Премини към съдържанието

Филтри за търсене

Показани резултати за тагове 'приключен'.

  • Търсене по таг

    Въведете тагове разделени със запетая
  • Търсене по автор

Търсене в


Форуми

  • Софтуер
    • Нови Програми
    • Търсене на Програми
    • Програми - Проблеми и Дискусии
    • Драйвери - Търсене, Проблеми, Линкове
    • Операционни системи
    • Сигурност и антивирусна защита
    • Игри
  • Хардуер
    • Общи хардуерни въпроси
    • Преносими компютри
    • Дънни платки
    • Запаметяващи устройства и памети
    • Монитори, Аудио и Видеокарти
    • Периферия
    • Овърклок и PC модинг
    • Нови конфигурации и части, въпроси, препоръки и мнения
  • Мобилни телефони, GSM, Мобилни приложения, Комуникации
    • Мобилни телефони - Въпроси, Проблеми, Софтуер
    • Съвети при избор на телефон
    • Мобилни Приложения (Apps)
    • Мобилни оператори, Мрежи, Промоции, Абонаменти, Услуги
    • Други теми относно мобилни телефони
  • Уеб дизайн, Графичен дизайн, Програмиране
    • Програмиране
    • Графичен Дизайн и Визуални изкуства
    • CMS, Форумни и Торент системи
    • Хостинг, Домейни, Уеб сървъри
    • SEO, Уеб оптимизация и стандарти
  • Битова Техника
    • Аудиотехника
    • Телевизори, Видео и Фото техника, Видео наблюдение
    • Климатици - проблеми, съвети, въпроси
    • Бойлери, Печки, Отопление
    • Друга битова техника
  • Интернет, Локални Мрежи и GPS Навигации
    • Интернет, WiFi, xDSL и Локална Мрежа
    • Биткойн и Криптовалути
    • Онлайн бизнес, AdSense, Affilate програми
    • Рутери, Модеми, Суичове
    • Facebook - проблеми, въпроси, вируси
    • Skype, VoIP - Интернет телефония
    • GPS, Навигационни системи - Въпроси, Карти, Проблеми
  • Изкуство
    • Музика
    • Кино и Телевизия
    • Поезия и Лично творчество
    • Изкуство - Изящно, Приложно и Сценично
    • Фотография и Фотографска техника
    • Литература, Книги (e-books, video trainings, tutorials & etc.)
  • Други
    • Статии и ревюта
    • Образование и обща култура
    • Религия, Мистика, Езотерика
    • История
    • Философия
    • Психология и Психотерапия
    • Новини от България и Света
    • Българите по света
    • Политика
    • Право и Юридически консултации
    • Здраве и Mедицина
    • Банки, Застраховане, Финанси, Кредити
    • Тийн Зона (Teen Zone)
    • Купувам / Продавам
    • Всичко останало
  • Хоби, Развлечение и Свободно време
  • За kaldata.com
  • Теми
  • Photoshop майнаци Теми
  • python3 data types
  • какви са ви любимите игри?? Темиигри за вас
  • супрески игри и рекорди Темиигри за вас

Блогове

Няма резултати

Няма резултати

Категории

  • Компютри
    • Компютърни конфигурации
    • Компютърни компоненти
    • Периферни устройства
    • Дънни платки
    • Мултимедия
    • Компютърни игри и софтуер
    • Администриране и интернет услуги
    • Компютърни аксесоари
    • Лаптопи и таблети
    • Видеокарти
    • Монитори
    • Процесори
    • Хард дискове и Памети
    • Други
  • Електроника
    • Телефони, GSM апарати
    • Аудио
    • Битова електроника
    • GPS и навигационни системи
    • Фотоапарати и обективи
    • TV и Видео
    • Други
  • Имоти
    • Гарсониери
    • Къщи и вили
    • Търговски площи
    • Гаражи
    • Апартаменти
    • Терени
    • Офиси
    • Други имоти в продажба
  • Авто-мото
    • Автомобили
    • Велосипеди
    • Лодки
    • Резервни части
    • Авто аксесоари
    • Мотоциклети
    • Скутери и ATV
    • Камиони и Автобуси
    • Авто сервизи и Rent-a-Car
    • Други
  • Работа
    • Работа в страната
    • Работа в чужбина
    • Стажове
    • Работа от вкъщи
    • Непълно работно време
  • Услуги
  • Строителство
  • Туризъм
  • Курсове и обучение
  • Домашни любимци
  • Други
  • супрески игри и рекорди Обяви
  • супрески игри и рекорди Обяви

Категории

  • Домашни любимци и Животни
  • Игри
  • Инциденти и Екстремни
  • Коли и превозни средства
  • Музика
    • Българска музика
    • Джаз
    • Електронна
    • Метъл и Рок
    • Народна и Фолклор
    • Поп и Диско
    • Поп-фолк
    • Рап и хип-хоп
    • Ритъм енд блус и соул
    • Друга
  • Новини и политика
  • Реклами
  • Смях и Развлечение
  • Спорт
  • Технологии, Компютри, Хардуер
  • ТВ Предавания и Шоу Програми
  • Хора и блогове
  • Филми и анимация
  • Други
  • Old School Hip-Hop and Electroo 80" Видео клипчета

Календари

  • Събития
  • Изложения
  • Семинари
  • Парти
  • Празници в България

Групи продукти

  • Банер Реклами

Търсене в...

Търси резултати които съдържат...


Дата

  • Начало

    Край


Последно обновяване

  • Начало

    Край


Филтриране по брой...

