Премини към съдържанието

мирослав24

Потребител
  • Публикации

    179
  • Регистрация

  • Последно онлайн

Харесвания

28 Добра репутация

1 Последовател

Всичко за мирослав24

  • Титла
    Почетен потребител

Последни посетители

3131 прегледа на профила
  1. PUP.Optional.ParetoLogic

    # DelFix v1.013 - Logfile created 08/12/2017 at 12:34:49 # Updated 17/04/2016 by Xplode # Username : User1 - PC1 # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\SecurityCheck Deleted : C:\Documents and Settings\User1\Desktop\Fixlog.txt Deleted : C:\Documents and Settings\User1\Desktop\FRST.exe Deleted : C:\Documents and Settings\User1\Desktop\roguekiller.txt Deleted : C:\Documents and Settings\User1\Desktop\SecurityCheck.exe Deleted : C:\Documents and Settings\All Users\Desktop\RogueKiller.lnk Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\HijackThis ########## - EOF - ########## Ето го и лога,колкото и да съм свикнал с XP,ще трябва да се ориентирам към смяната му.Благодаря ви за пореден път ,че ми обърнахте внимание .Лек и успешен ден и на вас
  2. PUP.Optional.ParetoLogic

    направих ъпдейт-и на програмите.Но не иска да ми деинсталира старите версии на Java 7 Update 11 v.7.0.110 и Adobe Reader X (10.1.5) v.10.1.5 .А Comodo Dragon при ъпдейт ми съобщава че не се поддържа за тази операционна система.Има ли друг начин да се премахнат или да си останат в PC-то?Да изтривам ли вече инструментите за почистване които използвахме?
  3. PUP.Optional.ParetoLogic

    Извърших проверката,антивирусната ми излезе със събщение че лицензния ключ е изтекъл и трябва да го подновя,за да бъде защитена системата.Ако това би могло да бъде причина-да не я сменям ада си подновя лицензния ключ.Ето и логовете: Fix result of Farbar Recovery Scan Tool (x86) Version: 06-12-2017 Ran by User1 (08-12-2017 08:25:45) Run:1 Running from C:\Documents and Settings\User1\Desktop Loaded Profiles: User1 (Available Profiles: User1 & User2 & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: EmptyTemp: CloseProcesses: HKLM\...\Run: [] => [X] URLSearchHook: [S-1-5-21-220523388-412668190-1417001333-1004] ATTENTION => Default URLSearchHook is missing FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [No File] 2017-12-06 13:48 - 2010-12-09 17:15 - 000718336 _____ (Microsoft Corporation) C:\Documents and Settings\User1\Local Settings\temp\dllnt_dump.dll 2017-09-02 12:17 - 2017-09-02 12:17 - 000764248 _____ (Igor Pavlov) C:\Documents and Settings\User1\Local Settings\temp\Package_en_ww.exe 2017-12-06 16:31 - 2010-12-09 17:15 - 000718336 _____ (Microsoft Corporation) C:\Documents and Settings\User2\Local Settings\temp\dllnt_dump.dll cmd: netsh winsock reset catalog cmd: netsh int ip reset C:\resettcpip.txt cmd: netsh advfirewall reset cmd: netsh advfirewall set allprofiles state ON cmd: Bitsadmin /Reset /Allusers cmd: ipconfig /flushdns cmd: ipconfig /all reboot: end ***************** Restore point was successfully created. Processes closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully. Could not restore Default URLSearchHook. "HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6" => removed successfully. C:\Documents and Settings\User1\Local Settings\temp\dllnt_dump.dll => moved successfully C:\Documents and Settings\User1\Local Settings\temp\Package_en_ww.exe => moved successfully C:\Documents and Settings\User2\Local Settings\temp\dllnt_dump.dll => moved successfully ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the machine in order to complete the reset. ========= End of CMD: ========= ========= netsh int ip reset C:\resettcpip.txt ========= ========= End of CMD: ========= ========= netsh advfirewall reset ========= The following command was not found: advfirewall reset. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= The following command was not found: advfirewall set allprofiles state ON. ========= End of CMD: ========= ========= Bitsadmin /Reset /Allusers ========= 'Bitsadmin' is not recognized as an internal or external command, operable program or batch file. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= ipconfig /all ========= Windows IP Configuration Host Name . . . . . . . . . . . . : pc1 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Internet: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : NVIDIA nForce Networking Controller Physical Address. . . . . . . . . : 00-19-66-87-32-25 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.102 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.1 Lease Obtained. . . . . . . . . . : 07 Декември 2017 г. 13:15:20 Lease Expires . . . . . . . . . . : 17 Декември 2017 г. 13:15:20 ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 73078 B Java, Flash, Steam htmlcache => 722 B Windows/system/dllcache/drivers => 4046280 B Edge => 0 B Chrome => 0 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Documents and Settings => 0 B Default User => 999465 B All Users => 0 B systemprofile => 291398074 B LocalService => 669 B NetworkService => 65960 B User1 => 11019477 B User2 => 100109 B Administrator => 0 B RecycleBin => 0 B EmptyTemp: => 293.4 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 08:26:39 ==== SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17] WebSite: www.safezone.cc DateLog: 08.12.2017 08:31:22 Path starting: C:\Documents and Settings\User1\Local Settings\temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: User1 VersionXML: 4.77is-06.12.2017 ___________________________________________________________________________ Windows XP(5.1.2600) Service Pack 3 (x86) Lang: English(0409) Installation date OS: 02.05.2011 07:16:36 Boot Mode: Normal Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.EXE SystemDrive: C: FS: [NTFS] Capacity: [19.5 Gb] Used: [10.8 Gb] Free: [8.7 Gb] ------------------------------- [ Windows ] ------------------------------- Extended support has ended 08.04.2014, Your operating system may be vulnerable to new types of threats Internet Explorer 8.0.6001.18702 Automatically download and schedule installation Date install updates: 2017-12-02 10:59:23 Automatic Updates (wuauserv) - The service is running Security Center (wscsvc) - The service is running Remote Registry (RemoteRegistry) - The service has stopped Terminal Services (TermService) - The service has stopped SSDP Discovery Service (SSDPSRV) - The service is running ------------------------------ [ MS Office ] ------------------------------ Microsoft Office 2003 v.11.0.7969.0 ---------------------------- [ Antivirus_WMI ] ---------------------------- Ad-Aware Antivirus (enabled and up to date) Malwarebytes (enabled and up to date) ---------------------------- [ Firewall_WMI ] ----------------------------- Ad-Aware Firewall (disabled) ---------------------- [ AntiVirusFirewallInstall ] ----------------------- AntimalwareEngine v.3.0.129.0 AdAwareUpdater v.11.12.945.9202 Ad-Aware Antivirus v.11.12.945.9202 AdAwareInstaller v.11.12.945.9202 -------------------------- [ SecurityUtilities ] -------------------------- MCShield ::Anti-Malware Tool:: v.3.0.5.28 Malwarebytes version 3.2.2.2018 v.3.2.2.2018 Zemana AntiMalware v.2.74.0.150 --------------------------- [ OtherUtilities ] ---------------------------- WinRAR 4.00 (32-битова версия) v.4.00.0 Warning! Download Update --------------------------------- [ IM ] ---------------------------------- Skype™ 7.36 v.7.36.150 Warning! Download Update --------------------------------- [ P2P ] --------------------------------- µTorrent v.2.2.1 Warning! P2P-client. -------------------------------- [ Java ] --------------------------------- Java 7 Update 11 v.7.0.110 Warning! This software is no longer supported. Please uninstall it and use Java SE 8 (jre-8u152-windows-i586.exe). --------------------------- [ AdobeProduction ] --------------------------- Adobe Flash Player 26 ActiveX v.26.0.0.151 Warning! Download Update Adobe Flash Player 18 NPAPI v.18.0.0.160 Warning! Download Update Adobe Flash Player 26 PPAPI v.26.0.0.151 Warning! Download Update Adobe Reader X (10.1.5) v.10.1.5 Warning! This software is no longer supported. Please uninstall it and use Adobe Reader XI or Adobe Acrobat Reader DC. Adobe Reader XI (11.0.08) v.11.0.08 Warning! Download Update ^Please run Adobe Reader XI and go Help - Check for updates...^ ------------------------------- [ Browser ] ------------------------------- Comodo Dragon v.45.9.12.393 Warning! Download Update Opera 12.12 v.12.12.1707 Warning! Download Update --------------------------- [ RunningProcess ] ---------------------------- C:\Program Files\Comodo\Dragon\dragon.exe v.45.9.12.393 ------------------ [ AntivirusFirewallProcessServices ] ------------------- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe v.11.12.945.9202 Ad-Aware Service 11 (LavasoftAdAwareService11) - The service is running C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe v.11.12.945.9202 ZAM Controller Service (ZAMSvc) - The service is running C:\Program Files\Zemana AntiMalware\ZAM.exe v.2.74.0.150 ---------------------------- [ UnwantedApps ] ----------------------------- Google Toolbar for Internet Explorer v.1.0.0 << Hidden Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems. ----------------------------- [ End of Log ] ------------------------------
  4. PUP.Optional.ParetoLogic

