files (x86)\NextCoup\rZ2RQfn98Qj7nT.dll ()
BHO-x32: NextCoup -> {2361e069-8d5c-4d1f-ae04-4f6491447461} -> C:\Program Files (x86)\NextCoup\IS0JPllOIi5dqM.dll ()
FF Extension: Vaudix - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\3bzof60h.default\Extensions\4Y@LCD3.edu [2014-10-19]
FF Extension: NextCoup - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\3bzof60h.default\Extensions\fE@9l.org [2014-10-19]
FF Extension: NextCoup - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\3bzof60h.default\Extensions\GjWeMQzeu@la.org [2014-10-20]
FF Extension: YoutubeAdBlocke - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\3bzof60h.default\Extensions\x3fOg7I@N.com [2014-10-19]
CHR Extension: (Vaudix) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf [2014-10-19]
CHR Extension: (NextCoup) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci [2014-10-20]
CHR Extension: (NextCoup) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk [2014-10-19]
C:\ProgramData\NextCoup
C:\Program Files (x86)\NextCoup
C:\ProgramData\YoutubeAdBlocke
C:\ProgramData\80165ca7ffaa3424
C:\Program Files (x86)\YoutubeAdBlocke
C:\ProgramData\Vaudix
C:\Program Files (x86)\Vaudix
EmtpyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt). Potrebno je da sadržaj fixlog.txt kopiraš na forum




Arrow Korak 3

Idi u Control Idi u Start -> Control Panel -> Programs and Features i deinstaliraj Google Chrome. Obavezno označni opciju Also delete your browsing data.
Bookmarkse možeš da izvezeš i da ih kasnije opet ubaciš.

Kada ga deinstaliraš, skini ga sa Guglovog sajta, https://www.google.com/chrome/browser/ i instaliraj opet.



Arrow Korak 4

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

offline
  • eugrom  Male
  • Novi MyCity građanin
  • Student
  • Pridružio: 20 Okt 2014
  • Poruke: 18
  • Gde živiš: Beograd

Pozdrav, pratio sam sve korake.
Evo fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-10-2014 01
Ran by Korisnik at 2014-10-20 21:35:59 Run:1
Running from C:\Users\Korisnik\Downloads
Loaded Profile: Korisnik (Available profiles: Korisnik)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO-x32: NextCoup -> {1d4967af-6501-4d16-9b33-f7f337dffddd} -> C:\Program Files (x86)\NextCoup\rZ2RQfn98Qj7nT.dll ()
BHO-x32: NextCoup -> {2361e069-8d5c-4d1f-ae04-4f6491447461} -> C:\Program Files (x86)\NextCoup\IS0JPllOIi5dqM.dll ()
FF Extension: Vaudix - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\3bzof60h.default\Extensions\4Y@LCD3.edu [2014-10-19]
FF Extension: NextCoup - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\3bzof60h.default\Extensions\fE@9l.org [2014-10-19]
FF Extension: NextCoup - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\3bzof60h.default\Extensions\GjWeMQzeu@la.org [2014-10-20]
FF Extension: YoutubeAdBlocke - C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\3bzof60h.default\Extensions\x3fOg7I@N.com [2014-10-19]
CHR Extension: (Vaudix) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf [2014-10-19]
CHR Extension: (NextCoup) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci [2014-10-20]
CHR Extension: (NextCoup) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk [2014-10-19]
C:\ProgramData\NextCoup
C:\Program Files (x86)\NextCoup
C:\ProgramData\YoutubeAdBlocke
C:\ProgramData\80165ca7ffaa3424
C:\Program Files (x86)\YoutubeAdBlocke
C:\ProgramData\Vaudix
C:\Program Files (x86)\Vaudix
EmtpyTemp:
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d4967af-6501-4d16-9b33-f7f337dffddd}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{1d4967af-6501-4d16-9b33-f7f337dffddd}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2361e069-8d5c-4d1f-ae04-4f6491447461}" => Key not found.
"HKCR\Wow6432Node\CLSID\{2361e069-8d5c-4d1f-ae04-4f6491447461}" => Key deleted successfully.
C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\3bzof60h.default\Extensions\4Y@LCD3.edu => Moved successfully.
C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\3bzof60h.default\Extensions\fE@9l.org => Moved successfully.
C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\3bzof60h.default\Extensions\GjWeMQzeu@la.org => Moved successfully.
C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\3bzof60h.default\Extensions\x3fOg7I@N.com => Moved successfully.
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf => Moved successfully.
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci => Moved successfully.
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk => Moved successfully.
C:\ProgramData\NextCoup => Moved successfully.
C:\Program Files (x86)\NextCoup => Moved successfully.
C:\ProgramData\YoutubeAdBlocke => Moved successfully.
C:\ProgramData\80165ca7ffaa3424 => Moved successfully.
C:\Program Files (x86)\YoutubeAdBlocke => Moved successfully.
C:\ProgramData\Vaudix => Moved successfully.
C:\Program Files (x86)\Vaudix => Moved successfully.
EmtpyTemp: => Error: No automatic fix found for this entry.


The system needed a reboot.

==== End of Fixlog ====


I evo AdwCleaner SO
mycity.rs/must-login.png

Sada nema problema. Hvala puno. AKo treba jos sta, ti mi reci. Tenkju.

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Obavićemo još neke provjere.


Arrow Korak 1

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt). Potrebno je da sadržaj fixlog.txt kopiraš na forum




Arrow Korak 2

Preuzmi Junkware Removal Tool (JRT) i sačuvaj ga na Desktop.

Zatvori browser i ostale pokrenute programe

Privremeno deaktiviraj zaštitni softver (Uputstvo);

Dvoklikom na ikonicu () pokreni program JRT;

Kod obavještenja "Press any key" pritisnuti bilo koji taster i alat ce započeti skeniranje.
Napomena: u ovisnosti od hardvera račuanra vreme skeniranja u nekim slučajevima moze da potraje.

Kada završi otvorice se Notepad sa izvještajem koji ce biti sačuvan na Desktopu pod nazivom JRT.txt


Arrow Kopiraj sadržaj tog loga u temu.



Arrow Korak 3

Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadržaj tog loga u poruku.

offline
  • eugrom  Male
  • Novi MyCity građanin
  • Student
  • Pridružio: 20 Okt 2014
  • Poruke: 18
  • Gde živiš: Beograd

Pozdrav, evo rezultata.

Za FIXLOG

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-10-2014 01
Ran by Korisnik at 2014-10-20 22:53:55 Run:2
Running from C:\Users\Korisnik\Downloads
Loaded Profile: Korisnik (Available profiles: Korisnik)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
EmptyTemp:
*****************

EmptyTemp: => Removed 625.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====


ZA JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 8.1 Pro x64
Ran by Korisnik on Mon 10/20/2014 at 23:09:28.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\3bzof60h.default\prefs.js

user_pref("extensions.dMfr9fQKwQoIKeHz.url", "hxxp://redhotforallcredit.com/sync2/?q=hfZ9ofV9CShEAen0rHgErihTB6lKDzt4oltjtNtVh7n0rjnFrdw4rjrErds5tMFHhd9FqdwErjUFrHaFrdgMDMlGoj
Emptied folder: C:\Users\Korisnik\AppData\Roaming\mozilla\firefox\profiles\3bzof60h.default\minidumps [9 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/20/2014 at 23:19:13.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


ZA ZOEK



Zoek.exe v5.0.0.0 Updated 19-10-2014
Tool run by Korisnik on Mon 10/20/2014 at 23:26:48.75.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Korisnik\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10/20/2014 11:28:57 PM Zoek.exe System Restore Point Created Succesfully.

