Премини към съдържанието

v3cko

Потребител
  • Публикации

    27
  • Регистрация

  • Последно онлайн

Харесвания

0 Неутрална репутация

Всичко за v3cko

  • Титла
    Потребител
  • Рожден ден 14.07.1977

Информация

  • Пол
    Мъж
  • Град
    Троян

Последни посетители

706 прегледа на профила
  1. # DelFix v1.013 - Logfile created 12/08/2018 at 15:10:10 # Updated 17/04/2016 by Xplode # Username : BECKO - BECKO-PC # Operating System : Windows 7 Ultimate Service Pack 1 (32 bits) ~ Removing disinfection tools ... Deleted : C:\AdwCleaner Deleted : C:\Users\Public\Desktop\RogueKiller.lnk Deleted : C:\Users\BECKO\Downloads\adwcleaner_7.1.1.exe Deleted : C:\Users\BECKO\Downloads\adwcleaner_7.2.2.exe Deleted : C:\Users\BECKO\Downloads\RogueKiller.exe Deleted : C:\Users\BECKO\Downloads\RogueKiller_setup.exe ~ Creating registry backup ... Error ! (1) ~ Cleaning system restore ... Deleted : RP #6 [Language Pack Installation | 08/11/2018 13:53:14] Deleted : RP #7 [Програма за инсталиране на модули за Windows | 08/11/2018 15:23:09] Deleted : RP #8 [Windows Update | 08/11/2018 15:41:57] Deleted : RP #9 [Removed Avira Software Updater | 08/11/2018 15:46:40] Deleted : RP #10 [Точка на възстановяване на HitmanPro | 08/11/2018 16:18:13] Deleted : RP #11 [Точка на възстановяване на HitmanPro | 08/11/2018 16:29:58] Deleted : RP #13 [Restore Point Created by FRST | 08/12/2018 10:31:45] Deleted : RP #15 [Restore Point Created by FRST | 08/12/2018 10:35:04] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
  2. Системата работи добре , може да маркирате случаят за решен . Благодаря за отделеното време и внимание
  3. Fixlog_12-08-2018 13.35.42.txt
  4. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.08.2018 Ran by BECKO (administrator) on BECKO-PC (12-08-2018 12:23:41) Running from C:\Users\BECKO\Downloads Loaded Profiles: BECKO (Available Profiles: BECKO) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Английски (Съединени щати) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2018-08-11] (Synaptics Incorporated) HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.) HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\...\Run: [Chromium] => "c:\users\becko\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{4447F6FC-1164-470A-9CC4-84A798333B40}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{566E0D37-D76E-44FA-984D-4A40BF15E2B7}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\BECKO\AppData\Roaming\K-Meleon\ignaeef5.default [2018-08-12] FF user.js: detected! => C:\Users\BECKO\AppData\Roaming\K-Meleon\ignaeef5.default\user.js [2006-04-06] FF Homepage: K-Meleon\ignaeef5.default -> google.bg FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2016-01-04] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-08-11] () FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-11] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-11] (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://google.bg/ CHR StartupUrls: Default -> "hxxps://www.google.bg/" CHR Profile: C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default [2018-08-12] CHR Extension: (Презентации) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-11] CHR Extension: (Документи) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-11] CHR Extension: (Google Диск) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-11] CHR Extension: (YouTube) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-11] CHR Extension: (Adblock Plus) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-08-11] CHR Extension: (Таблици) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-11] CHR Extension: (Google Документи офлайн) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-11] CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2018-08-11] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-11] CHR Extension: (Gmail) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-11] CHR Extension: (Chrome Media Router) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-11] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1680088 2018-08-11] (Broadcom Corporation.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [175320 2018-08-11] (Broadcom Corporation.) S3 btwampfl; C:\Windows\System32\DRIVERS\btwampfl.sys [144600 2018-08-11] (Broadcom Corporation.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-06-19] (Malwarebytes) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [38224 2018-08-11] () R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [527344 2018-08-11] (Intel Corporation) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26096 2018-08-11] (Intel Corporation) R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [44800 2018-08-11] (Infineon Technologies AG) R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2018-08-11] (Windows (R) Codename Longhorn DDK provider) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [165608 2018-08-11] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [95488 2018-08-12] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [42728 2018-08-12] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-08-12] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [73336 2018-08-12] (Malwarebytes) R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7523840 2018-08-11] (Intel Corporation) R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [7424 2018-08-11] () R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2018-08-12] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2018-08-12] (Zemana Ltd.) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-12 11:15 - 2018-08-12 11:15 - 000002491 _____ C:\Users\BECKO\Desktop\Malwarebytes.txt 2018-08-12 08:52 - 2018-08-12 08:52 - 000015151 _____ C:\Users\BECKO\Documents\malwarbytes.txt 2018-08-12 08:47 - 2018-08-12 08:47 - 000020296 _____ C:\Users\BECKO\Downloads\Addition.txt 2018-08-12 08:46 - 2018-08-12 12:24 - 000008853 _____ C:\Users\BECKO\Downloads\FRST.txt 2018-08-12 08:46 - 2018-08-12 12:23 - 000000000 ____D C:\FRST 2018-08-12 08:44 - 2018-08-12 08:44 - 001773056 _____ (Farbar) C:\Users\BECKO\Downloads\FRST.exe 2018-08-12 08:08 - 2018-08-12 12:23 - 000051064 _____ C:\Windows\ZAM.krnl.trace 2018-08-12 08:08 - 2018-08-12 12:23 - 000031792 _____ C:\Windows\ZAM_Guard.krnl.trace 2018-08-12 08:08 - 2018-08-12 08:08 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys 2018-08-12 08:08 - 2018-08-12 08:08 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys 2018-08-12 08:08 - 2018-08-12 08:08 - 000001892 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2018-08-12 08:08 - 2018-08-12 08:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2018-08-12 08:08 - 2018-08-12 08:08 - 000000000 ____D C:\Program Files\Zemana AntiMalware 2018-08-12 08:06 - 2018-08-12 08:06 - 000000000 ____D C:\Users\BECKO\AppData\Local\Zemana 2018-08-12 08:05 - 2018-08-12 08:05 - 006625600 _____ (Zemana Ltd. ) C:\Users\BECKO\Downloads\Zemana.AntiMalware.Setup.exe 2018-08-12 07:45 - 2018-08-12 07:45 - 007417040 _____ (Malwarebytes) C:\Users\BECKO\Downloads\adwcleaner_7.2.2.exe 2018-08-12 07:44 - 2018-08-12 07:45 - 000000000 ____D C:\AdwCleaner 2018-08-12 07:44 - 2018-08-12 07:44 - 007277776 _____ (Malwarebytes) C:\Users\BECKO\Downloads\adwcleaner_7.1.1.exe 2018-08-12 07:12 - 2018-08-12 07:12 - 000000000 ____D C:\Users\BECKO\AppData\Local\CrashDumps 2018-08-12 06:43 - 2018-08-12 08:36 - 000000000 ____D C:\ProgramData\RogueKiller 2018-08-12 06:43 - 2018-08-12 08:16 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys 2018-08-12 06:42 - 2018-08-12 11:08 - 000000000 ____D C:\Program Files\RogueKiller 2018-08-12 06:42 - 2018-08-12 06:42 - 000001005 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2018-08-12 06:42 - 2018-08-12 06:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2018-08-12 06:41 - 2018-08-12 06:41 - 036826200 _____ (Adlice Software ) C:\Users\BECKO\Downloads\RogueKiller_setup.exe 2018-08-12 06:39 - 2018-08-12 06:39 - 000000000 _____ C:\Users\BECKO\Downloads\RogueKiller.exe 2018-08-12 00:53 - 2018-08-12 00:53 - 000000046 _____ C:\Users\BECKO\AppData\Roaming\WB.CFG 2018-08-12 00:38 - 2018-08-11 13:48 - 000000000 ____D C:\Windows\Panther 2018-08-12 00:32 - 2018-08-12 00:32 - 000000000 ____D C:\Windows.old 2018-08-12 00:20 - 2018-08-12 00:20 - 000000000 ____D C:\Windows\pss 2018-08-11 22:23 - 2018-08-11 22:23 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf 2018-08-11 22:23 - 2018-08-11 22:23 - 000000000 ____D C:\Program Files\Synaptics 2018-08-11 22:18 - 2018-08-11 22:18 - 000214312 _____ (Synaptics Incorporated) C:\Windows\system32\SynCtrl.dll 2018-08-11 22:18 - 2018-08-11 22:18 - 000173352 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll 2018-08-11 22:18 - 2018-08-11 22:18 - 000120104 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo4.dll 2018-08-11 22:14 - 2018-08-11 22:14 - 000165160 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll 2018-08-11 22:11 - 2018-08-11 22:11 - 001303728 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys 2018-08-11 22:09 - 2018-08-11 22:09 - 000046592 _____ (REDC) C:\Windows\system32\Drivers\risdptsk.sys 2018-08-11 22:04 - 2018-08-11 22:04 - 000044800 _____ (Infineon Technologies AG) C:\Windows\system32\Drivers\ifxtpm.sys 2018-08-11 21:57 - 2018-08-11 21:57 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ATSwpWDF_01009.Wdf 2018-08-11 21:57 - 2018-08-11 21:57 - 000000000 ____D C:\Program Files\AuthenTec 2018-08-11 21:54 - 2018-08-11 21:54 - 000000000 ____D C:\Intel 2018-08-11 21:52 - 2018-08-11 21:53 - 000571904 _____ (Intel Corporation) C:\Windows\system32\igdumdx32.dll 2018-08-11 21:52 - 2018-08-11 21:52 - 000452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2018-08-11 21:51 - 2018-08-11 21:52 - 004411392 _____ (Intel Corporation) C:\Windows\system32\igd10umd32.dll 2018-08-11 21:48 - 2018-08-11 21:51 - 011405312 _____ (Intel Corporation) C:\Windows\system32\ig4icd32.dll 2018-08-11 21:48 - 2018-08-11 21:48 - 000004096 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll 2018-08-11 21:48 - 2018-08-11 21:48 - 000000268 _____ C:\Windows\system32\GfxUI.exe.config 2018-08-11 21:47 - 2018-08-11 21:48 - 003157784 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe 2018-08-11 21:47 - 2018-08-11 21:47 - 000189552 _____ C:\Windows\system32\Gfxres.th-TH.resources 2018-08-11 21:47 - 2018-08-11 21:47 - 000121173 _____ C:\Windows\system32\Gfxres.tr-TR.resources 2018-08-11 21:47 - 2018-08-11 21:47 - 000120320 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll 2018-08-11 21:47 - 2018-08-11 21:47 - 000104044 _____ C:\Windows\system32\Gfxres.zh-TW.resources 2018-08-11 21:47 - 2018-08-11 21:47 - 000102883 _____ C:\Windows\system32\Gfxres.zh-CN.resources 2018-08-11 21:46 - 2018-08-11 21:47 - 000119360 _____ C:\Windows\system32\Gfxres.sv-SE.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000178407 _____ C:\Windows\system32\Gfxres.el-GR.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000165395 _____ C:\Windows\system32\Gfxres.ru-RU.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000139909 _____ C:\Windows\system32\Gfxres.ar-SA.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000136401 _____ C:\Windows\system32\Gfxres.ja-JP.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000133746 _____ C:\Windows\system32\Gfxres.he-IL.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000125558 _____ C:\Windows\system32\Gfxres.it-IT.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000123230 _____ C:\Windows\system32\Gfxres.ko-KR.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000122927 _____ C:\Windows\system32\Gfxres.es-ES.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000122709 _____ C:\Windows\system32\Gfxres.de-DE.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000120800 _____ C:\Windows\system32\Gfxres.fr-FR.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000120366 _____ C:\Windows\system32\Gfxres.pt-BR.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000119616 _____ C:\Windows\system32\Gfxres.hu-HU.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000119586 _____ C:\Windows\system32\Gfxres.nl-NL.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000119067 _____ C:\Windows\system32\Gfxres.pt-PT.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000118745 _____ C:\Windows\system32\Gfxres.cs-CZ.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000118697 _____ C:\Windows\system32\Gfxres.fi-FI.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000118409 _____ C:\Windows\system32\Gfxres.pl-PL.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000118058 _____ C:\Windows\system32\Gfxres.sk-SK.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000114852 _____ C:\Windows\system32\Gfxres.nb-NO.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000114372 _____ C:\Windows\system32\Gfxres.sl-SI.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000114261 _____ C:\Windows\system32\Gfxres.da-DK.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000110214 _____ C:\Windows\system32\Gfxres.en-US.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc 2018-08-11 21:46 - 2018-08-11 21:46 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc 2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc 2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc 2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc 2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc 2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc 2018-08-11 21:46 - 2018-08-11 21:46 - 000084992 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc 2018-08-11 21:45 - 2018-08-11 21:46 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000084992 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000084480 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000084480 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000082944 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000082944 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc 2018-08-11 21:43 - 2018-08-11 21:45 - 008198936 _____ (Intel(R) Corporation) C:\Windows\system32\TVWSetup.exe 2018-08-11 21:43 - 2018-08-11 21:43 - 000261632 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll 2018-08-11 21:43 - 2018-08-11 21:43 - 000179480 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe 2018-08-11 21:43 - 2018-08-11 21:43 - 000023552 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll 2018-08-11 21:42 - 2018-08-11 21:43 - 000172824 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe 2018-08-11 21:42 - 2018-08-11 21:42 - 000828928 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll 2018-08-11 21:42 - 2018-08-11 21:42 - 000268056 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe 2018-08-11 21:42 - 2018-08-11 21:42 - 000228864 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll 2018-08-11 21:42 - 2018-08-11 21:42 - 000208896 _____ (Intel Corporation) C:\Windows\system32\iglhsip32.dll 2018-08-11 21:42 - 2018-08-11 21:42 - 000195584 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll 2018-08-11 21:42 - 2018-08-11 21:42 - 000171288 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe 2018-08-11 21:42 - 2018-08-11 21:42 - 000147456 _____ (Intel Corporation) C:\Windows\system32\iglhcp32.dll 2018-08-11 21:42 - 2018-08-11 21:42 - 000138008 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe 2018-08-11 21:42 - 2018-08-11 21:42 - 000130048 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll 2018-08-11 21:42 - 2018-08-11 21:42 - 000115200 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl 2018-08-11 21:42 - 2018-08-11 21:42 - 000095232 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll 2018-08-11 21:42 - 2018-08-11 21:42 - 000057856 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll 2018-08-11 21:41 - 2018-08-11 21:42 - 001921265 _____ C:\Windows\system32\iglhxa32.cpa 2018-08-11 21:41 - 2018-08-11 21:41 - 000439308 _____ C:\Windows\system32\igcompkrng500.bin 2018-08-11 21:41 - 2018-08-11 21:41 - 000092356 _____ C:\Windows\system32\igfcg500m.bin 2018-08-11 21:41 - 2018-08-11 21:41 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2555.dll 2018-08-11 21:41 - 2018-08-11 21:41 - 000060254 _____ C:\Windows\system32\iglhxg32.vp 2018-08-11 21:41 - 2018-08-11 21:41 - 000060226 _____ C:\Windows\system32\iglhxc32.vp 2018-08-11 21:41 - 2018-08-11 21:41 - 000060015 _____ C:\Windows\system32\iglhxo32.vp 2018-08-11 21:41 - 2018-08-11 21:41 - 000051628 _____ C:\Windows\system32\iglhxs32.vp 2018-08-11 21:41 - 2018-08-11 21:41 - 000001090 _____ C:\Windows\system32\iglhxa32.vp 2018-08-11 21:40 - 2018-08-11 21:41 - 000982240 _____ C:\Windows\system32\igkrng500.bin 2018-08-11 21:37 - 2018-08-11 21:37 - 000017408 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\KMWDFILTER.sys 2018-08-11 21:36 - 2018-08-11 21:36 - 000007424 _____ () C:\Windows\system32\Drivers\whfltr2k.sys 2018-08-11 20:30 - 2018-08-12 10:02 - 000073336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-08-11 20:30 - 2018-08-12 07:51 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-08-11 20:30 - 2018-08-12 07:51 - 000095488 