Kineski sindrom

1

Kineski sindrom

offline
  • Sad radim sve ono što pre nisam stizao.
  • Pridružio: 17 Maj 2006
  • Poruke: 18438
  • Gde živiš: I ja se pitam...

Колеге, помагајте. Терао ме ђаво јуче после дуго времена да скинем неку музику, а онда сам по навици почео да кликћем - и закачило ми се нешто рекламно на кинеском. На екрану се појављује као мерач температуре ЦПУ, а отвара ми периодично и неке рекламе.
Нисам никако покушао да решим проблем (ако изузмемо крепклинер и узалудни покушај да на контрол панелу деинсталирам тај чичак који ми се закачио). Обраћам се вама јер знам да сте чаробњаци за овакве неопрезности.


https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zdravo,

deinstaliraj,

Compress
GameLauncher
UC浏览器


-----

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

--------

Potom mi postavi novi FRST log i Addition log, kao i prvi put.

offline
  • Sad radim sve ono što pre nisam stizao.
  • Pridružio: 17 Maj 2006
  • Poruke: 18438
  • Gde živiš: I ja se pitam...

О, спасиоче мој... Zagrljaj

Ево фајла. Онај чистач ми је очистио ''Оперу'' и ''Хрому'', па сам се сад улоговао преко ''Експлорера'' док не буде сигурно да поново скинем она два претраживача на које сам навикао, наравно, ако ми ти препоручујеш.


https://www.mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

A, sada postavi novi FRST log i Addition.

offline
  • Sad radim sve ono što pre nisam stizao.
  • Pridružio: 17 Maj 2006
  • Poruke: 18438
  • Gde živiš: I ja se pitam...

Стиже...
https://www.mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Trazio sam FRST logove. To su ona dva loga sa pocetka, iz uputstva za otvaranje teme.

offline
  • Sad radim sve ono što pre nisam stizao.
  • Pridružio: 17 Maj 2006
  • Poruke: 18438
  • Gde živiš: I ja se pitam...

Napisano: 07 Sep 2016 21:36

...А ево и трећег. Код оног другог скенирања показао ми је пет претњи, а код овог трећег само једну.
https://www.mycity.rs/must-login.png

Dopuna: 07 Sep 2016 21:36

helen1 ::Trazio sam FRST logove. To su ona dva loga sa pocetka, iz uputstva za otvaranje teme.

Сад сам видео, извини, одох да их поставим.

Dopuna: 07 Sep 2016 21:43

Мислим да је то то...

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Dopuna: 07 Sep 2016 21:43

Ово триплирање другог фајла је случајно, извини.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Nesto nije dobro odradjeno, logovi su prazni, probaj ponovo da kopiras.

offline
  • Sad radim sve ono što pre nisam stizao.
  • Pridružio: 17 Maj 2006
  • Poruke: 18438
  • Gde živiš: I ja se pitam...

Napisano: 08 Sep 2016 7:05

[quote="helen1"]Nesto nije dobro odradjeno, logovi su prazni, probaj ponovo da kopiras.[/quote

То ћу поподне, пошто сам сада на послу. Хвала ти много. Нема више оних кука и верига по екрану, у свкаом случају.

Dopuna: 08 Sep 2016 14:21

Evo skenova. Nisam uključivao one dole ponudu ''optional scan' prilikom startovanja programa FRST.

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Dragi (administrator) on INTEL2C (08-09-2016 14:15:08)
Running from C:\Users\Dragi\Desktop
Loaded Profiles: Dragi (Available Profiles: Dragi)
Platform: Windows 10 Pro (X64) Language: engleski (SAD)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1399999599-1220102421-2335971870-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1399999599-1220102421-2335971870-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-1399999599-1220102421-2335971870-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [150528 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [JzShlobj] -> {7B286609-DA97-47E1-AC6B-33B8B4732C95} => No File
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 clients2.google.com
Tcpip\Parameters: [DhcpNameServer] 212.200.191.166 212.200.190.166
Tcpip\..\Interfaces\{943b2101-53be-40a8-87b4-d1496dbe343e}: [DhcpNameServer] 212.200.191.166 212.200.190.166

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Dragi\AppData\Roaming\Mozilla\Firefox\Profiles\s4tigtm4.default
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-07-28] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-07-28] (Adobe Systems Inc.)
FF Extension: (Fast search) - C:\Users\Dragi\AppData\Roaming\Mozilla\Firefox\Profiles\s4tigtm4.default\Extensions\amcontextmenu@loucypher [2016-09-06]