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-10-15 08:24:17 ACDBE1ED38167C8B01B8F63161BB2CEA 2374784 ----a-w- C:\Windows\explorer.exe
====== C:\Users\Korisnik\AppData\Local\Temp ====
2014-10-20 21:09:17 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Korisnik\AppData\Local\Temp\jrt\libiconv2.dll
2014-10-20 21:09:17 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Korisnik\AppData\Local\Temp\jrt\libintl3.dll
2014-10-20 21:09:17 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Korisnik\AppData\Local\Temp\jrt\pcre3.dll
2014-10-20 21:09:17 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Korisnik\AppData\Local\Temp\jrt\regex2.dll
2014-10-20 21:09:17 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Korisnik\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-10-19 13:14:18 439769EB07FC0BDB34EC3E3306B6FC96 4386304 ----a-w- C:\Windows\SysWOW64\setup.exe
2014-10-15 20:09:46 A042349B7208BF8BED858B1E9B48B06D 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-15 08:24:18 195822ACCDAA2B4815DD01BAFC335595 2084520 ----a-w- C:\Windows\SysWOW64\explorer.exe
2014-10-15 08:24:09 A1EE5C4A020DB9A8DB216C660C3FBDBE 11818496 ----a-w- C:\Windows\SysWOW64\twinui.dll
2014-10-15 08:24:05 C0281344E7702939DCE4A17734269E58 1038336 ----a-w- C:\Windows\SysWOW64\actxprxy.dll
2014-10-15 08:24:05 1E4CD5DB4F61DF2A9053C8B9A46B4013 50176 ----a-w- C:\Windows\SysWOW64\UXInit.dll
2014-10-15 08:24:00 C49344C2F399A22704C682C5E18B8DF2 2321920 ----a-w- C:\Windows\SysWOW64\authui.dll
2014-10-15 08:23:55 CE9FDB173E3FDA974B9CC2596558EA47 68608 ----a-w- C:\Windows\SysWOW64\packager.dll
2014-10-15 08:22:44 F91E55DA404B834648A3B0A2477C10DB 17484800 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-10-15 08:22:08 D03EB7605435FE24ADE670661A932651 4201472 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2014-10-15 08:22:05 EF94FA1F3D90520CCA4AE65D639A9E62 11807232 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2014-10-15 08:22:01 7AE80F921027CF88CB9D0433088A3E55 1810944 ----a-w- C:\Windows\SysWOW64\wininet.dll
2014-10-15 08:22:01 55A400FDB21D157E947A0EE65AEDB1B3 2187264 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2014-10-15 08:22:00 3065FF6794A7FDC882F0DA8B6230AB6E 1190400 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2014-10-15 08:21:59 B89F5D2B3D3BC730FAB93CFCD931742F 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 08:21:58 980D01CB48811552E09D9CFF397886C9 315904 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 08:21:58 835807E2AC0A8FA15B9A2EA80E2D5169 2017280 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 08:21:56 6D4DD5706C297234F457B9D9018C493F 61952 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 08:21:56 410BECCA3354D471E45344F0754CC0E4 243200 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 08:21:56 201EAFA3F17BE4990999C28657212D8E 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 08:21:55 FBE852643EDEB9D6D6502AFE6017CD64 678400 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 08:21:55 DF4BA130BD41F29A894E026E456B8481 454656 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2014-10-15 08:21:02 CDB3123A2ABB34B830224B986568F4D4 626688 ----a-w- C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-15 08:20:47 5D2C15BDAD48646C8CBC83903252D87C 514048 ----a-w- C:\Windows\SysWOW64\rastls.dll
2014-10-15 08:20:40 09ABB665890DDCB614974AE563F0D877 672256 ----a-w- C:\Windows\SysWOW64\wuapi.dll
2014-10-15 08:20:39 FBC21212942F17DBA0A66C93ADC23F59 31232 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2014-10-15 08:20:39 DA84B73474C3D02B453E6FAC0F38DBFB 26112 ----a-w- C:\Windows\SysWOW64\wups.dll
2014-10-15 08:20:39 C2F6C71F5316DA478632B3B463B06E6D 80896 ----a-w- C:\Windows\SysWOW64\wudriver.dll
2014-10-15 08:20:39 B6D3D955FBB174081CDFB977B726D069 123904 ----a-w- C:\Windows\SysWOW64\wuwebv.dll
2014-10-15 08:19:43 F51B727AFF404ED8D730DFA069D88D7B 18722600 ----a-w- C:\Windows\SysWOW64\shell32.dll
2014-10-15 08:19:38 7BEE9E040222E7033A820780E1A61204 5777408 ----a-w- C:\Windows\SysWOW64\mstscax.dll
2014-10-15 08:19:37 074BF061D97E49AAF04F2FAF46409A14 5902848 ----a-w- C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-10-15 08:19:34 A4E624F7658D08C1717542FA10E0A973 1467384 ----a-w- C:\Windows\SysWOW64\ntdll.dll
2014-10-15 08:19:32 76831C139BD9E227712B283A6A5ABBA8 840192 ----a-w- C:\Windows\SysWOW64\SearchFolder.dll
2014-10-15 08:19:32 24B30DB8D1F8CF0F8C1AAAE319BC508E 838144 ----a-w- C:\Windows\SysWOW64\KernelBase.dll
2014-10-15 08:19:31 BFC6F7889A9CFF451A418862444B9F63 321024 ----a-w- C:\Windows\SysWOW64\Wldap32.dll
2014-10-15 08:19:30 DBA00F3FC75495058A25B24906C24599 1205976 ----a-w- C:\Windows\SysWOW64\propsys.dll
2014-10-15 08:19:29 E86549FED3008360730A6B722079D537 756224 ----a-w- C:\Windows\SysWOW64\WSShared.dll
2014-10-15 08:19:27 DA65F1320538BC417B8FAE0BCAC330A0 265216 ----a-w- C:\Windows\SysWOW64\SkyDriveShell.dll
2014-10-15 08:19:27 1FA2D34A17E366C269FBE94DE06B177F 855552 ----a-w- C:\Windows\SysWOW64\rdvidcrl.dll
2014-10-15 08:19:11 10F428429F7FF957B226E068A08B158A 3117568 ----a-w- C:\Windows\SysWOW64\msi.dll
2014-10-14 10:47:14 68058D91D76350473E8961D60530D663 105440 ----a-w- C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-14 10:47:14 4B90A440C945F78BDDC23495BEA8AD87 706016 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-13 15:42:36 332E39115D7AE6071357E453574FCD48 365056 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2014-10-13 15:42:33 D9F5B424C307B195E16A9B0A21E53BCC 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2014-10-13 15:42:31 4E9D7F3948E0B1DB2F861A0C9BA186AB 597504 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2014-10-13 15:42:31 2BFB1103B7D2B45A094B0600CDD775F3 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-13 14:36:33 1DEC681B79501A714F0D3FA2787183C3 305152 ----a-w- C:\Windows\SysWOW64\wusa.exe
2014-10-13 14:35:55 BA4FA107EF9A728C58A81B2EFCD6FE2B 26784 ----a-w- C:\Windows\SysWOW64\mrt100.dll
2014-10-13 14:35:55 6923D6FAB7CBA8D82BD792182B4F3DE4 80032 ----a-w- C:\Windows\SysWOW64\mrt_map.dll
2014-10-13 14:32:53 949E0E42DAAD0418513B44C31A697CA5 1797896 ----a-w- C:\Windows\SysWOW64\d3d9.dll
2014-10-13 14:32:48 5BD2BD14753D3B0ADDE842CDF25A4C60 2144984 ----a-w- C:\Windows\SysWOW64\mfcore.dll
2014-10-13 14:32:46 E28501E3A241DDC5DC65382E55661B1D 285696 ----a-w- C:\Windows\SysWOW64\dhcpcore.dll
2014-10-13 14:32:43 EA15CC7B75A2DE287E3B0C266A35490C 235008 ----a-w- C:\Windows\SysWOW64\framedynos.dll
2014-10-13 14:32:43 E4783EB6A6B2D04F3B541B378E843617 229888 ----a-w- C:\Windows\SysWOW64\dhcpcore6.dll
2014-10-13 14:32:39 0CCDFED2DFCD4FBA73EE989249379458 52736 ----a-w- C:\Windows\SysWOW64\ncobjapi.dll
2014-10-13 14:32:38 A750BB0258ECF6265A903905A0B14EB3 198656 ----a-w- C:\Windows\SysWOW64\WebClnt.dll
2014-10-13 14:32:37 4E07710A2C9EA43E7509BF7D0452430E 106496 ----a-w- C:\Windows\SysWOW64\Robocopy.exe
2014-10-13 14:32:36 BA6E52B0D82682EDE4B49D9CCC7D529B 207360 ----a-w- C:\Windows\SysWOW64\framedyn.dll
2014-10-13 14:32:35 BEA7A26C2C22381B6DD88758352B9D9B 62976 ----a-w- C:\Windows\SysWOW64\dhcpcsvc.dll
2014-10-13 14:32:35 57E0A896C38C41C8B5B7F3127F8FD0D9 56320 ----a-w- C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-10-13 14:32:34 191B7F25BE13D9F9E56B2B4EA595AC62 11776 ----a-w- C:\Windows\SysWOW64\d3d8thk.dll
2014-10-13 14:29:56 0FDDBC46B0FE68B9516BED5CDC2A5296 5104640 ----a-w- C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2014-10-13 14:29:36 E2AAB5EDC278D489C8EF87F277B5E3E6 888320 ----a-w- C:\Windows\SysWOW64\Windows.Media.dll
2014-10-13 14:29:36 87AB9959EC23455326C8C55E59DE0A88 669856 ----a-w- C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-10-13 14:29:36 561945C42E36012B4799C342E6A96498 800768 ----a-w- C:\Windows\SysWOW64\MFMediaEngine.dll
2014-10-13 14:29:35 90C83CF02C884315E595FA07CA9C64EF 387896 ----a-w- C:\Windows\SysWOW64\mfsvr.dll
2014-10-13 14:29:33 EC4FA776548BF1A05DAE3B5EFB0FFE6F 1209616 ----a-w- C:\Windows\SysWOW64\winmde.dll
2014-10-13 14:29:33 A54EB398BC2D792A0C603A97F7975FD8 357376 ----a-w- C:\Windows\SysWOW64\GeofenceMonitorService.dll
2014-10-13 14:29:33 76892045ECB1D830185618DBD3467562 337408 ----a-w- C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-10-13 14:29:33 13CE2AA6D3ACAF0B485DBFE8AF2F5C48 305768 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-13 14:29:32 C97E772120135CD320CB217C92105B12 370176 ----a-w- C:\Windows\SysWOW64\winspool.drv
2014-10-13 14:29:32 A4F3682781DD8B36E97FD04BA50845A2 209920 ----a-w- C:\Windows\SysWOW64\rdpencom.dll
2014-10-13 14:29:32 5FAEA469BCE03F8FABAFB63D7603DC3C 982016 ----a-w- C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2014-10-13 14:29:31 8C25FBB338147754DA42DF990FB3AE4A 285144 ----a-w- C:\Windows\SysWOW64\MFCaptureEngine.dll
2014-10-13 14:29:31 008368626F3EFAEDB0C2CD4565BA6797 98584 ----a-w- C:\Windows\SysWOW64\dwmapi.dll
2014-10-13 14:29:29 A624CA7CDFA7941EECD6F96F1A47CCA3 178184 ----a-w- C:\Windows\SysWOW64\MSVideoDSP.dll
2014-10-13 14:29:29 A3ECC0F6960AA699895CB48BC69BEA3B 326024 ----a-w- C:\Windows\SysWOW64\AudioSes.dll
2014-10-13 14:29:29 88A821BC72CB1A935C92F453586233EF 518544 ----a-w- C:\Windows\SysWOW64\mf.dll
2014-10-13 14:29:29 6BAE2EB5EFCEAC999BB1A5BF267C711D 707048 ----a-w- C:\Windows\SysWOW64\mfplat.dll
2014-10-13 14:29:29 4874EB05C1BE374B8A4AC15DF3DB07B0 111528 ----a-w- C:\Windows\SysWOW64\gpapi.dll
2014-10-13 14:29:29 15905E6B799C1446A37915ED23CD17E5 144384 ----a-w- C:\Windows\SysWOW64\rpchttp.dll
2014-10-13 14:29:28 956D8170AD470804405C0564E10ED6ED 406504 ----a-w- C:\Windows\SysWOW64\AudioEng.dll
2014-10-13 14:29:28 619C6E72B8433B3F67738F7E6C972A96 230808 ----a-w- C:\Windows\SysWOW64\wintrust.dll
2014-10-13 14:29:28 06AB75759A0B2D79680F52ACDAE702A1 313344 ----a-w- C:\Windows\SysWOW64\clusapi.dll
2014-10-13 14:29:27 E697F1E4E819EB12C40AE01F88626BAB 219136 ----a-w- C:\Windows\SysWOW64\resutils.dll
2014-10-13 14:29:26 D0E0E176F86C3B1048A67144DE0C5CD3 46592 ----a-w- C:\Windows\SysWOW64\tlscsp.dll
2014-10-13 14:29:25 5C74AC34C1CAA9C232836C580272B0DD 1029120 ----a-w- C:\Windows\SysWOW64\mispace.dll