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-08-11 20:30 - 2018-08-12 07:51 - 000042728 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-08-11 20:30 - 2018-08-11 20:30 - 000165608 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-08-11 20:27 - 2018-08-11 20:28 - 000000000 ____D C:\Users\BECKO\Downloads\windows.loader.v2.2.2 2018-08-11 20:26 - 2018-08-11 20:26 - 001768154 _____ C:\Users\BECKO\Downloads\windows.loader.v2.2.2.zip 2018-08-11 19:36 - 2018-08-11 19:36 - 078989872 _____ (Malwarebytes ) C:\Users\BECKO\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.6237.exe 2018-08-11 19:36 - 2018-08-11 19:36 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\Program Files\Malwarebytes 2018-08-11 19:36 - 2018-06-19 14:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys 2018-08-11 19:15 - 2018-08-11 19:15 - 000038224 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2018-08-11 19:14 - 2018-08-11 19:15 - 000000000 ____D C:\ProgramData\HitmanPro 2018-08-11 18:56 - 2018-08-12 08:13 - 000001134 _____ C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk 2018-08-11 18:54 - 2018-07-20 18:17 - 084469760 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Roaming\rasapi32.dll 2018-08-11 18:53 - 2018-08-12 06:28 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\41B13405-F6F9-0E07-41F8-1ED9F82C4739 2018-08-11 18:52 - 2018-08-11 19:54 - 000000000 ____D C:\ProgramData\McAfee 2018-08-11 18:51 - 2018-08-12 00:31 - 000000000 ____D C:\Windows\system32\yiuxtdsr 2018-08-11 18:50 - 2018-08-11 19:43 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Sound Volume Control 2018-08-11 18:47 - 2018-08-11 18:47 - 000000000 ____D C:\Windows\system32\appmgmt 2018-08-11 18:28 - 2018-08-11 18:28 - 017142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 011220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 004240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 003969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 003914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2018-08-11 18:28 - 2018-08-11 18:28 - 002166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 001926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2018-08-11 18:28 - 2018-08-11 18:28 - 001818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 001289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 001156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 001051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 000645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2018-08-11 18:28 - 2018-08-11 18:28 - 000610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2018-08-11 18:28 - 2018-08-11 18:28 - 000244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 000208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 000139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2018-08-11 18:28 - 2018-08-11 18:28 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000000000 ____D C:\Users\BECKO\AppData\LocalLow\Temp 2018-08-11 18:27 - 2018-08-11 18:27 - 001294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2018-08-11 18:27 - 2018-08-11 18:27 - 000868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2018-08-11 18:27 - 2018-08-11 18:27 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2018-08-11 18:27 - 2018-08-11 18:27 - 000240496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2018-08-11 18:27 - 2018-08-11 18:27 - 000231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2018-08-11 18:27 - 2018-08-11 18:27 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe 2018-08-11 18:27 - 2018-08-11 18:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 003419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 002284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 001988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 001247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 001230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 001158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 001080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2018-08-11 18:23 - 2018-08-11 18:23 - 001505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2018-08-11 18:22 - 2018-08-11 18:22 - 031194832 _____ (Microsoft Corporation) C:\Users\BECKO\Downloads\IE11-Windows6.1-x86-bg-bg.exe 2018-08-11 17:59 - 2018-08-11 18:02 - 009037312 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd32.sys 2018-08-11 17:57 - 2018-08-11 17:58 - 002760704 _____ (Intel Corporation) C:\Windows\system32\NETwNr32.dll 2018-08-11 17:57 - 2018-08-11 17:57 - 000684032 _____ (Intel Corporation) C:\Windows\system32\NETwNc32.dll 2018-08-11 17:55 - 2018-08-11 17:57 - 007523840 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETwNs32.sys 2018-08-11 17:55 - 2018-08-11 17:55 - 000527344 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys 2018-08-11 17:55 - 2018-08-11 17:55 - 000026096 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys 2018-08-11 17:54 - 2018-08-11 17:54 - 000232664 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1y6232.sys 2018-08-11 17:54 - 2018-08-11 17:54 - 000121440 _____ (Intel Corporation) C:\Windows\system32\e1000msg.dll 2018-08-11 17:54 - 2018-08-11 17:54 - 000081600 _____ (Intel Corporation) C:\Windows\system32\NicInstY.dll 2018-08-11 17:54 - 2018-08-11 17:54 - 000028792 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll 2018-08-11 17:54 - 2018-08-11 17:54 - 000003313 _____ C:\Windows\system32\e1y6232.din 2018-08-11 17:53 - 2018-08-11 17:53 - 000144600 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys 2018-08-11 17:53 - 2018-08-11 17:53 - 000060120 _____ (Broadcom Corporation.) C:\Windows\system32\btwdi.dll 2018-08-11 17:52 - 2018-08-11 17:53 - 001680088 _____ (Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe 2018-08-11 17:52 - 2018-08-11 17:52 - 001640152 _____ (Broadcom Corporation.) C:\Windows\system32\BcmBtRSupport.dll 2018-08-11 17:52 - 2018-08-11 17:52 - 000175320 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys 2018-08-11 17:50 - 2018-08-11 17:50 - 000048128 _____ (REDC) C:\Windows\system32\Drivers\rimmptsk.sys 2018-08-11 17:45 - 2018-08-11 17:45 - 001461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoinstaller01009.dll 2018-08-11 17:45 - 2018-08-11 17:45 - 000015544 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\CPQBttn.sys 2018-08-11 17:44 - 2018-08-11 17:44 - 000971752 _____ (AuthenTec, Inc.) C:\Windows\system32\Drivers\ATSwpWDF.sys 2018-08-11 17:42 - 2018-08-11 17:42 - 000035896 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\Accelerometer.sys 2018-08-11 17:42 - 2018-08-11 17:42 - 000026168 _____ (Hewlett-Packard Company) C:\Windows\system32\hpservice.exe 2018-08-11 17:42 - 2018-08-11 17:42 - 000025656 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\hpdskflt.sys 2018-08-11 17:42 - 2018-08-11 17:42 - 000016952 _____ (Hewlett-Packard Company) C:\Windows\system32\accelerometerdll.DLL 2018-08-11 17:42 - 2018-08-11 17:42 - 000014392 _____ (Hewlett-Packard Company) C:\Windows\system32\HPMDPCoInst12.dll 2018-08-11 17:40 - 2018-08-12 07:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy 2018-08-11 17:39 - 2018-08-11 17:39 - 004107032 _____ (Easeware ) C:\Users\BECKO\Downloads\DriverEasy_Setup.exe 2018-08-11 16:22 - 2018-08-11 16:22 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Adobe 2018-08-11 16:21 - 2018-08-11 18:15 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2018-08-11 16:21 - 2018-08-11 18:15 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2018-08-11 16:21 - 2018-08-11 18:15 - 000000000 ____D C:\Windows\system32\Macromed 2018-08-11 16:21 - 2018-08-11 18:15 - 000000000 ____D C:\Users\BECKO\AppData\Local\Adobe 2018-08-11 16:21 - 2018-08-11 16:21 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Macromedia 2018-08-11 16:21 - 2018-08-11 16:21 - 000000000 ____D C:\Users\BECKO\AppData\Local\CEF 2018-08-11 16:17 - 2018-08-11 17:11 - 000000000 ____D C:\Users\BECKO\AppData\Local\K-Meleon 2018-08-11 16:17 - 2018-08-11 16:17 - 000001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Meleon.lnk 2018-08-11 16:17 - 2018-08-11 16:17 - 000001067 _____ C:\Users\Public\Desktop\K-Meleon.lnk 2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\Downloads\k-meleon 2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Mozilla 2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\K-Meleon 2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Program Files\K-Meleon 2018-08-11 16:14 - 2018-08-11 16:14 - 032875887 _____ (kmeleonbrowser.org) C:\Users\BECKO\Downloads\K-Meleon76RC.exe 2018-08-11 16:04 - 2018-08-11 16:04 - 000000000 ____H C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf 2018-08-11 16:04 - 2018-08-11 16:04 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf 2018-08-11 16:04 - 2012-07-26 06:39 - 000526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2018-08-11 16:04 - 2012-07-26 06:39 - 000047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys 2018-08-11 16:04 - 2012-07-26 05:46 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll 2018-08-11 16:04 - 2012-06-02 17:34 - 000000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2018-08-11 14:20 - 2018-07-17 01:02 - 000480888 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2018-08-11 14:18 - 2018-08-11 14:18 - 000000492 _____ C:\Users\BECKO\Desktop\LFS.lnk 2018-08-11 14:04 - 2018-08-11 14:04 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-08-11 14:04 - 2018-08-11 14:04 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-08-11 14:04 - 2018-08-11 14:04 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Google 2018-08-11 14:03 - 2018-08-11 14:18 - 000000000 ____D C:\Users\BECKO\AppData\Local\Google 2018-08-11 14:03 - 2018-08-11 14:03 - 000000000 ____D C:\Program Files\Google 2018-08-11 14:02 - 2018-08-11 14:02 - 000057560 _____ C:\Users\BECKO\AppData\Local\GDIPFONTCACHEV1.DAT 2018-08-11 13:49 - 2018-08-11 13:49 - 000001417 _____ C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2018-08-11 13:49 - 2014-05-14 19:23 - 001973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2018-08-11 13:49 - 2014-05-14 19:23 - 000581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2018-08-11 13:49 - 2014-05-14 19:23 - 000054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2018-08-11 13:49 - 2014-05-14 19:23 - 000045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2018-08-11 13:49 - 2014-05-14 19:23 - 000036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2018-08-11 13:49 - 2014-05-14 19:17 - 002425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2018-08-11 13:49 - 2014-05-14 19:17 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2018-08-11 13:49 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2018-08-11 13:49 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2018-08-11 13:48 - 2018-08-12 08:13 - 000000000 ____D C:\Users\BECKO 2018-08-11 13:48 - 2018-08-11 13:48 - 000000020 ___SH C:\Users\BECKO\ntuser.ini 2018-08-11 13:48 - 2018-08-11 13:48 - 000000000 ____D C:\Users\BECKO\AppData\Local\VirtualStore 2018-08-11 13:48 - 2010-11-21 03:46 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Media Center Programs 2018-08-11 13:43 - 2018-08-11 13:43 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2018-08-11 13:42 - 2018-08-11 13:42 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2018-08-11 13:41 - 2018-08-11 13:41 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-12 07:58 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-08-12 07:58 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-08-12 07:56 - 2010-11-21 00:01 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI 2018-08-12 07:56 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf 2018-08-12 07:51 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-08-12 00:38 - 2009-07-14 07:52 - 000028672 _____ C:\Windows\system32\config\BCD-Template 2018-08-11 21:57 - 2009-07-14 07:52 - 000000000 ____D C:\Windows\system32\WinBioPlugIns 2018-08-11 21:40 - 2009-07-14 01:09 - 004967424 _____ (Intel Corporation) C:\Windows\system32\igdumd32.dll 2018-08-11 18:36 - 2009-07-14 07:33 - 000266808 _____ C:\Windows\system32\FNTCACHE.DAT 2018-08-11 18:34 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\PolicyDefinitions 2018-08-11 17:30 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\rescache 2018-08-11 17:24 - 2010-11-21 03:38 - 000000000 ____D C:\Windows\system32\WCN 2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\sysprep 2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\oobe 2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\migwiz 2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\servicing 2018-08-11 17:23 - 2010-11-21 03:46 - 000000000 ____D C:\Program Files\Windows Journal 2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Sidebar 2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Defender 2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\DVD Maker 2018-08-11 17:23 - 2009-07-14 05:37 - 000000000 ____D C:\Program Files\Common Files\System 2018-08-11 14:05 - 2017-10-21 15:53 - 000000000 ____D C:\LFS 2018-08-11 13:48 - 2009-07-14 05:37 - 000000000 __RHD C:\Users\Public\Libraries 2018-08-11 13:43 - 2009-07-14 07:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2018-08-11 13:39 - 2010-11-21 03:46 - 000000000 ____D C:\Windows\CSC ==================== Files in the root of some directories ======= 2018-08-11 18:54 - 2018-07-20 18:17 - 084469760 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Roaming\rasapi32.dll 2018-08-12 00:53 - 2018-08-12 00:53 - 000000046 _____ () C:\Users\BECKO\AppData\Roaming\WB.CFG Some files in TEMP: ==================== 2018-08-12 06:43 - 2018-08-11 18:28 - 001289096 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-08-11 13:38 ==================== End of FRST.txt ============================ Addition_12-08-2018 12.24.39.txt
  5. Zemana Zemana AntiMalware 2.74.2.150 (инсталираната версия) ------------------------------------------------------- Scan Result : Завършено Scan Date : 2018.8.12 Operating System : Windows 7 32-bit Processor : 2X Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz BIOS Mode : Legacy CUID : 12CD6E48306F022449211E Scan Type : Проверка на системата Duration : 4m 6s Scanned Objects : 26690 Detected Objects : 2 Excluded Objects : 0 Read Level : SCSI Auto Upload : Включен Detect All Extensions : Изключен Scan Documents : Изключен Domain Info : WORKGROUP,0,2 Detected Objects ------------------------------------------------------- Fake Chrome Shortcut Status : Проверено Object : %appdata%\microsoft\windows\start menu\programs\chromium.lnk MD5 : 6BA674537637AC7B3ED7AE6D2E470763 Publisher : - Size : 2261 Version : - Detection : Подозрителна настройка на браузъра Cleaning Action : Поправи Related Objects : Настройка на браузъра - Fake Chrome Shortcut Файл - %appdata%\microsoft\windows\start menu\programs\chromium.lnk Fake Chrome Shortcut Status : Проверено Object : %appdata%\microsoft\internet explorer\quick launch\chromium.lnk MD5 : E2FC3E043090D9506F1EB7534D3EB93A Publisher : - Size : 2255 Version : - Detection : Подозрителна настройка на браузъра Cleaning Action : Поправи Related Objects : Настройка на браузъра - Fake Chrome Shortcut Файл - %appdata%\microsoft\internet explorer\quick launch\chromium.lnk Cleaning Result ------------------------------------------------------- Cleaned : 2 Reported as safe : 0 Failed : 0 Roguekiller RogueKiller V12.12.31.0 [Aug 10 2018] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : BECKO [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller.exe Mode : Delete -- Date : 08/12/2018 08:16:35 (Duration : 00:19:18) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 2 ¤¤¤ [PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2811585A-1341-46A6-B753-511BDFC3E727} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files\Easeware\DriverEasy\DriverEasy.exe|Name=Driver Easy|Desc=Allow Driver Easy Access Internet to Scan and Download Drivers.| [x] -> Deleted [PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2811585A-1341-46A6-B753-511BDFC3E727} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files\Easeware\DriverEasy\DriverEasy.exe|Name=Driver Easy|Desc=Allow Driver Easy Access Internet to Scan and Download Drivers.| [x] -> Deleted ¤¤¤ Tasks : 2 ¤¤¤ [PUP.Gen1] %WINDIR%\Tasks\Driver Easy Scheduled Scan.job -- C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (--scan) -> Deleted [PUP.Gen1] \Driver Easy Scheduled Scan -- C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (--scan) -> Deleted ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ATA ST500LT012-1DG14 SCSI Disk Device +++++ --- User --- [MBR] 2c503346fe1942189db5c3b2b5447307 [BSP] b61ca2a6af7c9ec8c899cb22ba51b9b5 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 102504 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 210135040 | Size: 373884 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975849472 | Size: 450 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Ricoh SD/MMC Disk Device +++++ Error reading User MBR! ([15] ???????????? ?? ? ??????. ) Error reading LL1 MBR! ([32] ???????? ?? ?? ????????. ) Error reading LL2 MBR! ([32] ???????? ?? ?? ????????. ) Malwarebytes Malwarebytes www.malwarebytes.com -Детайли за регистъра- Дата на сканиране: 12.08.18 г. Час на сканиране: 11:11 Файл на регистъра: 4e684b14-9e07-11e8-8f67-002713343a56.json Администратор: Да -Информация за софтуера- Версия: 3.5.1.2522 Версия на компонентите: 1.0.391 Актуализирай версията на пакета: 1.0.6309 Лиценз: Пробен период -Системна информация- OS: Windows 7 Service Pack 1 CPU: x86 Файлова система: NTFS Потребител: BECKO-PC\BECKO -Резюме на сканирането- Тип сканиране: Threat Scan Сканирането е стартирано от: Ръчно Резултат: Завършено Сканирани обекти: 159070 Открити заплахи: 0 (Не бяха открити зловредни елементи) Заплахи под карантина: 0 (Не бяха открити зловредни елементи) Изтекло време: 3 мин, 46 сек -Опции за сканиране- Памет: Разрешено Стартиране: Разрешено Файлова система: Разрешено Архиви: Разрешено руткитове: Разрешено Евристика: Разрешено PUP: Открий PUM: Открий -Детайли за сканирането- Процес: 0 (Не бяха открити зловредни елементи) Модул: 0 (Не бяха открити зловредни елементи) Ключ на регистъра: 0 (Не бяха открити зловредни елементи) Стойност на регистъра: 0 (Не бяха открити зловредни елементи) Данни на регистъра: 0 (Не бяха открити зловредни елементи) Поток данни: 0 (Не бяха открити зловредни елементи) Папка: 0 (Не бяха открити зловредни елементи) Файл: 0 (Не бяха открити зловредни елементи) Физически сектор: 0 (Не бяха открити зловредни елементи) WMI: 0 (Не бяха открити зловредни елементи) (end) AdwCleaner # ------------------------------- # Malwarebytes AdwCleaner 7.2.2.0 # ------------------------------- # Build: 07-17-2018 # Database: 2018-08-10.2 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 08-12-2018 # Duration: 00:00:10 # OS: Windows 7 Ultimate # Scanned: 41771 # Detected: 0 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. AdwCleaner[S00].txt - [1247 octets] - [12/08/2018 07:45:40] AdwCleaner[C00].txt - [1352 octets] - [12/08/2018 07:45:58] AdwCleaner[S01].txt - [1369 octets] - [12/08/2018 07:50:12] AdwCleaner[C01].txt - [1535 octets] - [12/08/2018 07:50:24] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