    Направих сканиранията.Като проблеми ми останаха две неща- невъзможност да отворя Comodo браузъра-рапортува "the page has become unresponsive.You can wait fir it become responsive or kill it" .Ако се наложи да преинсталирам браузъра,мога ли безопасно да импортирам отметките,в случай че проблема се дължи на зловреден код или си е софтуерен проблем и няма място за притеснения?Втория проблем е при изключване на компютъра от старт менюто го прави за около 5-10 мин-много по бавно от преди .В допълнение това се случва само с ограничения акаунт,при администраторския ,който ползвам много рядко всичко си е наред. Zemana AntiMalware 2.74.2.150 (инсталираната версия) ------------------------------------------------------- Scan Result : Завършено Scan Date : 2017.12.7 Operating System : Windows XP 32-bit Processor : 2X AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ BIOS Mode : Legacy CUID : 144B7E02881F997371E5F5 Scan Type : Проверка на системата Duration : 9m 34s Scanned Objects : 45024 Detected Objects : 0 Excluded Objects : 0 Read Level : Normal Auto Upload : Включен Detect All Extensions : Изключен Scan Documents : Изключен Domain Info : WORKGROUP,0,2 Detected Objects ------------------------------------------------------- Няма намерени заплахи Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-12-2017 Ran by User1 (administrator) on PC1 (07-12-2017 08:37:35) Running from C:\Documents and Settings\User2\Desktop Loaded Profiles: User1 & User2 (Available Profiles: User1 & User2 & Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Comodo) C:\Program Files\Comodo\Dragon\dragon_updater.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [tsnpstd3] => C:\WINDOWS\tsnpstd3.exe [262144 2006-06-19] () HKLM\...\Run: [snpstd3] => C:\WINDOWS\vsnpstd3.exe [831488 2006-05-12] () HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe [8063200 2016-07-18] () HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.) HKLM\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation) HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.) HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [Messenger (Yahoo!)] => "F:\SKYPE_~1\yahoo\Messenger\YahooMessenger.exe" -quiet HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [395640 2011-05-02] (BitTorrent, Inc.) HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-20] (Piriform Ltd) HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [Google Update] => C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-12-02] (Google Inc.) HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity) HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\RunOnce: [mb-runtask] => C:\Documents and Settings\User2\Desktop\mb-clean-3.1.0.1031.exe [863696 2017-12-06] (Malwarebytes) HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [1281024 2017-08-19] (Adobe Systems Incorporated) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2017-09-02] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk [2017-12-02] ShortcutTarget: VPN Client.lnk -> C:\WINDOWS\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{0227FD86-8C54-4C88-8029-3F44137A8ADF}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-220523388-412668190-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-220523388-412668190-1417001333-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: [S-1-5-21-220523388-412668190-1417001333-1004] ATTENTION => Default URLSearchHook is missing DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-22] () FF Plugin: @java.com/JavaPlugin,version=10.11.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-01-12] (Oracle Corporation) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [No File] FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-220523388-412668190-1417001333-1003: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\User1\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-220523388-412668190-1417001333-1003: @talk.google.com/O1DPlugin -> C:\Documents and Settings\User1\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-220523388-412668190-1417001333-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-02] (Google Inc.) FF Plugin HKU\S-1-5-21-220523388-412668190-1417001333-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-02] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\User1\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\User1\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-08-19] (Adobe Systems Incorporated) [File not signed] S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed] R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624 2009-11-17] (Cisco Systems, Inc.) R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed] R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed] R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2060848 2016-02-05] (Comodo) R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed] R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed] S3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed] R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-06-04] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-06-04] (Hewlett-Packard Co.) [File not signed] S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170912 2013-01-12] (Oracle Corporation) R2 LanmanServer; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed] R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed] R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe [664040 2016-07-18] () R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-21] (Malwarebytes) S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [95744 2008-05-19] (Microsoft Corporation) [File not signed] S3 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed] R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed] R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed] S3 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed] R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed] R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed] S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [File not signed] R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed] R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed] S3 Wmi; C:\WINDOWS\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation) [File not signed] R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed] R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-06-18] (Advanced Micro Devices) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2009-11-17] (Cisco Systems, Inc.) [File not signed] R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59904 2017-08-24] () R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.129.0\gzflt.sys [175008 2016-04-28] (BitDefender LLC) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-01-19] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-01-19] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-19] (HP) R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed] R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RtkHDAud.sys [4368896 2006-08-15] (Realtek Semiconductor Corp.) [File not signed] R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation) R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed] R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [150816 2017-12-06] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [40352 2017-12-07] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221632 2017-12-07] (Malwarebytes) R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed] R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed] S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed] R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed] R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [57856 2006-07-11] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [20480 2006-07-11] (NVIDIA Corporation) R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) S3 SNPSTD3; C:\WINDOWS\System32\DRIVERS\snpstd3.sys [10148480 2006-06-27] (Sonix Co. Ltd.) [File not signed] R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed] R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed] S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [428832 2016-04-28] (BitDefender S.R.L.) S3 usbaudio; C:\WINDOWS\System32\drivers\usbaudio.sys [60160 2013-07-17] (Microsoft Corporation) [File not signed] R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-09] (Microsoft Corporation) [File not signed] R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed] S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-03] (Microsoft Corporation) [File not signed] S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC) R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2017-12-07] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2017-12-07] (Zemana Ltd.) S3 catchme; \??\C:\DOCUME~1\User1\LOCALS~1\Temp\catchme.sys [X] S4 IntelIde; no ImagePath S2 StarOpen; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-07 08:37 - 2017-12-07 08:37 - 000014250 _____ C:\Documents and Settings\User2\Desktop\FRST.txt 2017-12-07 08:36 - 2017-12-07 08:36 - 001751040 _____ (Farbar) C:\Documents and Settings\User2\Desktop\FRST.exe 2017-12-07 08:35 - 2017-12-07 08:35 - 000000927 _____ C:\Documents and Settings\User1\Desktop\2017.12.07-08.21.50-i0-t92-d0.txt 2017-12-07 08:21 - 2017-12-07 08:37 - 000026906 _____ C:\WINDOWS\ZAM.krnl.trace 2017-12-07 08:21 - 2017-12-07 08:37 - 000012614 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2017-12-07 08:21 - 2017-12-07 08:21 - 000181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard32.sys 2017-12-07 08:21 - 2017-12-07 08:21 - 000181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam32.sys 2017-12-07 08:21 - 2017-12-07 08:21 - 000001605 _____ C:\Documents and Settings\All Users\Desktop\Zemana AntiMalware.lnk 2017-12-07 08:21 - 2017-12-07 08:21 - 000000000 ____D C:\Program Files\Zemana AntiMalware 2017-12-07 08:21 - 2017-12-07 08:21 - 000000000 ____D C:\Documents and Settings\User1\Local Settings\Application Data\Zemana 2017-12-07 08:21 - 2017-12-07 08:21 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Zemana 2017-12-07 08:21 - 2017-12-07 08:21 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Zemana AntiMalware 2017-12-07 08:20 - 2017-12-07 08:20 - 006625600 _____ (Zemana Ltd. ) C:\Documents and Settings\User2\Desktop\Zemana.AntiMalware.Setup.exe 2017-12-06 16:27 - 2017-12-06 16:27 - 008187336 _____ (Malwarebytes) C:\Documents and Settings\User2\Desktop\adwcleaner_7.0.5.0.exe 2017-12-06 14:30 - 2017-12-06 14:30 - 000010908 _____ C:\Documents and Settings\User1\Desktop\roguekiller.txt 2017-12-06 13:48 - 2017-12-06 14:32 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller 2017-12-06 13:48 - 2017-12-06 13:48 - 000000718 _____ C:\Documents and Settings\All Users\Desktop\RogueKiller.lnk 2017-12-06 13:48 - 2017-12-06 13:48 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RogueKiller 2017-12-06 13:47 - 2017-12-06 15:34 - 000000000 ____D C:\Program Files\RogueKiller 2017-12-06 13:44 - 2017-12-07 08:12 - 000221632 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-12-06 13:44 - 2017-12-07 08:12 - 000040352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-12-06 13:44 - 2017-12-06 13:44 - 000150816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-12-06 13:44 - 2017-12-06 13:44 - 000001715 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk 2017-12-06 13:44 - 2017-12-06 13:44 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes 2017-12-06 13:44 - 2017-12-06 13:44 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2017-12-06 13:44 - 2017-08-24 11:27 - 000059904 _____ C:\WINDOWS\system32\Drivers\mbae.sys 2017-12-06 13:40 - 2017-12-06 13:41 - 066347240 _____ (Malwarebytes ) C:\Documents and Settings\User2\Desktop\mb3-setup-consumer-3.2.2.2018.exe 2017-12-06 13:38 - 2017-12-06 13:39 - 036195904 _____ (Adlice Software ) C:\Documents and Settings\User2\Desktop\setup.exe 2017-12-06 08:37 - 2017-12-06 08:37 - 000079172 _____ C:\Documents and Settings\User1\Desktop\mb-clean-results.txt 2017-12-06 08:36 - 2017-12-06 08:36 - 000863696 _____ (Malwarebytes) C:\Documents and Settings\User2\Desktop\mb-clean-3.1.0.1031.exe 2017-12-05 14:09 - 2017-12-05 14:09 - 000001327 _____ C:\Documents and Settings\User1\Desktop\malwarebytes.txt 2017-12-05 13:37 - 2017-12-06 13:44 - 000000000 ____D C:\Program Files\Malwarebytes 2017-12-05 08:34 - 2017-12-07 08:37 - 000000000 ____D C:\FRST 2017-11-21 14:30 - 2017-11-21 14:30 - 000505729 _____ C:\Documents and Settings\User2\Desktop\87.pdf 2017-11-14 15:45 - 2017-11-14 15:45 - 000420352 _____ C:\Documents and Settings\User2\Desktop\ценова 2017 -НОЕМВРИ.xls ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-07 08:37 - 2015-07-18 12:46 - 000000000 ____D C:\Documents and Settings\User1\Local Settings\temp 2017-12-07 08:36 - 2011-05-02 12:28 - 000000000 ____D C:\Documents and Settings\User2\Local Settings\Temp 2017-12-07 08:12 - 2015-06-22 13:14 - 000000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2017-12-07 08:12 - 2014-01-31 12:39 - 000002051 _____ C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk 2017-12-07 08:12 - 2011-05-02 11:10 - 000000178 ___SH C:\Documents and Settings\User1\ntuser.ini 2017-12-07 08:11 - 2011-05-02 09:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-12-06 16:47 - 2016-02-17 15:35 - 000032618 _____ C:\WINDOWS\SchedLgU.Txt 2017-12-06 15:55 - 2013-03-08 14:11 - 000001078 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-412668190-1417001333-1003UA.job 2017-12-06 13:49 - 2011-12-06 10:57 - 000024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2017-12-06 12:55 - 2013-03-08 14:11 - 000001026 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-412668190-1417001333-1003Core.job 2017-12-05 14:19 - 2011-05-02 11:10 - 000000000 ____D C:\Documents and Settings\User1 2017-12-05 08:20 - 2001-08-23 11:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl 2017-12-04 14:31 - 2011-05-25 09:57 - 000000000 ____D C:\Documents and Settings\User2\Application Data\uTorrent 2017-12-04 14:30 - 2011-05-02 12:28 - 000000000 ____D C:\Documents and Settings\User2 2017-12-04 14:26 - 2015-04-26 08:48 - 000000000 ____D C:\Documents and Settings\User2\Application Data\Skype 2017-12-02 12:58 - 2011-05-02 11:46 - 000000000 ____D C:\Documents and Settings\User1\Application Data\uTorrent 2017-12-02 12:48 - 2017-01-16 12:16 - 000000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2017-12-02 12:48 - 2011-05-02 09:10 - 000000000 ____D C:\WINDOWS\system32\Macromed 2017-12-02 12:47 - 2015-04-25 10:43 - 000000000 ____D C:\Documents and Settings\User1\Application Data\Skype 2017-12-02 12:36 - 2016-02-20 12:25 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MCShield 2017-11-23 11:07 - 2013-12-09 12:51 - 000000000 ____D C:\Documents and Settings\User2\Desktop\образци PDF 2017-11-16 12:59 - 2015-06-22 13:14 - 000000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job ==================== Files in the root of some directories ======= 2011-05-02 12:33 - 2014-09-24 15:20 - 000014848 _____ () C:\Documents and Settings\User1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-01 12:07 - 2014-01-01 12:07 - 000000036 _____ () C:\Documents and Settings\User1\Local Settings\Application Data\housecall.guid.cache 2011-05-15 12:35 - 2011-05-15 12:35 - 000000056 _____ () C:\Documents and Settings\All Users\Application Data\ezsidmv.dat 2017-09-02 11:57 - 2017-09-02 12:18 - 000000473 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log Some files in TEMP: ==================== 2017-12-06 13:48 - 2010-12-09 17:15 - 000718336 _____ (Microsoft Corporation) C:\Documents and Settings\User1\Local Settings\temp\dllnt_dump.dll 2017-09-02 12:17 - 2017-09-02 12:17 - 000764248 _____ (Igor Pavlov) C:\Documents and Settings\User1\Local Settings\temp\Package_en_ww.exe 2017-12-06 16:31 - 2010-12-09 17:15 - 000718336 _____ (Microsoft Corporation) C:\Documents and Settings\User2\Local Settings\temp\dllnt_dump.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\dnsapi.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================ Addition.txt
  5. PUP.Optional.ParetoLogic