Chrome:
=======
CHR Profile: C:\Users\Dragi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google документи) - C:\Users\Dragi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-06]
CHR Extension: (Google диск) - C:\Users\Dragi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-06]
CHR Extension: (YouTube) - C:\Users\Dragi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-06]
CHR Extension: (Google табеле) - C:\Users\Dragi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-04]
CHR Extension: (Google документи офлајн) - C:\Users\Dragi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-06]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Dragi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-04]
CHR Extension: (Fast search v3.5) - C:\Users\Dragi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooppbnomdcjmoepangldchpmjhkeendl [2016-09-06]
CHR Extension: (Gmail) - C:\Users\Dragi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-06]

Opera:
=======
OPR StartupUrls:
OPR Extension: (Fast search v3.5) - C:\Users\Dragi\AppData\Roaming\Opera Software\Opera Stable\Extensions\ooppbnomdcjmoepangldchpmjhkeendl [2016-09-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [737984 2015-08-30] (@ByELDI) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24856 2016-08-03] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVCx32: HpSvc -> no filepath.

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-08 14:15 - 2016-09-08 14:15 - 00008728 _____ C:\Users\Dragi\Desktop\FRST.txt
2016-09-08 14:12 - 2016-09-08 14:12 - 00016148 _____ C:\Windows\system32\INTEL2C_Dragi_HistoryPrediction.bin
2016-09-07 17:47 - 2016-09-07 21:30 - 00000000 ____D C:\AdwCleaner
2016-09-07 17:46 - 2016-09-07 17:46 - 03826240 _____ C:\Users\Dragi\Desktop\AdwCleaner.exe
2016-09-07 12:49 - 2016-09-08 14:15 - 00000000 ____D C:\FRST
2016-09-07 12:47 - 2016-09-07 12:47 - 02397696 _____ (Farbar) C:\Users\Dragi\Desktop\FRST64.exe
2016-09-06 20:41 - 2016-09-06 20:41 - 00000000 ____D C:\Users\Dragi\AppData\Local\UCBrowser
2016-09-06 20:41 - 2016-09-06 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\鲁大师
2016-09-06 20:40 - 2016-09-06 20:40 - 00000882 _____ C:\Users\Dragi\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
2016-09-06 20:40 - 2016-09-06 20:40 - 00000000 ____D C:\Program Files\żěŃą
2016-09-06 20:37 - 2016-09-07 17:51 - 00000000 ____D C:\Users\Dragi\AppData\Roaming\GameLauncher
2016-09-06 20:37 - 2016-09-06 20:37 - 00002144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2016-09-06 20:37 - 2016-09-06 20:37 - 00002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2016-09-06 20:37 - 2016-09-06 20:37 - 00002140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ореrа.lnk
2016-09-06 20:37 - 2016-09-06 20:37 - 00002086 _____ C:\Users\Dragi\Desktop\I.Е..lnk
2016-09-02 14:45 - 2016-09-06 14:19 - 00000807 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pomoćnik za nadogradnju na Windows 10.lnk
2016-09-02 14:45 - 2016-09-06 14:19 - 00000795 _____ C:\Users\Dragi\Desktop\Pomoćnik za nadogradnju na Windows 10.lnk
2016-09-02 14:45 - 2016-09-06 14:19 - 00000000 ____D C:\Windows10Upgrade
2016-08-31 19:43 - 2016-08-31 19:43 - 00000000 ____D C:\Windows\UpdateAssistant
2016-08-16 16:48 - 2016-08-16 16:48 - 00003326 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task
2016-08-16 16:47 - 2016-08-16 16:47 - 00000000 ____D C:\Users\Dragi\AppData\Roaming\Skype
2016-08-16 11:58 - 2016-08-16 11:58 - 00000000 ____D C:\Program Files\CMAK
2016-08-16 11:58 - 2016-08-16 11:58 - 00000000 ____D C:\Program Files (x86)\CMAK
2016-08-10 14:52 - 2016-08-03 07:44 - 02429792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-08-10 14:52 - 2016-08-03 07:44 - 02115936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-08-10 14:52 - 2016-08-03 06:57 - 21862912 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-08-10 14:52 - 2016-08-03 06:36 - 07524352 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-08-10 14:52 - 2016-08-03 06:35 - 04791296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 14:52 - 2016-08-03 06:35 - 03584000 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-08-10 14:52 - 2016-08-03 06:35 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-08-10 14:51 - 2016-08-03 08:25 - 00953472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-08-10 14:51 - 2016-08-03 08:25 - 00365120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-08-10 14:51 - 2016-08-03 08:24 - 02152744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-08-10 14:51 - 2016-08-03 08:24 - 01531368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-08-10 14:51 - 2016-08-03 08:24 - 01356368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2016-08-10 14:51 - 2016-08-03 08:24 - 00439648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2016-08-10 14:51 - 2016-08-03 08:24 - 00046480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wldp.dll
2016-08-10 14:51 - 2016-08-03 08:23 - 01895576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hevcdecoder.dll
2016-08-10 14:51 - 2016-08-03 08:15 - 02881624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 14:51 - 2016-08-03 08:15 - 00700256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-08-10 14:51 - 2016-08-03 08:15 - 00468832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-08-10 14:51 - 2016-08-03 08:15 - 00046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NAPCRYPT.DLL
