MyCity » Ambulanta -> Arhiva Ambulante » u konja trojana kozje usi

u konja trojana kozje usi

Napisano na dan: 14.8.2015

Strana:
1
2

u konja trojana kozje usi

Sledeća strana

Pagination

Zaključano

Strana:
1
2

crno dete Poslao: 14 Avg 2015 13:57 Idi na vrh
offline crno dete Novi MyCity građanin Pridružio: 14 Avg 2015 Poruke: 25	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: juče sam tražio licencu za blue eye macro i umesto toga sam posnifao trojanca. tako mi se sada u task menageru pojavljuju rstray.exe, ravmond.exe i popwndexe.exe, kao i nešto na kineskom i rising antivirus, što je nemoguće izbrisati iz control panela. bio je prisutan i CinemaP1.9cV13.08, ali je posle malwarertbytes intervencije nestao. sinoć sam skenikao laptop malwarebytsom i pronašao je 1908 zaraženih objekata. sve sam ih obrisao i opet ništa. inače, koristim eset koji nije pronašao ič sumnjivo. evo i prvih rezultata analize: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-08-2015 Ran by Mesh (administrator) on DIOGEN (14-08-2015 13:46:10) Running from C:\Users\Mesh\Desktop Loaded Profiles: Mesh (Available Profiles: Mesh) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\ravmond.exe (The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ETRWTER) C:\Program Files (x86)\fr\fr.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\popwndexe.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\rstray.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\rstray64.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) HKLM-x32\...\Run: [fr] => C:\Program Files (x86)\fr\fr.exe [262144 2015-08-11] (ETRWTER) HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.) HKLM-x32\...\Run: [RavTRAY] => C:\Program Files (x86)\Rising\RAV\RSTRAY.EXE [111000 2014-05-15] (Beijing Rising Information Technology Co., Ltd.) HKLM-x32\...\Run: [SohuVA] => "C:\Program Files (x86)\????\SHPlayer.exe" /auto HKU\S-1-5-21-4209369173-3384524162-1790046760-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe BootExecute: autocheck autochk * bsmain GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs URLSearchHook: HKLM-x32 - SweetTunes1 Toolbar - {f9d1c08c-2031-4e6c-ab51-50330ac2d988} - C:\Program Files (x86)\SweetTunes1\prxtbSwee.dll No File SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms} SearchScopes: HKU\S-1-5-21-4209369173-3384524162-1790046760-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-03-03] (Microsoft Corporation) BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2013-09-13] (Microsoft Corporation) BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-09-05] (Adobe Systems Incorporated) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated) BHO-x32: CSohuDetector Object -> {452ADB5B-00BE-469D-A65F-3046146B2ED5} -> C:\Program Files (x86)\搜狐影音\SoHuAutoDetector.dll [2015-08-13] (Sohu) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-21] (Oracle Corporation) BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2013-09-13] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-11-02] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-21] (Oracle Corporation) BHO-x32: Freemake.YoutubeButton -> {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated) BHO-x32: SweetTunes1 Toolbar -> {f9d1c08c-2031-4e6c-ab51-50330ac2d988} -> C:\Program Files (x86)\SweetTunes1\prxtbSwee.dll No File Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - SweetTunes1 Toolbar - {f9d1c08c-2031-4e6c-ab51-50330ac2d988} - C:\Program Files (x86)\SweetTunes1\prxtbSwee.dll No File Toolbar: HKU\S-1-5-21-4209369173-3384524162-1790046760-1000 -> No Name - {F9D1C08C-2031-4E6C-AB51-50330AC2D988} - No File Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{1C56B0E3-AB8F-4DAB-AF2D-1A64BB81223B}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{802476BF-2C34-448B-85E6-8A295CD6DA12}: [DhcpNameServer] 192.168.42.129 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske FF NewTab: [Link mogu videti samo ulogovani korisnici] FF SelectedSearchEngine: Yahoo! Search FF Homepage: [Link mogu videti samo ulogovani korisnici] FF Keyword.URL: [Link mogu videti samo ulogovani korisnici] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-13] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-13] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-21] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-21] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll [2012-09-13] ( ) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-01-16] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-01-16] (NVIDIA Corporation) FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2013-06-27] (Beijing Rising Information Technology Co., Ltd.) FF Plugin-x32: @sohu.com/npifox -> C:\Program Files (x86)\搜狐影音\npifox.dll [2015-08-13] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems) FF Plugin HKU\S-1-5-21-4209369173-3384524162-1790046760-1000: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2013-06-27] (Beijing Rising Information Technology Co., Ltd.) FF Plugin HKU\S-1-5-21-4209369173-3384524162-1790046760-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mesh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-21] (Unity Technologies ApS) FF user.js: detected! => C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\user.js [2015-02-14] FF user.js: detected! => C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\user.js [2015-02-14] FF user.js: detected! => C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\user.js [2015-02-14] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2003-05-15] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppluginrichmediaplayer.dll [2013-03-12] () FF SearchPlugin: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\searchplugins\search-simple.xml [2015-03-19] FF SearchPlugin: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\searchplugins\bingp.xml [2013-08-22] FF SearchPlugin: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\searchplugins\search-simple.xml [2015-03-19] FF SearchPlugin: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\searchplugins\search-simple.xml [2015-03-19] FF SearchPlugin: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\searchplugins\youtube-video-search.xml [2015-03-08] FF Extension: Fasterfox Lite - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\FasterFox_Lite@BigRedBrent [2012-11-29] FF Extension: 8 Ultimo - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\{2b6788a0-0ccd-11e1-be50-0800200c9a66} [2012-11-29] FF Extension: FT DeepDark - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2012-11-29] FF Extension: Adblock Plus Pop-up Addon - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\adblockpopups@jessehakanen.net.xpi [2012-11-29] FF Extension: Australis - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\Australis@SoapyHamHocks.xpi [2012-11-29] FF Extension: Shareaholic - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\firefox-extension@shareaholic.com.xpi [2012-11-29] FF Extension: NASA Night Launch - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\nasanightlaunch@example.com.xpi [2012-11-29] FF Extension: Feedback - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\testpilot@labs.mozilla.com.xpi [2012-10-31] FF Extension: Thumbnail Zoom Plus - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\thumbnailZoom@dadler.github.com.xpi [2012-12-08] FF Extension: MeasureIt - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2012-11-29] FF Extension: Adblock Plus - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-29] FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\cryptocat@crypto.cat.xpi [2014-07-04] FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\firebug@software.joehewitt.com.xpi [2014-07-04] FF Extension: Shareaholic - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\firefox-extension@shareaholic.com.xpi [2014-07-04] FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\maskingagent@basa.nl.xpi [2014-07-04] FF Extension: NASA Night Launch - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\nasanightlaunch@example.com.xpi [2014-07-04] FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\nightlaunchcompanion@example.com.xpi [2014-07-04] FF Extension: Thumbnail Zoom Plus - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2014-07-04] FF Extension: Session Manager - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-07-04] FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-04] FF Extension: Thumbnail Zoom - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.xpi [2014-07-04] FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\Extensions\extension@one-tab.com.xpi [2015-07-30] FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2015-08-09] FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\Extensions\thumbnailZoom@dadler.github.com.xpi [2014-07-04] FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-07-04] FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-04] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-08-14] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-07-24] FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2012-09-29] FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2012-09-29] Chrome: ======= CHR Profile: C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-01] CHR Extension: (Google Docs) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-11] CHR Extension: (Google Drive) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-11] CHR Extension: (YouTube) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-11] CHR Extension: (Freemake Video Downloader) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2013-03-17] CHR Extension: (Google Search) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-11] CHR Extension: (Freemake Youtube Download Button) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2013-03-17] CHR Extension: (Google Sheets) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-01] CHR Extension: (No Name) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\giolhomkcooifelkdfpejhidfidaahlc [2013-10-16] CHR Extension: (khhbkiedoogpgipchgfiikmcfmglffdh) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhbkiedoogpgipchgfiikmcfmglffdh [2015-04-05] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11] CHR Extension: (No Name) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-08-13] CHR Extension: (Google Wallet) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Gmail) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-11] CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2012-07-25] CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - <no Path/update_url> CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2012-09-29] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] Opera: ======= OPR Extension: (alexisjacson) - C:\Users\Mesh\AppData\Roaming\Opera Software\Opera Stable\Extensions\fneegbjfomckiofaikblpahnnhhaacel [2014-06-29] OPR Extension: (CinemaP-1.9cV13.08) - C:\Users\Mesh\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-08-13] OPR Extension: (yanrishatum) - C:\Users\Mesh\AppData\Roaming\Opera Software\Opera Stable\Extensions\nhkfophdaplidchjldgoallpdeaondlb [2014-06-29] OPR Extension: (Adblock Plus) - C:\Users\Mesh\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-06-29] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [974944 2011-08-09] (ESET) R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-06-02] (Foxit Software Inc.) R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-12-03] (Ellora Assets Corp.) [File not signed] S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [229392 2012-09-13] (Nitro PDF Software) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2012-08-05] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2012-08-05] () R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [196288 2015-08-14] (Beijing Rising Information Technology Co., Ltd.) R2 RsRavMon; C:\Program Files (x86)\Rising\RAV\ravmond.exe [277552 2014-05-15] (Beijing Rising Information Technology Co., Ltd.