Kineski sindrom

1

Kineski sindrom

offline
  • Sad radim sve ono što pre nisam stizao.
  • Pridružio: 17 Maj 2006
  • Poruke: 18548
  • Gde živiš: I ja se pitam...

Колеге, помагајте. Терао ме ђаво јуче после дуго времена да скинем неку музику, а онда сам по навици почео да кликћем - и закачило ми се нешто рекламно на кинеском. На екрану се појављује као мерач температуре ЦПУ, а отвара ми периодично и неке рекламе.
Нисам никако покушао да решим проблем (ако изузмемо крепклинер и узалудни покушај да на контрол панелу деинсталирам тај чичак који ми се закачио). Обраћам се вама јер знам да сте чаробњаци за овакве неопрезности.


https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Zdravo,

deinstaliraj,

Compress
GameLauncher
UC浏览器


-----

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

--------

Potom mi postavi novi FRST log i Addition log, kao i prvi put.

offline
  • Sad radim sve ono što pre nisam stizao.
  • Pridružio: 17 Maj 2006
  • Poruke: 18548
  • Gde živiš: I ja se pitam...

О, спасиоче мој... Zagrljaj

Ево фајла. Онај чистач ми је очистио ''Оперу'' и ''Хрому'', па сам се сад улоговао преко ''Експлорера'' док не буде сигурно да поново скинем она два претраживача на које сам навикао, наравно, ако ми ти препоручујеш.


https://www.mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

A, sada postavi novi FRST log i Addition.

offline
  • Sad radim sve ono što pre nisam stizao.
  • Pridružio: 17 Maj 2006
  • Poruke: 18548
  • Gde živiš: I ja se pitam...

Стиже...
https://www.mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Trazio sam FRST logove. To su ona dva loga sa pocetka, iz uputstva za otvaranje teme.

offline
  • Sad radim sve ono što pre nisam stizao.
  • Pridružio: 17 Maj 2006
  • Poruke: 18548
  • Gde živiš: I ja se pitam...

Napisano: 07 Sep 2016 21:36

...А ево и трећег. Код оног другог скенирања показао ми је пет претњи, а код овог трећег само једну.
https://www.mycity.rs/must-login.png

Dopuna: 07 Sep 2016 21:36

helen1 ::Trazio sam FRST logove. To su ona dva loga sa pocetka, iz uputstva za otvaranje teme.

Сад сам видео, извини, одох да их поставим.

Dopuna: 07 Sep 2016 21:43

Мислим да је то то...

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Dopuna: 07 Sep 2016 21:43

Ово триплирање другог фајла је случајно, извини.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Nesto nije dobro odradjeno, logovi su prazni, probaj ponovo da kopiras.

offline
  • Sad radim sve ono što pre nisam stizao.
  • Pridružio: 17 Maj 2006
  • Poruke: 18548
  • Gde živiš: I ja se pitam...

Napisano: 08 Sep 2016 7:05

[quote="helen1"]Nesto nije dobro odradjeno, logovi su prazni, probaj ponovo da kopiras.[/quote

То ћу поподне, пошто сам сада на послу. Хвала ти много. Нема више оних кука и верига по екрану, у свкаом случају.

Dopuna: 08 Sep 2016 14:21

Evo skenova. Nisam uključivao one dole ponudu ''optional scan' prilikom startovanja programa FRST.

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Dragi (administrator) on INTEL2C (08-09-2016 14:15:08)
Running from C:\Users\Dragi\Desktop
Loaded Profiles: Dragi (Available Profiles: Dragi)
Platform: Windows 10 Pro (X64) Language: engleski (SAD)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1399999599-1220102421-2335971870-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1399999599-1220102421-2335971870-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-1399999599-1220102421-2335971870-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [150528 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [JzShlobj] -> {7B286609-DA97-47E1-AC6B-33B8B4732C95} => No File
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 clients2.google.com
Tcpip\Parameters: [DhcpNameServer] 212.200.191.166 212.200.190.166
Tcpip\..\Interfaces\{943b2101-53be-40a8-87b4-d1496dbe343e}: [DhcpNameServer] 212.200.191.166 212.200.190.166