2014-10-13 14:29:16 FF28231D41465C253E9F9EF164DD619C 230400 ----a-w- C:\Windows\SysWOW64\wlanapi.dll
2014-10-13 14:29:16 B6803C8A600E3F029A3D688D9E590CA3 300544 ----a-w- C:\Windows\SysWOW64\wlanmsm.dll
2014-10-13 14:29:15 68A23F58F6F16B81BCBFCAA07CDF0680 61440 ----a-w- C:\Windows\SysWOW64\srclient.dll
2014-10-13 14:29:15 3CABBCB26C4E73F3440A8A064EB490FF 11264 ----a-w- C:\Windows\SysWOW64\wlanhlp.dll
2014-10-13 14:21:28 8A9CB0FE11800DBBDBA8FE4F54828892 779264 ----a-w- C:\Windows\SysWOW64\osk.exe
2014-10-13 14:21:27 128EC9879D462F89829E663417FE5DBD 710144 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll
2014-10-13 14:21:26 55ADDA5B29D1151727470FA165460773 1312256 ----a-w- C:\Windows\SysWOW64\msxml3.dll
2014-10-13 14:21:25 2C01D8EA2B0FA834597FCD96AAAE4F52 406400 ----a-w- C:\Windows\SysWOW64\dxgi.dll
2014-10-13 14:21:23 DBC4D46A7DDC14D1D1ED4B613F9E41A4 1064448 ----a-w- C:\Windows\SysWOW64\gdi32.dll
2014-10-13 14:19:39 9EE0C96C5D9840DF3517C9B7D19ED590 318976 ----a-w- C:\Windows\SysWOW64\certcli.dll
2014-10-13 14:19:39 7DB59908D49605F2CD0CFB0CF9940E86 735232 ----a-w- C:\Windows\SysWOW64\adtschema.dll
2014-10-13 14:19:29 DB3ED0BA26D7C598481A23E7D06A370E 2344448 ----a-w- C:\Windows\SysWOW64\Wpc.dll
2014-10-13 14:11:38 61F5222289E052C40274ECD182A8AA99 98816 ----a-w- C:\Windows\SysWOW64\drvinst.exe
2014-10-13 14:11:37 65FCEABE3128592F84B60140F814BDDB 1509888 ----a-w- C:\Windows\SysWOW64\DWrite.dll
2014-10-13 14:11:28 FBE8AE41ED2A9FE4C2DE069C522CA9C0 12711424 ----a-w- C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-10-13 14:11:25 575A5C07901F734309AA5E833E55834A 590336 ----a-w- C:\Windows\SysWOW64\gpprefcl.dll
2014-10-13 14:11:24 854E970293BA92F9BB69FFD1CE051D9C 189016 ----a-w- C:\Windows\SysWOW64\rsaenh.dll
2014-10-13 14:11:23 684CF6A72A8DF7D66D262AC4A6E07845 270848 ----a-w- C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2014-10-13 14:11:14 F8D0951A75826AD557CFAC323A936AA6 281088 ----a-w- C:\Windows\SysWOW64\msihnd.dll
2014-10-13 14:11:08 0A9EB3956BCB7E5CDE15AF987BD81543 488960 ----a-w- C:\Windows\SysWOW64\qedit.dll
2014-10-13 14:09:08 4C48253C6A21CCEBA071B58A5CDF17C1 875688 ----a-w- C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-10-13 14:08:22 4B7FA0A3D7B9D316BC6B2A409701E47D 828928 ----a-w- C:\Windows\SysWOW64\twinui.appcore.dll
2014-10-13 14:08:22 0542A44401EA9451D82D3DF4BF3BD871 419928 ----a-w- C:\Windows\SysWOW64\twinapi.appcore.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-10-15 08:24:17 00CD1254837739E310505EBCB19F7971 796672 ----a-w- C:\Windows\Sysnative\uDWM.dll
2014-10-15 08:24:15 91AEA2A8671DDDFA526604B2379867F3 13423104 ----a-w- C:\Windows\Sysnative\twinui.dll
2014-10-15 08:24:05 A4EE37B24370FABA65EF64FF24B5539E 2860032 ----a-w- C:\Windows\Sysnative\actxprxy.dll
2014-10-15 08:24:05 04AE20974DF91DC7B9075FC5A126B77C 68096 ----a-w- C:\Windows\Sysnative\UXInit.dll
2014-10-15 08:24:00 A00B916CD6A67984257DC53052350219 2646016 ----a-w- C:\Windows\Sysnative\authui.dll
2014-10-15 08:23:59 7667B9D81EA8FD6540E6CF72F92161A6 109568 ----a-w- C:\Windows\Sysnative\appinfo.dll
2014-10-15 08:23:55 F782575495709CD79F1A15EFD11D51E3 76288 ----a-w- C:\Windows\Sysnative\packager.dll
2014-10-15 08:23:24 C2BBFC3872442092AD2260F564AB9AD9 4183040 ----a-w- C:\Windows\Sysnative\win32k.sys
2014-10-15 08:22:46 7415B29AFE2E4494A57358B8C7E78600 23631360 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-10-15 08:22:18 D3B07C2FABEAE749E4E51F1E93CABA23 5829632 ----a-w- C:\Windows\Sysnative\jscript9.dll
2014-10-15 08:22:12 7E60EE8A68F7270D1E1662CBA275D4FA 13619200 ----a-w- C:\Windows\Sysnative\ieframe.dll
2014-10-15 08:22:02 9D98D4F390F0B14A782F3B931E613A1A 2309632 ----a-w- C:\Windows\Sysnative\wininet.dll
2014-10-15 08:22:02 050FD78BA4EFA62417F61F4C098B5B25 2796032 ----a-w- C:\Windows\Sysnative\iertutil.dll
2014-10-15 08:22:01 0F5A279522FA6A30C9C5A297A1064933 1447936 ----a-w- C:\Windows\Sysnative\urlmon.dll
2014-10-15 08:21:59 646C004F58AA4762F92BF7C595216C37 2108416 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-10-15 08:21:59 45B736E3184B68515FDB71D4083A9BCF 731136 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2014-10-15 08:21:58 2A1C9DB3F9C09795D77E9F24C30BE423 363008 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2014-10-15 08:21:58 29C0530E0F120AC3E583889DCD6A63DD 710656 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-10-15 08:21:57 30FB9ABB6C45C3299CFA5F556904DD5F 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll
2014-10-15 08:21:56 DB101A62F9BF8E7765685950169EF52B 758272 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2014-10-15 08:21:56 A2105E46DC9CE38A1D57FB124436E1BC 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2014-10-15 08:21:56 98241BE7EB26C41562D33393DD12608F 289280 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2014-10-15 08:21:55 328143D6BC5951E1797BD524C4E98CDC 547328 ----a-w- C:\Windows\Sysnative\vbscript.dll
2014-10-15 08:21:55 2E5AF1507CBE735B4D7EBFF1908EA0E1 775168 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2014-10-15 08:21:02 34B5290B8770A2FC578E3FEAD3FD7462 921600 ----a-w- C:\Windows\Sysnative\MrmCoreR.dll
2014-10-15 08:20:59 8CBF1E2761816CFD9D32F8B32531D0FB 118272 ----a-w- C:\Windows\Sysnative\winbici.dll
2014-10-15 08:20:47 25EE65F2FA154EDED0E87354311FB1E2 590336 ----a-w- C:\Windows\Sysnative\rastls.dll
2014-10-15 08:20:42 9FDD8CD31F3FBA88F050318F32D640E2 3448320 ----a-w- C:\Windows\Sysnative\wuaueng.dll
2014-10-15 08:20:40 6D3FB811007A5330C6D85E182BCDFC85 839680 ----a-w- C:\Windows\Sysnative\wuapi.dll
2014-10-15 08:20:40 23C814333BDA6B07248E6E865D91B728 1702400 ----a-w- C:\Windows\Sysnative\wucltux.dll
2014-10-15 08:20:40 1A941A83126E35782401E43C84FC90C7 388608 ----a-w- C:\Windows\Sysnative\WUSettingsProvider.dll
2014-10-15 08:20:39 EEC80B8BF5B050D04DDCD88D03C9A771 59904 ----a-w- C:\Windows\Sysnative\wups.dll
2014-10-15 08:20:39 65297383420B2C09A7D2838C76106CEE 93696 ----a-w- C:\Windows\Sysnative\wudriver.dll
2014-10-15 08:20:39 5E89EC6165E545B77122227E1DFFA23A 54752 ----a-w- C:\Windows\Sysnative\wuauclt.exe
2014-10-15 08:20:39 35D45C2646794C66EAAD8FE11944A714 35328 ----a-w- C:\Windows\Sysnative\wuapp.exe
2014-10-15 08:20:39 1D66D0788D7A398B4BF9030C45B5F71C 50688 ----a-w- C:\Windows\Sysnative\wups2.dll
2014-10-15 08:20:39 094D5D55C02FA2547A0B46A0ABC629D5 137728 ----a-w- C:\Windows\Sysnative\wuwebv.dll
2014-10-15 08:19:54 34A16F6F9546595952C65003D9A4B474 21195616 ----a-w- C:\Windows\Sysnative\shell32.dll
2014-10-15 08:19:41 1676B06421492B439A9E60C55692A921 8757760 ----a-w- C:\Windows\Sysnative\Windows.UI.Search.dll
2014-10-15 08:19:39 8A522BBE4E06586C57E5D9DC50FB88B0 6649344 ----a-w- C:\Windows\Sysnative\mstscax.dll
2014-10-15 08:19:38 57CA779C19C2F224BE0C5EFC40F54B60 4758528 ----a-w- C:\Windows\Sysnative\SyncEngine.dll
2014-10-15 08:19:35 5053FE9043FB84D71B04EFC7D5DA13CF 1710184 ----a-w- C:\Windows\Sysnative\ntdll.dll
2014-10-15 08:19:35 37C1CBCB3F420C754E86E3EC313D436D 1112512 ----a-w- C:\Windows\Sysnative\KernelBase.dll
2014-10-15 08:19:33 2ECA23663D13100032E09062C743C70D 1507648 ----a-w- C:\Windows\Sysnative\propsys.dll
2014-10-15 08:19:33 10CE7F7704E293F6CC6E0AF51DBFD95A 1106432 ----a-w- C:\Windows\Sysnative\SearchFolder.dll
2014-10-15 08:19:32 ACFEE9487693C2BD573DFCA71D98E17C 914432 ----a-w- C:\Windows\Sysnative\iphlpsvc.dll
2014-10-15 08:19:32 ABB028BAB78E7B4AFE374F8246F6CCB6 359424 ----a-w- C:\Windows\Sysnative\Wldap32.dll
2014-10-15 08:19:31 FD4EA8E9232ADD51DC31C295DDEF2768 287744 ----a-w- C:\Windows\Sysnative\SystemEventsBrokerServer.dll
2014-10-15 08:19:29 30293301B14D0D11D086B09831F5FE0D 920064 ----a-w- C:\Windows\Sysnative\WSShared.dll
2014-10-15 08:19:28 F58FBEA392B663B936E62939A877CA80 1120768 ----a-w- C:\Windows\Sysnative\SkyDrive.exe
2014-10-15 08:19:28 E325BCD68EC0CF2E2EDD0AB7CC17C698 267776 ----a-w- C:\Windows\Sysnative\bisrv.dll
2014-10-15 08:19:28 66CBCDDEF429E5BA83C3288EEB0771A6 717824 ----a-w- C:\Windows\Sysnative\SkyDriveTelemetry.dll
2014-10-15 08:19:27 73F269436228D5625E83A1EAF3549F58 118272 ----a-w- C:\Windows\Sysnative\httpprxm.dll
2014-10-15 08:19:27 5D4A403DAE434FBA11779496EAFBDDE8 75776 ----a-w- C:\Windows\Sysnative\adhsvc.dll
2014-10-15 08:19:27 36F977EDAE6CEE96CE6409B2B16765B4 290816 ----a-w- C:\Windows\Sysnative\ProximityService.dll
2014-10-15 08:19:27 3014CE5846A486C624E3E2CEB8C3290C 286208 ----a-w- C:\Windows\Sysnative\SkyDriveShell.dll
2014-10-15 08:19:27 0DD29E5328436D51517316CD6D3BACCA 286208 ----a-w- C:\Windows\Sysnative\pcsvDevice.dll
2014-10-15 08:19:27 0B1A9F6F9D2891C0F8783C0444D27DD0 1057280 ----a-w- C:\Windows\Sysnative\rdvidcrl.dll
2014-10-15 08:19:26 B6F423906D3E10BE38C16726C0905033 388729 ----a-w- C:\Windows\Sysnative\ApnDatabase.xml
2014-10-15 08:19:13 6F338144D6C1115C9901024F5CFFDC87 275968 ----a-w- C:\Windows\Sysnative\generaltel.dll
2014-10-15 08:19:13 668D58194CF9C9550C5433B5C210E996 678400 ----a-w- C:\Windows\Sysnative\aepdu.dll
2014-10-15 08:19:12 D46FD43F65070EAA744F2AEC0B7F2405 527360 ----a-w- C:\Windows\Sysnative\aeinv.dll
2014-10-15 08:19:10 4C3A631A721A49324715717535633002 2779648 ----a-w- C:\Windows\Sysnative\msi.dll
2014-10-13 16:13:43 3D748E5558FD9A9F03182CB2330698DC 1018880 ----a-w- C:\Windows\Sysnative\termsrv.dll
2014-10-13 15:42:42 550531ED60E7AD5CA02EDB0FAFA6280B 72704 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-10-13 15:42:36 7F733479C6DC92B649B2B1298EE6D6B6 446464 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2014-10-13 15:42:35 790FD40601502C5FE8213D4F335DA0BD 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2014-10-13 14:36:32 326715361A7D1C65983BFE920990E4EF 308224 ----a-w- C:\Windows\Sysnative\wusa.exe
2014-10-13 14:36:21 5C809DB631BEB5DCC63C23203102D91A 97280 ----a-w- C:\Windows\Sysnative\aepic.dll
2014-10-13 14:36:21 591B2C8C5C6B944AF538F182B7AF00A6 385536 ----a-w- C:\Windows\Sysnative\devinv.dll
2014-10-13 14:35:55 D178F55D53B9A10FFBDC134C95517846 28320 ----a-w- C:\Windows\Sysnative\mrt100.dll
2014-10-13 14:35:55 A750229C96A406EE123F43916053F142 86688 ----a-w- C:\Windows\Sysnative\mrt_map.dll