  6. malwarbytes засече троянец и други гадинки Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.08.2018 Ran by BECKO (administrator) on BECKO-PC (12-08-2018 08:46:39) Running from C:\Users\BECKO\Downloads Loaded Profiles: BECKO (Available Profiles: BECKO) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Английски (Съединени щати) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2018-08-11] (Synaptics Incorporated) HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.) HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\...\Run: [Chromium] => "c:\users\becko\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{4447F6FC-1164-470A-9CC4-84A798333B40}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{566E0D37-D76E-44FA-984D-4A40BF15E2B7}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\BECKO\AppData\Roaming\K-Meleon\ignaeef5.default [2018-08-12] FF user.js: detected! => C:\Users\BECKO\AppData\Roaming\K-Meleon\ignaeef5.default\user.js [2006-04-06] FF Homepage: K-Meleon\ignaeef5.default -> google.bg FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2016-01-04] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-08-11] () FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-11] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-11] (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://google.bg/ CHR StartupUrls: Default -> "hxxps://www.google.bg/" CHR Profile: C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default [2018-08-12] CHR Extension: (Презентации) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-11] CHR Extension: (Документи) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-11] CHR Extension: (Google Диск) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-11] CHR Extension: (YouTube) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-11] CHR Extension: (Adblock Plus) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-08-11] CHR Extension: (Таблици) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-11] CHR Extension: (Google Документи офлайн) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-11] CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2018-08-11] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-11] CHR Extension: (Gmail) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-11] CHR Extension: (Chrome Media Router) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-11] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1680088 2018-08-11] (Broadcom Corporation.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [175320 2018-08-11] (Broadcom Corporation.) S3 btwampfl; C:\Windows\System32\DRIVERS\btwampfl.sys [144600 2018-08-11] (Broadcom Corporation.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-06-19] (Malwarebytes) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [38224 2018-08-11] () R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [527344 2018-08-11] (Intel Corporation) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26096 2018-08-11] (Intel Corporation) R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [44800 2018-08-11] (Infineon Technologies AG) R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2018-08-11] (Windows (R) Codename Longhorn DDK provider) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [165608 2018-08-11] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [95488 2018-08-12] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [42728 2018-08-12] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-08-12] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [73336 2018-08-12] (Malwarebytes) R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7523840 2018-08-11] (Intel Corporation) R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [7424 2018-08-11] () R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2018-08-12] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2018-08-12] (Zemana Ltd.) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-12 08:46 - 2018-08-12 08:47 - 000008916 _____ C:\Users\BECKO\Downloads\FRST.txt 2018-08-12 08:46 - 2018-08-12 08:46 - 000000000 ____D C:\FRST 2018-08-12 08:44 - 2018-08-12 08:44 - 001773056 _____ (Farbar) C:\Users\BECKO\Downloads\FRST.exe 2018-08-12 08:08 - 2018-08-12 08:46 - 000032169 _____ C:\Windows\ZAM.krnl.trace 2018-08-12 08:08 - 2018-08-12 08:46 - 000011705 _____ C:\Windows\ZAM_Guard.krnl.trace 2018-08-12 08:08 - 2018-08-12 08:08 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys 2018-08-12 08:08 - 2018-08-12 08:08 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys 2018-08-12 08:08 - 2018-08-12 08:08 - 000001892 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2018-08-12 08:08 - 2018-08-12 08:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2018-08-12 08:08 - 2018-08-12 08:08 - 000000000 ____D C:\Program Files\Zemana AntiMalware 2018-08-12 08:06 - 2018-08-12 08:06 - 000000000 ____D C:\Users\BECKO\AppData\Local\Zemana 2018-08-12 08:05 - 2018-08-12 08:05 - 006625600 _____ (Zemana Ltd. ) C:\Users\BECKO\Downloads\Zemana.AntiMalware.Setup.exe 2018-08-12 07:45 - 2018-08-12 07:45 - 007417040 _____ (Malwarebytes) C:\Users\BECKO\Downloads\adwcleaner_7.2.2.exe 2018-08-12 07:44 - 2018-08-12 07:45 - 000000000 ____D C:\AdwCleaner 2018-08-12 07:44 - 2018-08-12 07:44 - 007277776 _____ (Malwarebytes) C:\Users\BECKO\Downloads\adwcleaner_7.1.1.exe 2018-08-12 07:12 - 2018-08-12 07:12 - 000000000 ____D C:\Users\BECKO\AppData\Local\CrashDumps 2018-08-12 06:43 - 2018-08-12 08:36 - 000000000 ____D C:\ProgramData\RogueKiller 2018-08-12 06:43 - 2018-08-12 08:16 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys 2018-08-12 06:42 - 2018-08-12 06:42 - 000001005 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2018-08-12 06:42 - 2018-08-12 06:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2018-08-12 06:42 - 2018-08-12 06:42 - 000000000 ____D C:\Program Files\RogueKiller 2018-08-12 06:41 - 2018-08-12 06:41 - 036826200 _____ (Adlice Software ) C:\Users\BECKO\Downloads\RogueKiller_setup.exe 2018-08-12 06:39 - 2018-08-12 06:39 - 000000000 _____ C:\Users\BECKO\Downloads\RogueKiller.exe 2018-08-12 00:53 - 2018-08-12 00:53 - 000000046 _____ C:\Users\BECKO\AppData\Roaming\WB.CFG 2018-08-12 00:38 - 2018-08-11 13:48 - 000000000 ____D C:\Windows\Panther 2018-08-12 00:32 - 2018-08-12 00:32 - 000000000 ____D C:\Windows.old 2018-08-12 00:20 - 2018-08-12 00:20 - 000000000 ____D C:\Windows\pss 2018-08-11 22:23 - 2018-08-11 22:23 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf 2018-08-11 22:23 - 2018-08-11 22:23 - 000000000 ____D C:\Program Files\Synaptics 2018-08-11 22:18 - 2018-08-11 22:18 - 000214312 _____ (Synaptics Incorporated) C:\Windows\system32\SynCtrl.dll 2018-08-11 22:18 - 2018-08-11 22:18 - 000173352 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll 2018-08-11 22:18 - 2018-08-11 22:18 - 000120104 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo4.dll 2018-08-11 22:14 - 2018-08-11 22:14 - 000165160 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll 2018-08-11 22:11 - 2018-08-11 22:11 - 001303728 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys 2018-08-11 22:09 - 2018-08-11 22:09 - 000046592 _____ (REDC) C:\Windows\system32\Drivers\risdptsk.sys 2018-08-11 22:04 - 2018-08-11 22:04 - 000044800 _____ (Infineon Technologies AG) C:\Windows\system32\Drivers\ifxtpm.sys 2018-08-11 21:57 - 2018-08-11 21:57 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ATSwpWDF_01009.Wdf 2018-08-11 21:57 - 2018-08-11 21:57 - 000000000 ____D C:\Program Files\AuthenTec 2018-08-11 21:54 - 2018-08-11 21:54 - 000000000 ____D C:\Intel 2018-08-11 21:52 - 2018-08-11 21:53 - 000571904 _____ (Intel Corporation) C:\Windows\system32\igdumdx32.dll 2018-08-11 21:52 - 2018-08-11 21:52 - 000452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2018-08-11 21:51 - 2018-08-11 21:52 - 004411392 _____ (Intel Corporation) C:\Windows\system32\igd10umd32.dll 2018-08-11 21:48 - 2018-08-11 21:51 - 011405312 _____ (Intel Corporation) C:\Windows\system32\ig4icd32.dll 2018-08-11 21:48 - 2018-08-11 21:48 - 000004096 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll 2018-08-11 21:48 - 2018-08-11 21:48 - 000000268 _____ C:\Windows\system32\GfxUI.exe.config 2018-08-11 21:47 - 2018-08-11 21:48 - 003157784 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe 2018-08-11 21:47 - 2018-08-11 21:47 - 000189552 _____ C:\Windows\system32\Gfxres.th-TH.resources 2018-08-11 21:47 - 2018-08-11 21:47 - 000121173 _____ C:\Windows\system32\Gfxres.tr-TR.resources 2018-08-11 21:47 - 2018-08-11 21:47 - 000120320 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll 2018-08-11 21:47 - 2018-08-11 21:47 - 000104044 _____ C:\Windows\system32\Gfxres.zh-TW.resources 2018-08-11 21:47 - 2018-08-11 21:47 - 000102883 _____ C:\Windows\system32\Gfxres.zh-CN.resources 2018-08-11 21:46 - 2018-08-11 21:47 - 000119360 _____ C:\Windows\system32\Gfxres.sv-SE.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000178407 _____ C:\Windows\system32\Gfxres.el-GR.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000165395 _____ C:\Windows\system32\Gfxres.ru-RU.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000139909 _____ C:\Windows\system32\Gfxres.ar-SA.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000136401 _____ C:\Windows\system32\Gfxres.ja-JP.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000133746 _____ C:\Windows\system32\Gfxres.he-IL.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000125558 _____ C:\Windows\system32\Gfxres.it-IT.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000123230 _____ C:\Windows\system32\Gfxres.ko-KR.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000122927 _____ C:\Windows\system32\Gfxres.es-ES.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000122709 _____ C:\Windows\system32\Gfxres.de-DE.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000120800 _____ C:\Windows\system32\Gfxres.fr-FR.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000120366 _____ C:\Windows\system32\Gfxres.pt-BR.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000119616 _____ C:\Windows\system32\Gfxres.hu-HU.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000119586 _____ C:\Windows\system32\Gfxres.nl-NL.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000119067 _____ C:\Windows\system32\Gfxres.pt-PT.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000118745 _____ C:\Windows\system32\Gfxres.cs-CZ.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000118697 _____ C:\Windows\system32\Gfxres.fi-FI.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000118409 _____ C:\Windows\system32\Gfxres.pl-PL.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000118058 _____ C:\Windows\system32\Gfxres.sk-SK.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000114852 _____ C:\Windows\system32\Gfxres.nb-NO.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000114372 _____ C:\Windows\system32\Gfxres.sl-SI.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000114261 _____ C:\Windows\system32\Gfxres.da-DK.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000110214 _____ C:\Windows\system32\Gfxres.en-US.resources 2018-08-11 21:46 - 2018-08-11 21:46 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc 2018-08-11 21:46 - 2018-08-11 21:46 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc 2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc 2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc 2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc 2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc 2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc 2018-08-11 21:46 - 2018-08-11 21:46 - 000084992 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc 2018-08-11 21:45 - 2018-08-11 21:46 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000084992 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000084480 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000084480 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000082944 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000082944 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc 2018-08-11 21:45 - 2018-08-11 21:45 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc 2018-08-11 21:43 - 2018-08-11 21:45 - 008198936 _____ (Intel(R) Corporation) C:\Windows\system32\TVWSetup.exe 2018-08-11 21:43 - 2018-08-11 21:43 - 000261632 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll 2018-08-11 21:43 - 2018-08-11 21:43 - 000179480 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe 2018-08-11 21:43 - 2018-08-11 21:43 - 000023552 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll 2018-08-11 21:42 - 2018-08-11 21:43 - 000172824 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe 2018-08-11 21:42 - 2018-08-11 21:42 - 000828928 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll 2018-08-11 21:42 - 2018-08-11 21:42 - 000268056 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe 2018-08-11 21:42 - 2018-08-11 21:42 - 000228864 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll 2018-08-11 21:42 - 2018-08-11 21:42 - 000208896 _____ (Intel Corporation) C:\Windows\system32\iglhsip32.dll 2018-08-11 21:42 - 2018-08-11 21:42 - 000195584 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll 2018-08-11 21:42 - 2018-08-11 21:42 - 000171288 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe 2018-08-11 21:42 - 2018-08-11 21:42 - 000147456 _____ (Intel Corporation) C:\Windows\system32\iglhcp32.dll 2018-08-11 21:42 - 2018-08-11 21:42 - 000138008 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe 2018-08-11 21:42 - 2018-08-11 21:42 - 000130048 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll 2018-08-11 21:42 - 2018-08-11 21:42 - 000115200 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl 2018-08-11 21:42 - 2018-08-11 21:42 - 000095232 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll 2018-08-11 21:42 - 2018-08-11 21:42 - 000057856 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll 2018-08-11 21:41 - 2018-08-11 21:42 - 001921265 _____ C:\Windows\system32\iglhxa32.cpa 2018-08-11 21:41 - 2018-08-11 21:41 - 000439308 _____ C:\Windows\system32\igcompkrng500.bin 2018-08-11 21:41 - 2018-08-11 21:41 - 000092356 _____ C:\Windows\system32\igfcg500m.bin 2018-08-11 21:41 - 2018-08-11 21:41 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2555.dll 2018-08-11 21:41 - 2018-08-11 21:41 - 000060254 _____ C:\Windows\system32\iglhxg32.vp 2018-08-11 21:41 - 2018-08-11 21:41 - 000060226 _____ C:\Windows\system32\iglhxc32.vp 2018-08-11 21:41 - 2018-08-11 21:41 - 000060015 _____ C:\Windows\system32\iglhxo32.vp 2018-08-11 21:41 - 2018-08-11 21:41 - 000051628 _____ C:\Windows\system32\iglhxs32.vp 2018-08-11 21:41 - 2018-08-11 21:41 - 000001090 _____ C:\Windows\system32\iglhxa32.vp 2018-08-11 21:40 - 2018-08-11 21:41 - 000982240 _____ C:\Windows\system32\igkrng500.bin 