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-12-07] (Microsoft Corporation) [File not signed] R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET) S4 epfw; C:\Windows\System32\DRIVERS\epfw.sys [187632 2011-08-04] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2011-08-04] (ESET) S4 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [62496 2011-08-04] (ESET) R1 HyperVM; C:\Windows\system32\drivers\hvm.sys [41784 2015-08-14] (Beijing Rising Information Technology Co., Ltd.) S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71760 2015-04-09] (Beijing Rising Information Technology Co., Ltd.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-04-23] (Duplex Secure Ltd.) R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119256 2015-04-30] (Beijing Rising Information Technology Co., Ltd.) R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] () U3 a015gdtw; C:\Windows\System32\Drivers\a015gdtw.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder) S3 iadusb; system32\DRIVERS\glaui64.sys [X] S1 iSafeKrnlR3; \??\C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-14 13:44 - 2015-08-14 13:46 - 00029535 _____ C:\Users\Mesh\Desktop\FRST.txt 2015-08-14 13:44 - 2015-08-14 13:46 - 00000000 ____D C:\FRST 2015-08-14 13:42 - 2015-08-14 13:44 - 00000000 ____D C:\Users\Mesh\Desktop\knige 2015-08-14 13:42 - 2015-08-14 13:42 - 02173952 _____ (Farbar) C:\Users\Mesh\Desktop\FRST64.exe 2015-08-14 04:43 - 2015-08-14 04:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-08-14 01:23 - 2015-08-14 01:20 - 00041784 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\hvm.sys 2015-08-13 23:57 - 2015-08-14 00:41 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-13 23:57 - 2015-08-13 23:57 - 00001110 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-08-13 23:57 - 2015-08-13 23:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-08-13 23:57 - 2015-08-13 23:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-08-13 23:57 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-08-13 23:57 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-08-13 23:57 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-08-13 23:54 - 2015-08-13 23:55 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Mesh\Desktop\mbam-setup-2.1.8.1057.exe 2015-08-13 22:56 - 2015-08-13 22:56 - 00000268 ____H C:\Windows\Tasks\User_Feed_Synchronization-{84005110-EA47-4FCC-A8B1-0CFC2347E861}.job 2015-08-13 21:28 - 2015-08-14 12:49 - 00003308 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} 2015-08-13 21:24 - 2015-08-14 00:38 - 00000000 ____D C:\Program Files (x86)\521abff7-0410-4522-96a4-a3c4e9d1e836 2015-08-13 21:23 - 2015-08-13 21:23 - 00000000 ____D C:\Users\Mesh\Documents\搜狐影音 2015-08-13 21:23 - 2015-08-13 21:23 - 00000000 ____D C:\Users\Mesh\Documents\ËÑºüÓ°Òô 2015-08-13 21:22 - 2015-08-13 21:23 - 00000000 ____D C:\Program Files (x86)\搜狐影音 2015-08-13 21:22 - 2015-08-13 21:22 - 00000000 ____D C:\Users\Mesh\AppData\Local\Temp尰 2015-08-13 21:22 - 2015-08-13 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狐影音 2015-08-13 21:21 - 2015-08-14 01:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Antivirus 2015-08-13 21:21 - 2015-08-13 21:21 - 00000150 __RSH C:\rising.ini 2015-08-13 21:21 - 2015-08-13 21:21 - 00000134 _____ C:\Windows\SysWOW64\BsMain.ini 2015-08-13 21:21 - 2015-08-13 21:21 - 00000000 ___RD C:\RavBin 2015-08-13 21:21 - 2015-04-30 03:17 - 00119256 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys 2015-08-13 21:21 - 2015-04-09 07:00 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys 2015-08-13 21:21 - 2014-07-30 04:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll 2015-08-13 21:21 - 2014-01-02 09:37 - 00325400 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\ravext64.dll 2015-08-13 21:21 - 2013-12-30 09:33 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\ravext.dll 2015-08-13 21:21 - 2012-09-06 02:30 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\bsmain.exe 2015-08-13 21:21 - 2012-02-29 09:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys 2015-08-13 21:20 - 2015-08-13 21:21 - 00000000 ____D C:\ProgramData\Rising 2015-08-13 21:20 - 2015-08-13 21:21 - 00000000 ____D C:\Program Files (x86)\Rising 2015-08-13 21:19 - 2015-08-13 21:21 - 00000000 ____D C:\Program Files (x86)\fr 2015-08-13 21:06 - 2015-08-13 21:06 - 10470632 _____ C:\BE-Macro-2.61.exe 2015-08-13 20:56 - 2015-08-13 20:56 - 00087208 _____ C:\Users\Mesh\AppData\Local\GDIPFONTCACHEV1.DAT 2015-08-13 20:56 - 2015-08-13 20:56 - 00000000 ____D C:\Users\Mesh\Documents\BlueEye 2015-08-13 20:55 - 2015-08-13 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Eye Macro 2015-08-12 01:45 - 2015-08-14 12:48 - 00720898 _____ C:\Windows\PFRO.log 2015-08-07 14:42 - 2015-08-07 14:42 - 00002196 _____ C:\Users\Mesh\Desktop\100 američkih filmova.txt 2015-08-05 11:05 - 2015-08-14 12:48 - 00000672 _____ C:\Windows\setupact.log 2015-08-05 11:05 - 2015-08-05 11:07 - 05065096 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-05 11:05 - 2015-08-05 11:05 - 00000000 _____ C:\Windows\setuperr.log 2015-07-21 14:25 - 2015-07-21 14:27 - 59579700 _____ C:\Users\Mesh\Desktop\Lxksjf03984yt03794ghxjEx.part2.rar 2015-07-21 14:17 - 2015-07-21 14:24 - 204472320 _____ C:\Users\Mesh\Desktop\Lxksjf03984yt03794ghxjEx.part1.rar 2015-07-21 05:01 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-07-21 05:01 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-07-21 05:01 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-07-21 05:01 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-07-21 05:01 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-07-21 05:01 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-07-21 05:01 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-07-21 05:01 - 2015-02-03 05:31 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-07-21 05:01 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-07-21 05:01 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-07-21 05:01 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-07-21 05:01 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-07-21 05:01 - 2015-02-03 05:31 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-07-21 05:01 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-07-21 05:01 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-07-21 05:01 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-07-21 05:01 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-07-21 05:01 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-07-21 05:01 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-07-21 05:01 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-07-21 05:01 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-07-21 05:01 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-07-21 05:01 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-07-21 05:01 - 2015-02-03 05:28 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-07-21 05:01 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-07-21 05:01 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-07-21 05:01 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-07-21 05:01 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-07-21 05:01 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-07-21 05:01 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2015-07-21 05:01 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-07-21 05:01 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2015-07-21 05:01 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2015-07-21 05:01 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2015-07-21 05:01 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2015-07-21 05:01 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2015-07-21 05:01 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2015-07-21 05:01 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-07-21 05:01 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-07-21 05:01 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-07-21 05:01 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2015-07-21 05:01 - 2015-02-03 05:08 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-07-21 05:01 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-07-21 05:01 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-07-21 05:01 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-07-21 05:01 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-07-21 05:00 - 2015-02-03 05:34 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-07-21 05:00 - 2015-02-03 05:34 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-07-21 05:00 - 2015-02-03 05:31 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-07-21 05:00 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-07-21 05:00 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-07-21 05:00 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-07-21 05:00 - 2015-02-03 05:31 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-07-21 05:00 - 2015-02-03 05:31 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-07-21 05:00 - 2015-02-03 05:31 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-07-21 05:00 