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Dragi\AppData\Roaming\Mozilla\Firefox\Profiles\s4tigtm4.default
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-07-28] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-07-28] (Adobe Systems Inc.)
FF Extension: (Fast search) - C:\Users\Dragi\AppData\Roaming\Mozilla\Firefox\Profiles\s4tigtm4.default\Extensions\amcontextmenu@loucypher [2016-09-06]

Chrome:
=======
CHR Profile: C:\Users\Dragi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google документи) - C:\Users\Dragi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-06]
CHR Extension: (Google диск) - C:\Users\Dragi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-06]
CHR Extension: (YouTube) - C:\Users\Dragi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-06]
CHR Extension: (Google табеле) - C:\Users\Dragi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-04]
CHR Extension: (Google документи офлајн) - C:\Users\Dragi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-06]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Dragi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-04]
CHR Extension: (Fast search v3.5) - C:\Users\Dragi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooppbnomdcjmoepangldchpmjhkeendl [2016-09-06]
CHR Extension: (Gmail) - C:\Users\Dragi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-06]

Opera:
=======
OPR StartupUrls:
OPR Extension: (Fast search v3.5) - C:\Users\Dragi\AppData\Roaming\Opera Software\Opera Stable\Extensions\ooppbnomdcjmoepangldchpmjhkeendl [2016-09-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [737984 2015-08-30] (@ByELDI) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24856 2016-08-03] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVCx32: HpSvc -> no filepath.