Регистрация

  • Начало

    Край


Група


Skype


Facebook


Google+


Twitter


ICQ


Yahoo


Интернет сайт


Град


Интереси

Открити 321 резултата

  1. Вчера седнах пред компютъра и когато се опитах да отворя ОЛХ ми се отвори съвсем друга интернет страница. Работя с Мозила но имам и Гугъл хром и от него се опитвах със същия ефект. В мозилата имах отметка в лентата на отметките и през нея и през търсачката и в хрома винаги отваря същата страница- ето снимка http://prikachi.com/images/298/8485298J.jpg Забелязах че и с мобиле.бг е станало същото, нито от отметките нито през търсачката мога да вляза. Преинсталирах браузърите - пак същото. Явно сме лепнали нещо някъде. Моля за помощ и благодаря предварително защото и преди съм ползвал помоща на екипа Ви! Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-11-2015 Ran by Administrator (administrator) on COMPUTEK-1DC5C0 (26-11-2015 23:32:37) Running from C:\Documents and Settings\Administrator\My Documents\Изтегляния Loaded Profiles: Administrator (Available Profiles: Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Google Inc.) C:\Program Files\Google\Update\1.3.28.17\GoogleCrashHandler.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe () C:\Program Files\Mtel NetAgent\MtelNetAgent_Launcher.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe () C:\WINDOWS\Datecs\Flex2K.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Teruten) C:\WINDOWS\system32\FsUsbExService.Exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe () C:\WINDOWS\system32\PnkBstrA.exe () C:\Program Files\Mtel NetAgent\MtelNetAgent_Service.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [782520 2015-11-17] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2007-03-16] (Analog Devices, Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated) HKLM\...\Run: [TAG_MtelNetAgent_Launcher.exe] => C:\Program Files\Mtel NetAgent\MtelNetAgent_Launcher.exe [952888 2014-04-14] () HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG) HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-21-515967899-1979792683-842925246-500\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-515967899-1979792683-842925246-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd) HKU\S-1-5-21-515967899-1979792683-842925246-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-515967899-1979792683-842925246-500\...\MountPoints2: G - G:\.\Autorun.exe AUTORUN=1 HKU\S-1-5-21-515967899-1979792683-842925246-500\...\MountPoints2: {3050ba0c-fe47-11e4-adcf-001d9204ec90} - G:\.\Autorun.exe AUTORUN=1 HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk [2014-12-18] ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk [2012-11-17] ShortcutTarget: FlexType 2K.lnk -> C:\WINDOWS\Datecs\Flex2K.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-05-15] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-05-15] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-05-15] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-05-15] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 13 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-05-15] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{6562F65F-DD0F-4E59-B6C3-64283866C0C0}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-515967899-1979792683-842925246-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=en-us SearchScopes: HKU\S-1-5-21-515967899-1979792683-842925246-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-515967899-1979792683-842925246-500 -> {793940E2-D8CE-4707-9D01-B3EFF05F249F} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qe4temke.default-1447773881339 FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.17\npGoogleUpdate3.dll [2015-11-26] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.17\npGoogleUpdate3.dll [2015-11-26] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.) FF Extension: ABV Notifier - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qe4temke.default-1447773881339\extensions\[email protected] [2015-11-24] FF Extension: Adblock Plus - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qe4temke.default-1447773881339\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-26] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-04-14] [not signed] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-515967899-1979792683-842925246-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-09-16] (Microsoft Corporation) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-12-18] (Adobe Systems) [File not signed] S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [916968 2015-11-17] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [461672 2015-11-17] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [461672 2015-11-17] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1210512 2015-11-17] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG) R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-12-18] (Macrovision Europe Ltd.) [File not signed] R2 FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [233472 2013-05-22] (Teruten) [File not signed] R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [75136 2014-10-30] () R2 TAG_Service; C:\Program Files\Mtel NetAgent\MtelNetAgent_Service.exe [350776 2014-04-14] () ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [108448 2015-11-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136728 2015-11-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-05-23] (Avira Operations GmbH & Co. KG) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2014-12-02] (Disc Soft Ltd) R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [37344 2013-05-22] () [File not signed] S3 hwusb_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_cdcacm.sys [108032 2013-12-10] (Huawei Technologies Co., Ltd.) S3 hwusb_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_cdcecm.sys [117504 2013-12-10] (Huawei Technologies Co., Ltd.) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) U3 PROCMON23; C:\WINDOWS\System32\Drivers\PROCMON23.SYS [65048 2013-11-19] (Sysinternals - www.sysinternals.com) R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [8704 2005-03-17] (Analog Devices, Inc.) R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [31848 2015-06-16] (Avira Operations GmbH & Co. KG) R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-09-16] (Microsoft Corporation) S3 VM30xx86; C:\WINDOWS\System32\Drivers\vm30xx86.sys [1294336 2007-03-20] (Vimicro Corporation) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [249728 2013-11-30] (Huawei Technologies Co., Ltd.) S4 InCDFs; system32\drivers\InCDFs.sys [X] S4 IntelIde; no ImagePath U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed] U1 WS2IFSL; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-26 23:26 - 2015-11-26 23:32 - 00000000 ____D C:\FRST 2015-11-26 23:16 - 2015-11-26 23:16 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2015-11-26 23:16 - 2015-11-26 23:16 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2015-11-26 23:16 - 2015-11-26 23:16 - 00000000 ____D C:\WINDOWS\LastGood 2015-11-26 16:54 - 2015-11-26 16:54 - 06251688 _____ C:\Documents and Settings\Administrator\Desktop\куверт.psd 2015-11-24 20:21 - 2015-11-26 23:16 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-11-02 12:28 - 2015-11-02 12:28 - 00000383 _____ C:\ftconfig.ini ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-26 23:32 - 2012-10-18 16:02 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp 2015-11-26 23:26 - 2015-05-14 23:33 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Изтегляния 2015-11-26 23:26 - 2012-10-18 18:42 - 00000000 ____D C:\WINDOWS 2015-11-26 23:23 - 2012-10-18 18:42 - 00000000 ___HD C:\WINDOWS\inf 2015-11-26 23:19 - 2013-02-19 19:37 - 00022530 _____ C:\WINDOWS\system32\nvAppTimestamps 2015-11-26 23:16 - 2013-04-19 18:52 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-11-26 23:16 - 2013-02-09 15:06 - 00000000 ____D C:\Program Files\Google 2015-11-26 23:16 - 2012-10-18 18:48 - 00592240 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-11-26 23:16 - 2012-10-18 16:32 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google 2015-11-26 23:11 - 2014-12-27 13:40 - 00000316 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-515967899-1979792683-842925246-500.job 2015-11-26 23:11 - 2014-12-27 13:40 - 00000294 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-515967899-1979792683-842925246-500.job 2015-11-26 23:11 - 2013-02-09 15:06 - 00000996 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-26 23:11 - 2012-10-18 16:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-11-26 23:10 - 2012-10-18 16:02 - 00032528 _____ C:\WINDOWS\SchedLgU.Txt 2015-11-26 23:10 - 2012-10-18 16:02 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2015-11-26 23:10 - 2012-10-18 16:02 - 00000000 ____D C:\Documents and Settings\Administrator 2015-11-26 23:06 - 2012-12-01 23:25 - 00000000 ____D C:\Program Files\Real 2015-11-26 23:06 - 2012-12-01 23:25 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Real 2015-11-26 23:06 - 2012-12-01 23:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Real 2015-11-26 23:04 - 2013-02-09 15:06 - 00001000 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-26 23:04 - 2012-11-15 17:06 - 00000000 ____D C:\Program Files\Adobe Media Player 2015-11-26 23:04 - 2012-11-15 16:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Adobe 2015-11-26 21:55 - 2012-11-15 18:37 - 01834496 ___SH C:\Documents and Settings\Administrator\Desktop\Thumbs.db 2015-11-26 15:14 - 2014-12-27 13:40 - 00000302 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-515967899-1979792683-842925246-500.job 2015-11-26 15:13 - 2008-04-14 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2015-11-25 01:07 - 2012-11-08 00:28 - 01025410 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-1979792683-842925246-500-0.dat 2015-11-25 01:07 - 2012-11-08 00:28 - 00260322 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2015-11-18 18:41 - 2014-11-14 13:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache 2015-11-17 17:45 - 2014-12-27 13:40 - 00000324 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-515967899-1979792683-842925246-500.job 2015-11-17 17:34 - 2012-10-18 16:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avira 2015-11-17 17:31 - 2012-10-18 16:35 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2015-11-17 17:31 - 2012-10-18 16:35 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2015-11-16 22:34 - 2015-04-09 20:37 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc 2015-11-16 22:18 - 2013-02-09 18:28 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AIMP3 2015-11-16 22:18 - 2012-10-18 16:34 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\uTorrent 2015-11-02 22:09 - 2012-10-18 16:02 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents 2015-11-02 21:59 - 2012-11-03 16:38 - 00000116 _____ C:\WINDOWS\NeroDigital.ini ==================== Files in the root of some directories ======= 2014-10-30 13:38 - 2014-10-30 13:38 - 0138056 _____ () C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys 2012-11-01 21:48 - 2015-06-30 20:52 - 0065024 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-11-05 17:11 - 2012-11-05 17:11 - 0000090 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.log Some files in TEMP: ==================== C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================ Addition.txt
  2. Здравейте, След Reset на лаптопа се оказа, че без да е включван в мрежата, без да е инсталирано нещо на компютъра въобще и дори без да е включван, батерията се изтощи от 100% на 59% след като се включи САМ !!! преди няколко дни. От тогава всеки ден след изключването на лаптопа през нощта изразходва 3-4% от батерията, при положение, че няма инсталирани програми. За съжаление не ми дава възможност да копирам съдържанието на FRST.txt файла, както и да опитвам. Озадачих се, че на D drivе има 160 МВ заети с нещо, затова прикачам снимки. Благодаря предварително! Addition.txt FRST.txt Съдържанието на FRST.txt го качвам в 11 jpegs чрез prt sc, защото по никакъв друг начин не мога да го копирам! Още 3 jpgs
  3. Препратиха ме тук,ето предната тема: Ето и първата тема,съдържаща информация за проблема: Разполагам с инсталационен диск за моя Windows 7 64bit.Моля помогнете с решаването на проблема,благодаря. Addition.txt FRST.txt
  4. Здравейте! Не знам дали пиша в правилната тема, но моята тема е сходна на тази тук. Искам да попитам някой вещ, който разбира повече от компютри какво е "pandoratv" ? Тъй като днес се поразрових в настолния компютър и видях в Program files, въпросната pandora (мисля че е вирус и ако е застрашава ли животеца на компа? ) Благодаря предварително!
  5. Здравейте екип, моля за помощ свалих уж крак програма но се оказа вирус той си инсталира някакъв браузер от там почнаха да изкачат реклами на китайски език дефендер не ще да се отваря пробвах да пусна Авира анти виросна тя забива моля за помощ с Win 10 sym Addition.txt FRST.txt Shortcut.txt
  6. Здравейте, току-що се сдобих с въпросната гад и искам да попитам има ли смисъл да се опитвам да възстановя файловете или да трия всичко и да преинсталирам. Криптирани са офис документите, pdf и снимките(но, без папките на кирилица и без видеото)
  7. В другата тема писах, че флашката е повредена след включването и в телевизор Самсунг. Има файл с име СМ0013 който си мисля, че е вируса според прояетеното в нета. Бях помолен да пусна тема тук и да прикача логовете за проверка: Addition.txt
  8. Проблемът ми е, когато пускам компютъра и след зареждане(може би дори първият приорите от персоналните програми) е да зареди google chrome със сайт(руски). Вероятно не е моя вината(брат ми си играе също)... Но до сега такъв проблем не съм имал-да не мога да намеря проблема. Ползвам дребни но ефикасни трикчета за справяне с такива неща, ако ли не използвам програми. Пробвах Iobit malware fighter 5.5, но явно(предполагах че) проблема е за професионалисти. Веднъж май хванах самият процес в "процесите"(task manager) и намирам същото име като на сайта в папката на Steam.
  9. Ето събщението, което получава всеки изпратил имейл до нас: This message was created automatically by mail delivery software. A message that you sent has not yet been delivered to one or more of its recipients after more than 24 hours on the queue on hemus.superhosting.bg. The message identifier is: 1eJa1Z-003lh9-9Y The subject of the message is: =?utf-8?B?Rlc6INC80LDQvdC+0LzQtdGC0YrRgA==?= The date of the message is: Tue, 28 Nov 2017 09:09:44 +0200 The address to which the message has not yet been delivered is: [email protected] (ultimately generated from [email protected]) host alt4.gmail-smtp-in.l.google.com [74.125.28.27] Delay reason: SMTP error from remote mail server after RCPT TO:<[email protected]>: 452-4.2.2 The email account that you tried to reach is over quota. Please direct 452-4.2.2 the recipient to 452 4.2.2 https://support.google.com/mail/?p=OverQuotaTemp h72si2628468pfj.20 - gsmtp No action is required on your part. Delivery attempts will continue for some time, and this warning may be repeated at intervals if the message remains undelivered. Eventually the mail delivery software will give up, and when that happens, the message will be returned to you. Това съобщение го получават изпращащите мейли към този домейн. Събщенията се получават без проблем. Няма проблем и със сървърното място. Не разбирам и каква е връзката с gmail и google след като домейнът е частен. Също нямам никаква идея чий е този имейл: [email protected] Възможно ли е да е вирус? Сканирани са всички служебни машини. Имаше разни гадини, които уж обезвредихме, но проблемът не се оправи. Сменихме и паролите на всички мейли - нищо. Ето информацията от FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-11-2017 Ran by pc (administrator) on PC1 (30-11-2017 14:23:09) Running from C:\Documents and Settings\pc.PC1\Desktop Loaded Profiles: pc (Available Profiles: pc & Administrator & Guest) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe (HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe (HP) C:\WINDOWS\system32\HPSIsvc.exe (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Viber Media S.Ã r.l.) C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Viber\Viber.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe () C:\2017\wsklad.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\Windows\RTHDCPL.EXE [16859648 2008-01-09] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] => C:\Windows\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-10-31] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [302744 2017-11-16] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-20\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation) HKU\S-1-5-21-329068152-1604221776-1801674531-1003\...\Run: [Viber] => C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Viber\Viber.exe [69268048 2016-04-13] (Viber Media S.Ã r.l.) HKU\S-1-5-21-329068152-1604221776-1801674531-1003\...