2016-08-10 14:51 - 2016-08-03 08:14 - 00565648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2016-08-10 14:51 - 2016-08-03 08:13 - 00065096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Clipc.dll
2016-08-10 14:51 - 2016-08-03 08:09 - 00185952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\policymanager.dll
2016-08-10 14:51 - 2016-08-03 07:46 - 08016728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-08-10 14:51 - 2016-08-03 07:46 - 02816016 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2016-08-10 14:51 - 2016-08-03 07:46 - 01951864 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-08-10 14:51 - 2016-08-03 07:46 - 01563480 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-08-10 14:51 - 2016-08-03 07:46 - 01561360 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2016-08-10 14:51 - 2016-08-03 07:46 - 01538168 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2016-08-10 14:51 - 2016-08-03 07:46 - 01314496 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-08-10 14:51 - 2016-08-03 07:46 - 00632680 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2016-08-10 14:51 - 2016-08-03 07:46 - 00601336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-08-10 14:51 - 2016-08-03 07:46 - 00552288 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2016-08-10 14:51 - 2016-08-03 07:46 - 00432352 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-08-10 14:51 - 2016-08-03 07:46 - 00158048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 14:51 - 2016-08-03 07:46 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wldp.dll
2016-08-10 14:51 - 2016-08-03 07:44 - 02156400 _____ (Microsoft Corporation) C:\Windows\system32\hevcdecoder.dll
2016-08-10 14:51 - 2016-08-03 07:44 - 00388896 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll
2016-08-10 14:51 - 2016-08-03 07:39 - 00660320 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-08-10 14:51 - 2016-08-03 07:38 - 06525424 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2016-08-10 14:51 - 2016-08-03 07:38 - 03625928 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 14:51 - 2016-08-03 07:38 - 01134792 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2016-08-10 14:51 - 2016-08-03 07:38 - 00801632 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-08-10 14:51 - 2016-08-03 07:38 - 00724168 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2016-08-10 14:51 - 2016-08-03 07:38 - 00078040 _____ (Microsoft Corporation) C:\Windows\system32\Clipc.dll
2016-08-10 14:51 - 2016-08-03 07:33 - 00224704 _____ (Microsoft Corporation) C:\Windows\system32\policymanager.dll
2016-08-10 14:51 - 2016-08-03 07:09 - 00954368 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-08-10 14:51 - 2016-08-03 07:03 - 16708608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-08-10 14:51 - 2016-08-03 06:57 - 24604160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 14:51 - 2016-08-03 06:57 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-10 14:51 - 2016-08-03 06:55 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\oemlicense.dll
2016-08-10 14:51 - 2016-08-03 06:54 - 11557888 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-08-10 14:51 - 2016-08-03 06:53 - 13027328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 14:51 - 2016-08-03 06:52 - 02418688 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-08-10 14:51 - 2016-08-03 06:50 - 02902528 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2016-08-10 14:51 - 2016-08-03 06:49 - 06305792 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2016-08-10 14:51 - 2016-08-03 06:49 - 02446336 _____ C:\Windows\system32\InputService.dll
2016-08-10 14:51 - 2016-08-03 06:48 - 06788096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-08-10 14:51 - 2016-08-03 06:47 - 00456704 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-10 14:51 - 2016-08-03 06:47 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oemlicense.dll
2016-08-10 14:51 - 2016-08-03 06:47 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2016-08-10 14:51 - 2016-08-03 06:46 - 02238464 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-08-10 14:51 - 2016-08-03 06:46 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
2016-08-10 14:51 - 2016-08-03 06:46 - 00963072 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2016-08-10 14:51 - 2016-08-03 06:46 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2016-08-10 14:51 - 2016-08-03 06:45 - 14241792 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-08-10 14:51 - 2016-08-03 06:45 - 12514304 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 14:51 - 2016-08-03 06:45 - 04847616 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2016-08-10 14:51 - 2016-08-03 06:45 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\iassvcs.dll
2016-08-10 14:51 - 2016-08-03 06:44 - 19337216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 14:51 - 2016-08-03 06:44 - 09889792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-08-10 14:51 - 2016-08-03 06:44 - 00893440 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApiPublic.dll
2016-08-10 14:51 - 2016-08-03 06:44 - 00814592 _____ (Microsoft Corporation) C:\Windows\system32\provcore.dll