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-07-21 05:00 - 2015-02-03 05:31 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-07-21 05:00 - 2015-02-03 05:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-07-21 05:00 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-07-21 05:00 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-07-21 05:00 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-07-21 05:00 - 2015-02-03 05:31 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-07-21 05:00 - 2015-02-03 05:31 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-07-21 05:00 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-07-21 05:00 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-07-21 05:00 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-07-21 05:00 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-07-21 05:00 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-07-21 05:00 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-07-21 05:00 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-07-21 05:00 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-07-21 05:00 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-07-21 05:00 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-07-21 05:00 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-07-21 05:00 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-07-21 05:00 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-07-21 05:00 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-07-21 05:00 - 2015-02-03 05:30 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-07-21 05:00 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-07-21 05:00 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-07-21 05:00 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-07-21 05:00 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-07-21 05:00 - 2015-02-03 05:30 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-07-21 05:00 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-07-21 05:00 - 2015-02-03 05:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-07-21 05:00 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-07-21 05:00 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-07-21 05:00 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-07-21 05:00 - 2015-02-03 05:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-07-21 05:00 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-07-21 05:00 - 2015-02-03 05:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-07-21 05:00 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-07-21 05:00 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-07-21 05:00 - 2015-02-03 05:12 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-07-21 05:00 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2015-07-21 05:00 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2015-07-21 05:00 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-07-21 05:00 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-07-21 05:00 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2015-07-21 05:00 - 2015-02-03 05:12 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-07-21 05:00 - 2015-02-03 05:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-07-21 05:00 - 2015-02-03 05:12 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-07-21 05:00 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-07-21 05:00 - 2015-02-03 05:12 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-07-21 05:00 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-07-21 05:00 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-07-21 05:00 - 2015-02-03 05:12 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-07-21 05:00 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-07-21 05:00 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-07-21 05:00 - 2015-02-03 05:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-07-21 05:00 - 2015-02-03 05:12 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-07-21 05:00 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-07-21 05:00 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-07-21 05:00 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-07-21 05:00 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-07-21 05:00 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-07-21 05:00 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-07-21 05:00 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-07-21 05:00 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-07-21 05:00 - 2015-02-03 05:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-07-21 05:00 - 2015-02-03 05:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-07-21 05:00 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-07-21 05:00 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-07-21 05:00 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-07-21 04:53 - 2015-05-09 05:27 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-07-21 04:53 - 2015-05-09 05:27 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-07-21 04:53 - 2015-05-09 05:27 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-07-21 04:53 - 2015-05-09 05:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-07-21 04:53 - 2015-05-09 05:26 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-07-21 04:53 - 2015-05-09 05:26 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-07-21 04:53 - 2015-05-09 05:26 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-07-21 04:53 - 2015-05-09 05:25 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-07-21 04:53 - 2015-05-09 05:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-07-21 04:53 - 2015-05-09 05:13 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-07-21 04:53 - 2015-05-09 05:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-07-21 04:53 - 2015-05-09 05:12 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-07-21 04:53 - 2015-05-09 05:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-07-21 04:53 - 2015-05-09 05:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 04:01 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-07-21 04:53 - 2015-05-09 04:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-07-21 04:53 - 2015-05-09 03:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 03:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 03:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-07-21 04:53 - 2015-05-09 03:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-07-20 23:16 - 2015-07-20 23:16 - 00000154 _____ C:\Users\Mesh\Desktop\tv-b92.ogg.m3u 2015-07-20 23:13 - 2015-07-20 23:14 - 28849904 _____ C:\vlc-2.2.1-win32.exe 2015-07-18 22:09 - 2015-07-18 22:09 - 00000084 _____ C:\Users\Mesh\Desktop\radiobeograd2.asx ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-14 13:13 - 2014-08-14 18:38 - 01695325 _____ C:\Windows\WindowsUpdate.log 2015-08-14 13:09 - 2014-01-21 13:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-14 12:53 - 2009-07-14 07:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-14 12:52 - 2013-01-24 04:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-14 12:49 - 2012-12-25 17:10 - 00000436 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2015-08-14 12:48 - 2014-01-21 13:48 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-14 12:48 - 2012-11-27 07:06 - 00000198 _____ C:\Windows\Tasks\AutoKMS.job 2015-08-14 12:48 - 2012-10-23 16:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-08-14 12:48 - 2012-07-25 01:24 - 00000000 ____D C:\ProgramData\NVIDIA 2015-08-14 12:48 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-14 00:38 - 2015-05-12 16:30 - 00000000 ____D C:\Program Files (x86)\AIMP3 2015-08-14 00:38 - 2014-07-18 00:51 - 00000000 ____D C:\Program Files (x86)\globalUpdate 2015-08-14 00:08 - 2015-04-01 21:30 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-08-13 21:43 - 2012-10-01 04:13 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{84005110-EA47-4FCC-A8B1-0CFC2347E861} 2015-08-13 13:52 - 2013-01-24 04:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-08-13 13:52 - 2012-11-21 05:17 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-08-13 13:52 - 2012-11-21 05:17 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-08-12 18:11 - 2015-01-07 17:43 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-08-12 13:01 - 2009-07-14 06:45 - 00029168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-12 13:01 - 2009-07-14 06:45 - 00029168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-12 12:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2015-08-11 15:21 - 2015-05-12 16:30 - 00000000 ____D C:\Users\Mesh\AppData\Roaming\AIMP3 2015-08-08 19:40 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-08-07 14:43 - 2012-07-24 20:28 - 00000000 ____D C:\Users\Mesh 2015-08-06 12:42 - 2014-06-05 21:01 - 00003818 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1378421089 2015-08-06 12:42 - 2013-09-06 00:44 - 00000000 ____D C:\Program Files (x86)\Opera 2015-08-03 19:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism 2015-08-03 19:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism 2015-07-21 04:52 - 2014-08-16 19:52 - 00000222 _____ C:\Users\Mesh\BullseyeCoverageError.txt 2015-07-21 04:28 - 2013-10-20 23:24 - 00000000 ____D C:\ProgramData\Oracle 2015-07-21 04:28 - 2013-03-10 16:32 - 00000000 ____D C:\Program Files (x86)\Java 2015-07-21 04:26 - 2014-01-22 00:05 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-07-20 23:21 - 2012-07-24 22:42 - 00000000 ____D C:\Users\Mesh\AppData\Roaming\vlc 2015-07-16 04:04 - 2014-01-21 13:48 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-16 04:04 - 2014-01-21 13:48 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======= 2012-08-18 01:58 - 2012-08-18 01:58 - 0893936 _____ (Oracle Corporation) C:\Program Files\chromeinstall-7u5.exe 2013-03-11 20:30 - 2013-03-11 20:30 - 0000132 _____ () C:\Users\Mesh\AppData\Roaming\Adobe GIF Format CS6 Prefs 2012-07-25 00:47 - 2012-07-25 00:47 - 0007605 _____ () C:\Users\Mesh\AppData\Local\Resmon.ResmonCfg 2012-12-08 19:20 - 2012-12-08 19:20 - 0000032 RSHOT () C:\Users\Mesh\AppData\Local\t65s2tb.dat Some files in TEMP: ==================== C:\Users\Mesh\AppData\Local\Temp\360Inst_sohuyy.exe C:\Users\Mesh\AppData\Local\Temp\bedjeiijbj.exe C:\Users\Mesh\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\Mesh\AppData\Local\Temp\mytmpinstaller.exe C:\Users\Mesh\AppData\Local\Temp\qqpcmgr_v10.10.16434.218_72490_Silence.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-12 18:09 ==================== End of log ============================ [Link mogu videti samo ulogovani korisnici]