\MountPoints2: {260473e8-84c9-11e3-a542-001cf0d5a2b8} - G:\SISetup.exe HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation) Startup: C:\Documents and Settings\pc.PC1\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk [2017-11-30] ShortcutTarget: Microsoft Office Outlook 2007.lnk -> C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe () Startup: C:\Documents and Settings\pc.PC1\Start Menu\Programs\Startup\Skype.lnk [2017-03-06] ShortcutTarget: Skype.lnk -> C:\WINDOWS\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\Skype.ico (No File) GroupPolicy: Restriction ? <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{E7E61260-FB73-4F9E-B467-F1870B906C7C}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-329068152-1604221776-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKU\S-1-5-21-329068152-1604221776-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-22] (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-22] (Sun Microsystems, Inc.) DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} hxxp://dl-ak.solidworks.com/nonsecure/edrawings/e2012sp02/12.2.0.110/cab//eModelsStandard.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies) FireFox: ======== FF DefaultProfile: 07ckpc18.default-1412315343695 FF ProfilePath: C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695 [2017-11-30] FF Extension: (YouTube Video and Audio Downloader) - C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695\Extensions\[email protected] [2017-05-22] [Lagacy] FF Extension: (Google Search by Image) - C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695\Extensions\[email protected] [2016-05-03] [Lagacy] FF Extension: (signTextJS) - C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695\Extensions\[email protected] [2017-06-15] [Lagacy] FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-06-22] [Lagacy] [not signed] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-01-27] [Lagacy] [not signed] FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension FF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Lagacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll [2013-09-04] () FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) Chrome: ======= CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [282536 2017-11-16] (AVG Technologies CZ, s.r.o.) R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5954792 2017-11-16] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-10-31] (AVG Technologies CZ, s.r.o.) R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [247712 2012-07-25] (HP) S4 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-06-22] (Sun Microsystems, Inc.) S4 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [65536 2003-10-22] (HP) [File not signed] S4 rcp_service; C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe [558592 2007-11-30] (ReaSoft) [File not signed] R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.) S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed] S2 APNMCP; "C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe" [X] S2 HP LaserJet Service; "C:\Program Files\hp\HPLaserJetService\HPLaserJetService.exe" [X] S0 MBAMService; no ImagePath ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 aswKbd; C:\WINDOWS\system32\Drivers\aswKbd.sys [20624 2012-10-31] (AVAST Software) R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [149592 2017-11-16] (AVG Technologies CZ, s.r.o.) R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiskx.sys [135872 2017-11-16] (AVG Technologies CZ, s.r.o.) R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriverx.sys [249232 2017-11-16] (AVG Technologies CZ, s.r.o.) R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidshx.sys [151024 2017-11-16] (AVG Technologies CZ, s.r.o.) R0 avgblog; C:\WINDOWS\System32\drivers\avgblogx.sys [270344 2017-11-16] (AVG Technologies CZ, s.r.o.) R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbunivx.sys [43992 2017-11-16] (AVG Technologies CZ, s.r.o.) S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [35264 2017-11-16] (AVG Technologies CZ, s.r.o.) R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [117368 2017-11-16] (AVG Technologies CZ, s.r.o.) R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [63280 2017-11-16] (AVG Technologies CZ, s.r.o.) R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [775552 2017-11-16] (AVG Technologies CZ, s.r.o.) R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [381184 2017-11-16] (AVG Technologies CZ, s.r.o.) R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [290776 2017-11-16] (AVG Technologies CZ, s.r.o.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) S3 dg_ssudbus; C:\WINDOWS\System32\DRIVERS\ssudbus.sys [107648 2016-07-22] (Samsung Electronics Co., Ltd.) S3 HP1210FAX; C:\WINDOWS\System32\Drivers\HPM1210FAX.sys [13824 2010-04-28] () [File not signed] R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation) R3 m4cxw2k3; C:\WINDOWS\System32\DRIVERS\m4cxw2k3.sys [250752 2007-02-15] (D-Link Corporation) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2009-08-03] (VSO Software) [File not signed] R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation) S0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [721904 2009-07-13] (Duplex Secure Ltd.) S3 ssudmdm; C:\WINDOWS\System32\DRIVERS\ssudmdm.sys [146048 2016-07-22] (Samsung Electronics Co., Ltd.) S3 WpdUsb; C:\WINDOWS\System32\DRIVERS\wpdusb.sys [38528 2006-10-18] (Microsoft Corporation) [File not signed] S2 adfs; no ImagePath S3 BOCDRIVE; \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys [X] S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X] S3 FXDrv32; \??\D:\FXDrv32.sys [X] S4 IntelIde; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-30 14:23 - 2017-11-30 14:23 - 000012709 _____ C:\Documents and Settings\pc.PC1\Desktop\FRST.txt 2017-11-30 14:22 - 2017-11-30 14:23 - 000000000 ____D C:\FRST 2017-11-30 14:22 - 2017-11-30 14:22 - 001752064 _____ (Farbar) C:\Documents and Settings\pc.PC1\Desktop\FRST.exe 2017-11-30 10:49 - 2017-11-30 10:49 - 000025377 _____ C:\Documents and Settings\pc.PC1\Local Settings\Application Data\recently-used.xbel 2017-11-24 14:34 - 2017-11-24 14:34 - 000000000 ____D C:\Program Files\Quester 2017-11-24 14:34 - 2017-11-24 14:34 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QMailFilter 2017-11-24 14:32 - 2017-11-24 14:32 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Local Settings\Application Data\CEF 2017-11-24 14:32 - 2017-11-24 14:32 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Application Data\AVG 2017-11-24 14:31 - 2017-11-24 14:31 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Local Settings\Application Data\Avg 2017-11-24 14:21 - 2017-11-24 14:21 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\PCHealth 2017-11-20 12:24 - 2017-11-20 12:40 - 000065536 _____ C:\WINDOWS\system32\config\Doctor Web.evt 2017-11-20 12:24 - 2017-11-20 12:24 - 000000000 ____D C:\Documents and Settings\pc.PC1\Doctor Web 2017-11-20 12:24 - 2017-11-20 12:24 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Doctor Web 2017-11-16 14:45 - 2017-11-16 14:45 - 000087203 _____ C:\Documents and Settings\pc.PC1\My Documents\Untitled.pdf 2017-11-16 14:45 - 2017-11-16 14:45 - 000087203 _____ C:\Documents and Settings\pc.PC1\Desktop\Untitled.pdf 2017-11-16 13:03 - 2017-11-16 13:05 - 000000000 ____D C:\EEK 2017-11-16 13:02 - 2017-11-16 13:02 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Temp 2017-11-16 10:11 - 2017-11-16 10:11 - 000001608 _____ C:\Documents and Settings\All Users\Desktop\AVG AntiVirus FREE.lnk 2017-11-16 10:11 - 2017-11-16 10:11 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\AVG 2017-11-16 10:10 - 2017-11-30 10:10 - 000000288 ____H C:\WINDOWS\Tasks\Antivirus Emergency Update.job 2017-11-16 10:10 - 2017-11-16 10:10 - 000775552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys 2017-11-16 10:10 - 2017-11-16 10:10 - 000381184 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys 2017-11-16 10:10 - 2017-11-16 10:10 - 000306448 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe 2017-11-16 10:10 - 2017-11-16 10:10 - 000290776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys 2017-11-16 10:10 - 2017-11-16 10:10 - 000270344 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgblogx.sys 2017-11-16 10:10 - 2017-11-16 10:10 - 000249232 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriverx.sys 2017-11-16 10:10 - 2017-11-16 10:10 - 000151024 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidshx.sys 2017-11-16 10:10 - 2017-11-16 10:10 - 000149592 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys 2017-11-16 10:10 - 2017-11-16 10:10 - 000135872 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiskx.sys 2017-11-16 10:10 - 2017-11-16 10:10 - 000117368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys 2017-11-16 10:10 - 2017-11-16 10:10 - 000063280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys 2017-11-16 10:10 - 2017-11-16 10:10 - 000043992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbunivx.sys 2017-11-16 10:10 - 2017-11-16 10:10 - 000035264 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys 2017-11-16 10:08 - 2017-11-16 10:11 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2017-11-16 10:08 - 2017-11-16 10:08 - 000000629 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk 2017-11-16 10:06 - 2017-11-30 11:06 - 000000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job 2017-11-16 10:06 - 2017-11-16 10:08 - 000000000 ____D C:\Program Files\AVG 2017-11-16 09:51 - 2017-11-16 09:51 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\CEF 2017-11-16 09:50 - 2017-11-16 11:23 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Avg 2017-11-16 09:50 - 2017-11-16 10:11 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Avg 2017-11-16 09:50 - 2017-11-16 10:08 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\AvgSetupLog ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-30 14:23 - 2013-08-02 12:50 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Temp 2017-11-30 14:20 - 2015-08-03 07:23 - 000271360 _____ C:\Documents and Settings\pc.PC1\My Documents\Outlook_Archive.pst 2017-11-30 14:16 - 2016-12-27 11:00 - 000000000 ____D C:\2017 2017-11-30 10:49 - 2014-01-15 10:08 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\gtk-2.0 2017-11-30 10:49 - 2013-08-02 12:55 - 000000000 ____D C:\Documents and Settings\pc.PC1\.gimp-2.8 2017-11-30 07:55 - 2016-08-12 14:25 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\ViberPC 2017-11-30 07:52 - 2014-03-28 08:20 - 000000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2017-11-30 07:52 - 2008-09-12 18:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-11-30 07:52 - 2008-04-14 14:00 - 000011936 _____ C:\WINDOWS\system32\wpa.dbl 2017-11-29 16:54 - 2013-08-02 12:50 - 000000178 ___SH C:\Documents and Settings\pc.PC1\ntuser.ini 2017-11-29 16:54 - 2013-08-02 12:50 - 000000000 ____D C:\Documents and Settings\pc.PC1 2017-11-29 16:54 - 2008-09-12 18:28 - 000032520 _____ C:\WINDOWS\SchedLgU.Txt 2017-11-28 11:37 - 2011-12-19 11:25 - 000000000 ____D C:\Program Files\The KMPlayer 2017-11-24 14:40 - 2013-08-02 13:09 - 000211496 _____ C:\Documents and Settings\pc.PC1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2017-11-24 14:37 - 2013-11-01 13:09 - 000000178 ___SH C:\Documents and Settings\Administrator.PC1\ntuser.ini 2017-11-24 14:36 - 2010-03-25 10:10 - 000979370 _____ C:\WINDOWS\ntbtlog.txt 2017-11-24 14:35 - 2013-11-01 13:09 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Local Settings\Temp 2017-11-24 14:28 - 2008-09-12 21:12 - 002469912 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-11-24 14:25 - 2013-08-02 14:23 - 000065536 _____ C:\WINDOWS\system32\config\ODiag.evt 2017-11-24 14:15 - 2008-09-13 10:13 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help 2017-11-24 14:12 - 2008-04-14 14:00 - 000000668 _____ C:\WINDOWS\win.ini 2017-11-24 11:47 - 2016-08-12 14:25 - 000000000 ____D C:\Documents and Settings\pc.PC1\My Documents\ViberDownloads 2017-11-22 16:05 - 2013-12-11 14:52 - 000000000 ____D C:\2014 2017-11-22 16:04 - 2010-12-03 14:28 - 000000000 ____D C:\2011 2017-11-22 16:03 - 2011-12-09 14:39 - 000000000 ____D C:\2012 2017-11-22 15:40 - 2013-08-02 13:28 - 000002515 _____ C:\Documents and Settings\pc.PC1\Desktop\Microsoft Office Word 2007.lnk 2017-11-22 14:28 - 2014-12-29 16:42 - 000000000 ____D C:\2015 2017-11-22 14:25 - 2015-12-23 11:32 - 000000000 ____D C:\2016 2017-11-16 10:55 - 2014-10-02 15:34 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\istartsurf 2017-11-16 10:48 - 2012-12-20 13:57 - 000000000 ____D C:\2013 2017-11-16 10:38 - 2014-10-02 15:34 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\IePluginServices 2017-11-16 09:28 - 2010-09-30 15:57 - 000000000 ____D C:\Program Files\ough 2017-11-16 09:01 - 2013-09-23 15:54 - 002755382 ___SH C:\Documents and Settings\pc.PC1\Desktop\Thumbs.db 2017-11-10 13:23 - 2013-08-02 13:49 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\Skype 2017-11-08 15:00 - 2014-03-28 08:20 - 000000210 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job ==================== Files in the root of some directories ======= 2015-08-17 11:04 - 2015-08-17 11:08 - 000304492 _____ (AYURvmkth8) C:\Documents and Settings\pc.PC1\Application Data\adobe.exe 2013-10-07 13:55 - 2014-04-09 12:28 - 000000531 _____ () C:\Documents and Settings\pc.PC1\Application Data\burnaware.ini 2013-08-02 13:31 - 2017-08-18 12:25 - 000036352 _____ () C:\Documents and Settings\pc.PC1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-02-27 17:15 - 2014-02-28 09:48 - 000000600 _____ () C:\Documents and Settings\pc.PC1\Local Settings\Application Data\PUTTY.RND 2017-11-30 10:49 - 2017-11-30 10:49 - 000025377 _____ () C:\Documents and Settings\pc.PC1\Local Settings\Application Data\recently-used.xbel 2011-03-11 09:28 - 2011-03-11 09:28 - 000000016 _____ () C:\Documents and Settings\All Users\Application Data\.7486160831680234 2008-10-31 09:19 - 2008-10-31 09:19 - 000000041 ___SH () C:\Documents and Settings\All Users\Application Data\.zreglib 2008-09-13 13:47 - 2016-04-26 08:08 - 000001669 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log 2014-08-15 11:57 - 2010-03-30 10:12 - 000024772 _____ () C:\Documents and Settings\All Users\Application Data\P1210DEF.css 2014-08-15 11:57 - 2016-01-22 14:22 - 000015499 _____ () C:\Documents and Settings\All Users\Application Data\P1210OS.HTM 2014-08-15 11:57 - 2010-03-30 10:12 - 000002944 _____ () C:\Documents and Settings\All Users\Application Data\P1210SIG.GIF Some files in TEMP: ==================== 2017-10-13 09:08 - 2011-12-29 11:44 - 001275396 _____ (NCH Software) C:\Documents and Settings\pc.PC1\Local Settings\Temp\uninst.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================ Addition.txt
  10. компютъра ми ускорява говора на телевизията Нетера тв и от време на време спира картината въпреки добрия нет FRST.txt