2014-10-13 14:32:53 C1E44A99F7CF8C3A08CD5ADDF451636C 2125344 ----a-w- C:\Windows\Sysnative\d3d9.dll
2014-10-13 14:32:51 0CD0356C5BBCFDC1B7BCEEDE74AB348B 2140888 ----a-w- C:\Windows\Sysnative\mfcore.dll
2014-10-13 14:32:49 B6E947CE54A5AAD55484E0D3BC2D5948 1025536 ----a-w- C:\Windows\Sysnative\localspl.dll
2014-10-13 14:32:48 EA432A85ABF371E14FB364D5F4405897 403968 ----a-w- C:\Windows\Sysnative\vpnike.dll
2014-10-13 14:32:47 98D0985521BF8F7086EA9C860898A1EE 721408 ----a-w- C:\Windows\Sysnative\fveapi.dll
2014-10-13 14:32:47 05DE04005CE0D84D0E6AD21CAEB369C6 353280 ----a-w- C:\Windows\Sysnative\dhcpcore.dll
2014-10-13 14:32:45 6B374D279DC423FE69DB8DD1401E84FC 301056 ----a-w- C:\Windows\Sysnative\framedynos.dll
2014-10-13 14:32:43 E07C80468D0C599BFF01D9D4EC7AEDC3 339456 ----a-w- C:\Windows\Sysnative\bdesvc.dll
2014-10-13 14:32:43 10AC9494ECE22A2362E4E4D98C528D01 271872 ----a-w- C:\Windows\Sysnative\dhcpcore6.dll
2014-10-13 14:32:42 20FB137ADDE1255F15F265A7BD9579BE 827392 ----a-w- C:\Windows\Sysnative\BFE.DLL
2014-10-13 14:32:41 1824052F17B12B5D7B21445B869EE9F2 71168 ----a-w- C:\Windows\Sysnative\ncobjapi.dll
2014-10-13 14:32:40 FBB1841434072FFA76E4AD287448E34A 262656 ----a-w- C:\Windows\Sysnative\framedyn.dll
2014-10-13 14:32:37 D261A12A43D33122CB90E70D3BC1CC68 226816 ----a-w- C:\Windows\Sysnative\WebClnt.dll
2014-10-13 14:32:37 7E1EBDB3424337ABB553F249A7811D94 87552 ----a-w- C:\Windows\Sysnative\dhcpcsvc.dll
2014-10-13 14:32:37 2616E8E9C8B66A67CFB6197E9517A2F2 123392 ----a-w- C:\Windows\Sysnative\Robocopy.exe
2014-10-13 14:32:36 DEA76F90F9777E3427D70E380222B23B 1063424 ----a-w- C:\Windows\Sysnative\IKEEXT.DLL
2014-10-13 14:32:36 D3883FBCA97D10C8A39632D6CDDC6E85 65024 ----a-w- C:\Windows\Sysnative\dhcpcsvc6.dll
2014-10-13 14:32:36 CFD6DBED27511D7A5FBE33AFA7E6B669 76800 ----a-w- C:\Windows\Sysnative\BulkOperationHost.exe
2014-10-13 14:32:36 A473DDDAEB21C18541F0FE70A90171E4 311296 ----a-w- C:\Windows\Sysnative\fvecpl.dll
2014-10-13 14:32:34 F591C7D68328C2B253B8FF57FDA7AB07 794112 ----a-w- C:\Windows\Sysnative\fvewiz.dll
2014-10-13 14:32:34 71BAEAFD05B3040173F5BBEA2CFE9607 997888 ----a-w- C:\Windows\Sysnative\reseteng.dll
2014-10-13 14:32:34 176CA2BB84BC1FC564CCB582FDCBFD7B 130560 ----a-w- C:\Windows\Sysnative\BdeHdCfg.exe
2014-10-13 14:32:34 066AFA7D3FDF65D6CE1A9FAF04E7D631 99328 ----a-w- C:\Windows\Sysnative\BdeHdCfgLib.dll
2014-10-13 14:32:33 B7CC32E00C5C5152D221DF182827F58E 50745 ----a-w- C:\Windows\Sysnative\srms.dat
2014-10-13 14:29:59 AEDD44FDB8B521D443A07146F5CA3A53 7173120 ----a-w- C:\Windows\Sysnative\Windows.Data.Pdf.dll
2014-10-13 14:29:45 7E4A8D95B9DBC2CB588B91848A0AE731 2688000 ----a-w- C:\Windows\Sysnative\SettingsHandlers.dll
2014-10-13 14:29:43 383DA813409316D69603C1D849834D24 1308160 ----a-w- C:\Windows\Sysnative\gpsvc.dll
2014-10-13 14:29:39 CFB353B4E33AFE922C3A62DBC9C9B0A8 7425368 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe
2014-10-13 14:29:38 EAE6ED6C5076CF765EB731B92A237149 955904 ----a-w- C:\Windows\Sysnative\MFMediaEngine.dll
2014-10-13 14:29:37 6873D09262D32B95D6AC3026FCF8B424 1230336 ----a-w- C:\Windows\Sysnative\Windows.Media.dll
2014-10-13 14:29:36 7FB9EC74ADFB2353B7782C3EF833F5B7 765408 ----a-w- C:\Windows\Sysnative\mfmpeg2srcsnk.dll
2014-10-13 14:29:35 A1CD5194ACC156A852136B303F087260 491744 ----a-w- C:\Windows\Sysnative\mfsvr.dll
2014-10-13 14:29:35 9ED0E72966FB08F7E6DB15E5519AF8D1 1379064 ----a-w- C:\Windows\Sysnative\wmpmde.dll
2014-10-13 14:29:35 5071E71CC05346D88C5A08EB8B5A05E3 1584128 ----a-w- C:\Windows\Sysnative\workfolderssvc.dll
2014-10-13 14:29:35 411DBFCD6ABAB75B6F7950677AEEFB7D 1403856 ----a-w- C:\Windows\Sysnative\winmde.dll
2014-10-13 14:29:34 EEC46BC17F28C528AB7FAC20AFDF69E3 462336 ----a-w- C:\Windows\Sysnative\XpsGdiConverter.dll
2014-10-13 14:29:34 ED7C0A11E655CD8B89BE499F99D56098 486912 ----a-w- C:\Windows\Sysnative\winspool.drv
2014-10-13 14:29:34 98A184F6EC43B178901FCD5D4E2EC43B 1222656 ----a-w- C:\Windows\Sysnative\Windows.Media.Streaming.dll
2014-10-13 14:29:34 626D19F1771E1AE72208AE9A8F3082F7 491520 ----a-w- C:\Windows\Sysnative\GeofenceMonitorService.dll
2014-10-13 14:29:34 067CB90C277DB4A737D5DEABA3055972 407016 ----a-w- C:\Windows\Sysnative\services.exe
2014-10-13 14:29:33 CB79B5D367376E7B49E2D95BFFB0BEEB 364640 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll
2014-10-13 14:29:33 46378ECCB4A29AA81BF296641C2501EF 323072 ----a-w- C:\Windows\Sysnative\srvsvc.dll
2014-10-13 14:29:33 0BDD786156C820F49EEF5D348B4ACFF4 335872 ----a-w- C:\Windows\Sysnative\MDEServer.exe
2014-10-13 14:29:32 D872C6095AACC13AD897DB5E4D2B5D91 805376 ----a-w- C:\Windows\Sysnative\win32spl.dll
2014-10-13 14:29:32 BAF51BE2DEB387BD99CAC4E3B7850FEC 250368 ----a-w- C:\Windows\Sysnative\rdpencom.dll
2014-10-13 14:29:32 AF3FF97AC2A73E70F8A8D11FB694175B 449536 ----a-w- C:\Windows\Sysnative\defragsvc.dll
2014-10-13 14:29:32 79B134ECE836B406B212E28C24011538 834048 ----a-w- C:\Windows\Sysnative\audiosrv.dll
2014-10-13 14:29:31 95471DDCB3B3FF70015FD9AA13404F44 281600 ----a-w- C:\Windows\Sysnative\resutils.dll
2014-10-13 14:29:31 87CF824E47489DD972FB4FB9FC4EDD0A 324888 ----a-w- C:\Windows\Sysnative\MFCaptureEngine.dll
2014-10-13 14:29:31 850EBB87584484DC16F917E7B6F4A304 718336 ----a-w- C:\Windows\Sysnative\swprv.dll
2014-10-13 14:29:31 67176AA6EAF34FF2A962F14EB8F0478B 263424 ----a-w- C:\Windows\Sysnative\SystemSettingsAdminFlows.exe
2014-10-13 14:29:31 1697E09CDA4DD8741B8276F48A8514DE 32600 ----a-w- C:\Windows\Sysnative\ploptin.dll
2014-10-13 14:29:31 1517EE52367CABAA5615AC736DC96C7D 125496 ----a-w- C:\Windows\Sysnative\dwmapi.dll
2014-10-13 14:29:30 E369C59F2C0852DDD090C07E0DDE0051 1436160 ----a-w- C:\Windows\Sysnative\VSSVC.exe
2014-10-13 14:29:30 9654DE19551093CD73874281E1573C94 135168 ----a-w- C:\Windows\Sysnative\wscsvc.dll
2014-10-13 14:29:30 7B12172CCE581F76C9335D7A47E0AD50 130144 ----a-w- C:\Windows\Sysnative\gpapi.dll
2014-10-13 14:29:30 315502228EB37F36E86EF75CB1DA1D44 201920 ----a-w- C:\Windows\Sysnative\MSVideoDSP.dll
2014-10-13 14:29:30 2A4177EE5446877BD24DD72504105603 191488 ----a-w- C:\Windows\Sysnative\rpchttp.dll
2014-10-13 14:29:30 1AF842C745A7625D0E8936B458FC6698 219136 ----a-w- C:\Windows\Sysnative\tscfgwmi.dll
2014-10-13 14:29:29 F4E351BB95D473CB55BB7C1A1FEB2798 467496 ----a-w- C:\Windows\Sysnative\AudioSes.dll
2014-10-13 14:29:29 AE2B9504C975B529D92D9E6603F6D33F 609448 ----a-w- C:\Windows\Sysnative\mf.dll
2014-10-13 14:29:28 BF6FBC9D97A24FABB0AE8B878279CF0B 244880 ----a-w- C:\Windows\Sysnative\audiodg.exe
2014-10-13 14:29:28 99277BE68298288A0E27CF9E50FAD091 881616 ----a-w- C:\Windows\Sysnative\mfplat.dll
2014-10-13 14:29:28 88ACBA95BB55B8226D52117462B76CD4 307304 ----a-w- C:\Windows\Sysnative\wintrust.dll
2014-10-13 14:29:28 7B3255A0B833908E4A7ACEA6245D344E 426496 ----a-w- C:\Windows\Sysnative\clusapi.dll
2014-10-13 14:29:28 5EE916C3272A19B459717A8D2397B07A 55296 ----a-w- C:\Windows\Sysnative\energyprov.dll
2014-10-13 14:29:28 414B81DE6CE46022ED43051C09EDB00B 467968 ----a-w- C:\Windows\Sysnative\srcore.dll
2014-10-13 14:29:28 072A99F351C505A45C9FDA32E7324602 28408 ----a-w- C:\Windows\Sysnative\mfpmp.exe
2014-10-13 14:29:28 01851563CB6FB986A4C0221C15AB6ADC 463256 ----a-w- C:\Windows\Sysnative\AudioEng.dll
2014-10-13 14:29:27 64B2A2630C964BF135A84A52FB2EEF9A 47616 ----a-w- C:\Windows\Sysnative\tlscsp.dll
2014-10-13 14:29:27 22B8B1F946ACFCB03832793A25216D8C 186880 ----a-w- C:\Windows\Sysnative\WorkFoldersShell.dll
2014-10-13 14:29:25 B24960B79BDE7D5ED1EA638027F9E8F0 143872 ----a-w- C:\Windows\Sysnative\BootMenuUX.dll
2014-10-13 14:29:25 78D26F162E015FF644785C8836B617CA 1287168 ----a-w- C:\Windows\Sysnative\mispace.dll
2014-10-13 14:29:25 69A374DE46C7BAAE30BFB1E40D69C5C6 761856 ----a-w- C:\Windows\Sysnative\WorkfoldersControl.dll
2014-10-13 14:29:21 8E1866A4E96F1159B6625627860A0454 2100736 ----a-w- C:\Windows\Sysnative\SystemSettingsAdminFlowUI.dll
2014-10-13 14:29:16 F2895547FC275642A29692DC344A847F 296960 ----a-w- C:\Windows\Sysnative\wlanapi.dll
2014-10-13 14:29:16 EF252510DB6C3511E30418BD2AC95A2D 1527296 ----a-w- C:\Windows\Sysnative\wlansvc.dll
2014-10-13 14:29:16 977D67467950D8048E94651EE6081B99 370176 ----a-w- C:\Windows\Sysnative\wlanmsm.dll
2014-10-13 14:29:16 9465F8E72887AC6CCDD97F738A5AB6B6 70656 ----a-w- C:\Windows\Sysnative\srclient.dll
2014-10-13 14:29:16 88BCAEABEB2A46DB7B336B8432720AC8 443904 ----a-w- C:\Windows\Sysnative\wlansec.dll
2014-10-13 14:29:16 886767FD022213F7885416134E9082E5 201216 ----a-w- C:\Windows\Sysnative\AudioEndpointBuilder.dll
2014-10-13 14:29:15 F587513213947A4C7EF47B660DAAFBC5 271872 ----a-w- C:\Windows\Sysnative\rstrui.exe
2014-10-13 14:29:15 B6BD22DDEDDD8665080D664749ACFEF5 64512 ----a-w- C:\Windows\Sysnative\tsgqec.dll
2014-10-13 14:29:15 82FE5F302FD7C7EF0E41465BB873EFC7 11264 ----a-w- C:\Windows\Sysnative\wlanhlp.dll
2014-10-13 14:21:28 15750011454B89F4950D7E7E4A947EC1 834048 ----a-w- C:\Windows\Sysnative\osk.exe
2014-10-13 14:21:27 1BB9CC78C91536CBA7B04B61ED0F85C4 1273184 ----a-w- C:\Windows\Sysnative\rpcrt4.dll
2014-10-13 14:21:26 201FE8AAD76FB1E7FB5A3B1337435DC1 2151424 ----a-w- C:\Windows\Sysnative\msxml3.dll
2014-10-13 14:21:25 59EAFAE3A34B4925990A2E679CA91C5B 517528 ----a-w- C:\Windows\Sysnative\dxgi.dll
2014-10-13 14:21:25 454978FB3D24DE5C4199162D5F81FBEE 2133504 ----a-w- C:\Windows\Sysnative\dwmcore.dll
2014-10-13 14:21:23 87CEF71F9D5951C9379D2F956C07C37D 1336624 ----a-w- C:\Windows\Sysnative\gdi32.dll
2014-10-13 14:21:15 3DF281C1553A6124DEF875C19D46AC0D 190976 ----a-w- C:\Windows\Sysnative\storewuauth.dll
2014-10-13 14:21:11 68CB2B575F0C67BB14590D1471285287 201728 ----a-w- C:\Windows\Sysnative\ubpm.dll
2014-10-13 14:19:49 CCDFFC83004AF62D0153CF45289028AF 3360256 ----a-w- C:\Windows\Sysnative\rdpcorets.dll
2014-10-13 14:19:43 D3AE5DB16EAF913860EC28654CE00E6B 1212928 ----a-w- C:\Windows\Sysnative\schedsvc.dll
2014-10-13 14:19:40 C3028569F244470F3D54026884E16E06 1417216 ----a-w- C:\Windows\Sysnative\lsasrv.dll
2014-10-13 14:19:39 423D68307E57654A000AA484B009DD16 735232 ----a-w- C:\Windows\Sysnative\adtschema.dll