    добър вечер,видях новия ви пост,но ще мога да изпълня сканиранията утре,на работа съм още и няма да мога да отделя време.Лека вечер пожелавам
  6. PUP.Optional.ParetoLogic

    зцдравейте,извинете за бавния ми отговор,но срещнах трудности при инсталиране на инструментите.AdwCleaner не можах да го подкарам-излезе надпис че е невалидно Win32 application.Ето и логовете които успях да направя RogueKiller V12.11.27.0 [Dec 4 2017] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : User1 [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller.exe Mode : Scan -- Date : 12/06/2017 13:49:42 (Duration : 00:38:27) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 23 ¤¤¤ [PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B} (C:\Program Files\K-Lite Codec Pack\Filters\MP4Splitter.ax) -> Found [PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD} (C:\Program Files\K-Lite Codec Pack\Filters\MP4Splitter.ax) -> Found [PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A} (C:\Program Files\K-Lite Codec Pack\Filters\MP4Splitter.ax) -> Found [PUP.OpenCandy] HKEY_LOCAL_MACHINE\Software\Unchecky -> Found [PUP.Gen1] HKEY_USERS\S-1-5-21-220523388-412668190-1417001333-1003\Software\ParetoLogic -> Found [PUP.OpenCandy] HKEY_USERS\S-1-5-21-220523388-412668190-1417001333-1003\Software\Unchecky -> Found [PUP.Gen1] HKEY_USERS\S-1-5-21-220523388-412668190-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12062017134805187\Software\ParetoLogic -> Found [PUP.OpenCandy] HKEY_USERS\S-1-5-21-220523388-412668190-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12062017134805187\Software\Unchecky -> Found [PUP.Gen1] HKEY_USERS\S-1-5-21-220523388-412668190-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12062017135034203\Software\ParetoLogic -> Found [PUP.OpenCandy] HKEY_USERS\S-1-5-21-220523388-412668190-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12062017135034203\Software\Unchecky -> Found [PUP.Gen1] HKEY_USERS\S-1-5-21-220523388-412668190-1417001333-1003\Software\AppDataLow\Software\adawarebp -> Found [PUP.Gen1] HKEY_USERS\S-1-5-21-220523388-412668190-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12062017134805187\Software\AppDataLow\Software\adawarebp -> Found [PUP.Gen1] HKEY_USERS\S-1-5-21-220523388-412668190-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12062017135034203\Software\AppDataLow\Software\adawarebp -> Found [PUP.OpenCandy] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Unchecky -> Found [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar -> Found [PUP.OpenCandy] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Unchecky -> Found [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion -> Found [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} -> Found [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UnlockerDriver5 (\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX73.928\x86\UnlockerDriver5.sys) -> Found [PUP.OpenCandy] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Unchecky ("C:\Program Files\Unchecky\bin\unchecky_svc.exe") -> Found [PUP.OpenCandy] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Unchecky ("C:\Program Files\Unchecky\bin\unchecky_svc.exe") -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 46.40.72.9 192.168.0.1 ([Bulgaria][-]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0227FD86-8C54-4C88-8029-3F44137A8ADF} | DhcpNameServer : 46.40.72.9 192.168.0.1 ([Bulgaria][-]) -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 4 ¤¤¤ [PUP.OpenCandy][Folder] C:\Documents and Settings\All Users\Application Data\Unchecky -> Found [PUP.OpenCandy][Folder] C:\Program Files\Unchecky -> Found [PUP.OpenCandy][Folder] C:\Documents and Settings\All Users\Application Data\Unchecky -> Found [PUP.OpenCandy][File] C:\Documents and Settings\All Users\Desktop\Unchecky.lnk [LNK@] C:\PROGRA~1\Unchecky\unchecky.exe -> Found ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD6400AAKS-08A7B0 +++++ --- User --- [MBR] 23cfa3f6bcf7ba9b9f89e6c9522da883 [BSP] f5be75234f6b18700d041915ea5e8d99 : Windows XP|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 20002 MB [Windows XP Bootstrap | Windows XP Bootloader] 1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 40965750 | Size: 590475 MB User = LL1 ... OK User = LL2 ... OK Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/6/17 Scan Time: 3:38 PM Log File: b04f1ceb-da8a-11e7-acf0-001966873225.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.188 Update Package Version: 1.0.3423 License: Trial -System Information- OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 220193 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 25 min, 7 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end)
  7. PUP.Optional.ParetoLogic

    Междувременно сканирах с Malwarebyte- откри това-PUP.Optional.ParetoLogic Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/5/17 Scan Time: 1:38 PM Log File: d2d88f2e-d9b0-11e7-8e03-00059a3c7800.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.236 Update Package Version: 1.0.3414 License: Trial -System Information- OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 222200 Threats Detected: 1 Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 15 min, 30 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 1 PUP.Optional.ParetoLogic, HKU\S-1-5-21-220523388-412668190-1417001333-1003\SOFTWARE\PARETOLOGIC\PC Health Advisor, No Action By User, [1851], [366347],1.0.3414 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end)
  8. здравейте,получи се следния проблем-след отваряне на снимки от чат,по-точно след последната,излезе съобщение на екрана дали искам да рестартирам.Отказах да изпълня рестарта,след което на курсора на мишката се появи часовника и стоя около 5 минути.През това време не се изпълняваха никакви команди.Изчаках да изчезне часовника и реших да отворя коя да е икона от десктопа-същото нещо-появи се часовника за около 5 минути.Изключих го и повече не се занимавах.Днес сутринта го включих и директно ми се отвори браузъра със същия този часовник.Сега ми изпълнява командите по бавно,но може да се работи.Не съм сканирал с никакви антивирусни софтуери и директно минах на сканиране с FRST.Ето ги и логовете: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-11-2017 Ran by User1 (administrator) on PC1 (05-12-2017 08:35:08) Running from C:\Documents and Settings\User2\Desktop Loaded Profiles: User1 & User2 (Available Profiles: User1 & User2 & Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Comodo) C:\Program Files\Comodo\Dragon\dragon_updater.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe (RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe (Comodo) C:\Program Files\Comodo\Dragon\dragon.exe (Comodo) C:\Program Files\Comodo\Dragon\dragon.exe (Comodo) C:\Program Files\Comodo\Dragon\dragon.exe (Comodo) C:\Program Files\Comodo\Dragon\dragon.exe (Comodo) C:\Program Files\Comodo\Dragon\dragon.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [tsnpstd3] => C:\WINDOWS\tsnpstd3.exe [262144 2006-06-19] () HKLM\...\Run: [snpstd3] => C:\WINDOWS\vsnpstd3.exe [831488 2006-05-12] () HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe [8063200 2016-07-18] () HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.) HKLM\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation) HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [Messenger (Yahoo!)] => "F:\SKYPE_~1\yahoo\Messenger\YahooMessenger.exe" -quiet HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [395640 2011-05-02] (BitTorrent, Inc.) HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-20] (Piriform Ltd) HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [Google Update] => C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-12-02] (Google Inc.) HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity) HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [1281024 2017-08-19] (Adobe Systems Incorporated) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2017-09-02] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk [2017-12-02] ShortcutTarget: VPN Client.lnk -> C:\WINDOWS\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{0227FD86-8C54-4C88-8029-3F44137A8ADF}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-220523388-412668190-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-220523388-412668190-1417001333-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: [S-1-5-21-220523388-412668190-1417001333-1004] ATTENTION => Default URLSearchHook is missing DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-22] () FF Plugin: @java.com/JavaPlugin,version=10.11.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-01-12] (Oracle Corporation) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [No File] FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-220523388-412668190-1417001333-1003: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\User1\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-220523388-412668190-1417001333-1003: @talk.google.com/O1DPlugin -> C:\Documents and Settings\User1\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-220523388-412668190-1417001333-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-02] (Google Inc.) FF Plugin HKU\S-1-5-21-220523388-412668190-1417001333-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-02] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\User1\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\User1\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-08-19] (Adobe Systems Incorporated) [File not signed] S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed] R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624 2009-11-17] (Cisco Systems, Inc.) R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed] R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed] R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2060848 2016-02-05] (Comodo) R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed] R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed] S3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed] R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-06-04] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-06-04] (Hewlett-Packard Co.) [File not signed] S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170912 2013-01-12] (Oracle Corporation) R2 LanmanServer; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed] R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed] R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe [664040 2016-07-18] () S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [95744 2008-05-19] (Microsoft Corporation) [File not signed] S3 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed] R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed] R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed] S3 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed] R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed] R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed] S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [File not signed] R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed] R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed] R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [243448 2016-02-20] (RaMMicHaeL) S3 Wmi; C:\WINDOWS\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation) [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed] R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-06-18] (Advanced Micro Devices) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2009-11-17] (Cisco Systems, Inc.) [File not signed] R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.) R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.129.0\gzflt.sys [175008 2016-04-28] (BitDefender LLC) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-01-19] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-01-19] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-19] (HP) R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed] R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RtkHDAud.sys [4368896 2006-08-15] (Realtek Semiconductor Corp.) [File not signed] R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation) R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed] R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed] R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed] S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed] R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed] R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [57856 2006-07-11] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [20480 2006-07-11] (NVIDIA Corporation) R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) S3 SNPSTD3; C:\WINDOWS\System32\DRIVERS\snpstd3.sys [10148480 2006-06-27] (Sonix Co. Ltd.) [File not signed] R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed] R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed] U3 TrueSight; c:\windows\system32\drivers\TrueSight.sys [111872 2011-12-15] () [File not signed] S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [428832 2016-04-28] (BitDefender S.R.L.) S3 usbaudio; C:\WINDOWS\System32\drivers\usbaudio.sys [60160 2013-07-17] (Microsoft Corporation) [File not signed] R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-09] (Microsoft Corporation) [File not signed] R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed] S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-03] (Microsoft Corporation) [File not signed] S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC) S3 catchme; \??\C:\DOCUME~1\User1\LOCALS~1\Temp\catchme.sys [X] S4 IntelIde; no ImagePath S2 StarOpen; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-05 08:35 - 2017-12-05 08:35 - 000013521 _____ C:\Documents and Settings\User2\Desktop\FRST.txt 2017-12-05 08:34 - 2017-12-05 08:35 - 000000000 ____D C:\FRST 2017-12-05 08:34 - 2017-12-05 08:34 - 001752064 _____ (Farbar) C:\Documents and Settings\User2\Desktop\FRST.exe 2017-11-21 14:30 - 2017-11-21 14:30 - 000505729 _____ C:\Documents and Settings\User2\Desktop\87.pdf 2017-11-14 15:45 - 2017-11-14 15:45 - 000420352 _____ C:\Documents and Settings\User2\Desktop\ценова 2017 -НОЕМВРИ.xls ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-05 08:35 - 2015-07-18 12:46 - 000000000 ____D C:\Documents and Settings\User1\Local Settings\temp 2017-12-05 08:35 - 2011-05-02 12:28 - 000000000 ____D C:\Documents and Settings\User2\Local Settings\Temp 2017-12-05 08:22 - 2014-01-31 12:39 - 000002051 _____ C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk 2017-12-05 08:20 - 2015-06-22 13:14 - 000000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2017-12-05 08:20 - 2011-05-02 09:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-12-05 08:20 - 2001-08-23 11:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl 2017-12-04 14:39 - 2016-02-17 15:35 - 000032618 _____ C:\WINDOWS\SchedLgU.Txt 2017-12-04 14:31 - 2011-05-25 09:57 - 000000000 ____D C:\Documents and Settings\User2\Application Data\uTorrent 2017-12-04 14:30 - 2011-05-02 12:28 - 000000000 ____D C:\Documents and Settings\User2 2017-12-04 14:26 - 2015-04-26 08:48 - 000000000 ____D C:\Documents and Settings\User2\Application Data\Skype 2017-12-04 13:55 - 2013-03-08 14:11 - 000001078 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-412668190-1417001333-1003UA.job 2017-12-04 12:55 - 2013-03-08 14:11 - 000001026 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-412668190-1417001333-1003Core.job 2017-12-02 12:58 - 2011-05-02 11:46 - 000000000 ____D C:\Documents and Settings\User1\Application Data\uTorrent 2017-12-02 12:58 - 2011-05-02 11:10 - 000000178 ___SH C:\Documents and Settings\User1\ntuser.ini 2017-12-02 12:48 - 2017-01-16 12:16 - 000000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2017-12-02 12:48 - 2011-05-02 09:10 - 000000000 ____D C:\WINDOWS\system32\Macromed 2017-12-02 12:47 - 2015-04-25 10:43 - 000000000 ____D C:\Documents and Settings\User1\Application Data\Skype 2017-12-02 12:36 - 2016-02-20 12:25 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MCShield 2017-11-30 14:44 - 2011-05-02 11:10 - 000000000 ____D C:\Documents and Settings\User1 2017-11-23 11:07 - 2013-12-09 12:51 - 000000000 ____D C:\Documents and Settings\User2\Desktop\образци PDF 2017-11-16 12:59 - 2015-06-22 13:14 - 000000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job ==================== Files in the root of some directories ======= 2011-05-02 12:33 - 2014-09-24 15:20 - 000014848 _____ () C:\Documents and Settings\User1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-01 12:07 - 2014-01-01 12:07 - 000000036 _____ () C:\Documents and Settings\User1\Local Settings\Application Data\housecall.guid.cache 2011-05-15 12:35 - 2011-05-15 12:35 - 000000056 _____ () C:\Documents and Settings\All Users\Application Data\ezsidmv.dat 2017-09-02 11:57 - 2017-09-02 12:18 - 000000473 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log Some files in TEMP: ==================== 2017-09-02 12:17 - 2017-09-02 12:17 - 000764248 _____ (Igor Pavlov) C:\Documents and Settings\User1\Local Settings\temp\Package_en_ww.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\dnsapi.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================ Addition.txt
  9. Win32/AdkDLLWrapper