  11. Здравеите проблема е следния след използване на uTorrent след извесно време рамта се покачва до 90% някои пъти и нагоре неможе да се изклучи компютъра и единствения вариянт е от щепсела. някои документи ми се копират сами. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016 Ran by user (administrator) on DESKTOP-IT9GN2C (10-09-2016 12:56:55) Running from C:\Users\user\Downloads Loaded Profiles: user (Available Profiles: user) Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (GIGABYTE Technology Co.,Ltd.) C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.23941.0_x64__8wekyb3d8bbwe\Video.UI.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MBCfg64] => C:\Windows\system32\MBCfg64.dll [38528 2013-07-04] (Creative Technology Ltd.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-05-02] (NVIDIA Corporation) HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2112512 2015-06-12] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107104 2016-09-01] (AVAST Software) HKU\S-1-5-21-393832760-2790156869-1528677353-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-20] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2016-05-31] ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-06-01] ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{e543dcf9-3a16-4837-a1f9-9d76bc8c2a73}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation) FireFox: ======== FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-25] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-25] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-20] FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-20] FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF Chrome: ======= CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-01] CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-01] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-01] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-01] CHR Extension: (Avast SafePrice) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-10] CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-01] CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-02] CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-02] CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-01] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-01] CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-01] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found> CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-20] (AVAST Software) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2016-06-01] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-06-01] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-15] (Creative Technology Ltd) [File not signed] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [374360 2016-05-27] (Intel Corporation) R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [454872 2016-02-12] (Rivet Networks) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-20] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-20] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-20] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-20] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-08-20] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-20] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-20] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-20] (AVAST Software) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [144456 2016-02-12] (Rivet Networks, LLC.) R3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2014-08-28] () R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162456 2016-02-12] (Qualcomm Atheros, Inc.) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-10 12:56 - 2016-09-10 12:57 - 00013879 _____ C:\Users\user\Downloads\FRST.txt 2016-09-10 12:56 - 2016-09-10 12:56 - 02397696 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe 2016-09-10 12:56 - 2016-09-10 12:56 - 00000000 ____D C:\FRST 2016-09-10 12:55 - 2016-09-10 12:55 - 01747968 _____ (Farbar) C:\Users\user\Downloads\FRST.exe 2016-09-10 12:13 - 2016-09-10 12:14 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-09-10 12:13 - 2016-09-10 12:13 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-09-10 12:13 - 2016-09-10 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-09-10 12:13 - 2016-09-10 12:13 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-09-10 12:13 - 2016-09-10 12:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-09-10 12:13 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-09-10 12:13 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-09-10 12:13 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-09-10 12:12 - 2016-09-10 12:12 - 22851472 _____ (Malwarebytes ) C:\Users\user\Downloads\mbam-setup-2.2.1.1043.exe 2016-09-09 18:06 - 2016-09-09 18:06 - 00222117 _____ C:\Users\user\Downloads\nrdb_4_00_preduchilishtno_obr.pdf 2016-09-09 17:56 - 2016-09-09 17:56 - 00270376 _____ C:\Users\user\Downloads\nrdb_8_23.082016_dokumenti.pdf 2016-09-09 17:55 - 2016-09-09 17:55 - 00211511 _____ C:\Users\user\Downloads\naredba_9_19.08.2016_institucii_v_obrazovanieto.pdf 2016-08-31 20:52 - 2016-08-27 08:12 - 04130944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-08-31 20:52 - 2016-08-27 08:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2016-08-31 20:52 - 2016-08-27 07:58 - 03893376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2016-08-31 20:52 - 2016-08-27 07:58 - 00121368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2016-08-31 20:52 - 2016-08-27 07:39 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll 2016-08-31 20:52 - 2016-08-27 07:38 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll 2016-08-31 20:52 - 2016-08-27 07:38 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll 2016-08-31 20:52 - 2016-08-27 07:37 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll 2016-08-31 20:52 - 2016-08-27 07:25 - 00804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll 2016-08-31 20:52 - 2016-08-20 09:03 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-08-31 20:52 - 2016-08-20 08:52 - 00658776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-08-31 20:52 - 2016-08-20 08:52 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-08-31 20:52 - 2016-08-20 08:51 - 00681312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys 2016-08-31 20:52 - 2016-08-20 08:50 - 01099608 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2016-08-31 20:52 - 2016-08-20 08:50 - 00987992 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2016-08-31 20:52 - 2016-08-20 08:50 - 00073568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2016-08-31 20:52 - 2016-08-20 08:47 - 01453992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll 2016-08-31 20:52 - 2016-08-20 08:47 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2016-08-31 20:52 - 2016-08-20 08:46 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-08-31 20:52 - 2016-08-20 08:34 - 01430200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2016-08-31 20:52 - 2016-08-20 08:32 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2016-08-31 20:52 - 2016-08-20 08:29 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2016-08-31 20:52 - 2016-08-20 08:29 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2016-08-31 20:52 - 2016-08-20 08:22 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll 2016-08-31 20:52 - 2016-08-20 08:21 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll 2016-08-31 20:52 - 2016-08-20 08:21 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2016-08-31 20:52 - 2016-08-20 08:20 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll 2016-08-31 20:52 - 2016-08-20 08:15 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-08-31 20:52 - 2016-08-20 08:13 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-08-31 20:52 - 2016-08-20 08:13 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2016-08-31 20:52 - 2016-08-20 08:13 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2016-08-31 20:52 - 2016-08-20 08:12 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll 2016-08-31 20:52 - 2016-08-20 08:11 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2016-08-31 20:52 - 2016-08-20 08:09 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2016-08-31 20:52 - 2016-08-20 08:08 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-08-31 20:52 - 2016-08-20 08:07 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll 2016-08-31 20:52 - 2016-08-20 08:07 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2016-08-31 20:52 - 2016-08-20 08:07 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2016-08-31 20:52 - 2016-08-20 08:06 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-08-31 20:52 - 2016-08-20 08:06 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2016-08-31 20:52 - 2016-08-20 08:04 - 23682560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-08-31 20:52 - 2016-08-20 08:04 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2016-08-31 20:52 - 2016-08-20 08:01 - 04612096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2016-08-31 20:52 - 2016-08-20 08:01 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll 2016-08-31 20:52 - 2016-08-20 08:00 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-08-31 20:52 - 2016-08-20 07:59 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll 2016-08-31 20:52 - 2016-08-20 07:57 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-08-31 20:52 - 2016-08-20 07:52 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll 2016-08-31 20:52 - 2016-08-20 07:51 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-08-31 20:52 - 2016-08-20 07:51 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-08-31 20:51 - 2016-08-27 15:45 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll 2016-08-31 20:51 - 2016-08-27 12:37 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll 2016-08-31 20:51 - 2016-08-27 07:44 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll 2016-08-31 20:51 - 2016-08-27 07:43 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\encapi.dll 2016-08-31 20:51 - 2016-08-20 09:26 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2016-08-31 20:51 - 2016-08-20 09:13 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-08-31 20:51 - 2016-08-20 09:06 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-08-31 20:51 - 2016-08-20 09:06 - 00885832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-08-31 20:51 - 2016-08-20 09:06 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-08-31 20:51 - 2016-08-20 09:05 - 01377008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2016-08-31 20:51 - 2016-08-20 09:04 - 07814488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-08-31 20:51 - 2016-08-20 09:04 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-08-31 20:51 - 2016-08-20 09:04 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-08-31 20:51 - 2016-08-20 09:03 - 02257248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2016-08-31 20:51 - 2016-08-20 08:52 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-08-31 20:51 - 2016-08-20 08:52 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-08-31 20:51 - 2016-08-20 08:52 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2016-08-31 20:51 - 2016-08-20 08:52 - 01279328 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2016-08-31 20:51 - 2016-08-20 08:52 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-08-31 20:51 - 2016-08-20 08:52 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll 2016-08-31 20:51 - 2016-08-20 08:50 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2016-08-31 20:51 - 2016-08-20 08:50 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2016-08-31 20:51 - 2016-08-20 08:50 - 00942424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2016-08-31 20:51 - 2016-08-20 08:50 - 00807776 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2016-08-31 20:51 - 2016-08-20 08:50 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-08-31 20:51 - 2016-08-20 08:50 - 00020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll 2016-08-31 20:51 - 2016-08-20 08:47 - 22218808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-08-31 20:51 - 2016-08-20 08:43 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2016-08-31 20:51 - 2016-08-20 08:42 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2016-08-31 20:51 - 2016-08-20 08:34 - 00782176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-08-31 20:51 - 2016-08-20 08:34 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll 2016-08-31 20:51 - 2016-08-20 08:33 - 05722312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-08-31 20:51 - 2016-08-20 08:33 - 00852824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2016-08-31 20:51 - 2016-08-20 08:32 - 00846552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2016-08-31 20:51 - 2016-08-20 08:29 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-08-31 20:51 - 2016-08-20 08:25 - 01264912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2016-08-31 20:51 - 2016-08-20 08:22 - 22571008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-08-31 20:51 - 2016-08-20 08:21 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2016-08-31 20:51 - 2016-08-20 08:21 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll 2016-08-31 20:51 - 2016-08-20 08:21 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL 2016-08-31 20:51 - 2016-08-20 08:21 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll 2016-08-31 20:51 - 2016-08-20 08:21 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL 2016-08-31 20:51 - 2016-08-20 08:20 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2016-08-31 20:51 - 2016-08-20 08:20 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll 2016-08-31 20:51 - 2016-08-20 08:20 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys 2016-08-31 20:51 - 2016-08-20 08:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL 2016-08-31 20:51 - 2016-08-20 08:19 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2016-08-31 20:51 - 2016-08-20 08:19 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 2016-08-31 20:51 - 2016-08-20 08:18 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2016-08-31 20:51 - 2016-08-20 08:18 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-08-31 20:51 - 2016-08-20 08:18 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2016-08-31 20:51 - 2016-08-20 08:17 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2016-08-31 20:51 - 2016-08-20 08:17 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2016-08-31 20:51 - 2016-08-20 08:17 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll 2016-08-31 20:51 - 2016-08-20 08:16 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2016-08-31 20:51 - 2016-08-20 08:16 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll 2016-08-31 20:51 - 2016-08-20 08:16 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll 2016-08-31 20:51 - 2016-08-20 08:15 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2016-08-31 20:51 - 2016-08-20 08:15 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2016-08-31 20:51 - 2016-08-20 08:15 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2016-08-31 20:51 - 2016-08-20 08:14 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_G18030.DLL 2016-08-31 20:51 - 2016-08-20 08:14 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2016-08-31 20:51 - 2016-08-20 08:14 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll 2016-08-31 20:51 - 2016-08-20 08:14 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll 2016-08-31 20:51 - 2016-08-20 08:14 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll 2016-08-31 20:51 - 2016-08-20 08:14 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_IS2022.DLL 2016-08-31 20:51 - 2016-08-20 08:14 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\c_GSM7.DLL 2016-08-31 20:51 - 2016-08-20 08:13 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll 2016-08-31 20:51 - 2016-08-20 08:12 - 01014784 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2016-08-31 20:51 - 2016-08-20 08:12 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-08-31 20:51 - 2016-08-20 08:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-08-31 20:51 - 2016-08-20 08:12 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-08-31 20:51 - 2016-08-20 08:12 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-08-31 20:51 - 2016-08-20 08:12 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2016-08-31 20:51 - 2016-08-20 08:11 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll 2016-08-31 20:51 - 2016-08-20 08:11 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll 2016-08-31 20:51 - 2016-08-20 08:11 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2016-08-31 20:51 - 2016-08-20 08:10 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2016-08-31 20:51 - 2016-08-20 08:10 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2016-08-31 20:51 - 2016-08-20 08:10 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2016-08-31 20:51 - 2016-08-20 08:09 - 09128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-08-31 20:51 - 2016-08-20 08:09 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll 2016-08-31 20:51 - 2016-08-20 08:09 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2016-08-31 20:51 - 2016-08-20 08:08 - 01906176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2016-08-31 20:51 - 2016-08-20 08:08 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2016-08-31 20:51 - 2016-08-20 08:08 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll 2016-08-31 20:51 - 2016-08-20 08:08 - 00204288 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll 2016-08-31 20:51 - 2016-08-20 08:08 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll 2016-08-31 20:51 - 2016-08-20 08:07 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll 2016-08-31 20:51 - 2016-08-20 08:07 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2016-08-31 20:51 - 2016-08-20 08:07 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll 2016-08-31 20:51 - 2016-08-20 08:07 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll 2016-08-31 20:51 - 2016-08-20 08:06 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll 2016-08-31 20:51 - 2016-08-20 08:05 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2016-08-31 20:51 - 2016-08-20 08:05 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-08-31 20:51 - 2016-08-20 08:04 - 03245056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2016-08-31 20:51 - 2016-08-20 08:04 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe 2016-08-31 20:51 - 2016-08-20 08:04 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll 2016-08-31 20:51 - 2016-08-20 08:04 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2016-08-31 20:51 - 2016-08-20 08:04 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll 2016-08-31 20:51 - 2016-08-20 08:03 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll 2016-08-31 20:51 - 2016-08-20 08:03 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2016-08-31 20:51 - 2016-08-20 08:03 - 02846208 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2016-08-31 20:51 - 2016-08-20 08:03 - 00944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-08-31 20:51 - 2016-08-20 08:02 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll 2016-08-31 20:51 - 2016-08-20 08:01 