Profil

TwinHeadedEagle Poslao: 14 Avg 2015 14:35 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav 1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod: createrestorepoint: closeprocesses: emptytemp: C:\Program Files (x86)\Rising C:\Program Files (x86)\fr HKLM-x32\...\Run: [fr] => C:\Program Files (x86)\fr\fr.exe [262144 2015-08-11] (ETRWTER) HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.) HKLM-x32\...\Run: [RavTRAY] => C:\Program Files (x86)\Rising\RAV\RSTRAY.EXE [111000 2014-05-15] (Beijing Rising Information Technology Co., Ltd.) HKLM-x32\...\Run: [SohuVA] => "C:\Program Files (x86)\????\SHPlayer.exe" /auto HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe BootExecute: autocheck autochk * bsmain GroupPolicy: Group Policy on Chrome detected <======= ATTENTION C:\Program Files (x86)\???? HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs URLSearchHook: HKLM-x32 - SweetTunes1 Toolbar - {f9d1c08c-2031-4e6c-ab51-50330ac2d988} - C:\Program Files (x86)\SweetTunes1\prxtbSwee.dll No File SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-4209369173-3384524162-1790046760-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: CSohuDetector Object -> {452ADB5B-00BE-469D-A65F-3046146B2ED5} -> C:\Program Files (x86)\搜狐影音\SoHuAutoDetector.dll [2015-08-13] (Sohu) C:\Program Files (x86)\搜狐影音 Toolbar: HKLM-x32 - SweetTunes1 Toolbar - {f9d1c08c-2031-4e6c-ab51-50330ac2d988} - C:\Program Files (x86)\SweetTunes1\prxtbSwee.dll No File Toolbar: HKU\S-1-5-21-4209369173-3384524162-1790046760-1000 -> No Name - {F9D1C08C-2031-4E6C-AB51-50330AC2D988} - No File FF NewTab: hxxp://search.yahoo.com/?fr=hp-ddc-bd-tab&type=688_pr__alt__ddc_dsssyctab_bd_com FF SelectedSearchEngine: Yahoo! Search FF Homepage: hxxp://www.google.rs/ FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=688_pr__alt__ddc_dss_bd_com&p= FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2013-06-27] (Beijing Rising Information Technology Co., Ltd.) FF Plugin-x32: @sohu.com/npifox -> C:\Program Files (x86)\搜狐影音\npifox.dll [2015-08-13] () R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [196288 2015-08-14] (Beijing Rising Information Technology Co., Ltd.) R2 RsRavMon; C:\Program Files (x86)\Rising\RAV\ravmond.exe [277552 2014-05-15] (Beijing Rising Information Technology Co., Ltd.) R1 HyperVM; C:\Windows\system32\drivers\hvm.sys [41784 2015-08-14] (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\drivers\hvm.sys R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71760 2015-04-09] (Beijing Rising Information Technology Co., Ltd.) C:\Windows\System32\DRIVERS\rsutils.sys R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119256 2015-04-30] (Beijing Rising Information Technology Co., Ltd.) R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] () U3 a015gdtw; C:\Windows\System32\Drivers\a015gdtw.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder) S3 iadusb; system32\DRIVERS\glaui64.sys [X] S1 iSafeKrnlR3; \??\C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] C:\Windows\System32\DRIVERS\sysmon.sys 2015-08-13 21:28 - 2015-08-14 12:49 - 00003308 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} 2015-08-13 21:24 - 2015-08-14 00:38 - 00000000 ____D C:\Program Files (x86)\521abff7-0410-4522-96a4-a3c4e9d1e836 2015-08-13 21:23 - 2015-08-13 21:23 - 00000000 ____D C:\Users\Mesh\Documents\搜狐影音 2015-08-13 21:23 - 2015-08-13 21:23 - 00000000 ____D C:\Users\Mesh\Documents\ËŃşüÓ°Ňô 2015-08-13 21:22 - 2015-08-13 21:23 - 00000000 ____D C:\Program Files (x86)\搜狐影音 2015-08-13 21:22 - 2015-08-13 21:22 - 00000000 ____D C:\Users\Mesh\AppData\Local\Temp尰 2015-08-13 21:22 - 2015-08-13 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狐影音 2015-08-13 21:21 - 2015-08-14 01:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Antivirus 2015-08-13 21:21 - 2015-08-13 21:21 - 00000150 __RSH C:\rising.ini 2015-08-13 21:21 - 2015-08-13 21:21 - 00000134 _____ C:\Windows\SysWOW64\BsMain.ini 2015-08-13 21:21 - 2015-08-13 21:21 - 00000000 ___RD C:\RavBin 2015-08-13 21:21 - 2015-04-30 03:17 - 00119256 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys 2015-08-13 21:21 - 2015-04-09 07:00 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys 2015-08-13 21:21 - 2014-07-30 04:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll 2015-08-13 21:21 - 2014-01-02 09:37 - 00325400 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\ravext64.dll 2015-08-13 21:21 - 2013-12-30 09:33 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\ravext.dll 2015-08-13 21:21 - 2012-09-06 02:30 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\bsmain.exe 2015-08-13 21:21 - 2012-02-29 09:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys 2015-08-13 21:20 - 2015-08-13 21:21 - 00000000 ____D C:\ProgramData\Rising 2015-08-13 21:20 - 2015-08-13 21:21 - 00000000 ____D C:\Program Files (x86)\Rising 2015-08-13 21:19 - 2015-08-13 21:21 - 00000000 ____D C:\Program Files (x86)\fr 2015-08-13 21:06 - 2015-08-13 21:06 - 10470632 _____ C:\BE-Macro-2.61.exe AV: Rising Antivirus (Enabled - Up to date) {DBC966C2-BD90-87CD-5A01-4DFB1D2EC867} AS: Rising Antivirus (Enabled - Up to date) {60A88726-9BAA-8843-60B1-768966A982DA} globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION Task: {0A4B10F8-4458-4189-B754-E023B07F1992} - \15fba21d-9756-481b-984c-9daf84d000d2-4 -> No File <==== ATTENTION Task: {19C010A3-E10D-42C8-BB1D-F1C899D2C59C} - System32\Tasks\{63BCDA13-9BB0-4BC7-B9DC-63FFC297947B} => pcalua.exe -a C:\Users\Mesh\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=amt <==== ATTENTION Task: {19C1D5FA-AC23-4DA1-80A8-8D16A2FB799B} - System32\Tasks\{5AC65E90-7C4C-453E-9C44-C778356F092C} => Firefox.exe Task: {24ACECE8-B0D5-48F6-B0AC-732379637937} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION Task: {25443A7C-9419-4D97-A461-431166BFF1BA} - \15fba21d-9756-481b-984c-9daf84d000d2-1-7 -> No File <==== ATTENTION Task: {2B0CB38A-0A43-4B74-9FA8-4B0E0B18ED2B} - \15fba21d-9756-481b-984c-9daf84d000d2-11 -> No File <==== ATTENTION Task: {3B61BE04-576D-437C-8DA8-182072B8B0CC} - \15fba21d-9756-481b-984c-9daf84d000d2-6 -> No File <==== ATTENTION Task: {44975597-547B-4104-B481-077CC176A7D0} - \15fba21d-9756-481b-984c-9daf84d000d2-3 -> No File <==== ATTENTION Task: {52D09F17-C01D-4F40-A13D-9D2848F857F5} - \15fba21d-9756-481b-984c-9daf84d000d2-10_user -> No File <==== ATTENTION Task: {7B02E538-0282-4B8A-8138-582B91132BC5} - System32\Tasks\{720E8F80-A965-439F-A138-41070A92027B} => pcalua.exe -a "C:\Program Files (x86)\P-HD-V1.4\Uninstall.exe" -c /fcp=1 Task: {9ACE7C16-2DCA-4297-AE76-C31B48BD0CA2} - \15fba21d-9756-481b-984c-9daf84d000d2-1-6 -> No File <==== ATTENTION Task: {A65FCFA5-975B-4207-B187-22933ECF9BCE} - System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => C:\Program Files (x86)\Rising\RAV\rsdelaylauncher.exe [2014-05-15] (Beijing Rising Information Technology Co., Ltd.) Task: {C4172D87-7E74-4D8A-A671-F07F094FBD6E} - \e653cf25-f107-4cbe-b8d1-5dadaea354f2-4 -> No File <==== ATTENTION Task: {D531B0DA-D9BA-46D2-898A-7425F1A887E7} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe Task: {D64AD20F-49A6-41C7-B216-BFFC59D79D5B} - \15fba21d-9756-481b-984c-9daf84d000d2-7 -> No File <==== ATTENTION Task: {FB1EFA40-2692-4E6B-8C9B-3DE1A019501C} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION C:\Users\Mesh\AppData\Roaming\webssearches C:\Program Files (x86)\P-HD-V1.4 AlternateDataStreams: C:\ProgramData\Microsoft:iGkKhOaPb7MvJTJLBRo AlternateDataStreams: C:\ProgramData\Microsoft:NtH5cvWlJzMfi97G46DOrA34T0i6z 2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi. 3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj. Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema. Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku. Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Profil