2018-08-11 21:37 - 2018-08-11 21:37 - 000017408 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\KMWDFILTER.sys 2018-08-11 21:36 - 2018-08-11 21:36 - 000007424 _____ () C:\Windows\system32\Drivers\whfltr2k.sys 2018-08-11 20:30 - 2018-08-12 07:51 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-08-11 20:30 - 2018-08-12 07:51 - 000095488 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-08-11 20:30 - 2018-08-12 07:51 - 000073336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-08-11 20:30 - 2018-08-12 07:51 - 000042728 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-08-11 20:30 - 2018-08-11 20:30 - 000165608 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-08-11 20:27 - 2018-08-11 20:28 - 000000000 ____D C:\Users\BECKO\Downloads\windows.loader.v2.2.2 2018-08-11 20:26 - 2018-08-11 20:26 - 001768154 _____ C:\Users\BECKO\Downloads\windows.loader.v2.2.2.zip 2018-08-11 19:36 - 2018-08-11 19:36 - 078989872 _____ (Malwarebytes ) C:\Users\BECKO\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.6237.exe 2018-08-11 19:36 - 2018-08-11 19:36 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\Program Files\Malwarebytes 2018-08-11 19:36 - 2018-06-19 14:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys 2018-08-11 19:15 - 2018-08-11 19:15 - 000038224 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2018-08-11 19:14 - 2018-08-11 19:15 - 000000000 ____D C:\ProgramData\HitmanPro 2018-08-11 18:56 - 2018-08-12 08:13 - 000001134 _____ C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk 2018-08-11 18:54 - 2018-07-20 18:17 - 084469760 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Roaming\rasapi32.dll 2018-08-11 18:53 - 2018-08-12 06:28 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\41B13405-F6F9-0E07-41F8-1ED9F82C4739 2018-08-11 18:52 - 2018-08-11 19:54 - 000000000 ____D C:\ProgramData\McAfee 2018-08-11 18:51 - 2018-08-12 00:31 - 000000000 ____D C:\Windows\system32\yiuxtdsr 2018-08-11 18:50 - 2018-08-11 19:43 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Sound Volume Control 2018-08-11 18:47 - 2018-08-11 18:47 - 000000000 ____D C:\Windows\system32\appmgmt 2018-08-11 18:28 - 2018-08-11 18:28 - 017142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 011220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 004240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 003969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 003914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2018-08-11 18:28 - 2018-08-11 18:28 - 002166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 001926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2018-08-11 18:28 - 2018-08-11 18:28 - 001818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 001289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 001156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 001051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 000645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2018-08-11 18:28 - 2018-08-11 18:28 - 000610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2018-08-11 18:28 - 2018-08-11 18:28 - 000244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 000208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 000139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2018-08-11 18:28 - 2018-08-11 18:28 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2018-08-11 18:28 - 2018-08-11 18:28 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2018-08-11 18:28 - 2018-08-11 18:28 - 000000000 ____D C:\Users\BECKO\AppData\LocalLow\Temp 2018-08-11 18:27 - 2018-08-11 18:27 - 001294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2018-08-11 18:27 - 2018-08-11 18:27 - 000868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2018-08-11 18:27 - 2018-08-11 18:27 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2018-08-11 18:27 - 2018-08-11 18:27 - 000240496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2018-08-11 18:27 - 2018-08-11 18:27 - 000231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2018-08-11 18:27 - 2018-08-11 18:27 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe 2018-08-11 18:27 - 2018-08-11 18:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 003419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 002284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 001988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 001247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 001230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 001158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 001080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2018-08-11 18:25 - 2018-08-11 18:25 - 000002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2018-08-11 18:23 - 2018-08-11 18:23 - 001505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2018-08-11 18:22 - 2018-08-11 18:22 - 031194832 _____ (Microsoft Corporation) C:\Users\BECKO\Downloads\IE11-Windows6.1-x86-bg-bg.exe 2018-08-11 17:59 - 2018-08-11 18:02 - 009037312 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd32.sys 2018-08-11 17:57 - 2018-08-11 17:58 - 002760704 _____ (Intel Corporation) C:\Windows\system32\NETwNr32.dll 2018-08-11 17:57 - 2018-08-11 17:57 - 000684032 _____ (Intel Corporation) C:\Windows\system32\NETwNc32.dll 2018-08-11 17:55 - 2018-08-11 17:57 - 007523840 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETwNs32.sys 2018-08-11 17:55 - 2018-08-11 17:55 - 000527344 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys 2018-08-11 17:55 - 2018-08-11 17:55 - 000026096 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys 2018-08-11 17:54 - 2018-08-11 17:54 - 000232664 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1y6232.sys 2018-08-11 17:54 - 2018-08-11 17:54 - 000121440 _____ (Intel Corporation) C:\Windows\system32\e1000msg.dll 2018-08-11 17:54 - 2018-08-11 17:54 - 000081600 _____ (Intel Corporation) C:\Windows\system32\NicInstY.dll 2018-08-11 17:54 - 2018-08-11 17:54 - 000028792 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll 2018-08-11 17:54 - 2018-08-11 17:54 - 000003313 _____ C:\Windows\system32\e1y6232.din 2018-08-11 17:53 - 2018-08-11 17:53 - 000144600 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys 2018-08-11 17:53 - 2018-08-11 17:53 - 000060120 _____ (Broadcom Corporation.) C:\Windows\system32\btwdi.dll 2018-08-11 17:52 - 2018-08-11 17:53 - 001680088 _____ (Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe 2018-08-11 17:52 - 2018-08-11 17:52 - 001640152 _____ (Broadcom Corporation.) C:\Windows\system32\BcmBtRSupport.dll 2018-08-11 17:52 - 2018-08-11 17:52 - 000175320 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys 2018-08-11 17:50 - 2018-08-11 17:50 - 000048128 _____ (REDC) C:\Windows\system32\Drivers\rimmptsk.sys 2018-08-11 17:45 - 2018-08-11 17:45 - 001461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoinstaller01009.dll 2018-08-11 17:45 - 2018-08-11 17:45 - 000015544 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\CPQBttn.sys 2018-08-11 17:44 - 2018-08-11 17:44 - 000971752 _____ (AuthenTec, Inc.) C:\Windows\system32\Drivers\ATSwpWDF.sys 2018-08-11 17:42 - 2018-08-11 17:42 - 000035896 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\Accelerometer.sys 2018-08-11 17:42 - 2018-08-11 17:42 - 000026168 _____ (Hewlett-Packard Company) C:\Windows\system32\hpservice.exe 2018-08-11 17:42 - 2018-08-11 17:42 - 000025656 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\hpdskflt.sys 2018-08-11 17:42 - 2018-08-11 17:42 - 000016952 _____ (Hewlett-Packard Company) C:\Windows\system32\accelerometerdll.DLL 2018-08-11 17:42 - 2018-08-11 17:42 - 000014392 _____ (Hewlett-Packard Company) C:\Windows\system32\HPMDPCoInst12.dll 2018-08-11 17:40 - 2018-08-12 07:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy 2018-08-11 17:39 - 2018-08-11 17:39 - 004107032 _____ (Easeware ) C:\Users\BECKO\Downloads\DriverEasy_Setup.exe 2018-08-11 16:22 - 2018-08-11 16:22 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Adobe 2018-08-11 16:21 - 2018-08-11 18:15 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2018-08-11 16:21 - 2018-08-11 18:15 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2018-08-11 16:21 - 2018-08-11 18:15 - 000000000 ____D C:\Windows\system32\Macromed 2018-08-11 16:21 - 2018-08-11 18:15 - 000000000 ____D C:\Users\BECKO\AppData\Local\Adobe 2018-08-11 16:21 - 2018-08-11 16:21 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Macromedia 2018-08-11 16:21 - 2018-08-11 16:21 - 000000000 ____D C:\Users\BECKO\AppData\Local\CEF 2018-08-11 16:17 - 2018-08-11 17:11 - 000000000 ____D C:\Users\BECKO\AppData\Local\K-Meleon 2018-08-11 16:17 - 2018-08-11 16:17 - 000001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Meleon.lnk 2018-08-11 16:17 - 2018-08-11 16:17 - 000001067 _____ C:\Users\Public\Desktop\K-Meleon.lnk 2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\Downloads\k-meleon 2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Mozilla 2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\K-Meleon 2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Program Files\K-Meleon 2018-08-11 16:14 - 2018-08-11 16:14 - 032875887 _____ (kmeleonbrowser.org) C:\Users\BECKO\Downloads\K-Meleon76RC.exe 2018-08-11 16:04 - 2018-08-11 16:04 - 000000000 ____H C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf 2018-08-11 16:04 - 2018-08-11 16:04 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf 2018-08-11 16:04 - 2012-07-26 06:39 - 000526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2018-08-11 16:04 - 2012-07-26 06:39 - 000047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys 2018-08-11 16:04 - 2012-07-26 05:46 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll 2018-08-11 16:04 - 2012-06-02 17:34 - 000000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2018-08-11 14:20 - 2018-07-17 01:02 - 000480888 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2018-08-11 14:18 - 2018-08-11 14:18 - 000000492 _____ C:\Users\BECKO\Desktop\LFS.lnk 2018-08-11 14:04 - 2018-08-11 14:04 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-08-11 14:04 - 2018-08-11 14:04 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-08-11 14:04 - 2018-08-11 14:04 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Google 2018-08-11 14:03 - 2018-08-11 14:18 - 000000000 ____D C:\Users\BECKO\AppData\Local\Google 2018-08-11 14:03 - 2018-08-11 14:03 - 000000000 ____D C:\Program Files\Google 2018-08-11 14:02 - 2018-08-11 14:02 - 000057560 _____ C:\Users\BECKO\AppData\Local\GDIPFONTCACHEV1.DAT 2018-08-11 13:49 - 2018-08-11 13:49 - 000001417 _____ C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2018-08-11 13:49 - 2014-05-14 19:23 - 001973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2018-08-11 13:49 - 2014-05-14 19:23 - 000581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2018-08-11 13:49 - 2014-05-14 19:23 - 000054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2018-08-11 13:49 - 2014-05-14 19:23 - 000045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2018-08-11 13:49 - 2014-05-14 19:23 - 000036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2018-08-11 13:49 - 2014-05-14 19:17 - 002425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2018-08-11 13:49 - 2014-05-14 19:17 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2018-08-11 13:49 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2018-08-11 13:49 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2018-08-11 13:48 - 2018-08-12 08:13 - 000000000 ____D C:\Users\BECKO 2018-08-11 13:48 - 2018-08-11 13:48 - 000000020 ___SH C:\Users\BECKO\ntuser.ini 2018-08-11 13:48 - 2018-08-11 13:48 - 000000000 ____D C:\Users\BECKO\AppData\Local\VirtualStore 2018-08-11 13:48 - 2010-11-21 03:46 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Media Center Programs 2018-08-11 13:43 - 2018-08-11 13:43 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2018-08-11 13:42 - 2018-08-11 13:42 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2018-08-11 13:41 - 2018-08-11 13:41 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-12 07:58 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-08-12 07:58 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-08-12 07:56 - 2010-11-21 00:01 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI 2018-08-12 07:56 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf 2018-08-12 07:51 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-08-12 00:38 - 2009-07-14 07:52 - 000028672 _____ C:\Windows\system32\config\BCD-Template 2018-08-11 21:57 - 2009-07-14 07:52 - 000000000 ____D C:\Windows\system32\WinBioPlugIns 2018-08-11 21:40 - 2009-07-14 01:09 - 004967424 _____ (Intel Corporation) C:\Windows\system32\igdumd32.dll 2018-08-11 18:36 - 2009-07-14 07:33 - 000266808 _____ C:\Windows\system32\FNTCACHE.DAT 2018-08-11 18:34 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\PolicyDefinitions 2018-08-11 17:30 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\rescache 2018-08-11 17:24 - 2010-11-21 03:38 - 000000000 ____D C:\Windows\system32\WCN 2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\sysprep 2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\oobe 2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\migwiz 2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\servicing 2018-08-11 17:23 - 2010-11-21 03:46 - 000000000 ____D C:\Program Files\Windows Journal 2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Sidebar 2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Defender 2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\DVD Maker 2018-08-11 17:23 - 2009-07-14 05:37 - 000000000 ____D C:\Program Files\Common Files\System 2018-08-11 14:05 - 2017-10-21 15:53 - 000000000 ____D C:\LFS 2018-08-11 13:48 - 2009-07-14 05:37 - 000000000 __RHD C:\Users\Public\Libraries 2018-08-11 13:43 - 2009-07-14 07:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2018-08-11 13:39 - 2010-11-21 03:46 - 000000000 ____D C:\Windows\CSC ==================== Files in the root of some directories ======= 2018-08-11 18:54 - 2018-07-20 18:17 - 084469760 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Roaming\rasapi32.dll 2018-08-12 00:53 - 2018-08-12 00:53 - 000000046 _____ () C:\Users\BECKO\AppData\Roaming\WB.CFG Some files in TEMP: ==================== 2018-08-12 06:43 - 2018-08-11 18:28 - 001289096 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-08-11 13:38 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02.08.2018 Ran by BECKO (12-08-2018 08:47:38) Running from C:\Users\BECKO\Downloads Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2018-08-11 10:48:46) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4192057778-3853912004-1886924142-500 - Administrator - Disabled) BECKO (S-1-5-21-4192057778-3853912004-1886924142-1001 - Administrator - Enabled) => C:\Users\BECKO Guest (S-1-5-21-4192057778-3853912004-1886924142-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4192057778-3853912004-1886924142-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated) Adobe Flash Player 30 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated) Driver Easy 5.6.4 (HKLM\...\DriverEasy_is1) (Version: 5.6.4 - Easeware) Google Chrome (HKLM\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden K-Meleon 76.0 (x86 en-US) (HKLM\...\K-Meleon 76.0 (x86 en-US)) (Version: 76.0 - kmeleonbrowser.org) Malwarebytes, версия 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes) Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation) RogueKiller version 12.12.31.