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll 2016-08-31 20:51 - 2016-08-20 08:00 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-08-31 20:51 - 2016-08-20 08:00 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll 2016-08-31 20:51 - 2016-08-20 08:00 - 00141824 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DscCoreConfProv.dll 2016-08-31 20:51 - 2016-08-20 07:59 - 07624192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-08-31 20:51 - 2016-08-20 07:59 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll 2016-08-31 20:51 - 2016-08-20 07:59 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-08-31 20:51 - 2016-08-20 07:59 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2016-08-31 20:51 - 2016-08-20 07:59 - 01106944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll 2016-08-31 20:51 - 2016-08-20 07:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll 2016-08-31 20:51 - 2016-08-20 07:58 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2016-08-31 20:51 - 2016-08-20 07:58 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll 2016-08-31 20:51 - 2016-08-20 07:57 - 02680832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-08-31 20:51 - 2016-08-20 07:57 - 02264064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-08-31 20:51 - 2016-08-20 07:57 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2016-08-31 20:51 - 2016-08-20 07:56 - 02711040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2016-08-31 20:51 - 2016-08-20 07:56 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-08-31 20:51 - 2016-08-20 07:56 - 02289664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-08-31 20:51 - 2016-08-20 07:56 - 02143232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2016-08-31 20:51 - 2016-08-20 07:56 - 01006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll 2016-08-31 20:51 - 2016-08-20 07:56 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2016-08-31 20:51 - 2016-08-20 07:56 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2016-08-31 20:51 - 2016-08-20 07:56 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll 2016-08-31 20:51 - 2016-08-20 07:55 - 19418624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-08-31 20:51 - 2016-08-20 07:55 - 00726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2016-08-31 20:51 - 2016-08-20 07:54 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll 2016-08-31 20:51 - 2016-08-20 07:53 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-08-31 20:51 - 2016-08-20 07:53 - 03299328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2016-08-31 20:51 - 2016-08-20 07:53 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll 2016-08-31 20:51 - 2016-08-20 07:51 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2016-08-31 20:51 - 2016-08-20 07:50 - 01875456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-08-31 20:51 - 2016-08-20 07:49 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2016-08-31 20:51 - 2016-08-20 07:46 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2016-08-31 20:51 - 2016-08-19 04:33 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS 2016-08-26 20:50 - 2016-08-26 20:50 - 00044673 _____ C:\Users\user\Desktop\305362.pdf 2016-08-26 20:50 - 2016-08-26 20:50 - 00044672 _____ C:\Users\user\Desktop\305361.pdf 2016-08-24 14:10 - 2016-08-06 07:33 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2016-08-24 14:10 - 2016-08-06 07:31 - 00041824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe 2016-08-24 14:10 - 2016-08-06 07:29 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2016-08-24 14:10 - 2016-08-06 07:18 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2016-08-24 14:10 - 2016-08-06 07:17 - 00450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2016-08-24 14:10 - 2016-08-06 07:17 - 00224096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-08-24 14:10 - 2016-08-06 07:16 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2016-08-24 14:10 - 2016-08-06 07:08 - 00509784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-08-24 14:10 - 2016-08-06 06:48 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll 2016-08-24 14:10 - 2016-08-06 06:48 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe 2016-08-24 14:10 - 2016-08-06 06:47 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll 2016-08-24 14:10 - 2016-08-06 06:43 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll 2016-08-24 14:10 - 2016-08-06 06:41 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2016-08-24 14:10 - 2016-08-06 06:41 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2016-08-24 14:10 - 2016-08-06 06:41 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll 2016-08-24 14:10 - 2016-08-06 06:40 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2016-08-24 14:10 - 2016-08-06 06:40 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll 2016-08-24 14:10 - 2016-08-06 06:39 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll 2016-08-24 14:10 - 2016-08-06 06:38 - 17187328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-08-24 14:10 - 2016-08-06 06:33 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2016-08-24 14:10 - 2016-08-06 06:31 - 12174336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-08-24 14:10 - 2016-08-06 06:31 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll 2016-08-24 14:10 - 2016-08-06 06:30 - 13080576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-08-24 14:10 - 2016-08-06 06:23 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2016-08-24 14:10 - 2016-08-06 06:23 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2016-08-24 14:10 - 2016-08-06 06:19 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2016-08-24 14:10 - 2016-08-05 12:14 - 01066328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll 2016-08-24 14:10 - 2016-08-05 12:12 - 05622600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2016-08-24 14:10 - 2016-08-05 12:10 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll 2016-08-24 14:10 - 2016-08-05 12:05 - 00665768 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe 2016-08-24 14:10 - 2016-08-05 11:28 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll 2016-08-24 14:10 - 2016-08-05 11:22 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll 2016-08-24 14:10 - 2016-08-05 11:20 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2016-08-24 14:10 - 2016-08-05 11:08 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll 2016-08-24 14:09 - 2016-08-06 07:31 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2016-08-24 14:09 - 2016-08-06 07:29 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys 2016-08-24 14:09 - 2016-08-06 07:26 - 01176664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2016-08-24 14:09 - 2016-08-06 07:23 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-08-24 14:09 - 2016-08-06 07:18 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-08-24 14:09 - 2016-08-06 07:18 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-08-24 14:09 - 2016-08-06 07:17 - 00790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2016-08-24 14:09 - 2016-08-06 07:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-08-24 14:09 - 2016-08-06 07:15 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll 2016-08-24 14:09 - 2016-08-06 07:13 - 01847048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll 2016-08-24 14:09 - 2016-08-06 07:13 - 01694200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2016-08-24 14:09 - 2016-08-06 07:13 - 01066096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-08-24 14:09 - 2016-08-06 07:13 - 00595488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2016-08-24 14:09 - 2016-08-06 07:13 - 00381760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-08-24 14:09 - 2016-08-06 07:13 - 00044472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe 2016-08-24 14:09 - 2016-08-06 07:09 - 00151224 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-08-24 14:09 - 2016-08-06 07:08 - 02251432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-08-24 14:09 - 2016-08-06 07:08 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-08-24 14:09 - 2016-08-06 07:08 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-08-24 14:09 - 2016-08-06 07:08 - 00313560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2016-08-24 14:09 - 2016-08-06 07:08 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-08-24 14:09 - 2016-08-06 07:04 - 00361096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll 2016-08-24 14:09 - 2016-08-06 07:03 - 01557296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2016-08-24 14:09 - 2016-08-06 07:03 - 01343928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2016-08-24 14:09 - 2016-08-06 07:03 - 00955008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-08-24 14:09 - 2016-08-06 07:03 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2016-08-24 14:09 - 2016-08-06 07:03 - 00036168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe 2016-08-24 14:09 - 2016-08-06 07:02 - 00321280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-08-24 14:09 - 2016-08-06 06:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2016-08-24 14:09 - 2016-08-06 06:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2016-08-24 14:09 - 2016-08-06 06:48 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll 2016-08-24 14:09 - 2016-08-06 06:48 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll 2016-08-24 14:09 - 2016-08-06 06:48 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll 2016-08-24 14:09 - 2016-08-06 06:48 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx 2016-08-24 14:09 - 2016-08-06 06:48 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll 2016-08-24 14:09 - 2016-08-06 06:47 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys 2016-08-24 14:09 - 2016-08-06 06:47 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2016-08-24 14:09 - 2016-08-06 06:47 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx 2016-08-24 14:09 - 2016-08-06 06:47 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll 2016-08-24 14:09 - 2016-08-06 06:46 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL 2016-08-24 14:09 - 2016-08-06 06:46 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL 2016-08-24 14:09 - 2016-08-06 06:46 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe 2016-08-24 14:09 - 2016-08-06 06:46 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe 2016-08-24 14:09 - 2016-08-06 06:46 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll 2016-08-24 14:09 - 2016-08-06 06:46 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys 2016-08-24 14:09 - 2016-08-06 06:45 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll 2016-08-24 14:09 - 2016-08-06 06:45 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll 2016-08-24 14:09 - 2016-08-06 06:45 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2016-08-24 14:09 - 2016-08-06 06:45 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll 2016-08-24 14:09 - 2016-08-06 06:45 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll 2016-08-24 14:09 - 2016-08-06 06:45 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe 2016-08-24 14:09 - 2016-08-06 06:45 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2016-08-24 14:09 - 2016-08-06 06:45 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe 2016-08-24 14:09 - 2016-08-06 06:44 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys 2016-08-24 14:09 - 2016-08-06 06:44 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2016-08-24 14:09 - 2016-08-06 06:44 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll 2016-08-24 14:09 - 2016-08-06 06:44 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll 2016-08-24 14:09 - 2016-08-06 06:43 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll 2016-08-24 14:09 - 2016-08-06 06:43 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2016-08-24 14:09 - 2016-08-06 06:43 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2016-08-24 14:09 - 2016-08-06 06:42 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-08-24 14:09 - 2016-08-06 06:41 - 13867520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-08-24 14:09 - 2016-08-06 06:41 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2016-08-24 14:09 - 2016-08-06 06:41 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll 2016-08-24 14:09 - 2016-08-06 06:41 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll 2016-08-24 14:09 - 2016-08-06 06:41 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll 2016-08-24 14:09 - 2016-08-06 06:40 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-08-24 14:09 - 2016-08-06 06:40 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll 2016-08-24 14:09 - 2016-08-06 06:40 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll 2016-08-24 14:09 - 2016-08-06 06:39 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2016-08-24 14:09 - 2016-08-06 06:39 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll 2016-08-24 14:09 - 2016-08-06 06:39 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll 2016-08-24 14:09 - 2016-08-06 06:38 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-08-24 14:09 - 2016-08-06 06:37 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-08-24 14:09 - 2016-08-06 06:36 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll 2016-08-24 14:09 - 2016-08-06 06:33 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-08-24 14:09 - 2016-08-06 06:31 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2016-08-24 14:09 - 2016-08-06 06:31 - 01052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll 2016-08-24 14:09 - 2016-08-06 06:31 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2016-08-24 14:09 - 2016-08-06 06:30 - 12345344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-08-24 14:09 - 2016-08-06 06:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2016-08-24 14:09 - 2016-08-06 06:29 - 13433856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-08-24 14:09 - 2016-08-06 06:29 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll 2016-08-24 14:09 - 2016-08-06 06:29 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll 2016-08-24 14:09 - 2016-08-06 06:29 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2016-08-24 14:09 - 2016-08-06 06:28 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll 2016-08-24 14:09 - 2016-08-06 06:28 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll 2016-08-24 14:09 - 2016-08-06 06:28 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll 2016-08-24 14:09 - 2016-08-06 06:26 - 02422784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll 2016-08-24 14:09 - 2016-08-06 06:26 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-08-24 14:09 - 2016-08-06 06:26 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-08-24 14:09 - 2016-08-06 06:25 - 03116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll 2016-08-24 14:09 - 2016-08-06 06:25 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-08-24 14:09 - 2016-08-06 06:24 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-08-24 14:09 - 2016-08-06 06:24 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-08-24 14:09 - 2016-08-06 06:23 - 01780736 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-08-24 14:09 - 2016-08-06 06:23 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-08-24 14:09 - 2016-08-06 06:23 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-08-24 14:09 - 2016-08-06 06:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2016-08-24 14:09 - 2016-08-06 06:23 - 01062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2016-08-24 14:09 - 2016-08-06 06:23 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll 2016-08-24 14:09 - 2016-08-06 06:21 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll 2016-08-24 14:09 - 2016-08-06 06:19 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll 2016-08-24 14:09 - 2016-08-05 11:29 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll 2016-08-24 14:09 - 2016-08-05 11:23 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll 2016-08-24 14:09 - 2016-08-05 11:20 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll 2016-08-24 14:09 - 2016-08-05 11:18 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll 2016-08-20 04:14 - 2016-08-20 04:14 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2016-08-20 04:14 - 2016-08-20 04:14 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2016-08-20 00:13 - 2016-08-19 13:19 - 00000000 ___DC C:\WINDOWS\Panther 2016-08-20 00:11 - 2016-08-20 00:11 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2016-08-20 00:11 - 2016-08-20 00:11 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2016-08-20 00:11 - 2016-08-20 00:11 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-08-20 00:11 - 2016-08-20 00:11 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2016-08-20 00:11 - 2016-08-20 00:11 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2016-08-20 00:11 - 2016-08-20 00:11 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2016-08-20 00:11 - 2016-08-20 00:11 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll 2016-08-20 00:11 - 2016-08-20 00:11 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2016-08-20 00:11 - 2016-08-20 00:11 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll 2016-08-20 00:11 - 2016-08-20 00:11 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll 2016-08-20 00:11 - 2016-08-20 00:11 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys 2016-08-20 00:11 - 2016-08-20 00:11 - 00000000 ____D C:\Program Files\CMAK 2016-08-20 00:11 - 2016-08-20 00:11 - 00000000 ____D C:\Program Files (x86)\CMAK 2016-08-20 00:11 - 2016-07-16 06:29 - 04164608 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0002.dll 2016-08-20 00:11 - 2016-07-16 06:26 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0002.dll 2016-08-20 00:11 - 2016-07-16 06:25 - 01915392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MLS2.dll 2016-08-20 00:11 - 2016-07-16 05:45 - 04164608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0002.dll 2016-08-20 00:11 - 2016-07-16 05:42 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0002.dll 2016-08-20 00:11 - 2016-07-16 05:39 - 01868800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MLS2.dll 2016-08-20 00:10 - 2016-08-20 00:10 - 00008192 _____ C:\WINDOWS\system32\config\userdiff 2016-08-19 13:21 - 2016-08-19 13:21 - 00000000 ____D C:\ProgramData\Microsoft OneDrive 2016-08-19 13:20 - 2016-08-19 13:20 - 00000000 ____D C:\ProgramData\USOShared 2016-08-19 13:19 - 2016-08-19 17:39 - 00000000 ____D C:\Users\user\AppData\Local\ConnectedDevicesPlatform 2016-08-19 13:19 - 2016-08-19 13:19 - 00007623 _____ C:\WINDOWS\diagwrn.xml 2016-08-19 13:19 - 2016-08-19 13:19 - 00007623 _____ C:\WINDOWS\diagerr.xml 2016-08-19 13:19 - 2016-08-19 13:19 - 00000020 ___SH C:\Users\user\ntuser.ini 2016-08-19 13:19 - 2016-08-19 13:19 - 00000000 _SHDL C:\Users\Default\My Documents 2016-08-19 13:19 - 2016-08-19 13:19 - 00000000 _SHDL C:\Users\Default\Documents\My Videos 2016-08-19 13:19 - 2016-08-19 13:19 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures 2016-08-19 13:19 - 2016-08-19 13:19 - 00000000 _SHDL C:\Users\Default\Documents\My Music 2016-08-19 13:19 - 2016-08-19 13:19 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos 2016-08-19 13:19 - 2016-08-19 13:19 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures 2016-08-19 13:19 - 2016-08-19 13:19 - 00000000 _SHDL C:\Users\Default User\Documents\My Music 2016-08-19 13:18 - 2016-09-10 01:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-08-19 13:18 - 2016-08-20 04:15 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2016-08-19 13:18 - 2016-08-19 13:18 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat 2016-08-19 13:18 - 2016-08-19 13:18 - 00003450 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-08-19 13:18 - 2016-08-19 13:18 - 00003226 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-08-19 13:18 - 2016-08-19 13:18 - 00002820 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task 2016-08-19 13:18 - 2016-08-19 13:18 - 00002398 _____ C:\WINDOWS\System32\Tasks\OC GURU II Auto Run 2016-08-19 13:16 - 2016-08-19 13:16 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-08-19 13:15 - 2016-08-19 13:16 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate 2016-08-19 13:15 - 2016-08-19 13:15 - 00000000 _SHDL C:\Users\user\My Documents 2016-08-19 13:15 - 2016-08-19 13:15 - 00000000 _SHDL C:\Users\user\Documents\My Videos 2016-08-19 13:15 - 2016-08-19 13:15 - 00000000 _SHDL C:\Users\user\Documents\My Pictures 2016-08-19 13:15 - 2016-08-19 13:15 - 00000000 _SHDL C:\Users\user\Documents\My Music 2016-08-19 13:15 - 2016-07-16 14:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2016-08-19 13:14 - 2016-09-10 11:57 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2016-08-19 13:14 - 2016-09-10 01:59 - 00000000 ____D C:\ProgramData\NVIDIA 2016-08-19 13:14 - 2016-08-19 13:15 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-08-19 13:14 - 2016-08-19 13:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-08-19 13:14 - 2016-08-19 13:15 - 00000000 ____D C:\Program Files\Intel 2016-08-19 13:14 - 2016-08-19 13:15 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2016-08-19 13:14 - 2016-08-19 13:14 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat 2016-08-19 13:14 - 2016-08-19 13:14 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin 2016-08-19 13:14 - 2016-05-27 15:50 - 00100488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL 2016-08-19 13:14 - 2015-11-05 18:08 - 06358648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2016-08-19 13:14 - 2015-11-05 18:08 - 02983216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2016-08-19 13:14 - 2015-11-05 18:08 - 02554672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2016-08-19 13:14 - 2015-11-05 18:08 - 00938616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe 2016-08-19 13:14 - 2015-11-05 18:08 - 00385328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2016-08-19 13:14 - 2015-11-05 18:08 - 00062584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2016-08-19 13:14 - 2015-10-28 16:49 - 06027430 _____ C:\WINDOWS\system32\nvcoproc.bin 2016-08-19 13:13 - 2016-09-10 12:38 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-08-19 13:13 - 2016-09-01 02:28 - 00340720 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-08-19 13:13 - 2016-08-19 13:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles 2016-08-17 15:36 - 2016-08-17 15:36 - 00312333 _____ C:\Users\user\Downloads\naredba_5_2016_preduchilishtno_obr.pdf 2016-08-17 15:36 - 2016-08-17 15:36 - 00126599 _____ C:\Users\user\Downloads\zakon_obr_minimum_uch_plan.pdf 2016-08-16 00:48 - 2016-08-16 00:48 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-10 11:58 - 2016-06-20 00:19 - 00000000 ____D C:\Program Files (x86)\Steam 2016-09-10 11:57 - 2016-06-01 20:23 - 00000000 ____D C:\Users\user\Documents\temp 2016-09-10 11:57 - 2016-05-31 16:34 - 00000000 __SHD C:\Users\user\IntelGraphicsProfiles 2016-09-10 03:19 - 2016-06-03 23:29 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent 2016-09-10 02:05 - 2016-06-01 03:54 - 01195458 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-09-10 01:58 - 2016-07-16 09:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2016-09-09 17:39 - 2016-07-16 14:47 - 00000000 ___HD C:\Program Files\WindowsApps 2016-09-09 17:39 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-09-03 20:35 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\rescache 2016-09-02 00:00 - 2016-07-16 14:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-09-01 02:30 - 2016-07-16 14:45 - 00000000 ____D C:\WINDOWS\INF 2016-09-01 02:30 - 2016-06-01 03:58 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-09-01 02:27 - 2016-07-16 17:29 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2016-09-01 02:27 - 2016-07-16 14:47 - 00000000 ___SD C:\WINDOWS\system32\dsc 2016-09-01 02:27 - 2016-07-16 14:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-09-01 02:27 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-09-01 02:27 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV 2016-09-01 02:27 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT 2016-09-01 02:27 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\et-EE 2016-09-01 02:27 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\es-MX 2016-09-01 02:27 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\en-GB 2016-09-01 02:27 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\ShellExperiences 2016-09-01 02:27 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\Provisioning 2016-09-01 02:27 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2016-08-31 21:04 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-08-31 20:47 - 2016-07-16 14:43 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe 2016-08-31 20:47 - 2016-07-16 14:43 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll 2016-08-31 20:47 - 2016-07-16 14:43 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2016-08-31 20:47 - 2016-07-16 14:43 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2016-08-31 20:47 - 2016-07-16 14:43 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll 2016-08-31 20:47 - 2016-07-16 14:43 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-08-31 20:47 - 2016-07-16 14:43 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2016-08-31 20:47 - 2016-07-16 14:42 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe 2016-08-31 20:47 - 2016-07-16 14:42 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2016-08-31 20:47 - 2016-07-16 14:42 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2016-08-31 20:47 - 2016-07-16 14:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2016-08-31 20:47 - 2016-07-16 14:42 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-08-31 20:47 - 2016-07-16 14:42 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2016-08-31 20:47 - 2016-07-16 14:42 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2016-08-31 20:47 - 2016-07-16 14:42 - 00079544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2016-08-31 20:47 - 2016-07-16 14:42 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll 2016-08-31 20:47 - 2016-07-16 14:42 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll 2016-08-31 20:47 - 2016-07-16 14:42 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2016-08-28 16:18 - 2016-07-06 02:10 - 00000000 ____D C:\Users\user\Desktop\snimki 2016-08-26 08:43 - 2016-07-16 14:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-08-26 08:43 - 2016-07-16 14:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-08-26 03:07 - 2016-06-01 03:58 - 00000000 ____D C:\Users\user\AppData\Local\Packages 2016-08-24 22:09 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-08-20 19:06 - 2016-07-16 09:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM 2016-08-20 04:14 - 2016-06-01 23:57 - 00969560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2016-08-20 04:14 - 2016-06-01 23:57 - 00513496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2016-08-20 04:14 - 2016-06-01 23:57 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2016-08-20 04:14 - 2016-06-01 23:57 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2016-08-20 04:14 - 2016-06-01 23:57 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2016-08-20 04:14 - 2016-06-01 23:57 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2016-08-20 04:14 - 2016-06-01 23:57 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2016-08-20 04:14 - 2016-06-01 23:57 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2016-08-20 00:13 - 2016-07-16 14:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template 2016-08-20 00:11 - 2016-07-16 17:15 - 00000000 ____D C:\WINDOWS\OCR 2016-08-19 13:22 - 2016-06-01 04:00 - 00002360 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-08-19 13:22 - 2016-06-01 04:00 - 00000000 ___RD C:\Users\user\OneDrive 2016-08-19 13:20 - 2016-07-16 14:47 - 00000000 ____D C:\ProgramData\USOPrivate 2016-08-19 13:19 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\Registration 2016-08-19 13:18 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2016-08-19 13:18 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2016-08-19 13:17 - 2016-07-16 14:47 - 00000000 __RHD C:\Users\Public\Libraries 2016-08-19 13:16 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2016-08-19 13:16 - 2016-07-16 14:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-08-19 13:16 - 2016-06-20 00:39 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2016-08-19 13:16 - 2016-06-20 00:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2016-08-19 13:16 - 2016-06-05 23:57 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetWin365 Pro 2016-08-19 13:16 - 2016-06-05 00:12 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-08-19 13:16 - 2016-06-05 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-08-19 13:16 - 2016-06-01 04:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative 2016-08-19 13:16 - 2016-05-31 17:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-08-19 13:16 - 2016-05-31 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2016-08-19 13:16 - 2015-10-30 12:07 - 00000000 ____D C:\WINDOWS\ShellNew 2016-08-19 13:16 - 2015-10-30 09:28 - 00000000 ____D C:\Users\Default.migrated 2016-08-19 13:15 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\spool 2016-08-19 13:15 - 2016-07-16 14:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-08-19 13:15 - 2016-07-16 09:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2016-08-19 13:15 - 2016-06-01 07:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killer Networking 2016-08-19 13:15 - 2016-05-31 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE 2016-08-19 13:14 - 2016-07-16 14:47 - 00000000 ___RD C:\WINDOWS\PrintDialog 2016-08-19 13:14 - 2016-07-16 14:47 - 00000000 ___RD C:\WINDOWS\MiracastView 2016-08-19 13:14 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\Help 2016-08-19 03:09 - 2016-06-01 23:53 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-08-18 19:09 - 2016-06-01 23:53 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job ==================== Files in the root of some directories ======= 2016-06-01 04:10 - 2016-06-01 07:15 - 0000000 _____ () C:\Users\user\AppData\Local\Driver_LOM_8161Present.flag ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-01 18:49 ==================== End of FRST.txt ============================ Addition.txt
  12. Случайно забелязах папка със непознато ми име RarVault в дял С. В нея има три файла - един текстови, един линк към страница и един svhost.exe Веднага изгасих компютъра и пуснах kaspersry reskue cd да сканира. папката я архивирах и качих тук http://tranzit.dir.b...41QGPuu22731467 ако някой иска да види за какво става дума, естествено на негова отговорност. Та какво да правя сега и как да махна нещото, дали само като изтрия папката ще си махне? Касперски сканира и каза че съм чист, но щом пуснах уиндоуса и влязох в С папката сама се появи пак. Май по-рано днес цъкнах на линк от един приятел по скайп ето логовете Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-08-2016 Ran by Valio (06-09-2016 22:36:23) Running from C:\Documents and Settings\Valio\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) (2010-11-07 17:20:38) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2052111302-630328440-1801674531-500 - Administrator - Enabled) Guest (S-1-5-21-2052111302-630328440-1801674531-501 - Limited - Disabled) HelpAssistant (S-1-5-21-2052111302-630328440-1801674531-1000 - Limited - Disabled) SUPPORT_388945a0 (S-1-5-21-2052111302-630328440-1801674531-1002 - Limited - Disabled) Valio (S-1-5-21-2052111302-630328440-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Valio ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Panda Free Antivirus (Enabled - Up to date) {5AD27692-540A-464E-B625-78275FA38393} FW: Panda Firewall (Disabled) {1337562C-110A-4AF8-B12B-750C0B30E802} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM\...\uTorrent) (Version: 2.0.3 - ) Acronis MigrateEasy (HKLM\...\MigrateEasy) (Version: - Acronis) Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Ashampoo Burning Studio 6 FREE (HKLM\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.7.7 - ashampoo GmbH & Co. KG) Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.40 - Atheros Communications Inc.) ATI Catalyst Install Manager (HKLM\...\{B000FB7B-A489-25FC-EA84-1AA54AAD55BB}) (Version: 3.0.790.0 - ATI Technologies, Inc.) ATI Catalyst Registration (Version: 3.00.0000 - ATI Technologies Inc.) Hidden Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.00.16(T) - TOSHIBA CORPORATION) ccc-core-static (Version: 2010.0910.2122.36517 - ATI) Hidden CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC) FormatFactory 2.80 (HKLM\...\FormatFactory) (Version: 2.80 - Free Time) Foxit Reader (HKLM\...\Foxit Reader) (Version: 4.0.0.619 - Foxit Software Company) Free Video Editor version 1.4.13.805 (HKLM\...\Free Video Editor_is1) (Version: 1.4.13.805 - DVDVideoSoft Ltd.) Hard Disk Sentinel (HKLM\...\Hard Disk Sentinel_is1) (Version: - HDS) HDDlife (HKLM\...\{8A142E1E-0B3A-459D-9908-BF77F284297F}) (Version: 2.9.105 - BinarySense) K-Lite Codec Pack 12.0.5 Standard (HKLM\...\KLiteCodecPack_is1) (Version: 12.0.5 - KLCP) Malwarebytes Anti-Malware, версия 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) MozBackup 1.4.10 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Firefox 43.0.1 (x86 bg) (HKLM\...\Mozilla Firefox 43.0.1 (x86 bg)) (Version: 43.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1 - Mozilla) NitroFamily (HKLM\...\{008E8741-8888-4BEE-89B6-5AECB5FB9611}) (Version: - ) Opera 11.10 (HKLM\...\Opera 11.10.2092) (Version: 11.10.2092 - Opera Software ASA) Panda Devices Agent (Version: 1.03.08 - Panda Security) Hidden Panda Devices Agent (Version: 1.08.00 - Panda Security) Hidden Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 17.00.01.0000 - Panda Security) Panda Free Antivirus (Version: 8.31.00 - Panda Security) Hidden PIXresizer 2.0.1 (HKLM\...\PIXresizer_is1) (Version: - Bluefive software) Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden Ralink RT7x Wireless LAN Card (HKLM\...