crno dete Poslao: 14 Avg 2015 15:08 Idi na vrh
offline crno dete Novi MyCity građanin Pridružio: 14 Avg 2015 Poruke: 25	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! uradio Fix result of Farbar Recovery Scan Tool (x64) Version:13-08-2015 Ran by Mesh (2015-08-14 14:52:26) Run:1 Running from C:\Users\Mesh\Desktop Loaded Profiles: Mesh (Available Profiles: Mesh) Boot Mode: Normal ============================================== fixlist content: ***************** createrestorepoint: closeprocesses: emptytemp: C:\Program Files (x86)\Rising C:\Program Files (x86)\fr HKLM-x32\...\Run: [fr] => C:\Program Files (x86)\fr\fr.exe [262144 2015-08-11] (ETRWTER) HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.) HKLM-x32\...\Run: [RavTRAY] => C:\Program Files (x86)\Rising\RAV\RSTRAY.EXE [111000 2014-05-15] (Beijing Rising Information Technology Co., Ltd.) HKLM-x32\...\Run: [SohuVA] => "C:\Program Files (x86)\????\SHPlayer.exe" /auto HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe BootExecute: autocheck autochk * bsmain GroupPolicy: Group Policy on Chrome detected <======= ATTENTION C:\Program Files (x86)\???? HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs URLSearchHook: HKLM-x32 - SweetTunes1 Toolbar - {f9d1c08c-2031-4e6c-ab51-50330ac2d988} - C:\Program Files (x86)\SweetTunes1\prxtbSwee.dll No File SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms} SearchScopes: HKU\S-1-5-21-4209369173-3384524162-1790046760-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: CSohuDetector Object -> {452ADB5B-00BE-469D-A65F-3046146B2ED5} -> C:\Program Files (x86)\????\SoHuAutoDetector.dll [2015-08-13] (Sohu) C:\Program Files (x86)\???? Toolbar: HKLM-x32 - SweetTunes1 Toolbar - {f9d1c08c-2031-4e6c-ab51-50330ac2d988} - C:\Program Files (x86)\SweetTunes1\prxtbSwee.dll No File Toolbar: HKU\S-1-5-21-4209369173-3384524162-1790046760-1000 -> No Name - {F9D1C08C-2031-4E6C-AB51-50330AC2D988} - No File FF NewTab: [Link mogu videti samo ulogovani korisnici] FF SelectedSearchEngine: Yahoo! Search FF Homepage: [Link mogu videti samo ulogovani korisnici] FF Keyword.URL: [Link mogu videti samo ulogovani korisnici] FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2013-06-27] (Beijing Rising Information Technology Co., Ltd.) FF Plugin-x32: @sohu.com/npifox -> C:\Program Files (x86)\????\npifox.dll [2015-08-13] () R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [196288 2015-08-14] (Beijing Rising Information Technology Co., Ltd.) R2 RsRavMon; C:\Program Files (x86)\Rising\RAV\ravmond.exe [277552 2014-05-15] (Beijing Rising Information Technology Co., Ltd.) R1 HyperVM; C:\Windows\system32\drivers\hvm.sys [41784 2015-08-14] (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\drivers\hvm.sys R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71760 2015-04-09] (Beijing Rising Information Technology Co., Ltd.) C:\Windows\System32\DRIVERS\rsutils.sys R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119256 2015-04-30] (Beijing Rising Information Technology Co., Ltd.) R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] () U3 a015gdtw; C:\Windows\System32\Drivers\a015gdtw.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder) S3 iadusb; system32\DRIVERS\glaui64.sys [X] S1 iSafeKrnlR3; \??\C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] C:\Windows\System32\DRIVERS\sysmon.sys 2015-08-13 21:28 - 2015-08-14 12:49 - 00003308 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} 2015-08-13 21:24 - 2015-08-14 00:38 - 00000000 ____D C:\Program Files (x86)\521abff7-0410-4522-96a4-a3c4e9d1e836 2015-08-13 21:23 - 2015-08-13 21:23 - 00000000 ____D C:\Users\Mesh\Documents\???? 2015-08-13 21:23 - 2015-08-13 21:23 - 00000000 ____D C:\Users\Mesh\Documents\ËNsüÓ°Nô 2015-08-13 21:22 - 2015-08-13 21:23 - 00000000 ____D C:\Program Files (x86)\???? 2015-08-13 21:22 - 2015-08-13 21:22 - 00000000 ____D C:\Users\Mesh\AppData\Local\Temp? 2015-08-13 21:22 - 2015-08-13 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???? 2015-08-13 21:21 - 2015-08-14 01:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Antivirus 2015-08-13 21:21 - 2015-08-13 21:21 - 00000150 __RSH C:\rising.ini 2015-08-13 21:21 - 2015-08-13 21:21 - 00000134 _____ C:\Windows\SysWOW64\BsMain.ini 2015-08-13 21:21 - 2015-08-13 21:21 - 00000000 ___RD C:\RavBin 2015-08-13 21:21 - 2015-04-30 03:17 - 00119256 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys 2015-08-13 21:21 - 2015-04-09 07:00 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys 2015-08-13 21:21 - 2014-07-30 04:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll 2015-08-13 21:21 - 2014-01-02 09:37 - 00325400 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\ravext64.dll 2015-08-13 21:21 - 2013-12-30 09:33 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\ravext.dll 2015-08-13 21:21 - 2012-09-06 02:30 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\bsmain.exe 2015-08-13 21:21 - 2012-02-29 09:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys 2015-08-13 21:20 - 2015-08-13 21:21 - 00000000 ____D C:\ProgramData\Rising 2015-08-13 21:20 - 2015-08-13 21:21 - 00000000 ____D C:\Program Files (x86)\Rising 2015-08-13 21:19 - 2015-08-13 21:21 - 00000000 ____D C:\Program Files (x86)\fr 2015-08-13 21:06 - 2015-08-13 21:06 - 10470632 _____ C:\BE-Macro-2.61.exe AV: Rising Antivirus (Enabled - Up to date) {DBC966C2-BD90-87CD-5A01-4DFB1D2EC867} AS: Rising Antivirus (Enabled - Up to date) {60A88726-9BAA-8843-60B1-768966A982DA} globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION Task: {0A4B10F8-4458-4189-B754-E023B07F1992} - \15fba21d-9756-481b-984c-9daf84d000d2-4 -> No File <==== ATTENTION Task: {19C010A3-E10D-42C8-BB1D-F1C899D2C59C} - System32\Tasks\{63BCDA13-9BB0-4BC7-B9DC-63FFC297947B} => pcalua.exe -a C:\Users\Mesh\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=amt <==== ATTENTION Task: {19C1D5FA-AC23-4DA1-80A8-8D16A2FB799B} - System32\Tasks\{5AC65E90-7C4C-453E-9C44-C778356F092C} => Firefox.exe Task: {24ACECE8-B0D5-48F6-B0AC-732379637937} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION Task: {25443A7C-9419-4D97-A461-431166BFF1BA} - \15fba21d-9756-481b-984c-9daf84d000d2-1-7 -> No File <==== ATTENTION Task: {2B0CB38A-0A43-4B74-9FA8-4B0E0B18ED2B} - \15fba21d-9756-481b-984c-9daf84d000d2-11 -> No File <==== ATTENTION Task: {3B61BE04-576D-437C-8DA8-182072B8B0CC} - \15fba21d-9756-481b-984c-9daf84d000d2-6 -> No File <==== ATTENTION Task: {44975597-547B-4104-B481-077CC176A7D0} - \15fba21d-9756-481b-984c-9daf84d000d2-3 -> No File <==== ATTENTION Task: {52D09F17-C01D-4F40-A13D-9D2848F857F5} - \15fba21d-9756-481b-984c-9daf84d000d2-10_user -> No File <==== ATTENTION Task: {7B02E538-0282-4B8A-8138-582B91132BC5} - System32\Tasks\{720E8F80-A965-439F-A138-41070A92027B} => pcalua.exe -a "C:\Program Files (x86)\P-HD-V1.4\Uninstall.exe" -c /fcp=1 Task: {9ACE7C16-2DCA-4297-AE76-C31B48BD0CA2} - \15fba21d-9756-481b-984c-9daf84d000d2-1-6 -> No File <==== ATTENTION Task: {A65FCFA5-975B-4207-B187-22933ECF9BCE} - System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => C:\Program Files (x86)\Rising\RAV\rsdelaylauncher.exe [2014-05-15] (Beijing Rising Information Technology Co., Ltd.) Task: {C4172D87-7E74-4D8A-A671-F07F094FBD6E} - \e653cf25-f107-4cbe-b8d1-5dadaea354f2-4 -> No File <==== ATTENTION Task: {D531B0DA-D9BA-46D2-898A-7425F1A887E7} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe Task: {D64AD20F-49A6-41C7-B216-BFFC59D79D5B} - \15fba21d-9756-481b-984c-9daf84d000d2-7 -> No File <==== ATTENTION Task: {FB1EFA40-2692-4E6B-8C9B-3DE1A019501C} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION C:\Users\Mesh\AppData\Roaming\webssearches C:\Program Files (x86)\P-HD-V1.4 AlternateDataStreams: C:\ProgramData\Microsoft:iGkKhOaPb7MvJTJLBRo AlternateDataStreams: C:\ProgramData\Microsoft:NtH5cvWlJzMfi97G46DOrA34T0i6z ***************** Restore point was successfully created. Processes closed successfully. "C:\Program Files (x86)\Rising" folder move: Could not move "C:\Program Files (x86)\Rising" => Scheduled to move on reboot. C:\Program Files (x86)\fr => moved successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fr => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RSDTRAY => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RavTRAY => value could not remove. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SohuVA => value removed successfully HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => key removed successfully hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully C:\Windows\system32\GroupPolicy\Machine => moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully. C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully. "C:\Program Files (x86)\????" folder move: Could not move "C:\Program Files (x86)\????" => Scheduled to move on reboot. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{f9d1c08c-2031-4e6c-ab51-50330ac2d988} => value removed successfully "HKCR\Wow6432Node\CLSID\{f9d1c08c-2031-4e6c-ab51-50330ac2d988}" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}" => key removed successfully HKCR\Wow6432Node\CLSID\{0191A6B0-1154-4C22-9182-23A95BBE92D9} => key not found. HKU\S-1-5-21-4209369173-3384524162-1790046760-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{452ADB5B-00BE-469D-A65F-3046146B2ED5}" => key removed successfully "HKCR\Wow6432Node\CLSID\{452ADB5B-00BE-469D-A65F-3046146B2ED5}" => key removed successfully "C:\Program Files (x86)\????" folder move: Could not move "C:\Program Files (x86)\????" => Scheduled to move on reboot. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{f9d1c08c-2031-4e6c-ab51-50330ac2d988} => value removed successfully HKCR\Wow6432Node\CLSID\{f9d1c08c-2031-4e6c-ab51-50330ac2d988} => key not found. HKU\S-1-5-21-4209369173-3384524162-1790046760-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F9D1C08C-2031-4E6C-AB51-50330AC2D988} => value removed successfully HKCR\CLSID\{F9D1C08C-2031-4E6C-AB51-50330AC2D988} => key not found. Firefox "newtab" removed successfully Firefox SelectedSearchEngine removed successfully Firefox "homepage" removed successfully Firefox "Keyword.URL" removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@rising.com.cn/nprising" => key removed successfully Could not move "C:\Program Files (x86)\Rising\RAV\nprising.dll" => Scheduled to move on reboot. "HKLM\Software\Wow6432Node\MozillaPlugins\@sohu.com/npifox" => key removed successfully C:\Program Files (x86)\????\npifox.dll not found. RsMgrSvc => Service stopped successfully. RsMgrSvc => service removed successfully RsRavMon => Unable to stop service. RsRavMon => service could not remove HyperVM => Unable to stop service. HyperVM => service could not remove Could not move "C:\Windows\system32\drivers\hvm.sys" => Scheduled to move on reboot. rsutils => Unable to stop service. rsutils => service removed successfully Could not move "C:\Windows\System32\DRIVERS\rsutils.sys" => Scheduled to move on reboot. sysmon => Unable to stop service. sysmon => service could not remove uxpatch => Service stopped successfully. uxpatch => service removed successfully a015gdtw => service removed successfully iadusb => service removed successfully iSafeKrnlR3 => service removed successfully VGPU => service removed successfully Could not move "C:\Windows\System32\DRIVERS\sysmon.sys" => Scheduled to move on reboot. C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => moved successfully. C:\Program Files (x86)\521abff7-0410-4522-96a4-a3c4e9d1e836 => moved successfully. "C:\Users\Mesh\Documents\????" folder move: Could not move "C:\Users\Mesh\Documents\????" => Scheduled to move on reboot. "C:\Users\Mesh\Documents\ËNsüÓ°Nô" => File/Folder not found. "C:\Program Files (x86)\????" folder move: Could not move "C:\Program Files (x86)\????" => Scheduled to move on reboot. "C:\Users\Mesh\AppData\Local\Temp?" folder move: Could not move "C:\Users\Mesh\AppData\Local\Temp?" => Scheduled to move on reboot. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????" folder move: Could not move "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????" => Scheduled to move on reboot. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Antivirus => moved successfully. C:\rising.ini => moved successfully. C:\Windows\SysWOW64\BsMain.ini => moved successfully. "C:\RavBin" folder move: Could not move "C:\RavBin" => Scheduled to move on reboot. Could not move "C:\Windows\system32\Drivers\sysmon.sys" => Scheduled to move on reboot. Could not move "C:\Windows\system32\Drivers\rsutils.sys" => Scheduled to move on reboot. C:\Windows\SysWOW64\vpatch.dll => moved successfully. C:\Windows\system32\ravext64.dll => moved successfully. C:\Windows\SysWOW64\ravext.dll => moved successfully. C:\Windows\SysWOW64\bsmain.exe => moved successfully. Could not move "C:\Windows\system32\Drivers\rsndisp.sys" => Scheduled to move on reboot. "C:\ProgramData\Rising" folder move: Could not move "C:\ProgramData\Rising" => Scheduled to move on reboot. "C:\Program Files (x86)\Rising" folder move: Could not move "C:\Program Files (x86)\Rising" => Scheduled to move on reboot. "C:\Program Files (x86)\fr" => File/Folder not found. C:\BE-Macro-2.61.exe => moved successfully. AV: Rising Antivirus (Enabled - Up to date) {DBC966C2-BD90-87CD-5A01-4DFB1D2EC867} => The item is protected. Make sure the software is uninstalled and its services is removed. AS: Rising Antivirus (Enabled - Up to date) {60A88726-9BAA-8843-60B1-768966A982DA} => The item is protected. Make sure the software is uninstalled and its services is removed. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => value removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0A4B10F8-4458-4189-B754-E023B07F1992}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A4B10F8-4458-4189-B754-E023B07F1992}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\15fba21d-9756-481b-984c-9daf84d000d2-4" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19C010A3-E10D-42C8-BB1D-F1C899D2C59C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19C010A3-E10D-42C8-BB1D-F1C899D2C59C}" => key removed successfully C:\Windows\System32\Tasks\{63BCDA13-9BB0-4BC7-B9DC-63FFC297947B} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{63BCDA13-9BB0-4BC7-B9DC-63FFC297947B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19C1D5FA-AC23-4DA1-80A8-8D16A2FB799B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19C1D5FA-AC23-4DA1-80A8-8D16A2FB799B}" => key removed successfully C:\Windows\System32\Tasks\{5AC65E90-7C4C-453E-9C44-C778356F092C} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5AC65E90-7C4C-453E-9C44-C778356F092C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{24ACECE8-B0D5-48F6-B0AC-732379637937}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24ACECE8-B0D5-48F6-B0AC-732379637937}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{25443A7C-9419-4D97-A461-431166BFF1BA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25443A7C-9419-4D97-A461-431166BFF1BA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\15fba21d-9756-481b-984c-9daf84d000d2-1-7" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2B0CB38A-0A43-4B74-9FA8-4B0E0B18ED2B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B0CB38A-0A43-4B74-9FA8-4B0E0B18ED2B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\15fba21d-9756-481b-984c-9daf84d000d2-11" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3B61BE04-576D-437C-8DA8-182072B8B0CC}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B61BE04-576D-437C-8DA8-182072B8B0CC}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\15fba21d-9756-481b-984c-9daf84d000d2-6" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{44975597-547B-4104-B481-077CC176A7D0}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44975597-547B-4104-B481-077CC176A7D0}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\15fba21d-9756-481b-984c-9daf84d000d2-3" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{52D09F17-C01D-4F40-A13D-9D2848F857F5}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52D09F17-C01D-4F40-A13D-9D2848F857F5}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\15fba21d-9756-481b-984c-9daf84d000d2-10_user" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B02E538-0282-4B8A-8138-582B91132BC5}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B02E538-0282-4B8A-8138-582B91132BC5}" => key removed successfully C:\Windows\System32\Tasks\{720E8F80-A965-439F-A138-41070A92027B} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{720E8F80-A965-439F-A138-41070A92027B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9ACE7C16-2DCA-4297-AE76-C31B48BD0CA2}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9ACE7C16-2DCA-4297-AE76-C31B48BD0CA2}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\15fba21d-9756-481b-984c-9daf84d000d2-1-6" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A65FCFA5-975B-4207-B187-22933ECF9BCE}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A65FCFA5-975B-4207-B187-22933ECF9BCE}" => key removed successfully C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C4172D87-7E74-4D8A-A671-F07F094FBD6E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4172D87-7E74-4D8A-A671-F07F094FBD6E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e653cf25-f107-4cbe-b8d1-5dadaea354f2-4" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D531B0DA-D9BA-46D2-898A-7425F1A887E7}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D531B0DA-D9BA-46D2-898A-7425F1A887E7}" => key removed successfully C:\Windows\System32\Tasks\AutoKMS => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D64AD20F-49A6-41C7-B216-BFFC59D79D5B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D64AD20F-49A6-41C7-B216-BFFC59D79D5B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\15fba21d-9756-481b-984c-9daf84d000d2-7" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB1EFA40-2692-4E6B-8C9B-3DE1A019501C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB1EFA40-2692-4E6B-8C9B-3DE1A019501C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => key removed successfully "C:\Users\Mesh\AppData\Roaming\webssearches" => File/Folder not found. "C:\Program Files (x86)\P-HD-V1.4" => File/Folder not found. C:\ProgramData\Microsoft => ":iGkKhOaPb7MvJTJLBRo" ADS removed successfully. C:\ProgramData\Microsoft => ":NtH5cvWlJzMfi97G46DOrA34T0i6z" ADS removed successfully. EmptyTemp: => 1 GB temporary data Removed. Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-08-14 15:04:14)<= C:\Program Files (x86)\Rising => moved successfully "C:\Program Files (x86)\????" => Could not move "C:\Program Files (x86)\????" => Could not move C:\Program Files (x86)\Rising\RAV\nprising.dll => Is moved successfully C:\Windows\system32\drivers\hvm.sys => moved successfully C:\Windows\System32\DRIVERS\rsutils.sys => moved successfully C:\Windows\System32\DRIVERS\sysmon.sys => moved successfully "C:\Users\Mesh\Documents\????" => Could not move "C:\Program Files (x86)\????" => Could not move "C:\Users\Mesh\AppData\Local\Temp?" => Could not move "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????" => Could not move C:\RavBin => moved successfully C:\Windows\system32\Drivers\sysmon.sys => Is moved successfully C:\Windows\system32\Drivers\rsutils.sys => Is moved successfully C:\Windows\system32\Drivers\rsndisp.sys => moved successfully C:\ProgramData\Rising => Is moved successfully C:\Program Files (x86)\Rising => Is moved successfully ==== End of Fixlog 15:04:20 ====