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.31.0 - Adlice Software) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated) Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4192057778-3853912004-1886924142-1001_Classes\CLSID\{d33c6260-dafc-4b90-bf39-8ad6a5f19b7d}\localserver32 -> "C:\Program Files\Avira\SoftwareUpdater\AviraSoftwareUpdaterToastNotificationsBridge.exe" -ToastActivated => No File ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2018-08-12] () ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2018-08-11] (Intel Corporation) ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2018-08-12] () ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {15D51586-5D78-42F1-9AC0-F11850F32BB2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-08-11] (Adobe Systems Incorporated) Task: {4311FBF7-FF23-4B96-8A7A-7C848E6879A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-08-11] (Google Inc.) Task: {755ADDF9-F707-4126-9FD6-5EE5C09A6ED0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-08-11] (Google Inc.) Task: {87310821-94B6-4F2B-B233-805F8167F2AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-11] (Adobe Systems Incorporated) Task: {A663C5B5-F8F8-4769-83E9-A86545183E28} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-08-11] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-08-11 19:36 - 2018-07-03 12:59 - 002077904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2018-08-11 19:36 - 2018-06-18 13:32 - 002169040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-08-11 14:04 - 2018-08-08 03:55 - 004076888 _____ () C:\Program Files\Google\Chrome\Application\68.0.3440.106\libglesv2.dll 2018-08-11 14:04 - 2018-08-08 03:55 - 000096088 _____ () C:\Program Files\Google\Chrome\Application\68.0.3440.106\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\system32\config\systemprofile:.repos [6121592] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 05:04 - 2009-06-11 00:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{38F020BD-9D8B-47A7-BA58-523640743E70}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{73CDBD4B-E707-4433-90BB-0CA4D37853D5}D:\lfs\lfs.exe] => (Allow) D:\lfs\lfs.exe FirewallRules: [UDP Query User{43AE0B81-FBBA-40D9-9930-B10662946E5D}D:\lfs\lfs.exe] => (Allow) D:\lfs\lfs.exe FirewallRules: [{EB2B59E7-24DC-4376-8CA5-5C73EB6B45AC}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [TCP Query User{3CA70832-11D6-43D6-996B-CE4FD0FFCA2F}C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe] => (Allow) C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe FirewallRules: [UDP Query User{A8FAE1F8-F48D-463D-9467-C469B6224C66}C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe] => (Allow) C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe FirewallRules: [{C20D9306-3310-4603-955A-D8750AB02ABC}] => (Allow) C:\Users\BECKO\AppData\Local\Chromium\Application\chrome.exe ==================== Restore Points ========================= 11-08-2018 13:48:58 Windows Update 11-08-2018 14:19:49 Windows Update 11-08-2018 16:16:29 Windows Backup 11-08-2018 16:53:14 Language Pack Installation 11-08-2018 18:23:09 Програма за инсталиране на модули за Windows 11-08-2018 18:41:57 Windows Update 11-08-2018 18:46:40 Removed Avira Software Updater 11-08-2018 19:18:13 Точка на възстановяване на HitmanPro 11-08-2018 19:29:58 Точка на възстановяване на HitmanPro ==================== Faulty Device Manager Devices ============= Name: RICOH Bay8Controller Description: RICOH Bay8Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/12/2018 07:53:07 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/12/2018 07:48:58 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/12/2018 07:16:25 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/12/2018 07:12:39 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Име на приложение с грешки: rundll32.exe_rasapi32.dll, версия: 6.1.7600.16385, времево клеймо: 0x4a5bc637 Име на модул с грешки: rasapi32.dll_unloaded, версия: 0.0.0.0, времево клеймо: 0x5b51fcfc Код на изключение: 0xc0000005 Отместване на грешка: 0x5d2300fb ИД на процес на грешка: 0xc58 Начален час на приложението с грешки: 0x01d431b9f55ad649 Път на приложението с грешки: C:\Windows\System32\rundll32.exe Път на модула с грешки: rasapi32.dll ИД на доклад: f345bb24-9de5-11e8-8c5b-002713343a56 Error: (08/12/2018 12:27:39 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/11/2018 10:30:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/11/2018 08:31:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/11/2018 07:56:18 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (08/12/2018 07:50:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Услуга Software Protection беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 120000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service. Error: (08/12/2018 07:50:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Услуга HP Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). Error: (08/12/2018 07:50:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Услуга Windows Media Player Network Sharing Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 30000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service. Error: (08/12/2018 07:50:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Услуга Bluetooth Driver Management Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). Error: (08/12/2018 07:46:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Услуга Windows Media Player Network Sharing Service не може да бъде стартирана поради следната грешка: Системата не може да намери указания път. Error: (08/12/2018 07:45:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Услуга HP Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). Error: (08/12/2018 07:45:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Услуга Bluetooth Driver Management Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). Error: (08/12/2018 07:45:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Услуга Windows Media Player Network Sharing Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 30000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service. Windows Defender: =================================== Date: 2018-08-11 18:49:37.775 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Prepscram&threatid=226289 Name:SoftwareBundler:Win32/Prepscram ID:226289 Severity:High Category:Software Bundler Path Found:file:C:\Program Files\KMSPico 10.2.1 Final\WindowsLoader.exe;process:pid:1664 Detection Type:Concrete Detection Source:Real-Time Protection Status:Unknown Process Name: CodeIntegrity: =================================== Date: 2018-08-11 18:47:53.133 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system. Date: 2018-08-11 18:47:33.024 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system. Date: 2018-08-11 18:46:32.355 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system. Date: 2018-08-11 18:36:54.706 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system. Date: 2018-08-11 18:34:39.836 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system. Date: 2018-08-11 18:29:33.389 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system. Date: 2018-08-11 18:26:43.817 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system. Date: 2018-08-11 18:19:33.847 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz Percentage of memory in use: 57% Total physical RAM: 3000.26 MB Available physical RAM: 1266.7 MB Total Virtual: 7094.55 MB Available Virtual: 5571.67 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:100.1 GB) (Free:34 GB) NTFS Drive d: () (Fixed) (Total:365.12 GB) (Free:278.48 GB) NTFS \\?\Volume{b6af5893-9d52-11e8-b3b1-806e6f6e6963}\ (Резервирана за системата) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS \\?\Volume{b6af5896-9d52-11e8-b3b1-806e6f6e6963}\ () (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0FD73A73) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=100.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=365.1 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=450 MB) - (Type=27) ==================== End of Addition.txt ============================ това беше открито снощи Malwarebytes www.malwarebytes.com -Детайли за регистъра- Дата на сканиране: 11.08.18 г. Час на сканиране: 19:39 Файл на регистъра: 1355b5a2-9d85-11e8-97c9-002713343a56.json Администратор: Да -Информация за софтуера- Версия: 3.5.1.2522 Версия на компонентите: 1.0.391 Актуализирай версията на пакета: 1.0.6301 Лиценз: Пробен период -Системна информация- OS: Windows 7 Service Pack 1 CPU: x86 Файлова система: NTFS Потребител: BECKO-PC\BECKO -Резюме на сканирането- Тип сканиране: Threat Scan Сканирането е стартирано от: Ръчно Резултат: Завършено Сканирани обекти: 158748 Открити заплахи: 85 Заплахи под карантина: 85 Изтекло време: 3 мин, 55 сек -Опции за сканиране- Памет: Разрешено Стартиране: Разрешено Файлова система: Разрешено Архиви: Разрешено руткитове: Разрешено Евристика: Разрешено PUP: Открий PUM: Открий -Детайли за сканирането- Процес: 0 (Не бяха открити зловредни елементи) Модул: 0 (Не бяха открити зловредни елементи) Ключ на регистъра: 16 PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Chromium tatec, Под карантина, [3754], [483380],1.0.6301 PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3754], [483380],1.0.6301 PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3754], [483380],1.0.6301 Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OPERA SCHEDULED AUTOUPDATE 4086469641, Под карантина, [103], [535908],1.0.6301 Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5A62AD84-CD2D-4C9B-AB06-213D0315B69D}, Под карантина, [103], [535908],1.0.6301 Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{5A62AD84-CD2D-4C9B-AB06-213D0315B69D}, Под карантина, [103], [535908],1.0.6301 Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Multitimer_is1, Под карантина, [2764], [474048],1.0.6301 PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chromium tatec, Под карантина, [3725], [-1],0.0.0 PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3725], [-1],0.0.0 PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3725], [-1],0.0.0 Adware.FastDataX, HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\SOFTWARE\FastDataX, Под карантина, [3932], [484533],1.0.6301 Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\campaign9961, Под карантина, [417], [518478],1.0.6301 Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, Под карантина, [417], [518476],1.0.6301 Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\Speedycar, Под карантина, [417], [518473],1.0.6301 Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\TechnologyDesktopnew, Под карантина, [417], [518479],1.0.6301 PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D2A33A63-8223-EBE3-33A3-9B63E32348E3}, Под карантина, [3725], [542290],1.0.6301 Стойност на регистъра: 6 Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Multitimer, Под карантина, [2764], [474048],1.0.6301 PUP.Optional.NotChromeRun, HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GOOGLECHROMEAUTOLAUNCH_A26881468A4EFB18BAF645F9B1FB72E9, Под карантина, [6940], [241243],1.0.6301 Adware.Tuto4PC.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|QWTD433SW12, Под карантина, [3704], [522751],1.0.6301 Adware.NeoBar, HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|AwRWNQQxQn, Под карантина, [1236], [431477],1.0.6301 Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5A62AD84-CD2D-4C9B-AB06-213D0315B69D}|PATH, Под карантина, [103], [535907],1.0.6301 PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}|PATH, Под карантина, [3754], [483378],1.0.6301 Данни на регистъра: 0 (Не бяха открити зловредни елементи) Поток данни: 0 (Не бяха открити зловредни елементи) Папка: 8 PUP.Optional.BundleInstaller, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\845712, Под карантина, [407], [463480],1.0.6301 Adware.Tuto4PC, C:\PROGRAM FILES\MULTITIMER, Под карантина, [2764], [474048],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}, Под карантина, [3725], [484243],1.0.6301 PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\5b2ec796-04d1-0, Под карантина, [679], [407181],1.0.6301 PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\5b2ec796-56c1-1, Под карантина, [679], [407181],1.0.6301 Adware.NeoBar, C:\USERS\BECKO\APPDATA\LOCAL\CYPJMERAKY, Под карантина, [1236], [431477],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove, Под карантина, [3725], [542290],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\USERS\BECKO\APPDATA\LOCAL\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}, Под карантина, [3725], [542290],1.0.6301 Файл: 55 PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\5b2ec796-04d1-0\BITAC33.tmp, Под карантина, [3742], [257931],1.0.6301 PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\5b2ec796-56c1-1\BIT96A0.tmp, Под карантина, [3742], [257931],1.0.6301 PUP.Optional.BundleInstaller, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\845712\ic-0.9290ec7e4e043.exe, Под карантина, [407], [463480],1.0.6301 PUP.Optional.BundleInstaller, C:\Users\BECKO\AppData\Local\Temp\845712\ic-0.ab640b600fd5f8.exe, Под карантина, [407], [463480],1.0.6301 PUP.Optional.WinYahoo.Generic, C:\WINDOWS\SYSTEM32\TASKS\Chromium tatec, Под карантина, [3754], [483380],1.0.6301 Adware.Agent, C:\WINDOWS\SYSTEM32\TASKS\OPERA SCHEDULED AUTOUPDATE 4086469641, Под карантина, [103], [535908],1.0.6301 Adware.Agent, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\allradio_4.27_portable.exe, Под карантина, [103], [536191],1.0.6301 Adware.Tuto4PC, C:\PROGRAM FILES\MULTITIMER\UNINS000.DAT, Под карантина, [2764], [474048],1.0.6301 Adware.Tuto4PC, C:\Program Files\Multitimer\Multitimer.exe, Под карантина, [2764], [474048],1.0.6301 Adware.Tuto4PC, C:\Program Files\Multitimer\unins000.exe, Под карантина, [2764], [474048],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}\fado, Под карантина, [3725], [484243],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}\hdat1, Под карантина, [3725], [484243],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}\hdat2, Под карантина, [3725], [484243],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Chromium tatec, Под карантина, [3725], [-1],0.0.0 Adware.Tuto4PC.Generic, C:\PROGRAM FILES\YUYFG\5138832.EXE, Под карантина, [3704], [522751],1.0.6301 PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0 PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0 PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0 PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0 PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0 PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0 PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0 PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0 Adware.NeoBar, C:\Users\BECKO\AppData\Local\cypjMERAky\activation.exe, Под карантина, [1236], [431477],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk, Под карантина, [3725], [542290],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\USERS\BECKO\APPDATA\LOCAL\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HOWTOREMOVE\HOWTOREMOVE.HTML, Под карантина, [3725], [542290],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\chromium-min.jpg, Под карантина, [3725], [542290],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\control panel-min-min.JPG, Под карантина, [3725], [542290],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\down.png, Под карантина, [3725], [542290],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\ff menu.JPG, Под карантина, [3725], [542290],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\ff search engine-min.png, Под карантина, [3725], [542290],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\hp-min ff.png, Под карантина, [3725], [542290],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\hp-min ie.png, Под карантина, [3725], [542290],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\search engine.gif, Под карантина, [3725], [542290],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\setup pages.gif, Под карантина, [3725], [542290],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\sp-min.png, Под карантина, [3725], [542290],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\start-min.jpg, Под карантина, [3725], [542290],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\up.png, Под карантина, [3725], [542290],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\lilacisa, Под карантина, [3725], [542290],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\lonadel, Под карантина, [3725], [542290],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\uninst.exe, Под карантина, [3725], [542290],1.0.6301 PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\uninstp.dat, Под карантина, [3725], [542290],1.0.6301 Ransom.Crysis, C:\USERS\BECKO\APPDATA\ROAMING\MICROSOFT\WINDOWS\REACSRHG\UIFBACFE.EXE, Под карантина, [7210], [551188],1.0.6301 Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\Sound Volume Control.lnk, Под карантина, [0], [392686],1.0.6301 Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\ROAMING\SOUND VOLUME CONTROL\SNDVOL.EXE, Под карантина, [0], [392686],1.0.6301 PUP.Optional.BundleInstaller, C:\PROGRAM FILES\KMSPICO 10.2.1 FINAL\REGISTRY_ACTIVATION_2751393056.EXE, Под карантина, [407], [505351],1.0.6301 Trojan.MalPack, C:\PROGRAM FILES\KMSPICO 10.2.1 FINAL\WINDOWSLOADER.EXE, Под карантина, [4152], [500527],1.0.6301 Backdoor.Bot, C:\PROGRAM FILES\KMSPICO 10.2.1 FINAL\ACTIVATION.EXE, Под карантина, [806], [419768],1.0.6301 Adware.Agent, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\IS-AT1Q7.TMP\ZRGVBV.DLL, Под карантина, [103], [539849],1.0.6301 Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\TEMP2_WINDOWS LOADER 3.1.ZIP\WINDOWS LOADER 3.1.EXE, Под карантина, [0], [392686],1.0.6301 Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\TEMP3_WINDOWS LOADER 3.1.ZIP\WINDOWS LOADER 3.1.EXE, Под карантина, [0], [392686],1.0.6301 Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\TEMP4_WINDOWS LOADER 3.1.ZIP\WINDOWS LOADER 3.1.EXE, Под карантина, [0], [392686],1.0.6301 Adware.Tuto4PC, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\EYEKAZXXJYM.EXE, Под карантина, [2764], [474076],1.0.6301 Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\REFSUTIL.EXE, Под карантина, [0], [392686],1.0.6301 Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\BEAD.TMP.EXE, Под карантина, [0], [392686],1.0.6301 Физически сектор: 0 (Не бяха открити зловредни елементи) WMI: 0 (Не бяха открити зловредни елементи) (end)
  7. v3cko