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-08 14:15 - 2016-09-08 14:15 - 00008728 _____ C:\Users\Dragi\Desktop\FRST.txt
2016-09-08 14:12 - 2016-09-08 14:12 - 00016148 _____ C:\Windows\system32\INTEL2C_Dragi_HistoryPrediction.bin
2016-09-07 17:47 - 2016-09-07 21:30 - 00000000 ____D C:\AdwCleaner
2016-09-07 17:46 - 2016-09-07 17:46 - 03826240 _____ C:\Users\Dragi\Desktop\AdwCleaner.exe
2016-09-07 12:49 - 2016-09-08 14:15 - 00000000 ____D C:\FRST
2016-09-07 12:47 - 2016-09-07 12:47 - 02397696 _____ (Farbar) C:\Users\Dragi\Desktop\FRST64.exe
2016-09-06 20:41 - 2016-09-06 20:41 - 00000000 ____D C:\Users\Dragi\AppData\Local\UCBrowser
2016-09-06 20:41 - 2016-09-06 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\鲁大师
2016-09-06 20:40 - 2016-09-06 20:40 - 00000882 _____ C:\Users\Dragi\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
2016-09-06 20:40 - 2016-09-06 20:40 - 00000000 ____D C:\Program Files\żěŃą
2016-09-06 20:37 - 2016-09-07 17:51 - 00000000 ____D C:\Users\Dragi\AppData\Roaming\GameLauncher
2016-09-06 20:37 - 2016-09-06 20:37 - 00002144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2016-09-06 20:37 - 2016-09-06 20:37 - 00002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2016-09-06 20:37 - 2016-09-06 20:37 - 00002140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ореrа.lnk
2016-09-06 20:37 - 2016-09-06 20:37 - 00002086 _____ C:\Users\Dragi\Desktop\I.Е..lnk
2016-09-02 14:45 - 2016-09-06 14:19 - 00000807 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pomoćnik za nadogradnju na Windows 10.lnk
2016-09-02 14:45 - 2016-09-06 14:19 - 00000795 _____ C:\Users\Dragi\Desktop\Pomoćnik za nadogradnju na Windows 10.lnk
2016-09-02 14:45 - 2016-09-06 14:19 - 00000000 ____D C:\Windows10Upgrade
2016-08-31 19:43 - 2016-08-31 19:43 - 00000000 ____D C:\Windows\UpdateAssistant
2016-08-16 16:48 - 2016-08-16 16:48 - 00003326 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task
2016-08-16 16:47 - 2016-08-16 16:47 - 00000000 ____D C:\Users\Dragi\AppData\Roaming\Skype
2016-08-16 11:58 - 2016-08-16 11:58 - 00000000 ____D C:\Program Files\CMAK
2016-08-16 11:58 - 2016-08-16 11:58 - 00000000 ____D C:\Program Files (x86)\CMAK
2016-08-10 14:52 - 2016-08-03 07:44 - 02429792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-08-10 14:52 - 2016-08-03 07:44 - 02115936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-08-10 14:52 - 2016-08-03 06:57 - 21862912 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-08-10 14:52 - 2016-08-03 06:36 - 07524352 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-08-10 14:52 - 2016-08-03 06:35 - 04791296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 14:52 - 2016-08-03 06:35 - 03584000 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-08-10 14:52 - 2016-08-03 06:35 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-08-10 14:51 - 2016-08-03 08:25 - 00953472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-08-10 14:51 - 2016-08-03 08:25 - 00365120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-08-10 14:51 - 2016-08-03 08:24 - 02152744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-08-10 14:51 - 2016-08-03 08:24 - 01531368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-08-10 14:51 - 2016-08-03 08:24 - 01356368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2016-08-10 14:51 - 2016-08-03 08:24 - 00439648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2016-08-10 14:51 - 2016-08-03 08:24 - 00046480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wldp.dll
2016-08-10 14:51 - 2016-08-03 08:23 - 01895576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hevcdecoder.dll
2016-08-10 14:51 - 2016-08-03 08:15 - 02881624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 14:51 - 2016-08-03 08:15 - 00700256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-08-10 14:51 - 2016-08-03 08:15 - 00468832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-08-10 14:51 - 2016-08-03 08:15 - 00046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NAPCRYPT.DLL
2016-08-10 14:51 - 2016-08-03 08:14 - 00565648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2016-08-10 14:51 - 2016-08-03 08:13 - 00065096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Clipc.dll
2016-08-10 14:51 - 2016-08-03 08:09 - 00185952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\policymanager.dll
2016-08-10 14:51 - 2016-08-03 07:46 - 08016728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-08-10 14:51 - 2016-08-03 07:46 - 02816016 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2016-08-10 14:51 - 2016-08-03 07:46 - 01951864 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-08-10 14:51 - 2016-08-03 07:46 - 01563480 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-08-10 14:51 - 2016-08-03 07:46 - 01561360 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2016-08-10 14:51 - 2016-08-03 07:46 - 01538168 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2016-08-10 14:51 - 2016-08-03 07:46 - 01314496 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-08-10 14:51 - 2016-08-03 07:46 - 00632680 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2016-08-10 14:51 - 2016-08-03 07:46 - 00601336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-08-10 14:51 - 2016-08-03 07:46 - 00552288 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2016-08-10 14:51 - 2016-08-03 07:46 - 00432352 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-08-10 14:51 - 2016-08-03 07:46 - 00158048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 14:51 - 2016-08-03 07:46 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wldp.dll
2016-08-10 14:51 - 2016-08-03 07:44 - 02156400 _____ (Microsoft Corporation) C:\Windows\system32\hevcdecoder.dll
2016-08-10 14:51 - 2016-08-03 07:44 - 00388896 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll
2016-08-10 14:51 - 2016-08-03 07:39 - 00660320 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-08-10 14:51 - 2016-08-03 07:38 - 06525424 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2016-08-10 14:51 - 2016-08-03 07:38 - 03625928 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 14:51 - 2016-08-03 07:38 - 01134792 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2016-08-10 14:51 - 2016-08-03 07:38 - 00801632 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-08-10 14:51 - 2016-08-03 07:38 - 00724168 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2016-08-10 14:51 - 2016-08-03 07:38 - 00078040 _____ (Microsoft Corporation) C:\Windows\system32\Clipc.dll