2016-08-10 14:51 - 2016-08-03 06:44 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2016-08-10 14:51 - 2016-08-03 06:43 - 07055872 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-08-10 14:51 - 2016-08-03 06:43 - 00326656 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2016-08-10 14:51 - 2016-08-03 06:43 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2016-08-10 14:51 - 2016-08-03 06:43 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2016-08-10 14:51 - 2016-08-03 06:42 - 02839040 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2016-08-10 14:51 - 2016-08-03 06:42 - 02598912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2016-08-10 14:51 - 2016-08-03 06:42 - 02253824 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2016-08-10 14:51 - 2016-08-03 06:42 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-08-10 14:51 - 2016-08-03 06:42 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll
2016-08-10 14:51 - 2016-08-03 06:41 - 04398592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2016-08-10 14:51 - 2016-08-03 06:41 - 03119104 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 14:51 - 2016-08-03 06:41 - 01823232 _____ C:\Windows\SysWOW64\InputService.dll
2016-08-10 14:51 - 2016-08-03 06:41 - 01686528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 14:51 - 2016-08-03 06:41 - 01606656 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 14:51 - 2016-08-03 06:40 - 05160960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 14:51 - 2016-08-03 06:40 - 01918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-08-10 14:51 - 2016-08-03 06:40 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-08-10 14:51 - 2016-08-03 06:40 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-10 14:51 - 2016-08-03 06:40 - 00338944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-10 14:51 - 2016-08-03 06:40 - 00200704 _____ C:\Windows\SysWOW64\TextInputFramework.dll
2016-08-10 14:51 - 2016-08-03 06:39 - 05448704 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2016-08-10 14:51 - 2016-08-03 06:39 - 00846848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NaturalLanguage6.dll
2016-08-10 14:51 - 2016-08-03 06:39 - 00806912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2016-08-10 14:51 - 2016-08-03 06:39 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 14:51 - 2016-08-03 06:39 - 00587776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2016-08-10 14:51 - 2016-08-03 06:39 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 14:51 - 2016-08-03 06:39 - 00153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2016-08-10 14:51 - 2016-08-03 06:39 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2016-08-10 14:51 - 2016-08-03 06:38 - 06101504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-08-10 14:51 - 2016-08-03 06:38 - 03873280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2016-08-10 14:51 - 2016-08-03 06:38 - 03527168 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2016-08-10 14:51 - 2016-08-03 06:38 - 00819712 _____ (Microsoft Corporation) C:\Windows\system32\licensingdiag.exe
2016-08-10 14:51 - 2016-08-03 06:38 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2016-08-10 14:51 - 2016-08-03 06:38 - 00239104 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2016-08-10 14:51 - 2016-08-03 06:38 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\IdCtrls.dll
2016-08-10 14:51 - 2016-08-03 06:37 - 04453888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2016-08-10 14:51 - 2016-08-03 06:37 - 04168704 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2016-08-10 14:51 - 2016-08-03 06:37 - 02558976 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2016-08-10 14:51 - 2016-08-03 06:37 - 00136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iassvcs.dll
2016-08-10 14:51 - 2016-08-03 06:36 - 07502848 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-08-10 14:51 - 2016-08-03 06:36 - 00671232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApiPublic.dll
2016-08-10 14:51 - 2016-08-03 06:36 - 00584704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\provcore.dll
2016-08-10 14:51 - 2016-08-03 06:36 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2016-08-10 14:51 - 2016-08-03 06:36 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2016-08-10 14:51 - 2016-08-03 06:36 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\WPTaskScheduler.dll
2016-08-10 14:51 - 2016-08-03 06:36 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2016-08-10 14:51 - 2016-08-03 06:35 - 18799616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-08-10 14:51 - 2016-08-03 06:35 - 01717760 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-08-10 14:51 - 2016-08-03 06:35 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2016-08-10 14:51 - 2016-08-03 06:35 - 00336384 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2016-08-10 14:51 - 2016-08-03 06:35 - 00243712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2016-08-10 14:51 - 2016-08-03 06:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappprxy.dll