    Съмнения за вирус

    Fix result of Farbar Recovery Scan Tool (x86) Version: 23.04.2018 Ran by USER (04-05-2018 21:53:19) Run:3 Running from C:\Users\USER\Downloads Loaded Profiles: USER (Available Profiles: USER) Boot Mode: Normal ============================================== fixlist content: ***************** start DeleteQuarantine: Reboot: end ***************** "C:\FRST\Quarantine" => removed successfully. The system needed a reboot. ==== End of Fixlog 21:53:19 ====
  8. v3cko

    Съмнения за вирус

    Malwarebytes AdwCleaner 7.1.1.0 # ------------------------------- # Build: 04-24-2018 # Database: 2018-05-02.2 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 05-04-2018 # Duration: 00:00:13 # OS: Windows 7 Ultimate # Scanned: 40818 # Detected: 1 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** PUP.Optional.Legacy Ask ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
  9. v3cko

    Съмнения за вирус

    Fix result of Farbar Recovery Scan Tool (x86) Version: 23.04.2018 Ran by USER (04-05-2018 20:38:28) Run:2 Running from C:\Users\USER\Downloads Loaded Profiles: USER (Available Profiles: USER) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: EmptyTemp: CloseProcesses: C:\Users\USER\AppData\Roaming\WinTools\RAMSaverPro C:\Users\USER\AppData\Roaming\WinTools\RAMSaverPro\ramsaverpro.ini C:\Users\USER\AppData\Roaming\WinTools Reboot: end ***************** Restore point was successfully created. Processes closed successfully. "C:\Users\USER\AppData\Roaming\WinTools\RAMSaverPro" => not found "C:\Users\USER\AppData\Roaming\WinTools\RAMSaverPro\ramsaverpro.ini" => not found "C:\Users\USER\AppData\Roaming\WinTools" => not found =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1986639 B Java, Flash, Steam htmlcache => 2973 B Windows/system/drivers => 0 B Edge => 0 B Chrome => 66764626 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 0 B LocalService => 0 B NetworkService => 0 B USER => 143359 B RecycleBin => 33290 B EmptyTemp: => 73.7 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 20:39:10 ====
  10. v3cko

    Съмнения за вирус

    Програмата за оптимизация на RAM не ми е позната.Сега определено нямам първоначалният проблем
  11. v3cko

    Съмнения за вирус

    Fix result of Farbar Recovery Scan Tool (x86) Version: 23.04.2018 Ran by USER (04-05-2018 19:38:31) Run:1 Running from C:\Users\USER\Downloads Loaded Profiles: USER (Available Profiles: USER) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: EmptyTemp: CloseProcesses: VirusTotal:C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe Folder:C:\Users\USER\AppData\Roaming\WinTools Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-3304134733-819666466-2278347041-1000\...\MountPoints2: G - G:\Lenovo_Suite.exe HKU\S-1-5-21-3304134733-819666466-2278347041-1000\...\MountPoints2: {2266d480-0128-11e8-9d2e-002713343a56} - G:\Lenovo_Suite.exe HKU\S-1-5-21-3304134733-819666466-2278347041-1000\...\MountPoints2: {b041fd1c-4532-11e8-ad0d-f4ce46ad0471} - G:\HiSuiteDownLoader.exe DeleteKey:HKEY_LOCAL_MACHINE\Software\UCBrowserPID DeleteKey:HKEY_USERS\.DEFAULT\Software\UCBrowser DeleteKey:HKEY_USERS\S-1-5-21-3304134733-819666466-2278347041-1000\Software\UCBrowserPID DeleteKey:HKEY_USERS\S-1-5-18\Software\UCBrowser Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - No File S4 ScsiAccess; C:\Program Files\Photodex\ProShow Producer\ScsiAccess.exe [X] C:\Program Files\Photodex\ProShow Producer\ScsiAccess.exe S4 LMIRfsClientNP; no ImagePath 2018-04-07 14:08 - 2018-03-23 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProShow Producer Task: {DD98EAED-3468-46AF-933B-5F2E64D29781} - \AutoKMS -> No File <==== ATTENTION MSCONFIG\Services: ScsiAccess => 2 reboot: end ***************** Restore point was successfully created. Processes closed successfully. "VirusTotal: C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe" => not found ========================= Folder:C:\Users\USER\AppData\Roaming\WinTools ======================== 2018-03-20 17:33 - 2018-03-20 17:33 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\USER\AppData\Roaming\WinTools\RAMSaverPro 2018-03-20 17:33 - 2018-03-24 13:17 - 000000632 ____A [0B086A404A3C83C154A07D74EB42873F] () C:\Users\USER\AppData\Roaming\WinTools\RAMSaverPro\ramsaverpro.ini ====== End of Folder: ====== "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" => removed successfully. "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully. "HKU\S-1-5-21-3304134733-819666466-2278347041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => removed successfully. "HKU\S-1-5-21-3304134733-819666466-2278347041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2266d480-0128-11e8-9d2e-002713343a56}" => removed successfully. HKLM\Software\Classes\CLSID\{2266d480-0128-11e8-9d2e-002713343a56} => not found "HKU\S-1-5-21-3304134733-819666466-2278347041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b041fd1c-4532-11e8-ad0d-f4ce46ad0471}" => removed successfully. HKLM\Software\Classes\CLSID\{b041fd1c-4532-11e8-ad0d-f4ce46ad0471} => not found "HKEY_LOCAL_MACHINE\Software\UCBrowserPID" => removed successfully. "HKEY_USERS\.DEFAULT\Software\UCBrowser" => removed successfully. "HKEY_USERS\S-1-5-21-3304134733-819666466-2278347041-1000\Software\UCBrowserPID" => removed successfully. HKEY_USERS\S-1-5-18\Software\UCBrowser => not found "HKLM\Software\Classes\PROTOCOLS\Handler\wlpg" => removed successfully. "HKLM\Software\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}" => removed successfully. "HKLM\System\CurrentControlSet\Services\ScsiAccess" => removed successfully. ScsiAccess => service removed successfully. "C:\Program Files\Photodex\ProShow Producer\ScsiAccess.exe" => not found "HKLM\System\CurrentControlSet\Services\LMIRfsClientNP" => removed successfully. LMIRfsClientNP => service removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProShow Producer => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{DD98EAED-3468-46AF-933B-5F2E64D29781}" => removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD98EAED-3468-46AF-933B-5F2E64D29781}" => removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully. "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ScsiAccess" => removed successfully. HKLM\System\CurrentControlSet\Services\ScsiAccess => not found =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 955426 B Java, Flash, Steam htmlcache => 4358 B Windows/system/drivers => 1741289 B Edge => 0 B Chrome => 826487107 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 891 B LocalService => 0 B NetworkService => 0 B USER => 61148895 B RecycleBin => 50056 B EmptyTemp: => 857.1 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 19:39:56 ====
  12. v3cko