2016-08-10 14:51 - 2016-08-03 07:33 - 00224704 _____ (Microsoft Corporation) C:\Windows\system32\policymanager.dll
2016-08-10 14:51 - 2016-08-03 07:09 - 00954368 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-08-10 14:51 - 2016-08-03 07:03 - 16708608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-08-10 14:51 - 2016-08-03 06:57 - 24604160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 14:51 - 2016-08-03 06:57 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-10 14:51 - 2016-08-03 06:55 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\oemlicense.dll
2016-08-10 14:51 - 2016-08-03 06:54 - 11557888 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-08-10 14:51 - 2016-08-03 06:53 - 13027328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 14:51 - 2016-08-03 06:52 - 02418688 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-08-10 14:51 - 2016-08-03 06:50 - 02902528 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2016-08-10 14:51 - 2016-08-03 06:49 - 06305792 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2016-08-10 14:51 - 2016-08-03 06:49 - 02446336 _____ C:\Windows\system32\InputService.dll
2016-08-10 14:51 - 2016-08-03 06:48 - 06788096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-08-10 14:51 - 2016-08-03 06:47 - 00456704 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-10 14:51 - 2016-08-03 06:47 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oemlicense.dll
2016-08-10 14:51 - 2016-08-03 06:47 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2016-08-10 14:51 - 2016-08-03 06:46 - 02238464 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-08-10 14:51 - 2016-08-03 06:46 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
2016-08-10 14:51 - 2016-08-03 06:46 - 00963072 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2016-08-10 14:51 - 2016-08-03 06:46 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2016-08-10 14:51 - 2016-08-03 06:45 - 14241792 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-08-10 14:51 - 2016-08-03 06:45 - 12514304 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 14:51 - 2016-08-03 06:45 - 04847616 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2016-08-10 14:51 - 2016-08-03 06:45 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\iassvcs.dll
2016-08-10 14:51 - 2016-08-03 06:44 - 19337216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 14:51 - 2016-08-03 06:44 - 09889792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-08-10 14:51 - 2016-08-03 06:44 - 00893440 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApiPublic.dll
2016-08-10 14:51 - 2016-08-03 06:44 - 00814592 _____ (Microsoft Corporation) C:\Windows\system32\provcore.dll
2016-08-10 14:51 - 2016-08-03 06:44 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2016-08-10 14:51 - 2016-08-03 06:43 - 07055872 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-08-10 14:51 - 2016-08-03 06:43 - 00326656 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2016-08-10 14:51 - 2016-08-03 06:43 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2016-08-10 14:51 - 2016-08-03 06:43 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2016-08-10 14:51 - 2016-08-03 06:42 - 02839040 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2016-08-10 14:51 - 2016-08-03 06:42 - 02598912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2016-08-10 14:51 - 2016-08-03 06:42 - 02253824 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2016-08-10 14:51 - 2016-08-03 06:42 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-08-10 14:51 - 2016-08-03 06:42 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll
2016-08-10 14:51 - 2016-08-03 06:41 - 04398592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2016-08-10 14:51 - 2016-08-03 06:41 - 03119104 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 14:51 - 2016-08-03 06:41 - 01823232 _____ C:\Windows\SysWOW64\InputService.dll
2016-08-10 14:51 - 2016-08-03 06:41 - 01686528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 14:51 - 2016-08-03 06:41 - 01606656 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 14:51 - 2016-08-03 06:40 - 05160960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 14:51 - 2016-08-03 06:40 - 01918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-08-10 14:51 - 2016-08-03 06:40 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-08-10 14:51 - 2016-08-03 06:40 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-10 14:51 - 2016-08-03 06:40 - 00338944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-10 14:51 - 2016-08-03 06:40 - 00200704 _____ C:\Windows\SysWOW64\TextInputFramework.dll
2016-08-10 14:51 - 2016-08-03 06:39 - 05448704 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2016-08-10 14:51 - 2016-08-03 06:39 - 00846848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NaturalLanguage6.dll
2016-08-10 14:51 - 2016-08-03 06:39 - 00806912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2016-08-10 14:51 - 2016-08-03 06:39 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 14:51 - 2016-08-03 06:39 - 00587776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2016-08-10 14:51 - 2016-08-03 06:39 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 14:51 - 2016-08-03 06:39 - 00153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2016-08-10 14:51 - 2016-08-03 06:39 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2016-08-10 14:51 - 2016-08-03 06:38 - 06101504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-08-10 14:51 - 2016-08-03 06:38 - 03873280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2016-08-10 14:51 - 2016-08-03 06:38 - 03527168 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2016-08-10 14:51 - 2016-08-03 06:38 - 00819712 _____ (Microsoft Corporation) C:\Windows\system32\licensingdiag.exe
2016-08-10 14:51 - 2016-08-03 06:38 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2016-08-10 14:51 - 2016-08-03 06:38 - 00239104 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2016-08-10 14:51 - 2016-08-03 06:38 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\IdCtrls.dll
2016-08-10 14:51 - 2016-08-03 06:37 - 04453888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2016-08-10 14:51 - 2016-08-03 06:37 - 04168704 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2016-08-10 14:51 - 2016-08-03 06:37 - 02558976 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2016-08-10 14:51 - 2016-08-03 06:37 - 00136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iassvcs.dll