2016-08-10 14:51 - 2016-08-03 06:34 - 01522176 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-08-10 14:51 - 2016-08-03 06:34 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2016-08-10 14:51 - 2016-08-03 06:34 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-08-10 14:51 - 2016-08-03 06:34 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2016-08-10 14:51 - 2016-08-03 06:33 - 12589056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-08-10 14:51 - 2016-08-03 06:33 - 02587136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 14:51 - 2016-08-03 06:33 - 02198016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2016-08-10 14:51 - 2016-08-03 06:33 - 01418240 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2016-08-10 14:51 - 2016-08-03 06:33 - 01387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-10 14:51 - 2016-08-03 06:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2016-08-10 14:51 - 2016-08-03 06:32 - 05079552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-08-10 14:51 - 2016-08-03 06:32 - 01492992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 14:51 - 2016-08-03 06:32 - 00939008 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2016-08-10 14:51 - 2016-08-03 06:32 - 00794112 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2016-08-10 14:51 - 2016-08-03 06:32 - 00679936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 14:51 - 2016-08-03 06:32 - 00574464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2016-08-10 14:51 - 2016-08-03 06:32 - 00502784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-10 14:51 - 2016-08-03 06:32 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-08-10 14:51 - 2016-08-03 06:31 - 05329408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2016-08-10 14:51 - 2016-08-03 06:31 - 01096192 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-08-10 14:51 - 2016-08-03 06:31 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\DbgModel.dll
2016-08-10 14:51 - 2016-08-03 06:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2016-08-10 14:51 - 2016-08-03 06:30 - 02748416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2016-08-10 14:51 - 2016-08-03 06:30 - 00617472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licensingdiag.exe
2016-08-10 14:51 - 2016-08-03 06:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2016-08-10 14:51 - 2016-08-03 06:30 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\dbgcore.dll
2016-08-10 14:51 - 2016-08-03 06:30 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IdCtrls.dll
2016-08-10 14:51 - 2016-08-03 06:29 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2016-08-10 14:51 - 2016-08-03 06:29 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2016-08-10 14:51 - 2016-08-03 06:28 - 03692032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2016-08-10 14:51 - 2016-08-03 06:28 - 03579392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 14:51 - 2016-08-03 06:27 - 11270656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 14:51 - 2016-08-03 06:27 - 03443200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2016-08-10 14:51 - 2016-08-03 06:27 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2016-08-10 14:51 - 2016-08-03 06:26 - 06713856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-08-10 14:51 - 2016-08-03 06:26 - 05454848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-08-10 14:51 - 2016-08-03 06:26 - 01467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-08-10 14:51 - 2016-08-03 06:26 - 00117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2016-08-10 14:51 - 2016-08-03 06:25 - 00712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2016-08-10 14:51 - 2016-08-03 06:25 - 00565760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2016-08-10 14:51 - 2016-08-03 06:25 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2016-08-10 14:51 - 2016-08-03 06:22 - 00716288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2016-08-10 14:51 - 2016-08-03 06:21 - 00854016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2016-08-10 14:51 - 2016-08-03 06:21 - 00404992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DbgModel.dll
2016-08-10 14:51 - 2016-08-03 06:21 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2016-08-10 14:51 - 2016-08-03 06:20 - 00117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgcore.dll
2016-08-10 14:50 - 2016-08-03 08:24 - 01767008 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2016-08-10 14:50 - 2016-08-03 08:22 - 01811360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2016-08-10 14:50 - 2016-08-03 07:46 - 03467776 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2016-08-10 14:50 - 2016-08-03 07:46 - 02463704 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-08-10 14:50 - 2016-08-03 07:44 - 02495776 _____ C:\Windows\system32\CoreUIComponents.dll
2016-08-10 14:50 - 2016-08-03 07:44 - 00243760 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-08-10 14:50 - 2016-08-03 07:38 - 00252760 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll
2016-08-10 14:50 - 2016-08-03 07:37 - 00658568 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll
2016-08-10 14:50 - 2016-08-03 07:32 - 00983904 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2016-08-10 14:50 - 2016-08-03 06:57 - 00483328 _____ (Microsoft Corporation) C:\Windows\system32\OneDriveSettingSyncProvider.dll
2016-08-10 14:50 - 2016-08-03 06:53 - 07569408 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-08-10 14:50 - 2016-08-03 06:51 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2016-08-10 14:50 - 2016-08-03 06:49 - 00371712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 14:50 - 2016-08-03 06:47 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe
2016-08-10 14:50 - 2016-08-03 06:47 - 00293376 _____ C:\Windows\system32\TextInputFramework.dll