    Съмнения за вирус

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.04.2018 Ran by USER (administrator) on NB4-031017 (04-05-2018 17:00:10) Running from C:\Users\USER\Downloads Loaded Profiles: USER (Available Profiles: USER) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Английски (Съединени щати) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Hewlett-Packard) C:\Windows\System32\hpservice.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Skillbrains) C:\Program Files\Skillbrains\lightshot\5.4.0.35\Lightshot.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe (hxxp://kmeleonbrowser.org/) C:\Program Files\K-Meleon\k-meleon.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.) HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-04-05] (Intel Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-05-14] (Synaptics Incorporated) HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-20] (Hewlett-Packard Company) HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-06-29] (Adobe Systems Incorporated) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-05] (AVAST Software) HKLM\...\Run: [Lightshot] => C:\Program Files\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] () HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-3304134733-819666466-2278347041-1000\...\MountPoints2: G - G:\Lenovo_Suite.exe HKU\S-1-5-21-3304134733-819666466-2278347041-1000\...\MountPoints2: {2266d480-0128-11e8-9d2e-002713343a56} - G:\Lenovo_Suite.exe HKU\S-1-5-21-3304134733-819666466-2278347041-1000\...\MountPoints2: {b041fd1c-4532-11e8-ad0d-f4ce46ad0471} - G:\HiSuiteDownLoader.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2017-10-03] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{536A229A-CF6B-40F3-A422-B91758B05919}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{B985E446-CCC9-4317-97EE-CC040A2A18B2}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-3304134733-819666466-2278347041-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.bg/ BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - No File FireFox: ======== FF ProfilePath: C:\Users\USER\AppData\Roaming\K-Meleon\y7sqykvz.default [2018-05-04] FF user.js: detected! => C:\Users\USER\AppData\Roaming\K-Meleon\y7sqykvz.default\user.js [2006-04-06] FF Homepage: K-Meleon\y7sqykvz.default -> google.bg FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2015-03-12] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [No File] FF Plugin: @photodex.com/PhotodexPresenter -> C:\Program Files\Photodex Presenter\npPxPlay.dll [No File] FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-24] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-24] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://google.bg/ CHR StartupUrls: Default -> "hxxps://www.google.bg/" CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default [2018-05-04] CHR Extension: (Презентации) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-24] CHR Extension: (Документи) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-24] CHR Extension: (Google Диск) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-03] CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-03] CHR Extension: (Adblock Plus) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-27] CHR Extension: (Таблици) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-24] CHR Extension: (Google Документи офлайн) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-03] CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2018-04-07] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-03] CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-02] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-05] (AVAST Software) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.) S4 ScsiAccess; C:\Program Files\Photodex\ProShow Producer\ScsiAccess.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AIDA64Driver; D:\_Install\AIDA64 Extreme Edition 5.80.4000\kerneld.x32 [44176 2016-10-24] () R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-04-05] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-04-05] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [124392 2018-04-12] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100544 2018-04-05] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70816 2018-04-05] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783600 2018-04-05] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [391856 2018-04-05] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [152344 2018-04-05] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-04-05] (AVAST Software) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2017-10-03] (Disc Soft Ltd) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59896 2017-11-01] () S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R2 LMIInfo; C:\Windows\system32\drivers\LMIInfo.sys [27872 2017-01-11] (LogMeIn, Inc.) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [167352 2018-05-04] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [91576 2018-05-04] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40376 2018-05-04] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2018-05-04] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [65824 2018-05-04] (Malwarebytes) R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1805872 2009-07-01] () R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2018-05-04] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2018-05-04] (Zemana Ltd.) S4 LMIRfsClientNP; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-05-04 17:00 - 2018-05-04 17:00 - 000013358 _____ C:\Users\USER\Downloads\FRST.txt 2018-05-04 16:00 - 2018-05-04 17:00 - 000025278 _____ C:\Windows\ZAM.krnl.trace 2018-05-04 16:00 - 2018-05-04 17:00 - 000011833 _____ C:\Windows\ZAM_Guard.krnl.trace 2018-05-04 16:00 - 2018-05-04 16:00 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys 2018-05-04 16:00 - 2018-05-04 16:00 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys 2018-05-04 16:00 - 2018-05-04 16:00 - 000001888 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2018-05-04 16:00 - 2018-05-04 16:00 - 000000000 ____D C:\Users\USER\AppData\Local\Zemana 2018-05-04 16:00 - 2018-05-04 16:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2018-05-04 16:00 - 2018-05-04 16:00 - 000000000 ____D C:\Program Files\Zemana AntiMalware 2018-05-04 15:59 - 2018-05-04 15:59 - 000002348 _____ C:\Users\USER\Desktop\2.txt 2018-05-04 15:55 - 2018-05-04 15:55 - 006625600 _____ (Zemana Ltd. ) C:\Users\USER\Downloads\Zemana.AntiMalware.Setup.exe 2018-05-04 15:49 - 2018-05-04 16:54 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-05-04 15:49 - 2018-05-04 15:49 - 000167352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-05-04 15:49 - 2018-05-04 15:49 - 000091576 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-05-04 15:48 - 2018-05-04 15:48 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-05-04 15:48 - 2018-05-04 15:48 - 000040376 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-05-04 15:48 - 2018-05-04 15:48 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-05-04 15:48 - 2018-05-04 15:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-05-04 15:48 - 2018-05-04 15:48 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-05-04 15:48 - 2018-05-04 15:48 - 000000000 ____D C:\Program Files\Malwarebytes 2018-05-04 15:48 - 2017-11-01 08:54 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys 2018-05-04 15:47 - 2018-05-04 15:47 - 078346672 _____ (Malwarebytes ) C:\Users\USER\Downloads\Malwarebytes Anti-Malware 3.3.1.2183.exe 2018-05-04 15:14 - 2018-05-04 15:14 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys 2018-05-04 15:13 - 2018-05-04 15:44 - 000000000 ____D C:\ProgramData\RogueKiller 2018-05-04 15:13 - 2018-05-04 15:42 - 000000000 ____D C:\Program Files\RogueKiller 2018-05-04 15:13 - 2018-05-04 15:13 - 000001001 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2018-05-04 15:13 - 2018-05-04 15:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2018-05-04 15:12 - 2018-05-04 15:12 - 036608800 _____ (Adlice Software ) C:\Users\USER\Downloads\RogueKiller_setup.exe 2018-05-04 15:10 - 2018-05-04 15:10 - 000000000 ____D C:\Users\USER\Documents\Lightshot 2018-05-04 15:08 - 2018-05-04 15:08 - 000000000 _____ C:\Users\USER\Downloads\RogueKiller.exe 2018-05-04 10:28 - 2018-05-04 17:00 - 000000000 ____D C:\FRST 2018-05-04 10:28 - 2018-05-04 10:28 - 002066432 _____ (Farbar) C:\Users\USER\Downloads\FRST.exe 2018-05-04 00:41 - 2018-05-04 10:00 - 000000000 ____D C:\Users\USER\AppData\Local\Puffin 2018-05-04 00:41 - 2018-05-04 00:41 - 000000937 _____ C:\Users\Public\Desktop\Puffin.lnk 2018-05-04 00:41 - 2018-05-04 00:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puffin Browser 2018-05-04 00:40 - 2018-05-04 00:41 - 000000000 ____D C:\Program Files\Puffin 2018-05-03 22:47 - 2018-05-03 22:51 - 068539808 _____ (CloudMosa, Inc. ) C:\Users\USER\Downloads\PuffinBetaSetup.exe 2018-05-02 21:46 - 2018-05-02 21:46 - 000218295 _____ C:\Users\USER\Downloads\14415951001_20180501_1245790475.pdf 2018-05-02 16:25 - 2018-05-02 16:25 - 000408064 _____ C:\Windows\system32\FNTCACHE.DAT 2018-05-02 01:17 - 2018-05-02 01:17 - 000109280 _____ C:\Users\USER\AppData\Local\GDIPFONTCACHEV1.DAT 2018-05-02 01:11 - 2018-05-02 01:11 - 000001264 _____ C:\Users\Public\Desktop\Skype.lnk 2018-05-02 01:11 - 2018-05-02 01:11 - 000000000 ____D C:\Users\USER\AppData\Roaming\Skype 2018-05-02 01:11 - 2018-05-02 01:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2018-05-02 01:09 - 2018-05-02 01:11 - 018529206 _____ (Skype Technologies S.A.) C:\Users\USER\Downloads\Непотвърдено 702826.crdownload 2018-05-02 01:09 - 2018-05-02 01:10 - 062741696 _____ (Skype Technologies S.A.) C:\Users\USER\Downloads\Skype-8.20.0.9.exe 2018-04-28 12:22 - 2018-04-28 12:22 - 000001194 _____ C:\Users\Public\Desktop\Easy2Convert JPG to DDS.lnk 2018-04-28 12:22 - 2018-04-28 12:22 - 000000000 ____D C:\Users\USER\AppData\Roaming\Easy2Convert 2018-04-28 12:22 - 2018-04-28 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy2Convert Software 2018-04-28 12:22 - 2018-04-28 12:22 - 000000000 ____D C:\Program Files\Easy2Convert Software 2018-04-28 12:20 - 2018-04-28 12:20 - 003340649 _____ (Easy2Convert Software ) C:\Users\USER\Downloads\jpg2dds.exe 2018-04-28 12:18 - 2018-04-28 12:18 - 000162944 _____ C:\Users\USER\Downloads\XRG_Nikaz_Sport_R34.dds 2018-04-28 06:02 - 2018-04-28 06:02 - 000029105 _____ C:\Users\USER\Downloads\XRGT_Alloy2.7z 2018-04-28 05:35 - 2018-04-28 05:35 - 000000132 _____ C:\Users\USER\Downloads\XRG_BL1_HL_133550.set 2018-04-28 05:24 - 2018-04-28 05:24 - 000000132 _____ C:\Users\USER\Downloads\XRG_BL1_HL_132690.set 2018-04-27 20:03 - 2018-04-27 20:03 - 000417869 _____ C:\Users\USER\Downloads\mustang-sport.rar 2018-04-27 20:02 - 2018-04-27 20:02 - 000474539 _____ C:\Users\USER\Downloads\Непотвърдено 315132.crdownload 2018-04-27 20:02 - 2018-04-27 20:02 - 000474539 _____ C:\Users\USER\Downloads\Непотвърдено 122074.crdownload 2018-04-21 23:38 - 2018-04-23 18:54 - 006268764 _____ C:\Users\USER\Documents\NB4-031017.arn 2018-04-21 23:32 - 2018-04-21 23:32 - 000735888 _____ (Sysinternals - www.sysinternals.com) C:\Users\USER\Downloads\autoruns.exe 2018-04-21 15:16 - 2017-06-30 11:30 - 000002111 _____ C:\Users\USER\Documents\XFG.cfg_v2 2018-04-21 15:16 - 2016-01-20 10:53 - 000001528 _____ C:\Users\USER\Documents\XFG.cfg 2018-04-21 14:38 - 2018-04-21 14:39 - 012258354 _____ C:\Users\USER\Downloads\BMW_M4_14 LB BY MARK.rar 2018-04-21 11:28 - 2018-04-21 11:28 - 000012006 _____ C:\Users\USER\Downloads\DiscATEST.zip 2018-04-20 18:08 - 2018-04-20 18:09 - 073430920 _____ (Malwarebytes ) C:\Users\USER\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4792.exe 2018-04-14 19:26 - 2018-04-14 19:26 - 001254569 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R12.exe 2018-04-13 21:28 - 2018-04-13 21:28 - 000001704 _____ C:\Users\USER\Documents\1.txt 2018-04-09 23:16 - 2018-04-09 23:16 - 001018015 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R11.exe 2018-04-09 10:31 - 2018-04-09 10:31 - 000000000 ____D C:\Users\USER\AppData\Roaming\Nero 2018-04-09 07:37 - 2018-04-09 07:37 - 000972765 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R10.exe 2018-04-07 15:06 - 2018-04-08 07:53 - 000000000 ____D C:\Users\USER\Documents\My Games 2018-04-07 15:05 - 2018-04-07 15:05 - 000000000 ____D C:\Users\USER\AppData\Roaming\Microsoft Games 2018-04-07 15:03 - 2018-04-07 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games 2018-04-07 06:57 - 2018-04-07 06:57 - 000974910 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R9.exe 2018-04-07 06:56 - 2018-04-07 06:56 - 000000413 _____ C:\Users\USER\AppData\Local\UserProducts.xml 2018-04-07 06:56 - 2018-04-07 06:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot 2018-04-07 06:56 - 2018-04-07 06:56 - 000000000 ____D C:\Program Files\Skillbrains 2018-04-07 06:54 - 2018-04-07 06:54 - 002731128 _____ (Skillbrains ) C:\Users\USER\Downloads\setup-lightshot.exe 2018-04-06 10:36 - 2018-04-06 10:36 - 000974764 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R8.exe 2018-04-06 09:51 - 2018-04-06 09:51 - 003148854 _____ C:\Users\USER\Downloads\cheats.bmp 2018-04-05 10:06 - 2018-04-05 10:06 - 000320728 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-05-04 16:14 - 2018-01-27 20:26 - 000000290 __RSH C:\ProgramData\ntuser.pol 2018-05-04 07:45 - 2018-01-24 22:57 - 000000000 ____D C:\LFS 2018-05-04 00:41 - 2018-02-26 19:19 - 000000000 ____D C:\Users\USER\AppData\Local\CrashDumps 2018-05-03 16:48 - 2017-10-03 14:33 - 000000277 _____ C:\ProgramData\HPWALog.txt 2018-05-03 16:30 - 2009-07-14 07:34 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-05-03 16:30 - 2009-07-14 07:34 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-05-03 16:22 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-05-02 17:32 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\NDF 2018-05-02 16:31 - 2010-11-21 00:01 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI 2018-05-02 16:31 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf 2018-05-02 03:27 - 2017-10-03 14:10 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-05-02 03:27 - 2017-10-03 14:10 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-05-01 16:43 - 2018-03-10 17:08 - 000000000 ____D C:\Users\USER\AppData\Local\PrivaZer 2018-04-20 11:34 - 2009-07-14 07:53 - 000032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2018-04-15 14:58 - 2017-10-03 15:09 - 000000000 ____D C:\Users\USER\AppData\Roaming\MPC-HC 2018-04-12 22:07 - 2017-10-03 16:08 - 000124392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2018-04-10 22:02 - 2017-10-03 14:07 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2018-04-10 22:02 - 2017-10-03 14:07 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2018-04-10 22:02 - 2017-10-03 14:07 - 000000000 ____D C:\Windows\system32\Macromed 2018-04-07 14:08 - 2018-03-23 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProShow Producer 2018-04-05 10:06 - 2018-01-24 20:07 - 000167040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2018-04-05 10:06 - 2017-10-03 16:08 - 000783600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2018-04-05 10:06 - 2017-10-03 16:08 - 000391856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2018-04-05 10:06 - 2017-10-03 16:08 - 000310784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2018-04-05 10:06 - 2017-10-03 16:08 - 000152344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2018-04-05 10:06 - 2017-10-03 16:08 - 000100544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2018-04-05 10:06 - 2017-10-03 16:08 - 000070816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2018-04-05 10:06 - 2017-10-03 16:08 - 000042808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys ==================== Files in the root of some directories ======= 2017-10-03 14:33 - 2017-10-03 14:33 - 000000000 _____ () C:\Users\USER\AppData\Local\AtStart.txt 2017-10-03 14:33 - 2017-10-03 14:33 - 000000000 _____ () C:\Users\USER\AppData\Local\DSwitch.txt 2017-10-03 14:33 - 2017-10-03 14:33 - 000000000 _____ () C:\Users\USER\AppData\Local\QSwitch.txt 2018-04-07 06:56 - 2018-04-07 06:56 - 000000003 _____ () C:\Users\USER\AppData\Local\updater.log 2018-04-07 06:56 - 2018-04-07 06:56 - 000000413 _____ () C:\Users\USER\AppData\Local\UserProducts.xml Some files in TEMP: ==================== 2018-05-04 15:13 - 2018-01-12 19:27 - 001310528 _____ (Microsoft Corporation) C:\Users\USER\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-04-28 21:03 ==================== End of FRST.txt ============================ Addition.txt
  13. v3cko