2016-08-10 14:51 - 2016-08-03 06:36 - 07502848 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-08-10 14:51 - 2016-08-03 06:36 - 00671232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApiPublic.dll
2016-08-10 14:51 - 2016-08-03 06:36 - 00584704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\provcore.dll
2016-08-10 14:51 - 2016-08-03 06:36 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2016-08-10 14:51 - 2016-08-03 06:36 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2016-08-10 14:51 - 2016-08-03 06:36 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\WPTaskScheduler.dll
2016-08-10 14:51 - 2016-08-03 06:36 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2016-08-10 14:51 - 2016-08-03 06:35 - 18799616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-08-10 14:51 - 2016-08-03 06:35 - 01717760 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-08-10 14:51 - 2016-08-03 06:35 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2016-08-10 14:51 - 2016-08-03 06:35 - 00336384 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2016-08-10 14:51 - 2016-08-03 06:35 - 00243712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2016-08-10 14:51 - 2016-08-03 06:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappprxy.dll
2016-08-10 14:51 - 2016-08-03 06:34 - 01522176 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-08-10 14:51 - 2016-08-03 06:34 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2016-08-10 14:51 - 2016-08-03 06:34 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-08-10 14:51 - 2016-08-03 06:34 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2016-08-10 14:51 - 2016-08-03 06:33 - 12589056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-08-10 14:51 - 2016-08-03 06:33 - 02587136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 14:51 - 2016-08-03 06:33 - 02198016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2016-08-10 14:51 - 2016-08-03 06:33 - 01418240 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2016-08-10 14:51 - 2016-08-03 06:33 - 01387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-10 14:51 - 2016-08-03 06:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2016-08-10 14:51 - 2016-08-03 06:32 - 05079552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-08-10 14:51 - 2016-08-03 06:32 - 01492992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 14:51 - 2016-08-03 06:32 - 00939008 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2016-08-10 14:51 - 2016-08-03 06:32 - 00794112 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2016-08-10 14:51 - 2016-08-03 06:32 - 00679936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 14:51 - 2016-08-03 06:32 - 00574464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2016-08-10 14:51 - 2016-08-03 06:32 - 00502784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-10 14:51 - 2016-08-03 06:32 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-08-10 14:51 - 2016-08-03 06:31 - 05329408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2016-08-10 14:51 - 2016-08-03 06:31 - 01096192 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-08-10 14:51 - 2016-08-03 06:31 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\DbgModel.dll
2016-08-10 14:51 - 2016-08-03 06:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2016-08-10 14:51 - 2016-08-03 06:30 - 02748416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2016-08-10 14:51 - 2016-08-03 06:30 - 00617472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licensingdiag.exe
2016-08-10 14:51 - 2016-08-03 06:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2016-08-10 14:51 - 2016-08-03 06:30 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\dbgcore.dll
2016-08-10 14:51 - 2016-08-03 06:30 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IdCtrls.dll
2016-08-10 14:51 - 2016-08-03 06:29 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2016-08-10 14:51 - 2016-08-03 06:29 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2016-08-10 14:51 - 2016-08-03 06:28 - 03692032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2016-08-10 14:51 - 2016-08-03 06:28 - 03579392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 14:51 - 2016-08-03 06:27 - 11270656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 14:51 - 2016-08-03 06:27 - 03443200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2016-08-10 14:51 - 2016-08-03 06:27 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2016-08-10 14:51 - 2016-08-03 06:26 - 06713856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-08-10 14:51 - 2016-08-03 06:26 - 05454848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-08-10 14:51 - 2016-08-03 06:26 - 01467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-08-10 14:51 - 2016-08-03 06:26 - 00117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2016-08-10 14:51 - 2016-08-03 06:25 - 00712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2016-08-10 14:51 - 2016-08-03 06:25 - 00565760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2016-08-10 14:51 - 2016-08-03 06:25 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2016-08-10 14:51 - 2016-08-03 06:22 - 00716288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2016-08-10 14:51 - 2016-08-03 06:21 - 00854016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2016-08-10 14:51 - 2016-08-03 06:21 - 00404992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DbgModel.dll
2016-08-10 14:51 - 2016-08-03 06:21 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2016-08-10 14:51 - 2016-08-03 06:20 - 00117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgcore.dll
2016-08-10 14:50 - 2016-08-03 08:24 - 01767008 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2016-08-10 14:50 - 2016-08-03 08:22 - 01811360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2016-08-10 14:50 - 2016-08-03 07:46 - 03467776 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2016-08-10 14:50 - 2016-08-03 07:46 - 02463704 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-08-10 14:50 - 2016-08-03 07:44 - 02495776 _____ C:\Windows\system32\CoreUIComponents.dll
2016-08-10 14:50 - 2016-08-03 07:44 - 00243760 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-08-10 14:50 - 2016-08-03 07:38 - 00252760 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll
2016-08-10 14:50 - 2016-08-03 07:37 - 00658568 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll
2016-08-10 14:50 - 2016-08-03 07:32 - 00983904 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2016-08-10 14:50 - 2016-08-03 06:57 - 00483328 _____ (Microsoft Corporation) C:\Windows\system32\OneDriveSettingSyncProvider.dll
2016-08-10 14:50 - 2016-08-03 06:53 - 07569408 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-08-10 14:50 - 2016-08-03 06:51 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2016-08-10 14:50 - 2016-08-03 06:49 - 00371712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 14:50 - 2016-08-03 06:47 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe
2016-08-10 14:50 - 2016-08-03 06:47 - 00293376 _____ C:\Windows\system32\TextInputFramework.dll
2016-08-10 14:50 - 2016-08-03 06:46 - 01416704 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 14:50 - 2016-08-03 06:46 - 00780288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2016-08-10 14:50 - 2016-08-03 06:46 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-08-10 14:50 - 2016-08-03 06:44 - 00328704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2016-08-10 14:50 - 2016-08-03 06:41 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2016-08-10 14:50 - 2016-08-03 06:40 - 00420352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GamePanel.exe
2016-08-10 14:50 - 2016-08-03 06:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-08-10 14:50 - 2016-08-03 06:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Shell.Search.UriHandler.dll
2016-08-10 14:50 - 2016-08-03 06:35 - 00832512 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-08-10 14:50 - 2016-08-03 06:35 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2016-08-10 14:50 - 2016-08-03 06:34 - 00763904 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2016-08-10 14:50 - 2016-08-03 06:34 - 00584704 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2016-08-10 14:50 - 2016-08-03 06:34 - 00394752 _____ (Microsoft Corporation) C:\Windows\system32\Search.ProtocolHandler.MAPI2.dll
2016-08-10 14:50 - 2016-08-03 06:34 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2016-08-10 14:50 - 2016-08-03 06:34 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
2016-08-10 14:50 - 2016-08-03 06:34 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MosHostClient.dll
2016-08-10 14:50 - 2016-08-03 06:33 - 01844736 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2016-08-10 14:50 - 2016-08-03 06:33 - 01061888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2016-08-10 14:50 - 2016-08-03 06:33 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2016-08-10 14:50 - 2016-08-03 06:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2016-08-10 14:50 - 2016-08-03 06:31 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-08-10 14:50 - 2016-08-03 06:26 - 00584704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2016-08-10 14:50 - 2016-08-03 06:26 - 00282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2016-08-10 14:50 - 2016-08-03 06:26 - 00280576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2016-08-10 14:50 - 2016-08-03 06:25 - 00695808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2016-08-10 14:50 - 2016-08-03 06:25 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2016-08-10 14:50 - 2016-08-03 06:25 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosHostClient.dll
2016-08-10 14:50 - 2016-08-03 06:25 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-08 14:16 - 2016-06-12 13:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-08 14:15 - 2016-06-06 09:55 - 00000000 ____D C:\Users\Dragi\AppData\Local\Adobe
2016-09-08 14:15 - 2016-06-04 20:28 - 00004158 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{19888599-A046-46B2-A18B-4DA05FE4E937}
2016-09-08 14:12 - 2016-06-04 20:36 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-07 21:54 - 2016-06-04 20:36 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-07 21:37 - 2016-06-06 18:21 - 00003972 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1465230096
2016-09-07 21:37 - 2016-06-06 18:10 - 00000000 ____D C:\Program Files (x86)\Opera
2016-09-07 21:31 - 2015-07-10 14:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-07 21:31 - 2015-07-10 11:05 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-09-07 17:54 - 2015-07-10 13:02 - 00000000 ____D C:\Windows\INF
2016-09-07 12:42 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\AppReadiness
2016-09-06 20:57 - 2016-07-08 17:17 - 00000000 ____D C:\Users\Dragi\AppData\Roaming\XnView
2016-09-06 20:40 - 2016-06-04 20:42 - 00000000 ____D C:\Users\Dragi\.umplayer
2016-09-06 14:19 - 2015-07-10 13:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-04 11:43 - 2016-07-20 16:47 - 00000000 ____D C:\Windows\Minidump
2016-09-04 10:42 - 2016-06-11 17:16 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-09-03 20:59 - 2016-06-12 13:04 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-09-01 15:07 - 2016-06-04 19:33 - 00000000 ____D C:\Users\Dragi
2016-08-29 20:40 - 2016-06-06 10:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-08-16 20:55 - 2016-06-05 05:20 - 00000000 ____D C:\Windows\Panther
2016-08-16 20:53 - 2016-04-27 09:47 - 00000000 ___HD C:\$WINDOWS.~BT
2016-08-16 17:46 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\rescache
2016-08-16 16:48 - 2016-06-04 19:36 - 00002377 _____ C:\Users\Dragi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-16 16:48 - 2016-06-04 19:36 - 00000000 ___RD C:\Users\Dragi\OneDrive
2016-08-16 11:58 - 2015-07-10 13:04 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-08-16 11:58 - 2015-07-10 13:04 - 00000000 ___RD C:\Windows\DevicesFlow
2016-08-16 11:58 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-08-16 11:58 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\system32\oobe
2016-08-16 11:58 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Windows Defender
2016-08-16 11:58 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-08-10 17:12 - 2015-07-10 12:55 - 00000000 ____D C:\Windows\CbsTemp
2016-08-10 17:10 - 2016-06-04 22:24 - 00000000 ____D C:\Windows\system32\MRT
2016-08-10 17:07 - 2016-06-04 22:24 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-10 17:06 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\system32\SecureBootUpdates