Profil

TwinHeadedEagle Poslao: 14 Avg 2015 15:10 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakva je situacija sada?

Profil

crno dete Poslao: 14 Avg 2015 15:25 Idi na vrh
offline crno dete Novi MyCity građanin Pridružio: 14 Avg 2015 Poruke: 25	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 14 Avg 2015 15:16 i dalje prilikom podizanja vidim tu lavlju glavu, to je rising antivirus koga ne mogu da obrišem iz control panela, kao i nešto, pretpostavljam, kineskog porekla, što dolazi odavde: [Link mogu videti samo ulogovani korisnici] Dopuna: 14 Avg 2015 15:22 to je Au_.exe*32 Dopuna: 14 Avg 2015 15:25 ooops, uspeo sam da obrišem rising antivirus

Profil

TwinHeadedEagle Poslao: 14 Avg 2015 17:00 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jel sve u redu sada?

Profil

crno dete Poslao: 14 Avg 2015 17:02 Idi na vrh
offline crno dete Novi MyCity građanin Pridružio: 14 Avg 2015 Poruke: 25	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 14 Avg 2015 17:01 sada je sve ok, izuzev tog kineskog stvora (搜狐影音 ), koji je ukotvio svoju ikonicu na toolbars. Dopuna: 14 Avg 2015 17:02 automatski se pokreće kada pokušam da ga brišem u control panelu

Profil

Dejan Peic Poslao: 14 Avg 2015 17:04 Idi na vrh
offline Dejan Peic Građanin Dejan Peic sve Pridružio: 12 Maj 2012 Poruke: 245 Gde živiš: Subotica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ja sam ima taj problem samo uninstal nista vise

Profil

crno dete Poslao: 14 Avg 2015 17:07 Idi na vrh
offline crno dete Novi MyCity građanin Pridružio: 14 Avg 2015 Poruke: 25	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ne prihvata komandu, već se pokreće prozor na kome piše nešto na kineskom i nudi mi opciju yes-no

Profil

Dejan Peic Poslao: 14 Avg 2015 17:14 Idi na vrh
offline Dejan Peic Građanin Dejan Peic sve Pridružio: 12 Maj 2012 Poruke: 245 Gde živiš: Subotica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! levi prozor za uninstal trebas i ja sam se sa tim mucio

Profil

MyCity » Ambulanta -> Arhiva Ambulante » u konja trojana kozje usi

Ko je trenutno na forumu

Ukupno su 976 korisnika na forumu :: 78 registrovanih, 6 sakrivenih i 892 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: -[CoA]-, A.R.Chafee.Jr., alberto, Asparagus, Azzo, bobomicek, boro975, Bubimir, cavatina, Centauro, dak2, DalmatinacMF, Dimitrise93, djuradj, Doca, Dogma21, doktor097, Dorcolac, Džekson, Ercomero, famoso, Feller, Hooked2art, HrcAk47, joca83, Joint Chief, Jozo74, Kajzer Soze, kib, koneks, Koser, Kriglord, Kubovac, lakson001, lord sir giga, M74AB3, Makeitdrip, markomacii9, mexo, milenko crazy north, Military_Enjoyer, Milo97, Milometer, milos.cbr, moldway, mrav pesadinac, Nikoladoktor, NNPD, Nobunaga, Oscar, paja69, PrincipL, promajauglavi, qurtamurta, RajkoB, Ratnik84, Resad76, rodoljub, Sass Drake, Skakac7, Snorks, Stanlio, stegonosa, synergia, t.mile, Tandrkalo, The Boss, Tumansky, varda, vdeki, Visionary, Vladko, Vlado82, vrlenija, zmajbre, Zrcalo, zzzgmap, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by