    Съмнения за вирус

    RogueKiller V12.12.15.0 [Apr 30 2018] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : USER [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller.exe Mode : Scan -- Date : 05/04/2018 15:14:31 (Duration : 00:27:42) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 4 ¤¤¤ [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\UCBrowserPID -> Found [PUP.UCBrowser|PUP.Gen1] HKEY_USERS\.DEFAULT\Software\UCBrowser -> Found [PUP.Gen1] HKEY_USERS\S-1-5-21-3304134733-819666466-2278347041-1000\Software\UCBrowserPID -> Found [PUP.UCBrowser|PUP.Gen1] HKEY_USERS\S-1-5-18\Software\UCBrowser -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 2 ¤¤¤ [PUP.HackTool][Folder] C:\Windows\AutoKMS -> Found [Adw.Elex][Folder] C:\Users\USER\AppData\Roaming\WinTools -> Found ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST9160412AS +++++ --- User --- [MBR] 44c30fa013c03f70830340ac4374a691 [BSP] b7508f95e41d6f8eccf558ef7520c5d9 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 54556 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 111937536 | Size: 97969 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK Malwarebytes www.malwarebytes.com -Детайли за регистъра- Дата на сканиране: 4.05.18 г. Час на сканиране: 15:53 Файл на регистъра: 30eae756-4f9a-11e8-b889-f4ce46ad0471.json Администратор: Да -Информация за софтуера- Версия: 3.3.1.2183 Версия на компонентите: 1.0.236 Актуализирай версията на пакета: 1.0.4982 Лиценз: Пробен период -Системна информация- OS: Windows 7 Service Pack 1 CPU: x86 Файлова система: NTFS Потребител: NB4-031017\USER -Резюме на сканирането- Тип сканиране: Threat Scan Резултат: Завършено Сканирани обекти: 169995 Открити заплахи: 0 (Не бяха открити зловредни елементи) Заплахи под карантина: 0 (Не бяха открити зловредни елементи) Изтекло време: 4 мин, 26 сек -Опции за сканиране- Памет: Разрешено Стартиране: Разрешено Файлова система: Разрешено Архиви: Разрешено руткитове: Разрешено Евристика: Разрешено PUP: Открий PUM: Открий -Детайли за сканирането- Процес: 0 (Не бяха открити зловредни елементи) Модул: 0 (Не бяха открити зловредни елементи) Ключ на регистъра: 0 (Не бяха открити зловредни елементи) Стойност на регистъра: 0 (Не бяха открити зловредни елементи) Данни на регистъра: 0 (Не бяха открити зловредни елементи) Поток данни: 0 (Не бяха открити зловредни елементи) Папка: 0 (Не бяха открити зловредни елементи) Файл: 0 (Не бяха открити зловредни елементи) Физически сектор: 0 (Не бяха открити зловредни елементи) (end) Zemana AntiMalware 2.74.2.150 (инсталираната версия) ------------------------------------------------------- Scan Result : Завършено Scan Date : 2018.5.4 Operating System : Windows 7 32-bit Processor : 2X Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz BIOS Mode : Legacy CUID : 124FAEC09DAC577752FB89 Scan Type : Проверка на системата Duration : 9m 23s Scanned Objects : 43341 Detected Objects : 7 Excluded Objects : 0 Read Level : SCSI Auto Upload : Включен Detect All Extensions : Изключен Scan Documents : Изключен Domain Info : WORKGROUP,0,2 Detected Objects ------------------------------------------------------- Chrome Policy Status : Проверено Object : https://newtab.win/?ei=qTNKGCjMhxx8XauKtFaptdqLPTagsYdeC6fUVO9Jk3jDlLHoU%2FWnqN2skLF9Tsb4o74uw2bYE8h64FOlyYQzTPuiNag%3D MD5 : - Publisher : - Size : - Version : - Detection : Подозрителна настройка на браузъра Cleaning Action : Поправи Related Objects : Настройка на браузъра - Chrome Policy Chrome Policy Status : Проверено Object : Web MD5 : - Publisher : - Size : - Version : - Detection : Подозрителна настройка на браузъра Cleaning Action : Поправи Related Objects : Настройка на браузъра - Chrome Policy Chrome Policy Status : Проверено Object : {google:baseURL}complete/search?output=chrome&q={searchTerms} MD5 : - Publisher : - Size : - Version : - Detection : Подозрителна настройка на браузъра Cleaning Action : Поправи Related Objects : Настройка на браузъра - Chrome Policy Chrome Policy Status : Проверено Object : https://chromesearch.info/search/?q={searchTerms}&uid=qTNKGCjMhxx8XauKtFaptdqLPTagsYdeC6fUVO9Jk3jDlLHoU%2FWnqN2skLF9Tsb4o74uw2bYE8h64FOlyYQzTPuiNag%3D&pid=fob MD5 : - Publisher : - Size : - Version : - Detection : Подозрителна настройка на браузъра Cleaning Action : Поправи Related Objects : Настройка на браузъра - Chrome Policy Chrome Policy Status : Проверено Object : https://newtab.win/?ei=qTNKGCjMhxx8XauKtFaptdqLPTagsYdeC6fUVO9Jk3jDlLHoU%2FWnqN2skLF9Tsb4o74uw2bYE8h64FOlyYQzTPuiNag%3D MD5 : - Publisher : - Size : - Version : - Detection : Подозрителна настройка на браузъра Cleaning Action : Поправи Related Objects : Настройка на браузъра - Chrome Policy Chrome Policy Status : Проверено Object : https://chromesearch.info/search/?q={searchTerms}&uid=qTNKGCjMhxx8XauKtFaptdqLPTagsYdeC6fUVO9Jk3jDlLHoU%2FWnqN2skLF9Tsb4o74uw2bYE8h64FOlyYQzTPuiNag%3D&pid=fob MD5 : - Publisher : - Size : - Version : - Detection : Подозрителна настройка на браузъра Cleaning Action : Поправи Related Objects : Настройка на браузъра - Chrome Policy Chrome Cleaner Pro Status : Проверено Object : %localappdata%\google\chrome\user data\default\extensions\ccjleegmemocfpghkhpjmiccjcacackp MD5 : - Publisher : - Size : - Version : - Detection : PUA.ChromeExt!Gr Cleaning Action : Поправи Related Objects : Разширение на браузъра - Chrome Cleaner Pro
  14. Здравейте , напоследък много често през хром ми дава че е засечен необичаен трафик и да потвърдя че не съм робот Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.04.2018 Ran by USER (administrator) on NB4-031017 (04-05-2018 10:28:50) Running from C:\Users\USER\Downloads Loaded Profiles: USER (Available Profiles: USER) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Английски (Съединени щати) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Hewlett-Packard) C:\Windows\System32\hpservice.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Skillbrains) C:\Program Files\Skillbrains\lightshot\5.4.0.35\Lightshot.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.) HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-04-05] (Intel Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-05-14] (Synaptics Incorporated) HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-20] (Hewlett-Packard Company) HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-06-29] (Adobe Systems Incorporated) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-05] (AVAST Software) HKLM\...\Run: [Lightshot] => C:\Program Files\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] () Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-3304134733-819666466-2278347041-1000\...\MountPoints2: G - G:\Lenovo_Suite.exe HKU\S-1-5-21-3304134733-819666466-2278347041-1000\...\MountPoints2: {2266d480-0128-11e8-9d2e-002713343a56} - G:\Lenovo_Suite.exe HKU\S-1-5-21-3304134733-819666466-2278347041-1000\...\MountPoints2: {b041fd1c-4532-11e8-ad0d-f4ce46ad0471} - G:\HiSuiteDownLoader.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2017-10-03] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) GroupPolicy: Restriction - Chrome <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{536A229A-CF6B-40F3-A422-B91758B05919}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{B985E446-CCC9-4317-97EE-CC040A2A18B2}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-3304134733-819666466-2278347041-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.bg/ BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - No File FireFox: ======== FF ProfilePath: C:\Users\USER\AppData\Roaming\K-Meleon\y7sqykvz.default [2018-05-04] FF user.js: detected! => C:\Users\USER\AppData\Roaming\K-Meleon\y7sqykvz.default\user.js [2006-04-06] FF Homepage: K-Meleon\y7sqykvz.default -> google.bg FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2015-03-12] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [No File] FF Plugin: @photodex.com/PhotodexPresenter -> C:\Program Files\Photodex Presenter\npPxPlay.dll [No File] FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-24] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-24] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://google.bg/ CHR StartupUrls: Default -> "hxxps://www.google.bg/" CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default [2018-05-04] CHR Extension: (Презентации) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-24] CHR Extension: (Документи) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-24] CHR Extension: (Google Диск) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-03] CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-03] CHR Extension: (Chrome Cleaner Pro) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccjleegmemocfpghkhpjmiccjcacackp [2018-04-20] CHR Extension: (Adblock Plus) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-27] CHR Extension: (Таблици) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-24] CHR Extension: (Google Документи офлайн) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-03] CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2018-04-07] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-03] CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-02] CHR HKLM\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-05] (AVAST Software) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4707104 2018-03-27] (Malwarebytes) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S4 ScsiAccess; C:\Program Files\Photodex\ProShow Producer\ScsiAccess.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AIDA64Driver; D:\_Install\AIDA64 Extreme Edition 5.80.4000\kerneld.x32 [44176 2016-10-24] () R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-04-05] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-04-05] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [124392 2018-04-12] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100544 2018-04-05] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70816 2018-04-05] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783600 2018-04-05] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [391856 2018-04-05] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [152344 2018-04-05] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-04-05] (AVAST Software) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2017-10-03] (Disc Soft Ltd) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R2 LMIInfo; C:\Windows\system32\drivers\LMIInfo.sys [27872 2017-01-11] (LogMeIn, Inc.) R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1805872 2009-07-01] () S4 LMIRfsClientNP; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-05-04 10:28 - 2018-05-04 10:29 - 000012608 _____ C:\Users\USER\Downloads\FRST.txt 2018-05-04 10:28 - 2018-05-04 10:28 - 002066432 _____ (Farbar) C:\Users\USER\Downloads\FRST.exe 2018-05-04 10:28 - 2018-05-04 10:28 - 000000000 ____D C:\FRST 2018-05-04 00:41 - 2018-05-04 10:00 - 000000000 ____D C:\Users\USER\AppData\Local\Puffin 2018-05-04 00:41 - 2018-05-04 00:41 - 000000937 _____ C:\Users\Public\Desktop\Puffin.lnk 2018-05-04 00:41 - 2018-05-04 00:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puffin Browser 2018-05-04 00:40 - 2018-05-04 00:41 - 000000000 ____D C:\Program Files\Puffin 2018-05-03 22:47 - 2018-05-03 22:51 - 068539808 _____ (CloudMosa, Inc. ) C:\Users\USER\Downloads\PuffinBetaSetup.exe 2018-05-02 21:46 - 2018-05-02 21:46 - 000218295 _____ C:\Users\USER\Downloads\14415951001_20180501_1245790475.pdf 2018-05-02 16:25 - 2018-05-02 16:25 - 000408064 _____ C:\Windows\system32\FNTCACHE.DAT 2018-05-02 01:17 - 2018-05-02 01:17 - 000109280 _____ C:\Users\USER\AppData\Local\GDIPFONTCACHEV1.DAT 2018-05-02 01:11 - 2018-05-02 01:11 - 000001264 _____ C:\Users\Public\Desktop\Skype.lnk 2018-05-02 01:11 - 2018-05-02 01:11 - 000000000 ____D C:\Users\USER\AppData\Roaming\Skype 2018-05-02 01:11 - 2018-05-02 01:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2018-05-02 01:09 - 2018-05-02 01:11 - 018529206 _____ (Skype Technologies S.A.) C:\Users\USER\Downloads\Непотвърдено 702826.crdownload 2018-05-02 01:09 - 2018-05-02 01:10 - 062741696 _____ (Skype Technologies S.A.) C:\Users\USER\Downloads\Skype-8.20.0.9.exe 2018-04-28 12:22 - 2018-04-28 12:22 - 000001194 _____ C:\Users\Public\Desktop\Easy2Convert JPG to DDS.lnk 2018-04-28 12:22 - 2018-04-28 12:22 - 000000000 ____D C:\Users\USER\AppData\Roaming\Easy2Convert 2018-04-28 12:22 - 2018-04-28 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy2Convert Software 2018-04-28 12:22 - 2018-04-28 12:22 - 000000000 ____D C:\Program Files\Easy2Convert Software 2018-04-28 12:20 - 2018-04-28 12:20 - 003340649 _____ (Easy2Convert Software ) C:\Users\USER\Downloads\jpg2dds.exe 2018-04-28 12:18 - 2018-04-28 12:18 - 000162944 _____ C:\Users\USER\Downloads\XRG_Nikaz_Sport_R34.dds 2018-04-28 06:02 - 2018-04-28 06:02 - 000029105 _____ C:\Users\USER\Downloads\XRGT_Alloy2.7z 2018-04-28 05:35 - 2018-04-28 05:35 - 000000132 _____ C:\Users\USER\Downloads\XRG_BL1_HL_133550.set 2018-04-28 05:24 - 2018-04-28 05:24 - 000000132 _____ C:\Users\USER\Downloads\XRG_BL1_HL_132690.set 2018-04-27 20:03 - 2018-04-27 20:03 - 000417869 _____ C:\Users\USER\Downloads\mustang-sport.rar 2018-04-27 20:02 - 2018-04-27 20:02 - 000474539 _____ C:\Users\USER\Downloads\Непотвърдено 315132.crdownload 2018-04-27 20:02 - 2018-04-27 20:02 - 000474539 _____ C:\Users\USER\Downloads\Непотвърдено 122074.crdownload 2018-04-21 23:38 - 2018-04-23 18:54 - 006268764 _____ C:\Users\USER\Documents\NB4-031017.arn 2018-04-21 23:32 - 2018-04-21 23:32 - 000735888 _____ (Sysinternals - www.sysinternals.com) C:\Users\USER\Downloads\autoruns.exe 2018-04-21 15:16 - 2017-06-30 11:30 - 000002111 _____ C:\Users\USER\Documents\XFG.cfg_v2 2018-04-21 15:16 - 2016-01-20 10:53 - 000001528 _____ C:\Users\USER\Documents\XFG.cfg 2018-04-21 14:38 - 2018-04-21 14:39 - 012258354 _____ C:\Users\USER\Downloads\BMW_M4_14 LB BY MARK.rar 2018-04-21 11:28 - 2018-04-21 11:28 - 000012006 _____ C:\Users\USER\Downloads\DiscATEST.zip 2018-04-20 19:08 - 2018-04-20 19:09 - 000000782 _____ C:\DelFix.txt 2018-04-20 18:10 - 2018-04-20 18:10 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-04-20 18:10 - 2018-04-20 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-04-20 18:10 - 2018-04-20 18:10 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-04-20 18:10 - 2018-04-20 18:10 - 000000000 ____D C:\Program Files\Malwarebytes 2018-04-20 18:10 - 2018-03-19 12:57 - 000058656 _____ C:\Windows\system32\Drivers\mbae.sys 2018-04-20 18:08 - 2018-04-20 18:09 - 073430920 _____ (Malwarebytes ) C:\Users\USER\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4792.exe 2018-04-14 19:26 - 2018-04-14 19:26 - 001254569 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R12.exe 2018-04-13 21:28 - 2018-04-13 21:28 - 000001704 _____ C:\Users\USER\Documents\1.txt 2018-04-09 23:16 - 2018-04-09 23:16 - 001018015 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R11.exe 2018-04-09 10:31 - 2018-04-09 10:31 - 000000000 ____D C:\Users\USER\AppData\Roaming\Nero 2018-04-09 07:37 - 2018-04-09 07:37 - 000972765 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R10.exe 2018-04-07 15:06 - 2018-04-08 07:53 - 000000000 ____D C:\Users\USER\Documents\My Games 2018-04-07 15:05 - 2018-04-07 15:05 - 000000000 ____D C:\Users\USER\AppData\Roaming\Microsoft Games 2018-04-07 15:03 - 2018-04-07 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games 2018-04-07 06:57 - 2018-04-07 06:57 - 000974910 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R9.exe 2018-04-07 06:56 - 2018-04-07 06:56 - 000000413 _____ C:\Users\USER\AppData\Local\UserProducts.xml 2018-04-07 06:56 - 2018-04-07 06:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot 2018-04-07 06:56 - 2018-04-07 06:56 - 000000000 ____D C:\Program Files\Skillbrains 2018-04-07 06:54 - 2018-04-07 06:54 - 002731128 _____ (Skillbrains ) C:\Users\USER\Downloads\setup-lightshot.exe 2018-04-06 10:36 - 2018-04-06 10:36 - 000974764 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R8.exe 2018-04-06 09:51 - 2018-04-06 09:51 - 003148854 _____ C:\Users\USER\Downloads\cheats.bmp 2018-04-05 10:06 - 2018-04-05 10:06 - 000320728 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-05-04 07:45 - 2018-01-24 22:57 - 000000000 ____D C:\LFS 2018-05-04 00:41 - 2018-02-26 19:19 - 000000000 ____D C:\Users\USER\AppData\Local\CrashDumps 2018-05-03 16:48 - 2017-10-03 14:33 - 000000277 _____ C:\ProgramData\HPWALog.txt 2018-05-03 16:30 - 2009-07-14 07:34 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-05-03 16:30 - 2009-07-14 07:34 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-05-03 16:22 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-05-02 17:32 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\NDF 2018-05-02 16:31 - 2010-11-21 00:01 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI 2018-05-02 16:31 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf 2018-05-02 03:27 - 2017-10-03 14:10 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-05-02 03:27 - 2017-10-03 14:10 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-05-01 16:43 - 2018-03-10 17:08 - 000000000 ____D C:\Users\USER\AppData\Local\PrivaZer 2018-04-20 11:34 - 2009-07-14 07:53 - 000032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2018-04-15 14:58 - 2017-10-03 15:09 - 000000000 ____D C:\Users\USER\AppData\Roaming\MPC-HC 2018-04-12 22:07 - 2017-10-03 16:08 - 000124392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2018-04-10 22:02 - 2017-10-03 14:07 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2018-04-10 22:02 - 2017-10-03 14:07 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2018-04-10 22:02 - 2017-10-03 14:07 - 000000000 ____D C:\Windows\system32\Macromed 2018-04-07 14:08 - 2018-03-23 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProShow Producer 2018-04-05 10:06 - 2018-01-24 20:07 - 000167040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2018-04-05 10:06 - 2017-10-03 16:08 - 000783600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2018-04-05 10:06 - 2017-10-03 16:08 - 000391856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2018-04-05 10:06 - 2017-10-03 16:08 - 000310784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2018-04-05 10:06 - 2017-10-03 16:08 - 000152344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2018-04-05 10:06 - 2017-10-03 16:08 - 000100544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2018-04-05 10:06 - 2017-10-03 16:08 - 000070816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2018-04-05 10:06 - 2017-10-03 16:08 - 000042808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys ==================== Files in the root of some directories ======= 2017-10-03 14:33 - 2017-10-03 14:33 - 000000000 _____ () C:\Users\USER\AppData\Local\AtStart.txt 2017-10-03 14:33 - 2017-10-03 14:33 - 000000000 _____ () C:\Users\USER\AppData\Local\DSwitch.txt 2017-10-03 14:33 - 2017-10-03 14:33 - 000000000 _____ () C:\Users\USER\AppData\Local\QSwitch.txt 2018-04-07 06:56 - 2018-04-07 06:56 - 000000003 _____ () C:\Users\USER\AppData\Local\updater.log 2018-04-07 06:56 - 2018-04-07 06:56 - 000000413 _____ () C:\Users\USER\AppData\Local\UserProducts.xml ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-04-28 21:03 ==================== End of FRST.txt ============================ Addition.txt
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.