2016-08-10 14:50 - 2016-08-03 06:46 - 01416704 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 14:50 - 2016-08-03 06:46 - 00780288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2016-08-10 14:50 - 2016-08-03 06:46 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-08-10 14:50 - 2016-08-03 06:44 - 00328704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2016-08-10 14:50 - 2016-08-03 06:41 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2016-08-10 14:50 - 2016-08-03 06:40 - 00420352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GamePanel.exe
2016-08-10 14:50 - 2016-08-03 06:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-08-10 14:50 - 2016-08-03 06:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Shell.Search.UriHandler.dll
2016-08-10 14:50 - 2016-08-03 06:35 - 00832512 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-08-10 14:50 - 2016-08-03 06:35 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2016-08-10 14:50 - 2016-08-03 06:34 - 00763904 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2016-08-10 14:50 - 2016-08-03 06:34 - 00584704 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2016-08-10 14:50 - 2016-08-03 06:34 - 00394752 _____ (Microsoft Corporation) C:\Windows\system32\Search.ProtocolHandler.MAPI2.dll
2016-08-10 14:50 - 2016-08-03 06:34 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2016-08-10 14:50 - 2016-08-03 06:34 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
2016-08-10 14:50 - 2016-08-03 06:34 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MosHostClient.dll
2016-08-10 14:50 - 2016-08-03 06:33 - 01844736 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2016-08-10 14:50 - 2016-08-03 06:33 - 01061888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2016-08-10 14:50 - 2016-08-03 06:33 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2016-08-10 14:50 - 2016-08-03 06:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2016-08-10 14:50 - 2016-08-03 06:31 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-08-10 14:50 - 2016-08-03 06:26 - 00584704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2016-08-10 14:50 - 2016-08-03 06:26 - 00282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2016-08-10 14:50 - 2016-08-03 06:26 - 00280576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2016-08-10 14:50 - 2016-08-03 06:25 - 00695808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2016-08-10 14:50 - 2016-08-03 06:25 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2016-08-10 14:50 - 2016-08-03 06:25 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosHostClient.dll
2016-08-10 14:50 - 2016-08-03 06:25 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-08 14:16 - 2016-06-12 13:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-08 14:15 - 2016-06-06 09:55 - 00000000 ____D C:\Users\Dragi\AppData\Local\Adobe
2016-09-08 14:15 - 2016-06-04 20:28 - 00004158 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{19888599-A046-46B2-A18B-4DA05FE4E937}
2016-09-08 14:12 - 2016-06-04 20:36 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-07 21:54 - 2016-06-04 20:36 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-07 21:37 - 2016-06-06 18:21 - 00003972 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1465230096
2016-09-07 21:37 - 2016-06-06 18:10 - 00000000 ____D C:\Program Files (x86)\Opera
2016-09-07 21:31 - 2015-07-10 14:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-07 21:31 - 2015-07-10 11:05 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-09-07 17:54 - 2015-07-10 13:02 - 00000000 ____D C:\Windows\INF
2016-09-07 12:42 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\AppReadiness
2016-09-06 20:57 - 2016-07-08 17:17 - 00000000 ____D C:\Users\Dragi\AppData\Roaming\XnView
2016-09-06 20:40 - 2016-06-04 20:42 - 00000000 ____D C:\Users\Dragi\.umplayer
2016-09-06 14:19 - 2015-07-10 13:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-04 11:43 - 2016-07-20 16:47 - 00000000 ____D C:\Windows\Minidump
2016-09-04 10:42 - 2016-06-11 17:16 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-09-03 20:59 - 2016-06-12 13:04 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-09-01 15:07 - 2016-06-04 19:33 - 00000000 ____D C:\Users\Dragi
2016-08-29 20:40 - 2016-06-06 10:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-08-16 20:55 - 2016-06-05 05:20 - 00000000 ____D C:\Windows\Panther
2016-08-16 20:53 - 2016-04-27 09:47 - 00000000 ___HD C:\$WINDOWS.~BT
2016-08-16 17:46 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\rescache
2016-08-16 16:48 - 2016-06-04 19:36 - 00002377 _____ C:\Users\Dragi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-16 16:48 - 2016-06-04 19:36 - 00000000 ___RD C:\Users\Dragi\OneDrive
2016-08-16 11:58 - 2015-07-10 13:04 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-08-16 11:58 - 2015-07-10 13:04 - 00000000 ___RD C:\Windows\DevicesFlow
2016-08-16 11:58 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-08-16 11:58 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\system32\oobe
2016-08-16 11:58 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Windows Defender
2016-08-16 11:58 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-08-10 17:12 - 2015-07-10 12:55 - 00000000 ____D C:\Windows\CbsTemp
2016-08-10 17:10 - 2016-06-04 22:24 - 00000000 ____D C:\Windows\system32\MRT
2016-08-10 17:07 - 2016-06-04 22:24 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-10 17:06 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\system32\SecureBootUpdates