==================== Files in the root of some directories =======

2016-07-07 10:57 - 2016-07-07 10:57 - 0001456 _____ () C:\Users\Dragi\AppData\Local\Adobe Save for Web 13.0 Prefs

Some files in TEMP:
====================
C:\Users\Dragi\AppData\Local\Temp\AdAntiDlr.exe
C:\Users\Dragi\AppData\Local\Temp\AutoTime51495.exe
C:\Users\Dragi\AppData\Local\Temp\Browser_V5.7.15319.5_r_4722_(Build1608291541).exe
C:\Users\Dragi\AppData\Local\Temp\ludashisetup.exe
C:\Users\Dragi\AppData\Local\Temp\newAutoTime_51495.exe
C:\Users\Dragi\AppData\Local\Temp\ptraliplahndo.ru_World.exe
C:\Users\Dragi\AppData\Local\Temp\ptraliplahntop.ru_World.exe
C:\Users\Dragi\AppData\Local\Temp\ui.dll
C:\Users\Dragi\AppData\Local\Temp\ziptool.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-29 20:31

==================== End of FRST.txt ============================

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Vidim da ti je onemogucen system restore, mogao bi da ukljucis.

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
HKU\S-1-5-21-1399999599-1220102421-2335971870-1001\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [JzShlobj] -> {7B286609-DA97-47E1-AC6B-33B8B4732C95} => No File
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => No File
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
ShortcutWithArgument: C:\Users\Dragi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Dragi\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc
2016-09-06 20:41 - 2016-09-06 20:41 - 00000000 ____D C:\Users\Dragi\AppData\Local\UCBrowser
2016-09-06 20:41 - 2016-09-06 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\鲁大师
2016-09-06 20:40 - 2016-09-06 20:40 - 00000882 _____ C:\Users\Dragi\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
2016-09-06 20:40 - 2016-09-06 20:40 - 00000000 ____D C:\Program Files\żěŃą
2016-09-06 20:37 - 2016-09-07 17:51 - 00000000 ____D C:\Users\Dragi\AppData\Roaming\GameLauncher
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Ko je trenutno na forumu
 

Ukupno su 722 korisnika na forumu :: 7 registrovanih, 3 sakrivenih i 712 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: darios, milenko crazy north, nextyamb, Shilok, stegonosa, vladaa012, zicko.spacek