    здравейте,не знам по какво съдите че Zemana не е деинсталирана,но я махнах.Единственото което остана като неудобство е че плеърите,които ползвам за филми се изключват сами през различен интервал от време.Може през 10-15 секунди няколко пъти,може и да не се случи.За да се задържи плеъра на екрана трябва да натисна и задържа CTRL и след това да отворя иконата с мишката.Това важи и за други икони ако се случи.Прилагам лог-а от последните ви инструкции: # DelFix v1.013 - Logfile created 03/09/2017 at 00:07:19 # Updated 17/04/2016 by Xplode # Username : GERGANA - GERGANA-PC # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) ~ Removing disinfection tools ... Deleted : C:\Qoobox Deleted : C:\Combofix Deleted : C:\FRST Deleted : C:\Users\GERGANA\Desktop\Addition.txt Deleted : C:\Users\GERGANA\Desktop\ComboFix.exe Deleted : C:\Users\GERGANA\Desktop\ComboFix.txt Deleted : C:\Users\GERGANA\Desktop\FRST.txt Deleted : C:\Users\GERGANA\Desktop\FRST64.exe Deleted : C:\Users\GERGANA\Desktop\rkill.exe Deleted : C:\Users\GERGANA\Desktop\Rkill.txt Deleted : C:\Windows\grep.exe Deleted : C:\Windows\PEV.exe Deleted : C:\Windows\NIRCMD.exe Deleted : C:\Windows\MBR.exe Deleted : C:\Windows\SED.exe Deleted : C:\Windows\SWREG.exe Deleted : C:\Windows\SWSC.exe Deleted : C:\Windows\SWXCACLS.exe Deleted : C:\Windows\Zip.exe Deleted : HKCU\console_combofixbackup Deleted : HKLM\SOFTWARE\Swearware Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #167 [ComboFix created restore point | 08/28/2017 20:33:39] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
  10. Win32/AdkDLLWrapper

    Здравейте,прилагам новите лог-ове.В каква посока да търся хардуерен проблем? ComboFix 17-08-04.01 - GERGANA 08.2017 г. 23:35:08.1.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1026.18.3971.2181 [GMT 3:00] Running from: C:\Users\GERGANA\Desktop\ComboFix.exe AV: 360 Total Security *Disabled/Updated* {0371CA44-3F80-A1D3-BECE-910620B58D50} AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B} SP: 360 Total Security *Disabled/Updated* {B8102BA0-19BA-AE5D-847E-AA745B32C7ED} SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\ProgramData\1491397168_00000000_base C:\ProgramData\1491397168_00000000_base\360base.dll C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk C:\Windows\SysWow64\~GLH000c.TMP C:\Windows\SysWow64\~GLH000d.TMP ((((((((((((((((((((((((( Files Created from 2017-07-28 to 2017-08-28 ))))))))))))))))))))))))))))))) 2017-08-28 20:40:11 . 2017-08-28 20:40:11 -------- d-----w- C:\Users\Default\AppData\Local\temp 2017-08-20 13:29:39 . 2017-08-20 13:32:01 -------- d-----w- C:\FRST 2017-08-19 16:55:02 . 2017-08-19 16:55:02 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{47A65DCC-FB59-44DB-8844-CC02C635B2AF}\offreg.1920.dll 2017-08-19 14:39:59 . 2017-07-07 15:15:23 3945192 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2017-08-19 14:29:21 . 2015-02-04 03:16:35 465920 ----a-w- C:\Windows\system32\WMPhoto.dll 2017-08-19 14:29:21 . 2015-02-04 02:54:09 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2017-08-19 14:14:13 . 2017-07-17 20:54:36 13476768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{47A65DCC-FB59-44DB-8844-CC02C635B2AF}\mpengine.dll 2017-08-19 14:12:13 . 2014-11-11 03:08:52 241152 ----a-w- C:\Windows\system32\pku2u.dll 2017-08-19 14:12:13 . 2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll 2017-08-15 20:11:05 . 2017-08-16 20:27:03 -------- d-----w- C:\Program Files (x86)\Zemana AntiMalware 2017-08-15 20:10:44 . 2017-08-15 20:10:44 -------- d-----w- C:\Users\GERGANA\AppData\Local\Zemana 2017-08-15 19:43:35 . 2017-08-15 19:43:35 188352 ----a-w- C:\Windows\system32\drivers\MBAMChameleon.sys 2017-08-15 19:43:28 . 2017-08-28 16:56:58 101784 ----a-w- C:\Windows\system32\drivers\farflt.sys 2017-08-15 19:43:27 . 2017-08-28 17:10:10 84256 ----a-w- C:\Windows\system32\drivers\mwac.sys 2017-08-15 19:43:20 . 2017-08-28 16:56:57 45472 ----a-w- C:\Windows\system32\drivers\mbam.sys 2017-08-15 19:43:12 . 2017-08-28 16:56:56 253856 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys 2017-08-15 19:42:59 . 2017-06-27 09:06:28 77376 ----a-w- C:\Windows\system32\drivers\mbae64.sys 2017-08-15 19:42:53 . 2017-08-15 19:42:53 -------- d-----w- C:\ProgramData\Malwarebytes 2017-08-15 19:42:53 . 2017-08-15 19:42:53 -------- d-----w- C:\Program Files\Malwarebytes 2017-08-13 16:15:24 . 2017-08-13 16:35:18 -------- d-----w- C:\SMCLpav 2017-08-13 13:54:49 . 2017-08-13 13:54:49 -------- d-----w- C:\Users\GERGANA\AppData\Local\ESET . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2017-08-19 14:42:24 . 2013-12-11 13:08:10 140394280 -c--a-w- C:\Windows\system32\MRT.exe 2017-08-19 14:01:01 . 2013-12-11 12:59:08 803328 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2017-08-19 14:01:01 . 2013-12-11 12:59:08 144896 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2017-07-26 10:36:03 . 2016-05-09 16:30:19 86248 ----a-w- C:\Windows\SysWow64\drivers\360AvFlt.sys 2017-07-26 10:36:03 . 2016-05-09 16:29:38 330472 ----a-w- C:\Windows\system32\drivers\360Box64.sys 2017-07-26 10:36:03 . 2016-05-09 16:29:26 86248 ----a-w- C:\Windows\system32\drivers\360AvFlt.sys 2017-07-07 15:10:46 . 2017-08-19 14:39:29 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2017-06-09 09:00:50 . 2016-05-09 16:30:10 423360 ----a-w- C:\Windows\system32\drivers\360fsflt.sys 2017-06-09 09:00:50 . 2016-05-09 16:29:36 175040 ----a-w- C:\Windows\system32\drivers\360AntiHacker64.sys 2017-06-09 09:00:50 . 2016-05-09 16:29:33 49088 ----a-w- C:\Windows\system32\drivers\360Camera64.sys 2017-06-09 09:00:50 . 2016-05-09 16:29:32 190400 ----a-w- C:\Windows\system32\drivers\BAPIDRV64.SYS 2017-06-02 08:10:16 . 2017-07-07 22:16:03 733696 ----a-w- C:\Windows\HelpPane.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QHSafeTray"="C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe" [2017-07-31 13:45:30 2154592] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "MaxGPOScriptWait"= 600 (0x258) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0PCloudBroom64.exe \systemroot\system32\BroomData.bit [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] @="Service" R1 ZAM;ZAM Helper Driver;C:\Windows\System32\drivers\zam64.sys;C:\Windows\SYSNATIVE\drivers\zam64.sys [x] R1 ZAM_Guard;ZAM Guard Driver;C:\Windows\System32\drivers\zamguard64.sys;C:\Windows\SYSNATIVE\drivers\zamguard64.sys [x] R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe;C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x] R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys;C:\Windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe;C:\Windows\SYSNATIVE\IEEtwCollector.exe [x] R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys;C:\Windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] R3 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [x] R3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;C:\Windows\system32\DRIVERS\jrdusbser.sys;C:\Windows\SYSNATIVE\DRIVERS\jrdusbser.sys [x] R3 keycrypt;keycrypt;C:\Windows\system32\DRIVERS\KeyCrypt64.sys;C:\Windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys;C:\Windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x] R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys;C:\Windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys;C:\Windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys;C:\Windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys;C:\Windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Услуга на технологиите за активиране на Windows;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 wdm_usb;wdm_usb;C:\Windows\system32\DRIVERS\usb2ser.sys;C:\Windows\SYSNATIVE\DRIVERS\usb2ser.sys [x] S0 iaStorA;iaStorA;C:\Windows\system32\DRIVERS\iaStorA.sys;C:\Windows\SYSNATIVE\DRIVERS\iaStorA.sys [x] S0 iaStorF;iaStorF;C:\Windows\system32\DRIVERS\iaStorF.sys;C:\Windows\SYSNATIVE\DRIVERS\iaStorF.sys [x] S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S1 360Box64;360Box mini-filter driver;C:\Windows\system32\DRIVERS\360Box64.sys;C:\Windows\SYSNATIVE\DRIVERS\360Box64.sys [x] S1 360Camera;360Safe Camera Filter Service;C:\Windows\system32\Drivers\360Camera64.sys;C:\Windows\SYSNATIVE\Drivers\360Camera64.sys [x] S1 360FsFlt;360FsFlt mini-filter driver;C:\Windows\system32\DRIVERS\360FsFlt.sys;C:\Windows\SYSNATIVE\DRIVERS\360FsFlt.sys [x] S1 BAPIDRV;BAPIDRV;C:\Windows\system32\DRIVERS\BAPIDRV64.sys;C:\Windows\SYSNATIVE\DRIVERS\BAPIDRV64.sys [x] S2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe;C:\Windows\SYSNATIVE\svchost.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe;C:\Program Files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 QHActiveDefense;360 Total Security;C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe;C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 360AntiHacker;360Safe Anti Hacker Service;C:\Windows\system32\Drivers\360AntiHacker64.sys;C:\Windows\SYSNATIVE\Drivers\360AntiHacker64.sys [x] S3 360AvFlt;360AvFlt mini-filter driver;C:\Windows\system32\DRIVERS\360AvFlt.sys;C:\Windows\SYSNATIVE\DRIVERS\360AvFlt.sys [x] S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS;C:\Windows\SYSNATIVE\drivers\AmUStor.SYS [x] S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys;C:\Windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys;C:\Windows\SYSNATIVE\DRIVERS\pgeffect.sys [x] --- Other Services/Drivers In Memory --- *Deregistered* - ESProtectionDriver [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}] 2017-07-31 22:31:52 324080 ----a-w- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes TrayApp"="C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-05-09 14:42:26 3146704] ------- Supplementary Scan ------- uLocal Page = C:\Windows\system32\blank.htm mLocal Page = C:\Windows\SysWOW64\blank.htm TCP: DhcpNameServer = 84.54.128.100 84.54.128.9 - - - - ORPHANS REMOVED - - - - HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe Rkill.txt
  11. Win32/AdkDLLWrapper