==================== Files in the root of some directories =======

2016-07-07 10:57 - 2016-07-07 10:57 - 0001456 _____ () C:\Users\Dragi\AppData\Local\Adobe Save for Web 13.0 Prefs

Some files in TEMP:
====================
C:\Users\Dragi\AppData\Local\Temp\AdAntiDlr.exe
C:\Users\Dragi\AppData\Local\Temp\AutoTime51495.exe
C:\Users\Dragi\AppData\Local\Temp\Browser_V5.7.15319.5_r_4722_(Build1608291541).exe
C:\Users\Dragi\AppData\Local\Temp\ludashisetup.exe
C:\Users\Dragi\AppData\Local\Temp\newAutoTime_51495.exe
C:\Users\Dragi\AppData\Local\Temp\ptraliplahndo.ru_World.exe
C:\Users\Dragi\AppData\Local\Temp\ptraliplahntop.ru_World.exe
C:\Users\Dragi\AppData\Local\Temp\ui.dll
C:\Users\Dragi\AppData\Local\Temp\ziptool.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-29 20:31

==================== End of FRST.txt ============================

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Vidim da ti je onemogucen system restore, mogao bi da ukljucis.

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
HKU\S-1-5-21-1399999599-1220102421-2335971870-1001\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [JzShlobj] -> {7B286609-DA97-47E1-AC6B-33B8B4732C95} => No File
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => No File
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
ShortcutWithArgument: C:\Users\Dragi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Dragi\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc
2016-09-06 20:41 - 2016-09-06 20:41 - 00000000 ____D C:\Users\Dragi\AppData\Local\UCBrowser
2016-09-06 20:41 - 2016-09-06 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\鲁大师
2016-09-06 20:40 - 2016-09-06 20:40 - 00000882 _____ C:\Users\Dragi\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
2016-09-06 20:40 - 2016-09-06 20:40 - 00000000 ____D C:\Program Files\żěŃą
2016-09-06 20:37 - 2016-09-07 17:51 - 00000000 ____D C:\Users\Dragi\AppData\Roaming\GameLauncher
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Ko je trenutno na forumu
 

Ukupno su 1061 korisnika na forumu :: 46 registrovanih, 9 sakrivenih i 1006 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., Apok, Asparagus, babaroga, bokisha253, Boris Bosiljčić, BORUTUS, Brana01, Bubili, croato, DENIRO, Dimitrise93, DPera, dragoljub11987, dragon986, dule10savic, FileFinder, GenZee, goxin, ikan, JOntra, Kruger, Kubovac, KUZMAR, Lieutenant, ljuba, Luka Blažević, mercedesamg, Miroljub1979, ostoja, pein, pera bager, prle122, repac, Ripanjac, royst33, sasakrajina, stegonosa, suponik, taz1cl, vathra, VJ, vladulns, VP6919, 125