2014-10-13 14:19:39 3B78D6DC57654CDD96E073724A2228AE 436224 ----a-w- C:\Windows\Sysnative\certcli.dll
2014-10-13 14:19:30 E7DE316FEEFC79327CFAD8F527979CC0 3118080 ----a-w- C:\Windows\Sysnative\Wpc.dll
2014-10-13 14:19:30 E2F4125BFAC99244088324A1841C0B83 3048880 ----a-w- C:\Windows\Sysnative\WpcMon.exe
2014-10-13 14:19:29 6BC31FB4E24A962C98801D3687A984C0 2861056 ----a-w- C:\Windows\Sysnative\WpcWebSync.dll
2014-10-13 14:11:38 CC8E86B9C18BCA38D3C467CFD661A466 1975296 ----a-w- C:\Windows\Sysnative\DWrite.dll
2014-10-13 14:11:38 BB7F878413AD3C2E7E89C96193D405DF 57856 ----a-w- C:\Windows\Sysnative\drvcfg.exe
2014-10-13 14:11:38 8E472AA2E916417B55BC1E6727957453 110592 ----a-w- C:\Windows\Sysnative\drvinst.exe
2014-10-13 14:11:37 3FA6DC6B29717E32E211C1FD821F2C75 1345536 ----a-w- C:\Windows\Sysnative\FntCache.dll
2014-10-13 14:11:30 50A49F3F16EF82E30BFB11E6B6A8F4A6 16871936 ----a-w- C:\Windows\Sysnative\Windows.UI.Xaml.dll
2014-10-13 14:11:25 B4AAD75F055F13BFD3B0B16A6E6CF33D 668160 ----a-w- C:\Windows\Sysnative\gpprefcl.dll
2014-10-13 14:11:24 B312E157D20E727F30EAB3A250441B6F 284672 ----a-w- C:\Windows\Sysnative\WUDFHost.exe
2014-10-13 14:11:24 9CDC2059A23E3C9B57696178508777E7 99840 ----a-w- C:\Windows\Sysnative\WUDFSvc.dll
2014-10-13 14:11:24 42D257559F97B30A94A027EB4555C62F 323584 ----a-w- C:\Windows\Sysnative\DaOtpCredentialProvider.dll
2014-10-13 14:11:24 313117AE2B0986ED7D3AA6AE10603239 216368 ----a-w- C:\Windows\Sysnative\rsaenh.dll
2014-10-13 14:11:24 1A54E3DF2CBB8DBE8A17C87BB07E3A7E 209408 ----a-w- C:\Windows\Sysnative\WUDFPlatform.dll
2014-10-13 14:11:23 0BFDE0D93144DBD81178B427D3961FEC 655872 ----a-w- C:\Windows\Sysnative\cscui.dll
2014-10-13 14:11:23 08DCA300264238F9AE941302321F3D54 423768 ----a-w- C:\Windows\Sysnative\hal.dll
2014-10-13 14:11:15 10D8859CF01C1284603582ABD9B0482C 114520 ----a-w- C:\Windows\Sysnative\consent.exe
2014-10-13 14:11:15 08914C8989AB93F5EC3A452D014E2C8D 356352 ----a-w- C:\Windows\Sysnative\msihnd.dll
2014-10-13 14:11:08 78FC2B2BA0E5E1C9249E3157D4EE9BC7 586240 ----a-w- C:\Windows\Sysnative\qedit.dll
2014-10-13 14:10:59 52E94AE3C9FF1E18A1EA125C4FFB0EEC 2834944 ----a-w- C:\Windows\Sysnative\wpccpl.dll
2014-10-13 14:10:33 F381B380B7B2704EA4C0F8D8C49C1C50 623616 ----a-w- C:\Windows\Sysnative\MDMAgent.exe
2014-10-13 14:09:08 8BB7548307EE6147137993A410D64387 869544 ----a-w- C:\Windows\Sysnative\msvcr120_clr0400.dll
2014-10-13 14:08:22 FD3638782572A8281BCF12520F6579F4 79872 ----a-w- C:\Windows\Sysnative\WSReset.exe
2014-10-13 14:08:22 CCC6D7250D01DA7E5499B0722CF6CAE3 1054208 ----a-w- C:\Windows\Sysnative\twinui.appcore.dll
2014-10-13 14:08:22 9FA466A42109F408AC6C2848E851C38A 555736 ----a-w- C:\Windows\Sysnative\twinapi.appcore.dll
====== C:\Windows\Sysnative\drivers =====
2014-10-15 08:19:37 87F3713E620F62D243A82B3CB66CBDDE 2498880 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys
2014-10-15 08:19:30 97B9076611291AE4C4C107BC915BD026 1200640 -c--a-w- C:\Windows\Sysnative\drivers\bthport.sys
2014-10-15 08:19:28 65392F3F3F65E4C6CC82A0F4F8A0B051 468288 -c--a-w- C:\Windows\Sysnative\drivers\USBHUB3.SYS
2014-10-15 08:19:28 329FEB41BBE82FBBD9BD69547BA1CB82 428864 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS
2014-10-15 08:19:27 E0927EFA25D473367C3341B9F5969779 115712 ----a-w- C:\Windows\Sysnative\drivers\bridge.sys
2014-10-13 14:36:15 019CC610AD95FF47EAD7C08B7A683B96 257880 ----a-w- C:\Windows\Sysnative\drivers\WdFilter.sys
2014-10-13 14:36:14 6CC1BB8F6851A262E2E824F0E92D5EEF 123224 ----a-w- C:\Windows\Sysnative\drivers\WdNisDrv.sys
2014-10-13 14:36:13 F5D4FA3E1F4879C361FFF3855259D2C2 35856 ----a-w- C:\Windows\Sysnative\drivers\WdBoot.sys
2014-10-13 14:32:45 7A1A3F213CDB3363D179D5014272025D 402432 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys
2014-10-13 14:32:41 674A4702E4E144E8710ED1A2EC6DD049 96768 ----a-w- C:\Windows\Sysnative\drivers\agilevpn.sys
2014-10-13 14:32:38 65ED7B9CFEA893DF7748D5FF692690DE 38912 ----a-w- C:\Windows\Sysnative\drivers\vwifimp.sys
2014-10-13 14:32:35 35BF5C5F5E3C9902C98978C7640574DA 71680 ----a-w- C:\Windows\Sysnative\drivers\vwififlt.sys
2014-10-13 14:29:33 FD163F487CBA9C98AFFEB546C80F49A2 677376 ----a-w- C:\Windows\Sysnative\drivers\srv2.sys
2014-10-13 14:29:33 78514B073CC5775800A65BFB82A0D66B 443904 ----a-w- C:\Windows\Sysnative\drivers\nwifi.sys
2014-10-13 14:29:33 4BB9BC49DEE1A319EC58274A7BBED663 310616 -c--a-w- C:\Windows\Sysnative\drivers\volsnap.sys
2014-10-13 14:29:31 F152D55E497E12256290C43B31C7D0CE 589656 ----a-w- C:\Windows\Sysnative\drivers\fvevol.sys
2014-10-13 14:29:31 CADCE0D6C30427F70A4BFA426256F68C 337240 ----a-w- C:\Windows\Sysnative\drivers\Classpnp.sys
2014-10-13 14:29:31 498288DD5CA42C2D36D125893E968C53 77312 -c--a-w- C:\Windows\Sysnative\drivers\hdaudbus.sys
2014-10-13 14:29:30 D90AB68D0FAC9F357F663670FDBB511E 275800 -c--a-w- C:\Windows\Sysnative\drivers\msiscsi.sys
2014-10-13 14:29:30 716059F37BCCB1ABEDE99EBE82E8E362 246272 ----a-w- C:\Windows\Sysnative\drivers\srvnet.sys
2014-10-13 14:29:30 4C1E71E37B56C768900B1FCF81205027 372568 ----a-w- C:\Windows\Sysnative\drivers\storport.sys
2014-10-13 14:29:29 6592D192E2823C043EDBC010E7774053 360792 ----a-w- C:\Windows\Sysnative\drivers\fltMgr.sys
2014-10-13 14:29:29 33977549C2CED09936E05BEE7659EAFF 384856 -c--a-w- C:\Windows\Sysnative\drivers\spaceport.sys
2014-10-13 14:24:57 374E27295F0A9DCAA8FC96370F9BEEA5 563200 ----a-w- C:\Windows\Sysnative\drivers\afd.sys
2014-10-13 14:21:25 313DCE665B57000B18CB26C6B6A10DFE 1557848 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys
2014-10-13 14:19:39 1CD3A907D64D08F49208DA00B69BF35E 565576 ----a-w- C:\Windows\Sysnative\drivers\cng.sys
2014-10-13 14:19:02 5C42CEE3E2018E1DFC6E3E17240A432A 206848 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys
2014-10-13 14:11:24 FE0ADF5028EB8C1339B66B3AEDE3FEF9 440664 -c--a-w- C:\Windows\Sysnative\drivers\usbport.sys
2014-10-13 14:11:24 D537815E450A149752C15868392AD1F3 110592 ----a-w- C:\Windows\Sysnative\drivers\WUDFPf.sys
2014-10-13 14:11:24 93435654DCA210298BA0F986EB51C679 419672 -c--a-w- C:\Windows\Sysnative\drivers\usbhub.sys
2014-10-13 14:11:24 7CCBBCEE408A5DBE3FE47297DB5A6CFC 227840 ----a-w- C:\Windows\Sysnative\drivers\WUDFRd.sys
2014-10-13 14:11:24 48BA326A3DBA5B5BEB5F2777F4618696 89944 -c--a-w- C:\Windows\Sysnative\drivers\usbehci.sys
2014-10-13 14:11:23 D79920BE4E6683D3AB50F71457A4F6C6 27480 -c--a-w- C:\Windows\Sysnative\drivers\usbd.sys
2014-10-13 14:11:23 064260B3A5868AC894A4943543BC7AB7 37376 -c--a-w- C:\Windows\Sysnative\drivers\usbuhci.sys
2014-10-13 14:10:58 182561A14F2E93E81E66FE3700D17A5A 55328 ----a-w- C:\Windows\Sysnative\drivers\wpcfltr.sys
====== C:\Windows\Tasks ======
2014-10-20 19:50:36 4A14E0812287EE4EF25A6CCA3C0FD10F 3888 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA
2014-10-20 19:50:33 ABDA0BA54C32071B6F0D9DA4D49C19D9 916 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-20 19:50:32 A2AC97CE0B1012E99BB0FD9D98F0268A 912 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-20 19:50:32 9B19B3255E5358C1B0215109D223BDE8 3652 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore1cfec9f1be95afc
2014-10-20 19:50:32 9B19B3255E5358C1B0215109D223BDE8 3652 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 19:50:32 7F8404412209054078ECBAC127802743 912 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfec9f1be95afc.job
2014-10-13 17:48:14 CCF7221A56F939C091BEC440D203DC8E 3718 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Flash Player Updater
2014-10-13 17:48:14 2597DF2AD065286AA9B741563D72B858 830 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-10-20 19:50:31 -------- d-----w- C:\PROGRA~2\Google
2014-10-15 20:09:48 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
2014-10-15 20:08:51 -------- d-----w- C:\PROGRA~2\Java
2014-10-13 17:58:38 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype
2014-10-13 17:58:31 -------- d-----r- C:\PROGRA~2\Skype
======= C: =====
====== C:\Users\Korisnik\AppData\Roaming ======
2014-10-20 21:24:41 -------- d-----r- C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-10-19 13:08:03 -------- d-----w- C:\Users\Korisnik\AppData\Roaming\uTorrent
2014-10-19 13:01:15 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\ESET
2014-10-19 13:00:02 -------- d-----w- C:\Users\Korisnik\AppData\Local\Comodo
2014-10-19 13:00:01 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-10-19 13:00:01 -------- d-----w- C:\Users\Guest\AppData\Local\Comodo
2014-10-19 13:00:01 -------- d-----w- C:\Users\Administrator\AppData\Local\Comodo
2014-10-19 13:00:00 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Google
2014-10-19 13:00:00 -------- d-----w- C:\Users\Guest\AppData\Local\Google
2014-10-19 13:00:00 -------- d-----w- C:\Users\Administrator\AppData\Local\Google
2014-10-19 09:45:13 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\CrashDumps
2014-10-13 17:32:21 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft
====== C:\Users\Korisnik ======
2014-10-20 20:59:24 3F5D9D75F6523CB30924999EDFDAD28B 1705698 ----a-w- C:\Users\Korisnik\Desktop\JRT.exe
2014-10-20 19:52:40 590AE97695A21AE8FA5B419BE3E13452 1976320 ----a-w- C:\Users\Korisnik\Downloads\AdwCleaner.exe
2014-10-20 19:51:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-20 19:50:07 3BF12F43402F0D91DCE3FB499A00FCC1 880272 ----a-w- C:\Users\Korisnik\Downloads\ChromeSetup.exe
2014-10-20 16:14:41 DEFDB2B6584F269485D49A5AEE1CF236 2110976 ----a-w- C:\Users\Korisnik\Downloads\FRST64.exe
2014-10-19 13:00:04 8E1B08222F20E45A3E8DB04C569F9CB7 8 --sha-r- C:\ProgramData\ntuser.pol
2014-10-19 13:00:00 -------- d-----w- C:\Users\HomeGroupUser$\AppData
2014-10-19 13:00:00 -------- d-----w- C:\Users\Guest\AppData
2014-10-19 13:00:00 -------- d-----w- C:\Users\Administrator\AppData
2014-10-16 09:25:13 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Searches
2014-10-15 20:09:50 -------- d-----w- C:\ProgramData\Sun
2014-10-15 20:09:00 -------- d-----w- C:\ProgramData\Oracle
2014-10-13 17:58:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-29 15:47:13 -------- d-----w- C:\Windows\serviceprofiles\Localservice\winhttp