    друго което се случва е че не мога да ползвам F2 бутона за влизане под safe mode-при натискане изскача за миг и се скрива.И второто нещо е че процесора работи между 30 и 80 % без видима причина.
  12. Win32/AdkDLLWrapper

    здравейте,надявам се ако е хардуерен кахър да е поправим и да не ми излезе златен,прилагам и новите сканинги: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017 Ran by GERGANA (administrator) on GERGANA-PC (20-08-2017 16:29:46) Running from C:\Users\GERGANA\Desktop Loaded Profiles: GERGANA (Available Profiles: GERGANA) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [2154592 2017-07-31] (QIHU 360 SOFTWARE CO. LIMITED) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2015-01-08] ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe () BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 84.54.128.100 84.54.128.9 Tcpip\..\Interfaces\{050FEA5C-3630-4D0F-A8E4-8EC183BF8AE8}: [DhcpNameServer] 84.54.128.100 84.54.128.9 Tcpip\..\Interfaces\{94C064C5-8139-44AB-810C-1E9D0A2F024F}: [DhcpNameServer] 84.54.128.100 84.54.128.9 Tcpip\..\Interfaces\{C9DE01DF-38AF-422C-8292-00BF45A44DE5}: [DhcpNameServer] 217.18.252.131 87.246.20.11 Internet Explorer: ================== BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2017-07-26] (Qihu 360 Software Co., Ltd.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation) FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\GERGANA\AppData\Local\Google\Chrome\User Data\Default [2017-08-20] CHR Extension: (Adblock Plus) - C:\Users\GERGANA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12] CHR Extension: (AdBlocker Ultimate) - C:\Users\GERGANA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2017-01-22] CHR Extension: (Chrome Media Router) - C:\Users\GERGANA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-04] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx Opera: ======= OPR StartupUrls: "hxxp://google.bg/" ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [929888 2017-07-26] (QIHU 360 SOFTWARE CO. LIMITED) S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [175040 2017-06-09] (360.cn) R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [86248 2017-07-26] (360.cn) R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2017-07-26] (360.cn) R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2017-07-26] (360.cn) R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [49088 2017-06-09] (360.cn) R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [423360 2017-06-09] (360.cn) R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [190400 2017-06-09] (360.cn) R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] () R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-27] () R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-11] (Intel Corporation) S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [119680 2009-11-17] (TCT International Mobile Ltd) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-19] (Qualcomm Atheros Co., Ltd.) R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188352 2017-08-15] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-08-20] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-08-20] (Malwarebytes) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-08-20] (Malwarebytes) S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-20 16:29 - 2017-08-20 16:30 - 000009508 _____ C:\Users\GERGANA\Desktop\FRST.txt 2017-08-20 16:29 - 2017-08-20 16:29 - 000000000 ____D C:\FRST 2017-08-20 16:28 - 2017-08-20 16:28 - 002395648 _____ (Farbar) C:\Users\GERGANA\Desktop\FRST64.exe 2017-08-19 17:40 - 2017-07-21 17:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll 2017-08-19 17:40 - 2017-07-21 17:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll 2017-08-19 17:40 - 2017-07-14 18:29 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2017-08-19 17:40 - 2017-07-14 18:29 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2017-08-19 17:40 - 2017-07-14 18:29 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll 2017-08-19 17:40 - 2017-07-14 18:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2017-08-19 17:40 - 2017-07-14 18:12 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2017-08-19 17:40 - 2017-07-14 18:12 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe 2017-08-19 17:40 - 2017-07-14 18:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2017-08-19 17:40 - 2017-07-14 18:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2017-08-19 17:40 - 2017-07-14 18:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll 2017-08-19 17:40 - 2017-07-14 10:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2017-08-19 17:40 - 2017-07-14 09:49 - 025733632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-08-19 17:40 - 2017-07-14 09:44 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2017-08-19 17:40 - 2017-07-14 09:22 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2017-08-19 17:40 - 2017-07-14 08:35 - 005981184 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-08-19 17:40 - 2017-07-14 07:40 - 015254016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-08-19 17:40 - 2017-07-14 07:23 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2017-08-19 17:40 - 2017-07-14 07:07 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2017-08-19 17:40 - 2017-07-14 06:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2017-08-19 17:40 - 2017-07-14 05:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-08-19 17:40 - 2017-07-14 05:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2017-08-19 17:40 - 2017-07-14 05:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2017-08-19 17:40 - 2017-07-14 05:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2017-08-19 17:40 - 2017-07-14 05:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2017-08-19 17:40 - 2017-07-14 04:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2017-08-19 17:40 - 2017-07-08 18:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2017-08-19 17:40 - 2017-07-08 18:00 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2017-08-19 17:40 - 2017-07-07 18:33 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-08-19 17:40 - 2017-07-07 18:33 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2017-08-19 17:40 - 2017-07-07 18:29 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-08-19 17:40 - 2017-07-07 18:29 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2017-08-19 17:40 - 2017-07-07 18:29 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2017-08-19 17:40 - 2017-07-07 18:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2017-08-19 17:40 - 2017-07-07 18:29 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2017-08-19 17:40 - 2017-07-07 18:29 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2017-08-19 17:40 - 2017-07-07 18:29 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2017-08-19 17:40 - 2017-07-07 18:29 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2017-08-19 17:40 - 2017-07-07 18:29 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2017-08-19 17:40 - 2017-07-07 18:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2017-08-19 17:40 - 2017-07-07 18:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2017-08-19 17:40 - 2017-07-07 18:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2017-08-19 17:40 - 2017-07-07 18:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2017-08-19 17:40 - 2017-07-07 18:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2017-08-19 17:40 - 2017-07-07 17:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2017-08-19 17:40 - 2017-07-07 17:54 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2017-08-19 17:40 - 2017-07-01 16:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll 2017-08-19 17:40 - 2017-07-01 16:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll 2017-08-19 17:40 - 2017-07-01 16:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll 2017-08-19 17:40 - 2017-07-01 16:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll 2017-08-19 17:40 - 2017-07-01 16:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll 2017-08-19 17:40 - 2017-07-01 16:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll 2017-08-19 17:40 - 2017-07-01 16:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll 2017-08-19 17:40 - 2017-07-01 16:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll 2017-08-19 17:40 - 2017-07-01 16:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll 2017-08-19 17:40 - 2017-07-01 16:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll 2017-08-19 17:40 - 2017-07-01 16:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll 2017-08-19 17:40 - 2017-07-01 16:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll 2017-08-19 17:40 - 2017-06-15 23:23 - 000753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2017-08-19 17:40 - 2017-06-13 01:49 - 001363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll 2017-08-19 17:40 - 2017-06-13 01:49 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx 2017-08-19 17:40 - 2017-06-13 01:29 - 001227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll 2017-08-19 17:40 - 2017-06-13 01:29 - 000390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx 2017-08-19 17:40 - 2017-06-13 01:14 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe 2017-08-19 17:40 - 2017-06-13 01:06 - 000303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe 2017-08-19 17:40 - 2017-06-10 18:59 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll 2017-08-19 17:40 - 2017-06-10 18:39 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll 2017-08-19 17:40 - 2017-06-09 18:33 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2017-08-19 17:40 - 2017-06-06 18:30 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2017-08-19 17:40 - 2017-06-06 18:12 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2017-08-19 17:40 - 2017-05-30 07:56 - 001895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2017-08-19 17:40 - 2017-05-30 07:56 - 000377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2017-08-19 17:40 - 2017-05-30 07:56 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2017-08-19 17:40 - 2017-05-16 18:35 - 000986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2017-08-19 17:40 - 2017-05-16 18:35 - 000265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2017-08-19 17:40 - 2017-04-28 01:50 - 003550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll 2017-08-19 17:40 - 2017-04-12 16:05 - 004296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll 2017-08-19 17:40 - 2017-03-10 19:32 - 001389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll 2017-08-19 17:40 - 2017-03-10 19:20 - 001508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll 2017-08-19 17:40 - 2017-03-10 18:55 - 000205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys 2017-08-19 17:40 - 2017-03-10 18:55 - 000195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys 2017-08-19 17:40 - 2017-02-09 19:32 - 000769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll 2017-08-19 17:40 - 2017-01-18 18:36 - 000994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2017-08-19 17:40 - 2017-01-18 18:36 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:36 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:36 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:36 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:36 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:36 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:36 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:36 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:36 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2017-08-19 17:40 - 2017-01-18 18:36 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:36 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:36 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:36 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:36 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:36 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:36 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:36 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2017-08-19 17:40 - 2017-01-18 18:36 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2017-08-19 17:40 - 2017-01-18 18:36 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:36 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:36 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:36 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2017-08-19 17:40 - 2017-01-18 18:35 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2017-08-19 17:40 - 2017-01-18 18:35 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:35 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:35 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:35 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:35 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:35 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:35 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:35 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:35 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll 2017-08-19 17:40 - 2017-01-18 18:35 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:35 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:35 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:35 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll 2017-08-19 17:40 - 2017-01-18 18:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll 2017-08-19 17:40 - 2017-01-18 18:35 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:35 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:35 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll 2017-08-19 17:40 - 2017-01-18 18:35 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll 2017-08-19 17:40 - 2016-10-11 17:55 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe 2017-08-19 17:40 - 2016-10-11 16:18 - 000419648 _____ C:\Windows\SysWOW64\locale.nls 2017-08-19 17:40 - 2016-10-11 16:17 - 000419648 _____ C:\Windows\system32\locale.nls 2017-08-19 17:40 - 2016-09-15 17:56 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2017-08-19 17:40 - 2016-08-22 19:19 - 001386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2017-08-19 17:40 - 2016-08-12 20:02 - 014632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2017-08-19 17:40 - 2016-08-12 19:47 - 011410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2017-08-19 17:40 - 2016-08-12 19:26 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2017-08-19 17:40 - 2016-08-06 18:31 - 002023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2017-08-19 17:40 - 2016-08-06 18:31 - 000347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2017-08-19 17:40 - 2016-08-06 18:31 - 000310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2017-08-19 17:40 - 2016-08-06 18:31 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2017-08-19 17:40 - 2016-08-06 18:15 - 001178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2017-08-19 17:40 - 2016-08-06 18:15 - 000249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2017-08-19 17:40 - 2016-08-06 18:15 - 000214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2017-08-19 17:40 - 2016-08-06 18:15 - 000146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2017-08-19 17:40 - 2016-08-06 18:01 - 000266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2017-08-19 17:40 - 2016-08-06 17:53 - 000199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2017-08-19 17:40 - 2016-06-14 20:16 - 004121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2017-08-19 17:40 - 2016-06-14 20:16 - 001202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2017-08-19 17:40 - 2016-06-14 20:16 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2017-08-19 17:40 - 2016-06-14 20:16 - 000842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2017-08-19 17:40 - 2016-06-14 20:16 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2017-08-19 17:40 - 2016-06-14 20:16 - 000680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2017-08-19 17:40 - 2016-06-14 20:16 - 000632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2017-08-19 17:40 - 2016-06-14 20:16 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2017-08-19 17:40 - 2016-06-14 20:16 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2017-08-19 17:40 - 2016-06-14 20:16 - 000440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2017-08-19 17:40 - 2016-06-14 20:16 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2017-08-19 17:40 - 2016-06-14 20:16 - 000371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2017-08-19 17:40 - 2016-06-14 20:16 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2017-08-19 17:40 - 2016-06-14 20:16 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2017-08-19 17:40 - 2016-06-14 20:16 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2017-08-19 17:40 - 2016-06-14 20:16 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2017-08-19 17:40 - 2016-06-14 20:11 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2017-08-19 17:40 - 2016-06-14 18:21 - 003209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2017-08-19 17:40 - 2016-06-14 18:21 - 001005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2017-08-19 17:40 - 2016-06-14 18:21 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2017-08-19 17:40 - 2016-06-14 18:21 - 000744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2017-08-19 17:40 - 2016-06-14 18:21 - 000617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2017-08-19 17:40 - 2016-06-14 18:21 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2017-08-19 17:40 - 2016-06-14 18:21 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2017-08-19 17:40 - 2016-06-14 18:21 - 000442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2017-08-19 17:40 - 2016-06-14 18:21 - 000406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2017-08-19 17:40 - 2016-06-14 18:21 - 000374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2017-08-19 17:40 - 2016-06-14 18:21 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2017-08-19 17:40 - 2016-06-14 18:21 - 000195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2017-08-19 17:39 - 2017-07-29 17:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2017-08-19 17:39 - 2017-07-21 17:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll 2017-08-19 17:39 - 2017-07-21 17:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll 2017-08-19 17:39 - 2017-07-15 21:35 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2017-08-19 17:39 - 2017-07-15 20:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2017-08-19 17:39 - 2017-07-14 18:29 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll 2017-08-19 17:39 - 2017-07-14 18:29 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll 2017-08-19 17:39 - 2017-07-14 18:29 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll 2017-08-19 17:39 - 2017-07-14 18:29 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll 2017-08-19 17:39 - 2017-07-14 18:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll 2017-08-19 17:39 - 2017-07-14 18:29 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll 2017-08-19 17:39 - 2017-07-14 18:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2017-08-19 17:39 - 2017-07-14 18:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll 2017-08-19 17:39 - 2017-07-14 18:11 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe 2017-08-19 17:39 - 2017-07-14 18:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll 2017-08-19 17:39 - 2017-07-14 18:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2017-08-19 17:39 - 2017-07-14 18:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll 2017-08-19 17:39 - 2017-07-14 18:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll 2017-08-19 17:39 - 2017-07-14 18:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll 2017-08-19 17:39 - 2017-07-14 18:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll 2017-08-19 17:39 - 2017-07-14 18:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll 2017-08-19 17:39 - 2017-07-14 18:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2017-08-19 17:39 - 2017-07-14 18:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe 2017-08-19 17:39 - 2017-07-14 17:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe 2017-08-19 17:39 - 2017-07-14 17:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll 2017-08-19 17:39 - 2017-07-14 17:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2017-08-19 17:39 - 2017-07-14 17:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2017-08-19 17:39 - 2017-07-14 17:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll 2017-08-19 17:39 - 2017-07-14 10:15 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2017-08-19 17:39 - 2017-07-14 09:47 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2017-08-19 17:39 - 2017-07-14 09:45 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2017-08-19 17:39 - 2017-07-14 09:45 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2017-08-19 17:39 - 2017-07-14 09:44 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2017-08-19 17:39 - 2017-07-14 09:38 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2017-08-19 17:39 - 2017-07-14 09:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2017-08-19 17:39 - 2017-07-14 09:28 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2017-08-19 17:39 - 2017-07-14 09:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2017-08-19 17:39 - 2017-07-14 09:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2017-08-19 17:39 - 2017-07-14 09:19 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2017-08-19 17:39 - 2017-07-14 09:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2017-08-19 17:39 - 2017-07-14 09:08 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2017-08-19 17:39 - 2017-07-14 09:02 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2017-08-19 17:39 - 2017-07-14 08:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2017-08-19 17:39 - 2017-07-14 08:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2017-08-19 17:39 - 2017-07-14 08:47 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2017-08-19 17:39 - 2017-07-14 08:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2017-08-19 17:39 - 2017-07-14 08:40 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2017-08-19 17:39 - 2017-07-14 08:35 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2017-08-19 17:39 - 2017-07-14 08:33 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2017-08-19 17:39 - 2017-07-14 08:16 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2017-08-19 17:39 - 2017-07-14 08:11 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2017-08-19 17:39 - 2017-07-14 08:10 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2017-08-19 17:39 - 2017-07-14 08:09 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2017-08-19 17:39 - 2017-07-14 08:09 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2017-08-19 17:39 - 2017-07-14 06:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2017-08-19 17:39 - 2017-07-14 05:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2017-08-19 17:39 - 2017-07-14 05:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2017-08-19 17:39 - 2017-07-14 05:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2017-08-19 17:39 - 2017-07-14 05:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2017-08-19 17:39 - 2017-07-14 05:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2017-08-19 17:39 - 2017-07-14 05:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2017-08-19 17:39 - 2017-07-14 05:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2017-08-19 17:39 - 2017-07-14 05:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2017-08-19 17:39 - 2017-07-14 05:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2017-08-19 17:39 - 2017-07-14 05:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2017-08-19 17:39 - 2017-07-14 05:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2017-08-19 17:39 - 2017-07-14 05:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2017-08-19 17:39 - 2017-07-14 05:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2017-08-19 17:39 - 2017-07-14 05:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2017-08-19 17:39 - 2017-07-14 05:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2017-08-19 17:39 - 2017-07-14 05:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2017-08-19 17:39 - 2017-07-14 05:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2017-08-19 17:39 - 2017-07-14 05:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2017-08-19 17:39 - 2017-07-14 05:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2017-08-19 17:39 - 2017-07-14 05:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2017-08-19 17:39 - 2017-07-14 05:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2017-08-19 17:39 - 2017-07-14 05:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2017-08-19 17:39 - 2017-07-14 04:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2017-08-19 17:39 - 2017-07-14 04:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2017-08-19 17:39 - 2017-07-07 18:37 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2017-08-19 17:39 - 2017-07-07 18:33 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2017-08-19 17:39 - 2017-07-07 18:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys 2017-08-19 17:39 - 2017-07-07 18:33 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2017-08-19 17:39 - 2017-07-07 18:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2017-08-19 17:39 - 2017-07-07 18:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2017-08-19 17:39 - 2017-07-07 18:13 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2017-08-19 17:39 - 2017-07-07 18:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2017-08-19 17:39 - 2017-07-07 18:11 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2017-08-19 17:39 - 2017-07-07 18:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2017-08-19 17:39 - 2017-07-07 18:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2017-08-19 17:39 - 2017-07-07 18:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2017-08-19 17:39 - 2017-07-07 18:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll 2017-08-19 17:39 - 2017-07-07 18:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2017-08-19 17:39 - 2017-07-07 18:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll 2017-08-19 17:39 - 2017-07-07 18:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2017-08-19 17:39 - 2017-07-07 18:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2017-08-19 17:39 - 2017-07-07 18:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2017-08-19 17:39 - 2017-07-07 18:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 18:02 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2017-08-19 17:39 - 2017-07-07 18:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2017-08-19 17:39 - 2017-07-07 18:01 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2017-08-19 17:39 - 2017-07-07 18:01 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2017-08-19 17:39 - 2017-07-07 17:58 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2017-08-19 17:39 - 2017-07-07 17:57 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2017-08-19 17:39 - 2017-07-07 17:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2017-08-19 17:39 - 2017-07-07 17:53 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2017-08-19 17:39 - 2017-07-07 17:53 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2017-08-19 17:39 - 2017-07-07 17:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2017-08-19 17:39 - 2017-07-07 17:48 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2017-08-19 17:39 - 2017-07-07 17:48 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2017-08-19 17:39 - 2017-07-07 17:48 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2017-08-19 17:39 - 2017-07-07 17:48 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2017-08-19 17:39 - 2017-07-07 17:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2017-08-19 17:39 - 2017-07-07 17:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 17:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 17:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2017-08-19 17:39 - 2017-07-07 17:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2017-08-19 17:39 - 2017-07-06 07:56 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys 2017-08-19 17:39 - 2017-06-13 01:49 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll 2017-08-19 17:39 - 2017-06-13 01:49 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll 2017-08-19 17:39 - 2017-06-13 01:29 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll 2017-08-19 17:39 - 2017-06-13 01:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll 2017-08-19 17:39 - 2017-06-13 01:14 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe 2017-08-19 17:39 - 2017-06-13 01:14 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe 2017-08-19 17:39 - 2017-06-13 01:06 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe 2017-08-19 17:39 - 2017-06-13 01:06 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe 2017-08-19 17:39 - 2017-05-21 07:24 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2017-08-19 17:39 - 2017-05-21 07:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2017-08-19 17:39 - 2017-05-16 18:30 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2017-08-19 17:39 - 2017-03-10 19:32 - 000300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll 2017-08-19 17:39 - 2017-03-10 19:20 - 000237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll 2017-08-19 17:39 - 2017-03-10 18:57 - 000009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe 2017-08-19 17:39 - 2017-02-09 19:32 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll 2017-08-19 17:39 - 2017-02-09 19:14 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll 2017-08-19 17:39 - 2016-10-11 18:32 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll 2017-08-19 17:39 - 2016-10-11 18:18 - 000069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll 2017-08-19 17:39 - 2016-08-12 20:02 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2017-08-19 17:39 - 2016-08-12 20:02 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2017-08-19 17:39 - 2016-08-12 20:02 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2017-08-19 17:39 - 2016-08-12 20:02 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2017-08-19 17:39 - 2016-08-12 19:47 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2017-08-19 17:39 - 2016-08-12 19:31 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2017-08-19 17:39 - 2016-08-12 19:31 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2017-08-19 17:39 - 2016-08-12 19:31 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2017-08-19 17:39 - 2016-08-06 18:31 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll 2017-08-19 17:39 - 2016-08-06 18:31 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll 2017-08-19 17:39 - 2016-08-06 18:15 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll 2017-08-19 17:39 - 2016-08-06 18:01 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe 2017-08-19 17:39 - 2016-08-06 17:53 - 000012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe 2017-08-19 17:39 - 2016-08-06 17:53 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll 2017-08-19 17:39 - 2016-06-14 20:16 - 000641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2017-08-19 17:39 - 2016-06-14 20:16 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2017-08-19 17:39 - 2016-06-14 20:16 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2017-08-19 17:39 - 2016-06-14 20:16 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2017-08-19 17:39 - 2016-06-14 20:16 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2017-08-19 17:39 - 2016-06-14 20:16 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2017-08-19 17:39 - 2016-06-14 18:21 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2017-08-19 17:39 - 2016-06-14 18:21 - 000265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2017-08-19 17:39 - 2016-06-14 18:21 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2017-08-19 17:39 - 2016-06-14 18:21 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2017-08-19 17:39 - 2016-06-14 18:21 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2017-08-19 17:39 - 2016-06-14 18:15 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2017-08-19 17:39 - 2016-06-14 18:15 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2017-08-19 17:39 - 2016-06-14 18:15 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2017-08-19 17:39 - 2016-06-14 18:05 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2017-08-19 17:39 - 2016-06-14 18:05 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2017-08-19 17:39 - 2016-06-14 18:00 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2017-08-19 17:39 - 2016-06-14 18:00 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2017-08-19 17:29 - 2015-02-04 06:16 - 000465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2017-08-19 17:29 - 2015-02-04 05:54 - 000417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2017-08-19 17:12 - 2014-11-11 06:08 - 000241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2017-08-19 17:12 - 2014-11-11 05:44 - 000186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2017-08-19 16:48 - 2017-08-19 16:49 - 003774926 _____ C:\Users\GERGANA\Desktop\Windows6.1-KB3145739-x64.msu 2017-08-17 22:47 - 2017-08-17 23:04 - 000000000 _____ C:\Users\GERGANA\Desktop\sfcdetails.txt 2017-08-16 23:27 - 2017-08-17 22:18 - 000158866 _____ C:\Windows\ntbtlog.txt 2017-08-15 23:11 - 2017-08-16 23:27 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2017-08-15 23:11 - 2017-08-16 23:25 - 000022212 _____ C:\Windows\ZAM_Guard.krnl.trace 2017-08-15 23:11 - 2017-08-16 23:18 - 000056130 _____ C:\Windows\ZAM.krnl.trace 2017-08-15 23:10 - 2017-08-15 23:10 - 000000000 ____D C:\Users\GERGANA\AppData\Local\Zemana 2017-08-15 22:43 - 2017-08-20 16:24 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-08-15 22:43 - 2017-08-20 16:24 - 000101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-08-15 22:43 - 2017-08-20 16:24 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-08-15 22:43 - 2017-08-19 17:26 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-08-15 22:43 - 2017-08-15 22:43 - 000188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-08-15 22:43 - 2017-08-15 22:43 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-08-15 22:43 - 2017-08-15 22:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-08-15 22:42 - 2017-08-15 22:42 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-08-15 22:42 - 2017-08-15 22:42 - 000000000 ____D C:\Program Files\Malwarebytes 2017-08-15 22:42 - 2017-06-27 12:06 - 000077376 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-08-13 19:15 - 2017-08-13 19:35 - 000000000 ____D C:\SMCLpav 2017-08-13 19:09 - 2017-08-13 19:09 - 000650928 _____ C:\Users\GERGANA\Desktop\Cloud_AV_Uninstaller.exe 2017-08-13 16:54 - 2017-08-13 16:54 - 000000000 ____D C:\Users\GERGANA\AppData\Local\ESET 2017-08-09 18:00 - 2017-08-09 18:00 - 391386202 _____ C:\Windows\MEMORY.DMP 2017-08-09 18:00 - 2017-08-09 18:00 - 000281272 _____ C:\Windows\Minidump\080917-15880-01.dmp 2017-08-06 22:30 - 2017-08-06 22:30 - 000109864 _____ C:\Users\GERGANA\AppData\Local\GDIPFONTCACHEV1.DAT 2017-08-06 20:52 - 2017-08-19 19:56 - 000409576 _____ C:\Windows\system32\FNTCACHE.DAT 2017-08-04 22:57 - 2017-08-04 22:57 - 000002071 _____ C:\Users\GERGANA\Desktop\Cleanup.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-20 16:30 - 2009-07-14 07:45 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-08-20 16:30 - 2009-07-14 07:45 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-08-20 16:24 - 2016-05-09 19:30 - 000000000 ____D C:\Users\GERGANA\AppData\LocalLow\360WD 2017-08-20 16:24 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-08-19 20:51 - 2016-05-08 15:52 - 000594316 _____ C:\Windows\system32\perfh002.dat 2017-08-19 20:51 - 2016-05-08 15:52 - 000096648 _____ C:\Windows\system32\perfc002.dat 2017-08-19 20:51 - 2009-07-14 08:13 - 001365408 _____ C:\Windows\system32\PerfStringBackup.INI 2017-08-19 20:51 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf 2017-08-19 20:04 - 2016-05-27 01:36 - 000000000 ____D C:\Users\GERGANA\AppData\Roaming\Skype 2017-08-19 19:54 - 2016-02-29 23:15 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2017-08-19 19:54 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\SysWOW64\Dism 2017-08-19 19:54 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\Dism 2017-08-19 17:45 - 2013-12-11 16:08 - 000000000 ____D C:\Windows\system32\MRT 2017-08-19 17:42 - 2013-12-11 16:08 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-08-19 17:23 - 2016-08-12 21:26 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-08-19 17:20 - 2014-01-06 20:39 - 000000000 ____D C:\Users\GERGANA\AppData\Local\Adobe 2017-08-19 17:17 - 2014-11-10 20:54 - 000003862 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1415642044 2017-08-19 17:08 - 2016-06-16 18:00 - 000000000 ____D C:\Users\GERGANA\AppData\Local\CrashDumps 2017-08-19 17:01 - 2013-12-11 15:59 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-08-19 17:01 - 2013-12-11 15:59 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-08-19 17:01 - 2013-12-11 15:59 - 000004314 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-08-19 17:00 - 2016-03-06 17:58 - 000004460 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-08-19 17:00 - 2013-12-11 15:59 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-08-19 17:00 - 2013-12-11 15:58 - 000000000 ____D C:\Windows\system32\Macromed 2017-08-19 16:58 - 2014-11-10 20:54 - 000000000 ____D C:\Program Files (x86)\Opera 2017-08-17 22:16 - 2013-12-11 16:42 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-16 23:27 - 2013-12-11 12:35 - 000000000 ____D C:\Users\GERGANA 2017-08-15 23:32 - 2014-02-20 22:35 - 000000000 ____D C:\ProgramData\IObit 2017-08-14 21:09 - 2016-06-12 21:49 - 000000000 ____D C:\VIPRERESCUE 2017-08-13 19:15 - 2013-12-11 15:23 - 000000000 ____D C:\Users\GERGANA\AppData\Roaming\uTorrent 2017-08-13 19:15 - 2013-12-11 15:16 - 000000000 ____D C:\ProgramData\Panda Security 2017-08-13 17:34 - 2016-05-09 19:36 - 000000000 __SHD C:\$360Section 2017-08-13 17:34 - 2016-05-09 19:32 - 000000000 ____D C:\ProgramData\360Quarant 2017-08-09 18:00 - 2014-10-14 19:33 - 000000000 ____D C:\Windows\Minidump 2017-08-08 09:50 - 2016-06-30 21:37 - 000001149 _____ C:\Users\Public\Desktop\360 Total Security.lnk 2017-08-08 09:50 - 2016-05-09 19:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center 2017-08-06 19:41 - 2014-05-30 07:32 - 000003718 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 2017-08-06 19:41 - 2014-05-30 07:32 - 000003476 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon 2017-08-06 19:41 - 2013-12-11 16:41 - 000003430 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-08-06 19:41 - 2013-12-11 16:41 - 000003302 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-07-27 09:04 - 2009-07-14 08:08 - 000032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-07-26 13:36 - 2016-05-09 19:30 - 000086248 _____ (360.cn) C:\Windows\SysWOW64\Drivers\360AvFlt.sys 2017-07-26 13:36 - 2016-05-09 19:29 - 000330472 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys 2017-07-26 13:36 - 2016-05-09 19:29 - 000086248 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys ==================== Files in the root of some directories ======= 2014-03-20 23:13 - 2017-05-28 13:47 - 000011776 _____ () C:\Users\GERGANA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-06-16 17:44 - 2016-06-16 17:44 - 000000036 _____ () C:\Users\GERGANA\AppData\Local\housecall.guid.cache 2013-12-17 20:46 - 2014-09-03 23:44 - 000007668 _____ () C:\Users\GERGANA\AppData\Local\resmon.resmoncfg 2014-02-02 00:20 - 2014-02-02 00:20 - 000000000 _____ () C:\ProgramData\0x0304A000.sfl Some files in TEMP: ==================== 2017-08-16 00:29 - 2017-08-18 00:34 - 058782680 _____ (Skype Technologies S.A.) C:\Users\GERGANA\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-08-13 16:40 ==================== End of FRST.txt ============================ Addition.txt
  13. Win32/AdkDLLWrapper

    здравейте,стартирах в безопасен режим,но и тук се държеше по същия начин.Изпълних командите с cmd.exe,но втората не се изпълни.Тоест имаше sfcdetails.txt ,но бе напълно празен- 0b.Намерих лог файла в директорията на уиндоус и прилагам него.Тъй като не ми позволи да го прикача или copy/paste в полето за писане,го архивирах и прикачих.Дано да е това което искате да прегледате: CBS.zip
  14. Win32/AdkDLLWrapper

    здравейте,ето го и лога от Delfix: # DelFix v1.013 - Logfile created 16/08/2017 at 22:25:15 # Updated 17/04/2016 by Xplode # Username : GERGANA - GERGANA-PC # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\SecurityCheck Deleted : C:\Users\GERGANA\Desktop\AdwCleaner[C0].txt Deleted : C:\Users\GERGANA\Desktop\AdwCleaner[S0].txt Deleted : C:\Users\GERGANA\Desktop\adwcleaner_7.0.1.0.exe Deleted : C:\Users\GERGANA\Desktop\Fixlog.txt Deleted : C:\Users\GERGANA\Desktop\FRST64.exe Deleted : C:\Users\GERGANA\Desktop\JRT.exe Deleted : C:\Users\GERGANA\Desktop\JRT.txt Deleted : C:\Users\GERGANA\Desktop\SecurityCheck.exe Deleted : C:\Users\GERGANA\Desktop\SecurityCheck.txt ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #162 [Restore Point Created by FRST | 08/14/2017 18:08:39] Deleted : RP #163 [JRT Pre-Junkware Removal | 08/15/2017 20:36:30] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ########## пак се появи неудобството от многократното кликване върху дадена икона на десктоп-а.Трябва да рестартирам и тогава захапва,докато включа делфикс ,доста пъти кликвах.Като натисна бутон SHIFT(ако искам да пиша с главна буква) ,излиза диспечер на задачите на хром-а.При комбинацията SHIFT+ALT ми отваря някой .doc файл.Но не винаги е така,след няколко такива прояви командите започват да си отговарят.Дали защото бе включен цял ден,без да се работи на него или хардуерен проблем на клавиатурата,или има нужда от REPAIR,или някакъв софтуерен бъг-гадая.
  15. Win32/AdkDLLWrapper

    добър вечер, пиша без усложненията от предните дни и иконите се отварят,но това се случи още вчера,преди да направя проверките от последния ви пост.Ето и лог-овете: Malwarebytes www.malwarebytes.com -Детайли за регистъра- Дата на сканиране: 15.08.17 г. Час на сканиране: 22:46 Файл на регистъра: mbam.txt Администратор: Да -Информация за софтуера- Версия: 3.1.2.1733 Версия на компонентите: 1.0.160 Актуализирай версията на пакета: 1.0.2594 Лиценз: Пробен период -Системна информация- OS: Windows 7 Service Pack 1 CPU: x64 Файлова система: NTFS Потребител: GERGANA-PC\GERGANA -Резюме на сканирането- Тип сканиране: Threat Scan Резултат: Завършено Сканирани обекти: 316821 Открити заплахи: 1 Заплахи под карантина: 1 Изтекло време: 8 мин, 6 сек -Опции за сканиране- Памет: Разрешено Стартиране: Разрешено Файлова система: Разрешено Архиви: Разрешено руткитове: Разрешено Евристика: Разрешено PUP: Разрешено PUM: Разрешено -Детайли за сканирането- Процес: 0 (Не бяха открити зловредни елементи) Модул: 0 (Не бяха открити зловредни елементи) Ключ на регистъра: 0 (Не бяха открити зловредни елементи) Стойност на регистъра: 0 (Не бяха открити зловредни елементи) Данни на регистъра: 1 PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, Сменен, [15394], [293296],1.0.2594 Поток данни: 0 (Не бяха открити зловредни елементи) Папка: 0 (Не бяха открити зловредни елементи) Файл: 0 (Не бяха открити зловредни елементи) Физически сектор: 0 (Не бяха открити зловредни елементи) (end) Zemana AntiMalware 2.74.2.76 (инсталираната версия) ------------------------------------------------------- Scan Result : Завършено Scan Date : 2017.8.15 Operating System : Windows 7 64-bit Processor : 2X Intel(R) Celeron(R) CPU 1005M @ 1.90GHz BIOS Mode : Legacy CUID : 00CF715F7E2B9D47D62075 Scan Type : Проверка на системата Duration : 5m 49s Scanned Objects : 44554 Detected Objects : 1 Excluded Objects : 0 Read Level : SCSI Auto Upload : Включен Detect All Extensions : Изключен Scan Documents : Изключен Domain Info : WORKGROUP,0,2 Detected Objects ------------------------------------------------------- {16f1378f-2bea-4b39-9315-5a8ba1be0482} Status : Проверено Object : NE->c:\windows\system32\tasks\{16f1378f-2bea-4b39-9315-5a8ba1be0482} MD5 : - Publisher : - Size : - Version : - Detection : Adware:Win32/CHR.TASKSCHD.GEN.A!Neng Cleaning Action : Карантина Related Objects : (null) - (null) Cleaning Result ------------------------------------------------------- Cleaned : 1 Reported as safe : 0 Failed : 0 # AdwCleaner 7.0.1.0 - Logfile created on Tue Aug 15 20:30:41 2017 # Updated on 2017/05/08 by Malwarebytes # Database: 07-31-2017.1 # Running on Windows 7 Ultimate (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.Legacy, C:\ProgramData\IObit\ASCDownloader PUP.Optional.Legacy, C:\ProgramData\Application Data\IObit\ASCDownloader PUP.Optional.Legacy, C:\Users\All Users\IObit\ASCDownloader ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ########## # AdwCleaner 7.0.1.0 - Logfile created on Tue Aug 15 20:32:05 2017 # Updated on 2017/05/08 by Malwarebytes # Running on Windows 7 Ultimate (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\ProgramData\IObit\ASCDownloader Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader Deleted: C:\Users\All Users\IObit\ASCDownloader ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** No malicious registry entries deleted. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [1113 B] - [2017/8/15 20:30:41] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.4 (07.09.2017) Operating System: Windows 7 Ultimate x64 Ran by GERGANA (Limited) on ўв 15.08.2017 Ј. at 23:36:28,46 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 1 Successfully deleted: C:\ProgramData\alawarwrapper (Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on ўв 15.08.2017 Ј. at 23:40:19,23 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SecurityCheck by glax24 & Severnyj v.1.4.0.52 [25.07.17] WebSite: www.safezone.cc DateLog: 15.08.2017 23:42:01 Path starting: C:\Users\GERGANA\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: GERGANA VersionXML: 4.56is-14.08.2017 ___________________________________________________________________________ Windows 7(6.1.7601) Service Pack 1 (x64) Ultimate Lang: 0402 Installation date OS: 11.12.2013 09:35:16 LicenseStatus: Windows(R) 7, Ultimate edition The machine is permanently activated. Boot Mode: Normal Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe SystemDrive: C: FS: [NTFS] Capacity: [244 Gb] Used: [40.2 Gb] Free: [203.8 Gb] ------------------------------- [ Windows ] ------------------------------- Internet Explorer 11.0.9600.18697 Warning! Download Update Online installation. Last version available when Windows update is enabled throught the Internet. User Account Control enabled Never check for updates Date install updates: 2014-08-21 13:03:14 Windows Update (wuauserv) - The service is running Security Center (wscsvc) - The service is running Remote Registry (RemoteRegistry) - The service has stopped SSDP Discovery (SSDPSRV) - The service is running Remote Desktop Services (TermService) - The service has stopped Windows Remote Management (WS-Management) (WinRM) - The service has stopped ------------------------------- [ HotFix ] -------------------------------- HotFix KB3140735 Warning! Download Update HotFix KB3145739 Warning! Download Update HotFix KB3156013 Warning! Download Update HotFix KB3153171 Warning! Download Update HotFix KB4025337 Warning! Download Update ------------------------------ [ MS Office ] ------------------------------ Microsoft Office 2007 v.12.0.6425.1000 ---------------------------- [ Antivirus_WMI ] ---------------------------- Malwarebytes (enabled and up to date) 360 Total Security (disabled) --------------------------- [ FirewallWindows ] --------------------------- Защитна стена на Windows (MpsSvc) - The service is running --------------------------- [ AntiSpyware_WMI ] --------------------------- Malwarebytes (enabled and up to date) Windows Defender (enabled and out of date) 360 Total Security (disabled) ---------------------- [ AntiVirusFirewallInstall ] ----------------------- 360 Total Security v.9.2.0.1090 -------------------------- [ SecurityUtilities ] -------------------------- Malwarebytes, версия 3.1.2.1733 v.3.1.2.1733 Zemana AntiMalware v.2.74.0.76 --------------------------- [ OtherUtilities ] ---------------------------- WinRAR archiver --------------------------------- [ IM ] ---------------------------------- Skype™ 7.29 v.7.29.102 Warning! Download Update --------------------------------- [ P2P ] --------------------------------- µTorrent v.3.4.2.33394 Warning! P2P-client. --------------------------- [ AdobeProduction ] --------------------------- Adobe Flash Player 20 ActiveX v.20.0.0.286 Warning! Download Update Adobe Flash Player 21 PPAPI v.21.0.0.182 Warning! Download Update Adobe Acrobat Reader DC v.15.023.20056 Warning! Download Update ^Please run Acrobat Reader DC and go Help - Check for updates...^ ------------------------------- [ Browser ] ------------------------------- Google Chrome v.60.0.3112.90 Opera Stable 40.0.2308.81 v.40.0.2308.81 Warning! Download Update ------------------ [ AntivirusFirewallProcessServices ] ------------------- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.3.0.0.1068 Malwarebytes Service (MBAMService) - The service is running C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.479 Windows Defender (WinDefend) - The service is running ZAM Controller Service (ZAMSvc) - The service is running C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.2.74.0.76 360 Total Security (QHActiveDefense) - The service is running C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe v.9.2.0.1006 C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe v.8.2.0.1000 C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe v.9.2.0.1004 ----------------------------- [ End of Log ] ------------------------------
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.