====== C: exe-files ==
2014-10-20 21:09:17 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Korisnik\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-10-20 20:59:24 3F5D9D75F6523CB30924999EDFDAD28B 1705698 ----a-w- C:\Users\Korisnik\Desktop\JRT.exe
2014-10-20 19:52:40 590AE97695A21AE8FA5B419BE3E13452 1976320 ----a-w- C:\Users\Korisnik\Downloads\AdwCleaner.exe
2014-10-20 19:50:57 EC87C870FC286178E461C1D917567DCE 41081424 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\38.0.2125.104\38.0.2125.104_chrome_installer.exe
2014-10-20 19:50:32 821E577AB0B119278BD1940FEF224DDA 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateBroker.exe
2014-10-20 19:50:32 51508F0C2476177E50C31B0BBFBF1BDB 107912 ----atw- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
2014-10-20 19:50:32 4067DC9EA0640485F1CF395427FD5E9B 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe
2014-10-20 19:50:32 3BF12F43402F0D91DCE3FB499A00FCC1 880272 ----a-w- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateSetup.exe
2014-10-20 19:50:31 976D5F35A058340DA2C160CEC4063C4B 230792 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
2014-10-20 19:50:31 51508F0C2476177E50C31B0BBFBF1BDB 107912 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdate.exe
2014-10-20 19:50:31 26E37D5EAC3F1CF66587183AB348168C 114568 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateComRegisterShell64.exe
2014-10-20 19:50:31 047556104954A72A2222FFF169166EEE 285064 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
2014-10-20 19:50:07 3BF12F43402F0D91DCE3FB499A00FCC1 880272 ----a-w- C:\Users\Korisnik\Downloads\ChromeSetup.exe
2014-10-20 16:14:41 DEFDB2B6584F269485D49A5AEE1CF236 2110976 ----a-w- C:\Users\Korisnik\Downloads\FRST64.exe
2014-10-20 16:14:41 9F27F27D5A7A8867A1326C3B8A32AD0A 2111488 ----a-w- C:\Users\Korisnik\Downloads\FRST-OlderVersion\FRST64.exe
2014-10-19 13:14:18 439769EB07FC0BDB34EC3E3306B6FC96 4386304 ----a-w- C:\Windows\SysWOW64\setup.exe
2014-10-19 13:10:28 95D639DC3871AA358CE4D6E04C5569A7 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-766166941-1863158350-1466078941-1001\$IARJVI9.exe
2014-10-19 13:09:35 AC82F4DB77B8698E89335980142E0FC5 1918032 ----a-w- C:\Users\Korisnik\AppData\Roaming\uTorrent\updates\3.4.2_34537.exe
2014-10-18 13:55:47 BAF49891E107E53DF4125A3EA9ABE607 16063568 ----a-w- C:\Users\Korisnik\AppData\Local\Google\Update \Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\38.0.2125.104\38.0.2125.104_36.0.1985.125_chrome_updater.exe
2014-10-18 13:50:56 821E577AB0B119278BD1940FEF224DDA 51080 ----atw- C:\Users\Korisnik\AppData\Local\Google\Update \1.3.25.5\GoogleUpdateBroker.exe
2014-10-18 13:50:56 4067DC9EA0640485F1CF395427FD5E9B 51080 ----atw- C:\Users\Korisnik\AppData\Local\Google\Update \1.3.25.5\GoogleUpdateOnDemand.exe
2014-10-18 13:50:56 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Users\Korisnik\AppData\Local\Google\Update \1.3.25.5\GoogleUpdateSetup.exe
2014-10-18 13:50:55 976D5F35A058340DA2C160CEC4063C4B 230792 ----atw- C:\Users\Korisnik\AppData\Local\Google\Update \1.3.25.5\GoogleCrashHandler.exe
2014-10-18 13:50:55 51508F0C2476177E50C31B0BBFBF1BDB 107912 ----atw- C:\Users\Korisnik\AppData\Local\Google\Update \1.3.25.5\GoogleUpdate.exe
2014-10-18 13:50:55 26E37D5EAC3F1CF66587183AB348168C 114568 ----atw- C:\Users\Korisnik\AppData\Local\Google\Update \1.3.25.5\GoogleUpdateComRegisterShell64.exe
2014-10-18 13:50:55 047556104954A72A2222FFF169166EEE 285064 ----atw- C:\Users\Korisnik\AppData\Local\Google\Update \1.3.25.5\GoogleCrashHandler64.exe
2014-10-18 13:50:48 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Users\Korisnik\AppData\Local\Google\Update \Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.25.5\GoogleUpdateSetup.exe
2014-10-15 20:09:38 AA3520FB0133A56BEE1DB34D74DBEF64 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe
2014-10-15 20:09:38 75D477E868CA51EC1B09D730570F322B 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe
2014-10-15 20:09:38 691D49FB44EDE9788288CABE4F7E0DAF 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe
2014-10-15 20:09:19 67F763B09F4BC8689E6FA9761E068D74 159656 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\unpack200.exe
2014-10-15 20:09:19 57E1F756FAA787623DFCD2C1B2AACC68 51112 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssvagent.exe
2014-10-15 20:09:19 28FC00F89631B0F6E1E9CA386FADD566 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\tnameserv.exe
2014-10-15 20:09:18 DC197DCE6325CBAC905DE0D0E3BA3E8E 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmid.exe
2014-10-15 20:09:18 33D2AF53E209DA3E2BA939EB89801DC0 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmiregistry.exe
2014-10-15 20:09:18 29E65AC6AFD8A0A9CAA361FF6F7B4886 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\servertool.exe
2014-10-15 20:09:17 E3E6B18458FFB07CB24D7A0BA77C9FDF 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\pack200.exe
2014-10-15 20:09:17 7AB1F1B3FB6C3DACA34EA2F988CDF5AC 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\orbd.exe
2014-10-15 20:09:17 75EE99C7F0038C746D82C76221ECA4EF 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\policytool.exe
2014-10-15 20:09:16 A458E2535E46151690E53E2A03FAA711 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\keytool.exe
2014-10-15 20:09:16 9BFAEF308D50779F6B255CB7BA7DCA5A 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\kinit.exe
2014-10-15 20:09:16 4109C4DB4BD48F5BF8115C7523A6B6F8 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\klist.exe
2014-10-15 20:09:16 26C7F32186B1F0364CD06EA69227A79D 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\ktab.exe
2014-10-15 20:09:15 B719E0F43166037DF46B5CFBE60A5118 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jjs.exe
2014-10-15 20:09:15 4367C05B0CF5553E71B34F51003D0615 76200 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe
2014-10-15 20:09:13 75D477E868CA51EC1B09D730570F322B 176552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe
2014-10-15 20:09:13 691D49FB44EDE9788288CABE4F7E0DAF 272296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaws.exe
2014-10-15 20:09:12 BB8C890E3E6372F2720709262BD42BF4 30632 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jabswitch.exe
2014-10-15 20:09:12 AA3520FB0133A56BEE1DB34D74DBEF64 176552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\java.exe
2014-10-15 20:09:12 74713E9C1B01B152DDD3A1A3519A3647 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\java-rmi.exe
2014-10-15 20:09:12 70E67429D2C011FD0419AF899A8D0D70 68520 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe
2014-10-15 08:24:18 195822ACCDAA2B4815DD01BAFC335595 2084520 ----a-w- C:\Windows\SysWOW64\explorer.exe
2014-10-15 08:24:17 ACDBE1ED38167C8B01B8F63161BB2CEA 2374784 ----a-w- C:\Windows\explorer.exe
2014-10-15 08:21:59 0B219DF6F397F076BC4DF0249156D010 812688 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-10-15 08:21:58 8A120D686685E02B5D8760C723E890B4 810640 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-10-15 08:21:58 29C0530E0F120AC3E583889DCD6A63DD 710656 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-10-15 08:21:57 C876F8303AA30481A36FE2AACDE77671 483840 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-10-15 08:21:57 53E24F2DB97EFAF85FE093AA254790EC 470528 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-10-15 08:21:00 743DE31CDA4A16551F4F5F8A006E7295 1408472 ----a-w- C:\Windows\Camera\Camera.exe
2014-10-15 08:20:39 FBC21212942F17DBA0A66C93ADC23F59 31232 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2014-10-15 08:20:39 5E89EC6165E545B77122227E1DFFA23A 54752 ----a-w- C:\Windows\System32\wuauclt.exe
2014-10-15 08:20:39 35D45C2646794C66EAAD8FE11944A714 35328 ----a-w- C:\Windows\System32\wuapp.exe
2014-10-15 08:19:28 F58FBEA392B663B936E62939A877CA80 1120768 ----a-w- C:\Windows\System32\SkyDrive.exe
2014-10-15 08:19:12 D43F34B4901C499FE13798149879DCD8 161960 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe
2014-10-14 10:47:14 4B90A440C945F78BDDC23495BEA8AD87 706016 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
=== C: other files ==
2014-10-20 21:09:17 FC1F36A7844235BACFE12DF3FD486026 14957 ----a-w- C:\Users\Korisnik\AppData\Local\Temp\jrt\get.bat
2014-10-20 21:09:17 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\Korisnik\AppData\Local\Temp\jrt\prelim.bat
2014-10-20 21:09:17 E5E1041DE1DBDDF20D704BA894BEAD05 183929 ----a-w- C:\Users\Korisnik\AppData\Local\Temp\jrt\misc.bat
2014-10-20 21:09:17 E01FF880FC345F56C61E80C91FA03687 9384 ----a-w- C:\Users\Korisnik\AppData\Local\Temp\jrt\runvalues.bat
2014-10-20 21:09:17 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Korisnik\AppData\Local\Temp\jrt\TDL4.bat
2014-10-20 21:09:17 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Korisnik\AppData\Local\Temp\jrt\medfos.bat
2014-10-20 21:09:17 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\Korisnik\AppData\Local\Temp\jrt\surfvox.bat
2014-10-20 21:09:17 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Korisnik\AppData\Local\Temp\jrt\searchlnk.bat
2014-10-20 21:09:17 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Korisnik\AppData\Local\Temp\jrt\firefox.bat
2014-10-20 21:09:17 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Korisnik\AppData\Local\Temp\jrt\ev_clear.bat
2014-10-20 21:09:17 4D80C7010E2CE44AB25FA25B013649E4 8085 ----a-w- C:\Users\Korisnik\AppData\Local\Temp\jrt\mws.bat
2014-10-20 21:09:17 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Korisnik\AppData\Local\Temp\jrt\ask.bat
2014-10-20 21:09:17 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Korisnik\AppData\Local\Temp\jrt\iexplore.bat
2014-10-20 21:09:17 1EFD82B5DDC672FE3D2AFE731898BAF4 14044 ----a-w- C:\Users\Korisnik\AppData\Local\Temp\jrt\chrome.bat
2014-10-20 21:09:17 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Korisnik\AppData\Local\Temp\jrt\delfolders.bat
2014-10-20 15:39:31 4AC75A9F5F7318FF53BC435DCFBF5A64 979610 ----a-w- C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\3bzof60h.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2014-10-15 20:09:20 CE44A9D4918DCDC7CCCF5503BF4D7A3D 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\lib\deploy\ffjcext.zip
2014-10-15 08:23:24 C2BBFC3872442092AD2260F564AB9AD9 4183040 ----a-w- C:\Windows\System32\win32k.sys
2014-10-15 08:19:37 87F3713E620F62D243A82B3CB66CBDDE 2498880 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-10-15 08:19:30 97B9076611291AE4C4C107BC915BD026 1200640 -c--a-w- C:\Windows\System32\drivers\bthport.sys
2014-10-15 08:19:28 65392F3F3F65E4C6CC82A0F4F8A0B051 468288 -c--a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2014-10-15 08:19:28 329FEB41BBE82FBBD9BD69547BA1CB82 428864 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-10-15 08:19:27 E0927EFA25D473367C3341B9F5969779 115712 ----a-w- C:\Windows\System32\drivers\bridge.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-766166941-1863158350-1466078941-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Korisnik\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Lync"="C:\Program Files\Microsoft Office\Office15\lync.exe /fromrunkey"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Korisnik\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Lync"="C:\Program Files\Microsoft Office\Office15\lync.exe /fromrunkey"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice"
"TNOD UP"="C:\Program Files\ESET\TNod User & Password Finder\TNODUP.exe /i"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10/13/2014 07:48 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/20/2014 09:50 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/20/2014 09:50 PM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-766166941-1863158350-1466078941-1001Core.job --a-------- C:\Users\Korisnik\AppData\Local\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-766166941-1863158350-1466078941-1001UA.job --a-------- [Undetermined Task]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\AutoPico Daily Restart" ["C:\Program Files\KMSpico\AutoPico.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore1cfec9f1be95afc" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-766166941-1863158350-1466078941-1001Core" [C:\Users\Korisnik\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-766166941-1863158350-1466078941-1001UA" [C:\Users\Korisnik\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\KMS Server Daily Activate" [C:\Windows\AutoKMS_VL_ALL\AutoKMS_VL_ALL.exe]
"C:\Windows\SysNative\tasks\KMS Server OnLogon Activate" [C:\Windows\AutoKMS_VL_ALL\AutoKMS_VL_ALL.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{D7D39209-2059-4EB2-BCEA-018927F7A558}" [C:\Windows\system32\msfeedssync.exe]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\3bzof60h.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\3bzof60h.default
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash


==== Chromium Look ======================

Vaudix - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf
Webbing - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hepkaliebbchdnjnjjcapjmbmhjnfpdh
NextCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci
Send to Kindle - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
NextCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk
Send to Kindle - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
Vaudix - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf
Webbing - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hepkaliebbchdnjnjjcapjmbmhjnfpdh
NextCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci
Send to Kindle - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
NextCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk
Vaudix - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf
Webbing - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hepkaliebbchdnjnjjcapjmbmhjnfpdh
NextCoup - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci
Send to Kindle - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
NextCoup - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk
Send to Kindle - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
Vaudix - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf
Webbing - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hepkaliebbchdnjnjjcapjmbmhjnfpdh
NextCoup - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci
Send to Kindle - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
NextCoup - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk
Vaudix - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf
Webbing - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hepkaliebbchdnjnjjcapjmbmhjnfpdh
NextCoup - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci
Send to Kindle - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
NextCoup - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk
Send to Kindle - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
Vaudix - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf
Webbing - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hepkaliebbchdnjnjjcapjmbmhjnfpdh
NextCoup - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci
Send to Kindle - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
NextCoup - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk
Vaudix - Korisnik\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf
Webbing - Korisnik\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hepkaliebbchdnjnjjcapjmbmhjnfpdh
NextCoup - Korisnik\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci
Send to Kindle - Korisnik\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
NextCoup - Korisnik\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk
Google Docs - Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Vaudix - Korisnik\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf
Webbing - Korisnik\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hepkaliebbchdnjnjjcapjmbmhjnfpdh
NextCoup - Korisnik\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci
Send to Kindle - Korisnik\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
NextCoup - Korisnik\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Mon 10/20/2014 at 23:38:12.36 ======================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

amjjbhpgbnklcppnahjhlgjfnlmocodf;chr
hepkaliebbchdnjnjjcapjmbmhjnfpdh;chr
igdppmdjmlmadjjcekbjbghhbnjjpjci;chr
nndnmglcagicbicnmhappkngmhilngnk;chr
emptyalltemp;
emptyclsid;
autoclean;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadržaj tog loga u poruku.

offline
  • eugrom  Male
  • Novi MyCity građanin
  • Student
  • Pridružio: 20 Okt 2014
  • Poruke: 18
  • Gde živiš: Beograd

Zoek.exe v5.0.0.0 Updated 19-10-2014
Tool run by Korisnik on Tue 10/21/2014 at 1:09:35.28.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Korisnik\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-10-20-213812.log 62837 bytes

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\3bzof60h.default

user.js not found
---- Lines extensions.6wxYgKvfTC1wGb3B removed from prefs.js ----
user_pref("extensions.6wxYgKvfTC1wGb3B.epoch", "1413907155");
user_pref("extensions.6wxYgKvfTC1wGb3B.url", "http://getjpi.info/sync2/?q=hfZ9oe4VWdwMCyVUojaMg708BNmGWj8ikGhGheDUojw9rjaGrdw8qjgHpchIC7n0rjnFrdsErjk8
---- Lines extensions.81x4Xs1G3smFAPlb removed from prefs.js ----
user_pref("extensions.81x4Xs1G3smFAPlb.epoch", "1413895566");
user_pref("extensions.81x4Xs1G3smFAPlb.url", "http://syncjpi.info/sync2/?q=hfZ9ofhUWchEAen0rHgErihTB6lKDzt4oltjtNtVh7n0rjnFrdw4rjs8pjn8tMFHhd9FqdwErjU
---- Lines extensions.BOuagwYB3PoUb1q5 removed from prefs.js ----
user_pref("extensions.BOuagwYB3PoUb1q5.epoch", "1413919686");
user_pref("extensions.BOuagwYB3PoUb1q5.url", "http://skybardownloadstar.net/sync2/?q=hfZ9oe4VWdsMCyVUojaMg708BNmGWj8ikGhGheDUojw9rjaGrdw4rTn8qGhIC7n0r
---- Lines extensions.Zb65n0FK7kqSqom4 removed from prefs.js ----
user_pref("extensions.Zb65n0FK7kqSqom4.epoch", "1413895569");
user_pref("extensions.Zb65n0FK7kqSqom4.url", "http://jobfirstnet.in/sync2/?q=hfZ9oe4VWdwMCyVUojaMg708BNmGWj8ikGhGheDUojw9rjaFpjwHrjnFrihIC7n0rjnFrdw4r
---- Lines extensions.dMfr9fQKwQoIKeHz removed from prefs.js ----
user_pref("extensions.dMfr9fQKwQoIKeHz.epoch", "1413895564");
---- FireFox user.js and prefs.js backups ----

prefs_20141021_0141_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\3bzof60h.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\3bzof60h.default
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash


==== Chromium Look ======================

Vaudix - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf
Webbing - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hepkaliebbchdnjnjjcapjmbmhjnfpdh
NextCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci
Send to Kindle - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
NextCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk
Send to Kindle - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
Vaudix - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf
Webbing - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hepkaliebbchdnjnjjcapjmbmhjnfpdh
NextCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci
Send to Kindle - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
NextCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk
Vaudix - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf
Webbing - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hepkaliebbchdnjnjjcapjmbmhjnfpdh
NextCoup - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci
Send to Kindle - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
NextCoup - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk
Send to Kindle - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
Vaudix - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf
Webbing - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hepkaliebbchdnjnjjcapjmbmhjnfpdh
NextCoup - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci
Send to Kindle - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
NextCoup - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk
Vaudix - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf
Webbing - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hepkaliebbchdnjnjjcapjmbmhjnfpdh
NextCoup - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci
Send to Kindle - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
NextCoup - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk
Send to Kindle - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
Vaudix - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf
Webbing - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hepkaliebbchdnjnjjcapjmbmhjnfpdh
NextCoup - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci
Send to Kindle - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
NextCoup - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk
Vaudix - Korisnik\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf
Webbing - Korisnik\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hepkaliebbchdnjnjjcapjmbmhjnfpdh
NextCoup - Korisnik\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci
Send to Kindle - Korisnik\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
NextCoup - Korisnik\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk
Google Docs - Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Vaudix - Korisnik\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf
Webbing - Korisnik\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hepkaliebbchdnjnjjcapjmbmhjnfpdh
NextCoup - Korisnik\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci
Send to Kindle - Korisnik\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
NextCoup - Korisnik\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk

==== Chromium Fix ======================

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf deleted successfully
C:\Users\Korisnik\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf deleted successfully
C:\Users\Korisnik\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\amjjbhpgbnklcppnahjhlgjfnlmocodf deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hepkaliebbchdnjnjjcapjmbmhjnfpdh deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hepkaliebbchdnjnjjcapjmbmhjnfpdh deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hepkaliebbchdnjnjjcapjmbmhjnfpdh deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hepkaliebbchdnjnjjcapjmbmhjnfpdh deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hepkaliebbchdnjnjjcapjmbmhjnfpdh deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hepkaliebbchdnjnjjcapjmbmhjnfpdh deleted successfully
C:\Users\Korisnik\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hepkaliebbchdnjnjjcapjmbmhjnfpdh deleted successfully
C:\Users\Korisnik\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hepkaliebbchdnjnjjcapjmbmhjnfpdh deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci deleted successfully
C:\Users\Korisnik\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci deleted successfully
C:\Users\Korisnik\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\igdppmdjmlmadjjcekbjbghhbnjjpjci deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk deleted successfully
C:\Users\Korisnik\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk deleted successfully
C:\Users\Korisnik\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nndnmglcagicbicnmhappkngmhilngnk deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan deleted successfully
C:\Users\Korisnik\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan deleted successfully
C:\Users\Korisnik\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Korisnik\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=232 folders=103 16064229 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Korisnik\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Korisnik\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Tue 10/21/2014 at 1:53:47.53 ======================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Obavićemo još jednu provjeru.

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • eugrom  Male
  • Novi MyCity građanin
  • Student
  • Pridružio: 20 Okt 2014
  • Poruke: 18
  • Gde živiš: Beograd

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
malwarebytes.org

Database version: v2014.10.21.03

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17351
Korisnik :: CLIENT [administrator]

10/21/2014 10:19:00 AM
mbar-log-2014-10-21 (10-19-00).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 343979
Time elapsed: 28 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|TNOD UP (Trojan.Agent.CK) -> Data: "C:\Program Files\ESET\TNod User & Password Finder\TNODUP.exe" /i -> Delete on reboot. [5afd51c607750a2c3f7985b2f90c4fb1]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\ESET\TNod User & Password Finder\TNODUP.exe (Trojan.Agent.CK) -> Delete on reboot. [5afd51c607750a2c3f7985b2f90c4fb1]

Physical Sectors Detected: 0
(No malicious items detected)





---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17351

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 1.497000 GHz
Memory total: 3725709312, free: 2203021312

Downloaded database version: v2014.10.21.03
Downloaded database version: v2014.10.20.01
=======================================
------------ Kernel report ------------
10/21/2014 10:18:28
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\amdsata.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\amdxata.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\epfwwfp.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\drivers\btath_bus.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\edevmon.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\EpfwLWF.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\RtsP2Stor.sys
\SystemRoot\system32\DRIVERS\athwbx.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\sdbus.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\WirelessButtonDriver64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amdsata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\System32\drivers\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\System32\drivers\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\epfw.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\cdd.dll
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffe00058053060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000002d\
Lower Device Object: 0xffffe00057efe060
Lower Device Driver Name: \Driver\amdsata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe00058053060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe00058053a40, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe00058053060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe00057efcb30, DeviceName: Unknown, DriverName: \Driver\amdxata\
DevicePointer: 0xffffe00057efe060, DeviceName: \Device\0000002d\, DriverName: \Driver\amdsata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A25F22D5

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 716800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 718848 Numsec = 440428544

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 441147392 Numsec = 1023997952

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Infected: C:\Program Files\ESET\TNod User & Password Finder\TNODUP.exe --> [Trojan.Agent.CK]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|TNOD UP --> [Trojan.Agent.CK]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

To bi bilo to.


Arrow

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.


MBAR-ov folder možeš ručno obrisati sa Desktopa.



Arrow

Preporučujem da za zaštitu USB memorijskih uređaja koristiš MCShield.
Nema nikakve veze sa antivirus-om tj. neće ometati njegov rad, a pokazao se kao jedan od najboljih vida zaštite od malware-a koji se prenosi putem USB mem. uređaja.


Home Page MCShield-a: http://www.mcshield.net
Više o MCShield-u možeš saznati u ovoj temi: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v3.html
Facebook stranica MCShield-a: http://www.facebook.com/MCShield



Arrow

Vidim da koristiš priatski NOD. Moja preporuka je da ne koristiš piratske verzije AV programa. Ukoliko nemaš novaca ili ne želiš da ga izdvojiš za neki komercijalni AV program, na raspolaganju ti se nalaze kvalitetni besplatni AV programi poput Avast Free, AVG Free, Avira Free, Microsoft Security Essentials, Panda Cloud AV, itd.

Ko je trenutno na forumu
 

Ukupno su 872 korisnika na forumu :: 92 registrovanih, 8 sakrivenih i 772 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, A.R.Chafee.Jr., ajo baba, babaroga, bojank, Boris Bosiljčić, BORUTUS, Brada i Gibanica, Bubili, Bubimir, CallMeIshmael, celik, dankisha, Dejan84, dejanbenkovic, Denaya, Djokkinen, Dorcolac, dragonserbia, Drug pukovnik, dule10savic, famoso, FileFinder, Fog of War, Frunze, Georgius, gomago, goran.vvv, ikan, Istman, Jester, Joja, Još malo pa deda, kokodakalo, konstruktor, Koridor, kraJo, Kriglord, Kruger, Krusarac, kybonacci, Lieutenant, liman, Lord Nem, Lucije Kvint, madza, majolu, MarKhan, Markoni29, marsovac 2, Milan A. Nikolic, MiroslavD, Miskohd, mkukoleca, mnn2, nemkea71, nenooo, nextyamb, Nixon, nuke92, opt1, ostoja, Panter, pein, peruni, pvoman, raptorsi, raskoljnikov, Ray1973, Recce, rikirubio, rkekoke, Rocker, rovac, ruso, S2M, slonic_tonic, Srle993, stringer bell, Stuka76, styg, Tas011, Toni, vasa.93, vathra, Vlada1389, vladom6, vladulns, voja64, zastavnik, zozi, |_MeD_|