\{E91E8912-769D-42F0-8408-0E329443BABC}) (Version: 1.5.4.0 - Ralink) Revo Uninstaller 2.0.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.0 - VS Revo Group, Ltd.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.) Skype 7.0.0.102 (HKLM\...\Skype 7.0.0.102) (Version: - ) Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) The Lord of the Rings FREE Trial (Version: 1.00.0000 - ATI Technologies Inc.) Hidden VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Viber (HKU\S-1-5-21-2052111302-630328440-1801674531-1003\...\{acc83058-83b0-41e2-b372-266672a1af16}) (Version: 6.0.1.5 - Viber Media Inc.) Viber (Version: 6.0.1.5 - Viber Media Inc.) Hidden WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden WhoCrashed 3.05 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.) Windows Bulgarian Interface Pack (HKLM\...\{C408D81A-CB17-4CDF-98AF-2E64036B3F32}) (Version: 1.0.0.2600 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 10 (HKLM\...\Windows Media Player) (Version: - ) XviD MPEG-4 Video Codec (HKLM\...\xvid) (Version: - XviD Development Team) Архиватор WinRAR (HKLM\...\WinRAR archiver) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2052111302-630328440-1801674531-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File CustomCLSID: HKU\S-1-5-21-2052111302-630328440-1801674531-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File CustomCLSID: HKU\S-1-5-21-2052111302-630328440-1801674531-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\klcp_update.job => CMD /C sc create KLCPU binPath CMD /V /C SET \FILE \ ProgramFiles \ Lite Codec Pack Tools CodecTweakTool exe\\ IF EXIST FILE START \CTT\ FILE /verysilent /update /freq 30 type own type interact net start KLCPU sc delete KLCPU CMD Valio ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\VMware\ThinApp Help.lnk -> hxxp://www.vmware.com/info?id=766 ==================== Loaded Modules (Whitelisted) ============== 2010-11-07 21:00 - 2006-12-03 15:53 - 00126464 _____ () C:\Program Files\WinRAR\rarext.dll 2005-08-13 21:03 - 2005-08-13 21:03 - 00124928 _____ () C:\Program Files\BinarySense\HDDlife\crashrpt.dll 2015-12-15 20:17 - 2015-12-15 20:17 - 00618544 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll 2010-03-16 13:22 - 2010-03-16 13:22 - 00014848 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll 2010-08-04 16:58 - 2010-08-04 16:58 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-09-10 22:21 - 2010-09-10 22:21 - 00270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Documents and Settings\Valio\My Documents\Shareaza Downloads:Shareaza.GUID [16] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %* ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2008-04-14 15:00 - 2008-04-14 15:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2052111302-630328440-1801674531-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Valio\Local Settings\Application Data\Microsoft\Wallpaper1.bmp DNS Servers: 192.168.137.1 Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) StandardProfile\AuthorizedApplications: [C:\Program Files\uTorrent\uTorrent.exe] => Enabled:µTorrent StandardProfile\AuthorizedApplications: [C:\Program Files\NitroFamily\NitroFamily.exe] => Enabled:NitroFamily StandardProfile\AuthorizedApplications: [C:\Program Files\ASUS\GamerOSD\GamerOSD.exe] => Enabled:ASUS GamerOSD APP StandardProfile\AuthorizedApplications: [G:\instal\INTERNET\DC++\sdc222\StrongDC.exe] => G:\instal\INTERNET\DC++\sdc222\StrongDC.exe:*:Enabled:StrongDC++ StandardProfile\AuthorizedApplications: [C:\Program Files\BitComet\BitComet.exe] => Enabled:BitComet - a BitTorrent Client StandardProfile\AuthorizedApplications: [C:\Program Files\Opera\opera.exe] => Enabled:Opera Internet Browser StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Valio\Desktop\Sky38i.exe] => Enabled:Skype StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox) StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype StandardProfile\GloballyOpenPorts: [16752:TCP] => Enabled:BitComet 16752 TCP StandardProfile\GloballyOpenPorts: [16752:UDP] => Enabled:BitComet 16752 UDP ==================== Restore Points ========================= 16-03-2016 22:26:03 Installed ASUS Smart Doctor 20-03-2016 22:11:27 Installed ASUS Gamer OSD 21-03-2016 01:35:46 Removed ASUS Gamer OSD 21-03-2016 01:39:25 Configured ASUS Smart Doctor 26-03-2016 11:17:33 Configured ASUS Smart Doctor 26-03-2016 11:18:34 Configured ASUS Smart Doctor 26-03-2016 11:19:04 Configured ASUS Smart Doctor 02-04-2016 22:05:47 Installed VMware ThinApp 10-08-2016 20:05:30 Операция за възстановяване 06-09-2016 14:51:26 Installed HDDlife 06-09-2016 16:22:09 Installed Windows Internet Explorer 8. 06-09-2016 18:36:30 Installed WIDCOMM Bluetooth Software 06-09-2016 19:02:53 Removed WIDCOMM Bluetooth Software 06-09-2016 19:36:40 Премахнат Skype™ 7.26 06-09-2016 19:37:17 Installed Skype™ 6.14 06-09-2016 20:27:32 Installed Bluetooth Stack for Windows by Toshiba. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/06/2016 10:33:24 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: ) Description: EventType clr20r3, P1 006C0073043000730073, P2 5.1.1600.5512, P3 566ff9da, P4 microsoft.visualbasic, P5 8.0.0.0, P6 4889f422, P7 349, P8 4f, P9 system.invalidcastexception, P10 NIL. Error: (09/06/2016 10:17:47 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: ) Description: EventType clr20r3, P1 006C0073043000730073, P2 5.1.1600.5512, P3 566ff9da, P4 microsoft.visualbasic, P5 8.0.0.0, P6 4889f422, P7 349, P8 4f, P9 system.invalidcastexception, P10 NIL. Error: (09/06/2016 08:53:35 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: ) Description: EventType clr20r3, P1 006C0073043000730073, P2 5.1.1600.5512, P3 566ff9da, P4 microsoft.visualbasic, P5 8.0.0.0, P6 4889f422, P7 349, P8 4f, P9 system.invalidcastexception, P10 NIL. Error: (09/06/2016 08:47:30 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: ) Description: EventType clr20r3, P1 006C0073043000730073, P2 5.1.1600.5512, P3 566ff9da, P4 microsoft.visualbasic, P5 8.0.0.0, P6 4889f422, P7 349, P8 4f, P9 system.invalidcastexception, P10 NIL. Error: (09/06/2016 08:23:07 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: ) Description: EventType clr20r3, P1 006C0073043000730073, P2 5.1.1600.5512, P3 566ff9da, P4 microsoft.visualbasic, P5 8.0.0.0, P6 4889f422, P7 349, P8 4f, P9 system.invalidcastexception, P10 NIL. Error: (09/06/2016 08:14:16 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: ) Description: EventType clr20r3, P1 006C0073043000730073, P2 5.1.1600.5512, P3 566ff9da, P4 microsoft.visualbasic, P5 8.0.0.0, P6 4889f422, P7 349, P8 4f, P9 system.invalidcastexception, P10 NIL. Error: (09/06/2016 07:35:56 PM) (Source: MsiInstaller) (EventID: 1013) (User: VALIO-PC) Description: Product: Skype™ 6.14 -- A later version of Skype™ 6.14 is already installed. System errors: ============= Error: (09/06/2016 08:20:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Windows Installer service terminated unexpectedly. It has done this 1 time(s). Error: (09/06/2016 08:20:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (09/06/2016 08:20:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/06/2016 08:20:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). Error: (09/06/2016 08:20:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The SAMSUNG Mobile Connectivity Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/06/2016 08:20:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Panda Devices Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. Error: (09/06/2016 08:20:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s). Error: (09/06/2016 07:47:33 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Generate Activation Context failed for C:\Program Files\DVDVideoSoft\Free Video Editor\FreeVideoEditor.exe. Reference error message: The operation completed successfully. . Error: (09/06/2016 07:47:33 PM) (Source: SideBySide) (EventID: 58) (User: ) Description: Syntax error in manifest or policy file "C:\Program Files\DVDVideoSoft\Free Video Editor\FreeVideoEditor.exe" on line 0. Error: (09/06/2016 06:55:37 PM) (Source: System Error) (EventID: 1003) (User: ) Description: Error code 000000ea, parameter1 88f00a58, parameter2 89b947a0, parameter3 8a4883f0, parameter4 00000001. ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz Percentage of memory in use: 16% Total physical RAM: 3071.11 MB Available physical RAM: 2549.96 MB Total Virtual: 4956.19 MB Available Virtual: 4432.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149.05 GB) (Free:46.37 GB) NTFS ==>[drive with boot components (Windows XP)] Drive d: (ADATA UFD) (Removable) (Total:28.89 GB) (Free:4.55 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: A21C08DC) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 28.9 GB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=28.9 GB) - (Type=0C) ==================== End of Addition.txt ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-08-2016 Ran by Valio (administrator) on VALIO-PC (06-09-2016 22:34:59) Running from C:\Documents and Settings\Valio\Desktop Loaded Profiles: Valio (Available Profiles: Valio) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (VIA Technologies, Inc.) C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe (BinarySense, Ltd.) C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [33673216 2009-08-28] (VIA Technologies, Inc.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-10] (Advanced Micro Devices, Inc.) HKLM\...\Run: [ATICustomerCare] => C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-05-04] (Advanced Micro Devices, Inc.) HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [109824 2016-08-05] (Panda Security, S.L.) HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION) HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.js <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\*.jse <====== ATTENTION HKLM Group Policy restriction on software: ** <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\RECYCLER <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.js <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.js <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\viber\updater.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\viber\viber.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\viber\qtwebengineprocess.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\viber\linkparser.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\viber\qtwebengineprocess.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\viber\updater.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\viber\viber.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\viber\updater.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\viber\updater.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\viber\qtwebengineprocess.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\viber\updater.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\viber\linkparser.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\viber\viber.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\viber\linkparser.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\viber\qtwebengineprocess.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\viber\linkparser.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\viber\viber.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\viber\linkparser.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\viber\qtwebengineprocess.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\viber\viber.exe <====== ATTENTION Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2010-09-11] (ATI Technologies Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2016-09-06] ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe (TOSHIBA CORPORATION.) Startup: C:\Documents and Settings\Valio\Start Menu\Programs\Startup\HDDlife.lnk [2016-09-06] ShortcutTarget: HDDlife.lnk -> C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe (BinarySense, Ltd.) Startup: C:\Documents and Settings\Valio\Start Menu\Programs\Startup\LocalSystem.lnk [2016-09-06] ShortcutTarget: LocalSystem.lnk -> C:\WINDOWS\system32\lsаss.exe (Microsoft Corporation) GroupPolicyScripts: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.137.1 Tcpip\..\Interfaces\{06CABE20-480A-4AA0-9CC1-AA36453BEC30}: [DhcpNameServer] 192.168.137.1 Tcpip\..\Interfaces\{799F7017-7406-4F39-919E-BB864845E776}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{A252AF90-EA63-4EC7-B1E1-457811249394}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{C5DBAAF7-1739-484D-AE2D-C517657F1640}: [DhcpNameServer] 192.168.137.1 Tcpip\..\Interfaces\{CA100D9E-F1C7-4A77-A69D-963437D8BDCA}: [DhcpNameServer] 192.168.137.1 Tcpip\..\Interfaces\{F19BF960-CE76-4F20-BD48-BE12EAA8AC0E}: [DhcpNameServer] 192.168.137.1 Tcpip\..\Interfaces\{FAE64C97-ECD7-4296-8BD4-603BEEC607B1}: [DhcpNameServer] 192.168.137.1 Internet Explorer: ================== HKU\S-1-5-21-2052111302-630328440-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.bg/ HKU\S-1-5-21-2052111302-630328440-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch FireFox: ======== FF ProfilePath: C:\Documents and Settings\Valio\Application Data\Mozilla\Firefox\Profiles\tbt07bz3.default FF DefaultSearchEngine: Google Custom Search FF Homepage: hxxps://google.bg FF Keyword.URL: hxxp://search.musicfrost.com/results.php?q= FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-09-06] () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2016-09-06] (Foxit Software Company) FF SearchPlugin: C:\Documents and Settings\Valio\Application Data\Mozilla\Firefox\Profiles\tbt07bz3.default\searchplugins\daemon-search.xml [2010-09-13] FF SearchPlugin: C:\Documents and Settings\Valio\Application Data\Mozilla\Firefox\Profiles\tbt07bz3.default\searchplugins\MFGSearch.xml [2011-01-29] FF Extension: (Forecastfox) - C:\Documents and Settings\Valio\Application Data\Mozilla\Firefox\Profiles\tbt07bz3.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2016-09-06] FF Extension: (oldbar) - C:\Documents and Settings\Valio\Application Data\Mozilla\Firefox\Profiles\tbt07bz3.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}.xpi [2016-09-06] FF Extension: (Forecastfox (fix version)) - C:\Documents and Settings\Valio\Application Data\Mozilla\Firefox\Profiles\tbt07bz3.default\extensions\[email protected]_fix_version.xpi [2016-09-06] FF Extension: (Bulgarian Dictionary) - C:\Documents and Settings\Valio\Application Data\Mozilla\Firefox\Profiles\tbt07bz3.default\Extensions\[email protected] [2016-03-06] [not signed] FF Extension: (YouTube™ Flash® Player) - C:\Documents and Settings\Valio\Application Data\Mozilla\Firefox\Profiles\tbt07bz3.default\Extensions\[email protected] [2016-09-06] FF Extension: (Firefox Hello Beta) - C:\Documents and Settings\Valio\Application Data\Mozilla\Firefox\Profiles\tbt07bz3.default\Extensions\[email protected] [2016-09-06] FF Extension: (Модул за сканиране на уеб адреси) - C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak [2011-02-13] [not signed] FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] => not found FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] => not found ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [153096 2016-08-05] (Panda Security, S.L.) R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.) R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-08-05] (Panda Security, S.L.) R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1763584 2013-06-29] (Atheros Communications, Inc.) S3 asusgsb; C:\WINDOWS\System32\drivers\asusgsb.sys [12416 2009-02-17] (ASUSTeK Computer Inc.) [File not signed] R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [101904 2010-07-21] (ATI Technologies, Inc.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R2 EIO_XP; C:\WINDOWS\system32\drivers\EIO_XP.sys [14336 2009-07-30] (ASUSTeK Computer Inc.) [File not signed] S3 es1371; C:\WINDOWS\System32\drivers\es1371mp.sys [40704 2001-08-17] (Creative Technology Ltd.) R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2016-09-06] (REALiX(tm)) R3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [39424 2009-08-05] (Atheros Communications, Inc.) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [87032 2015-12-04] (Panda Security, S.L.) R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [202104 2015-12-04] (Panda Security, S.L.) R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [109688 2015-12-04] (Panda Security, S.L.) R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [121720 2015-12-04] (Panda Security, S.L.) R3 NNSNAHS; C:\WINDOWS\System32\DRIVERS\NNSNAHS.sys [46480 2015-04-27] (Panda Security, S.L.) R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [102392 2015-12-04] (Panda Security, S.L.) R1 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52088 2015-12-04] (Panda Security, S.L.) R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [120568 2015-12-04] (Panda Security, S.L.) R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [281720 2015-12-04] (Panda Security, S.L.) R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [216208 2016-02-17] (Panda Security, S.L.) R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [108408 2015-12-04] (Panda Security, S.L.) R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [247568 2016-02-17] (Panda Security, S.L.) R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [94968 2015-12-04] (Panda Security, S.L.) R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [148496 2016-08-05] (Panda Security, S.L.) R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [109456 2016-08-05] (Panda Security, S.L.) R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [180112 2016-08-05] (Panda Security, S.L.) R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [121872 2016-08-05] (Panda Security, S.L.) R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [133520 2016-08-05] (Panda Security, S.L.) R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [107920 2016-08-05] (Panda Security, S.L.) U3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [58288 2016-08-08] (Panda Security, S.L.) R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [17160 2015-03-05] () S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [13064 2015-03-05] () R3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [451968 2007-10-01] (Ralink Technology, Corp.) R0 snapman; C:\WINDOWS\System32\DRIVERS\snapman.sys [65856 2016-09-06] (Acronis) [File not signed] R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [691696 2016-03-06] () [File not signed] R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361344 2010-11-07] (Microsoft Corporation) [File not signed] S3 VBoxNetAdp; C:\WINDOWS\System32\DRIVERS\VBoxNetAdp.sys [95376 2009-10-29] (Sun Microsystems, Inc.) S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [32016 2009-10-29] (Sun Microsystems, Inc.) R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [1390976 2009-08-17] (VIA Technologies, Inc.) S4 IntelIde; no ImagePath S3 SNP325; system32\DRIVERS\snp325.sys [X] S3 StarOpen; no ImagePath S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S3 Video3D; System32\Drivers\Video3D32.sys [X] U1 WS2IFSL; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-07 00:07 - 2016-09-07 01:14 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2016-09-06 22:34 - 2016-09-06 22:35 - 00042908 _____ C:\Documents and Settings\Valio\Desktop\FRST.txt 2016-09-06 22:34 - 2016-09-06 22:34 - 00000000 ____D C:\FRST 2016-09-06 22:34 - 2016-09-06 22:29 - 01747968 _____ (Farbar) C:\Documents and Settings\Valio\Desktop\FRST.exe 2016-09-06 22:33 - 2016-08-08 12:00 - 00058288 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys 2016-09-06 22:17 - 2016-09-06 22:33 - 00000000 ____D C:\RarVault 2016-09-06 21:02 - 2016-09-06 21:02 - 02307616 _____ (Kaspersky Lab) C:\Documents and Settings\Valio\Desktop\kts17.0.0.611en_10781.exe 2016-09-06 20:58 - 2016-09-06 20:58 - 00000400 __RSH C:\Documents and Settings\All Users\ntuser.pol 2016-09-06 20:58 - 2016-09-06 20:58 - 00000067 _____ C:\Documents and Settings\Valio\Desktop\rufus.ini 2016-09-06 20:54 - 2016-09-06 20:58 - 291952640 _____ C:\Documents and Settings\Valio\Desktop\kav_rescue_10.iso 2016-09-06 20:49 - 2016-09-06 20:49 - 02619784 _____ (Foolish IT LLC ) C:\Documents and Settings\Valio\Desktop\CryptoPreventSetup.exe 2016-09-06 20:49 - 2016-09-06 20:49 - 00000865 _____ C:\Documents and Settings\All Users\Desktop\CryptoPrevent.lnk 2016-09-06 20:49 - 2016-09-06 20:49 - 00000000 ____D C:\Program Files\Foolish IT 2016-09-06 20:49 - 2016-09-06 20:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Foolish IT 2016-09-06 20:47 - 2016-09-06 20:47 - 00458652 _____ C:\RarVault.rar 2016-09-06 20:46 - 2016-09-06 20:46 - 00000000 ____D C:\Documents and Settings\Valio\Local Settings\Application Data\Toshiba 2016-09-06 20:46 - 2016-09-06 20:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TOSHIBA 2016-09-06 20:38 - 2016-09-06 20:38 - 00002419 _____ C:\Documents and Settings\Valio\Local Settings\Temp2.html 2016-09-06 20:29 - 2016-09-06 20:29 - 00000882 _____ C:\Documents and Settings\All Users\Desktop\Revo Uninstaller.lnk 2016-09-06 20:29 - 2016-09-06 20:29 - 00000000 ____D C:\Program Files\VS Revo Group 2016-09-06 20:29 - 2016-09-06 20:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller 2016-09-06 20:27 - 2016-09-06 20:27 - 00000000 ____D C:\Program Files\Toshiba 2016-09-06 20:27 - 2016-09-06 20:27 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TOSHIBA 2016-09-06 20:27 - 2009-07-28 20:01 - 00069480 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\Drivers\tosrfcom.sys 2016-09-06 20:27 - 2009-06-17 11:59 - 00046984 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\Drivers\tosporte.sys 2016-09-06 20:17 - 2016-09-06 20:20 - 00000000 ____D C:\AdwCleaner 2016-09-06 20:15 - 2016-09-06 20:15 - 00000000 ____D C:\Program Files\Common Files\Skype 2016-09-06 20:15 - 2016-09-06 20:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype 2016-09-06 19:48 - 2016-09-06 19:48 - 00000917 _____ C:\Documents and Settings\All Users\Desktop\Free Video Editor.lnk 2016-09-06 19:47 - 2016-09-06 19:47 - 00000000 ____D C:\Program Files\DVDVideoSoft 2016-09-06 19:47 - 2016-09-06 19:47 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft 2016-09-06 19:47 - 2016-09-06 19:47 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft 2016-09-06 19:37 - 2016-09-06 20:29 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk 2016-09-06 19:37 - 2016-09-06 20:15 - 00000000 ___RD C:\Program Files\Skype 2016-09-06 19:37 - 2016-09-06 19:37 - 00000000 ____D C:\Documents and Settings\Valio\Local Settings\Application Data\Skype 2016-09-06 19:28 - 2016-09-06 19:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData 2016-09-06 19:28 - 2016-09-06 19:28 - 00000000 ____D C:\WINDOWS\IObit 2016-09-06 19:27 - 2016-09-06 19:27 - 00023840 _____ (REALiX(tm)) C:\WINDOWS\system32\Drivers\HWiNFO32.SYS 2016-09-06 19:27 - 2016-09-06 19:27 - 00000000 ____D C:\Documents and Settings\Valio\Application Data\IObit 2016-09-06 19:27 - 2016-09-06 19:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IObit 2016-09-06 19:23 - 2016-09-06 19:24 - 15206472 _____ (IObit ) C:\Documents and Settings\Valio\Desktop\driver_booster_setup.exe 2016-09-06 19:08 - 2016-09-06 19:08 - 00007385 _____ C:\Documents and Settings\Valio\Local Settings\Temp6.html 2016-09-06 19:08 - 2016-09-06 19:08 - 00000000 __SHD C:\Documents and Settings\Valio\PrivacIE 2016-09-06 18:54 - 2016-09-06 18:52 - 00068000 ____H C:\WINDOWS\Minidump\Mini090616-01.dmp 2016-09-06 18:53 - 2016-09-06 18:53 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat 2016-09-06 18:51 - 2016-09-06 18:51 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\TOSHIBA Bluetooth Stack 7.00.16 (x86) 2016-09-06 18:51 - 2016-09-06 18:51 - 00000000 ____D C:\Documents and Settings\Val\Desktop\Femanic 2016-09-06 18:35 - 2016-09-06 18:35 - 00000000 ____D C:\Program Files\WhoCrashed 2016-09-06 18:35 - 2016-09-06 18:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WhoCrashed 2016-09-06 18:31 - 2001-08-17 12:12 - 00117760 ____C (Intel Corporation) C:\WINDOWS\system32\dllcache\e100b325.sys 2016-09-06 18:31 - 2001-08-17 12:12 - 00117760 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\e100b325.sys 2016-09-06 16:47 - 2016-09-06 16:47 - 00000000 __SHD C:\Documents and Settings\Valio\IETldCache 2016-09-06 16:47 - 2016-09-06 16:47 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache 2016-09-06 16:22 - 2016-09-06 16:45 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt 2016-09-06 16:22 - 2009-01-07 18:21 - 00026144 _____ (Microsoft Corporation) C:\WINDOWS\system32\spupdsvc.exe 2016-09-06 16:22 - 2009-01-07 18:20 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll 2016-09-06 16:21 - 2016-09-06 16:22 - 00000000 __HDC C:\WINDOWS\ie8 2016-09-06 14:51 - 2016-09-06 14:51 - 00000000 ____D C:\Program Files\BinarySense 2016-09-06 14:51 - 2016-09-06 14:51 - 00000000 ____D C:\Documents and Settings\Valio\Application Data\BinarySense 2016-09-06 14:51 - 2016-09-06 14:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HDDlife 2016-09-06 14:43 - 2016-09-06 14:43 - 00000000 ____D C:\Documents and Settings\Val\Local Settings\Application Data\Opera 2016-09-06 14:43 - 2016-09-06 14:43 - 00000000 ____D C:\Documents and Settings\Val 2016-09-06 14:42 - 2016-09-06 14:42 - 00001498 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk 2016-09-06 14:42 - 2016-09-06 14:42 - 00000000 ____D C:\Program Files\Opera 2016-09-06 14:41 - 2016-09-06 14:43 - 00000000 ____D C:\Documents and Settings\Valio\Application Data\Opera 2016-09-06 14:41 - 2016-09-06 14:41 - 00000000 ____D C:\Documents and Settings\Valio\Local Settings\Application Data\Opera 2016-09-06 13:53 - 2016-09-06 13:53 - 00000000 ____D C:\Program Files\Foxit Software 2016-09-06 13:53 - 2016-09-06 13:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader 2016-09-06 13:47 - 2016-09-06 16:49 - 00000000 ____D C:\Documents and Settings\Valio\Application Data\ViberPC 2016-09-06 13:46 - 2016-09-06 13:46 - 00000875 _____ C:\Documents and Settings\Valio\Start Menu\Viber.lnk 2016-09-06 13:46 - 2016-09-06 13:46 - 00000000 ____D C:\Documents and Settings\Valio\Start Menu\Programs\Viber 2016-09-06 13:45 - 2016-09-06 13:46 - 00000000 ____D C:\Documents and Settings\Valio\Local Settings\Application Data\Viber 2016-09-06 13:45 - 2016-09-06 13:45 - 00000000 ____D C:\Documents and Settings\Valio\Local Settings\Application Data\Package Cache 2016-09-06 13:32 - 2016-09-06 13:33 - 00000000 ____D C:\Program Files\RevConnect 2016-09-06 13:25 - 2016-09-06 18:51 - 00000000 ____D C:\Documents and Settings\Valio\Application Data\uTorrent 2016-09-06 13:19 - 2016-09-06 20:38 - 00001667 _____ C:\Documents and Settings\Valio\Local Settings\Temp1.html 2016-09-06 13:18 - 2016-09-06 13:18 - 00000000 ____D C:\Program Files\PIXresizer 2016-09-06 13:18 - 2016-09-06 13:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PIXresizer 2016-09-06 13:18 - 2007-04-15 01:05 - 00991232 _____ (Viscom Software ) C:\WINDOWS\system32\imageviewer2.ocx 2016-09-06 13:18 - 2004-03-09 00:00 - 00224016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tabctl32.ocx 2016-09-06 13:18 - 2002-08-29 20:00 - 01703936 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdiplus.dll 2016-09-06 13:18 - 2000-07-09 19:15 - 00106496 _____ (Marco Bellinaso) C:\WINDOWS\system32\mbprgbar.ocx 2016-09-06 13:18 - 2000-05-22 01:00 - 00608448 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.ocx 2016-09-06 13:18 - 2000-05-02 00:02 - 00110592 _____ (Common Controls Replacement Project (CCRP)) C:\WINDOWS\system32\ccrpbds6.dll 2016-09-06 13:18 - 1999-09-16 10:04 - 00151552 _____ (Domenico Statuto - CCRP) C:\WINDOWS\system32\ccrpfd6.ocx 2016-09-06 13:18 - 1998-06-24 01:00 - 00164144 _____ (Microsoft Corporation) C:\WINDOWS\system32\comct232.ocx 2016-09-06 13:18 - 1996-01-12 01:00 - 00200704 _____ (Sheridan Software Systems, Inc.) C:\WINDOWS\system32\threed32.ocx 2016-09-06 13:15 - 2016-09-06 22:18 - 00196608 _____ C:\WINDOWS\system32\config\Nano.evt 2016-09-06 13:15 - 2016-09-06 13:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Panda Free Antivirus 2016-09-06 11:46 - 2016-09-06 12:30 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\wetandpissy 2016-09-06 11:46 - 2016-09-06 11:49 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\old 2016-09-06 11:46 - 2016-09-06 11:46 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\Нова папка 2016-09-06 11:42 - 2016-09-06 20:58 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\WinSetupFromUSB-1-7 2016-09-06 11:40 - 2016-09-06 11:41 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\turk 2016-09-06 11:40 - 2016-09-06 11:40 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\TeamViewerPortable 2016-09-06 11:39 - 2016-09-06 11:40 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\simbian 2016-09-06 11:29 - 2016-09-06 18:46 - 00000000 ____D C:\Program Files\Hard Disk Sentinel 2016-09-06 11:29 - 2016-09-06 11:29 - 00000690 _____ C:\Documents and Settings\Valio\Desktop\Hard Disk Sentinel.lnk 2016-09-06 11:29 - 2016-09-06 11:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Hard Disk Sentinel 2016-09-06 11:25 - 2016-09-06 11:28 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\Sophia E 2016-09-06 11:22 - 2016-09-06 11:22 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\sharewareonsale_giveaway_hdsentinel_setup 2016-09-06 11:20 - 2016-09-06 11:20 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\NOVI 2016-09-06 11:20 - 2016-09-06 11:20 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\muziki 2016-09-06 11:15 - 2016-09-06 11:17 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\MPLMay 2016-09-06 11:12 - 2016-09-06 11:14 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\MPLFevral 2016-09-06 11:09 - 2016-09-06 11:12 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\MPLAvgust 2016-09-06 11:07 - 2016-09-06 11:07 - 00000000 ____D C:\Program Files\BitComet 2016-09-06 11:07 - 2016-02-06 23:29 - 00069824 _____ C:\Documents and Settings\Valio\My Documents\Антивирусни програми Софтуер.htm 2016-09-06 11:07 - 2016-01-13 19:29 - 00220776 _____ C:\Documents and Settings\Valio\My Documents\arhiv abonati v skaip valio_andonov.vcf 2016-09-06 11:07 - 2016-01-04 19:00 - 00001022 _____ C:\Documents and Settings\Valio\My Documents\indexfile.txt 2016-09-06 11:07 - 2015-12-16 20:51 - 00144594 _____ C:\Documents and Settings\Valio\My Documents\otmetki ot opera .adr 2016-09-06 11:07 - 2011-01-01 15:29 - 03022787 _____ C:\Documents and Settings\Valio\My Documents\ASYA12LGC%20-%20AOYR12LGC%20-%20Technical.pdf 2016-09-06 11:07 - 2010-09-06 16:31 - 01034741 _____ C:\Documents and Settings\Valio\My Documents\whirlpool.pdf 2016-09-06 11:07 - 2010-05-15 19:52 - 00069167 _____ C:\Documents and Settings\Valio\My Documents\bookmarks.html 2016-09-06 11:07 - 2010-03-06 16:52 - 44193796 _____ C:\Documents and Settings\Valio\My Documents\Todor Jivkov.mpeg 2016-09-06 11:07 - 2009-12-27 20:13 - 00444098 _____ C:\Documents and Settings\Valio\My Documents\staq.sh3d 2016-09-06 11:07 - 2009-03-29 20:25 - 01036150 _____ C:\Documents and Settings\Valio\My Documents\AquariumV11.rar 2016-09-06 11:05 - 2016-09-06 11:05 - 00000000 ____D C:\Documents and Settings\Valio\My Documents\Изтегляния 2016-09-06 11:05 - 2016-09-06 11:05 - 00000000 ____D C:\Documents and Settings\Valio\My Documents\ViberDownloads 2016-09-06 11:04 - 2016-09-06 11:04 - 00000000 ___RD C:\Documents and Settings\Valio\My Documents\Shareaza Downloads 2016-09-06 11:04 - 2016-09-06 11:04 - 00000000 ____D C:\Documents and Settings\Valio\My Documents\sdc222 2016-09-06 11:04 - 2016-09-06 11:04 - 00000000 ____D C:\Documents and Settings\Valio\My Documents\MusicFrost 2016-09-06 11:04 - 2016-09-06 11:04 - 00000000 ____D C:\Documents and Settings\Valio\My Documents\ICQ Lite 2016-09-06 11:04 - 2016-09-06 11:04 - 00000000 ____D C:\Documents and Settings\Valio\My Documents\gegl-0.0 2016-09-06 11:04 - 2016-09-06 11:04 - 00000000 ____D C:\Documents and Settings\Valio\My Documents\FFOutput 2016-09-06 11:03 - 2016-09-06 13:26 - 00000000 ___RD C:\Documents and Settings\Valio\Desktop\Program Files 2016-09-06 11:03 - 2016-09-06 11:04 - 00000000 ___RD C:\Documents and Settings\Valio\My Documents\Dropbox 2016-09-06 11:03 - 2016-09-06 11:03 - 00000000 ____D C:\Documents and Settings\Valio\My Documents\Bluetooth Exchange Folder 2016-09-06 11:03 - 2016-09-06 11:03 - 00000000 ____D C:\Documents and Settings\Valio\My Documents\AquariumV11 2016-09-06 11:03 - 2016-09-06 11:03 - 00000000 ____D C:\Documents and Settings\Valio\My Documents\alia 2016-09-06 11:01 - 2016-09-06 11:01 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\MPL - 2011-07 Video 2016-09-06 10:55 - 2016-09-06 11:00 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\MET-ART 11 - 20 June 2015 2016-09-06 10:55 - 2016-09-06 10:55 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\lv6tboxhda2 notonly на vali преминават на стендбай - Страница 16 - Digital TV Forums - БЪЛГАРСКИЯТ ФОРУМ ЗА ЦИФРОВА ТЕЛЕВИЗИЯ_files 2016-09-06 10:53 - 2016-09-06 10:55 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\Lena pics 2016-09-06 10:53 - 2016-09-06 10:53 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\king 2016-09-06 10:53 - 2016-09-06 10:53 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\ireland 2016-09-06 10:52 - 2016-09-06 10:52 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\delux mouse 2016-09-06 10:52 - 2016-09-06 10:52 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\DCIM 2016-09-06 10:52 - 2016-09-06 10:52 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\Barbara_Pease_-_Zashto_myzhete_ne_ch1.txt 2016-09-06 10:50 - 2016-09-06 10:51 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\antivirus 2016-09-06 10:50 - 2016-09-06 10:50 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\2015 2016-09-06 10:50 - 2016-09-06 10:50 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\2014 2016-09-06 10:50 - 2016-09-06 10:50 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\2013 2016-09-06 10:50 - 2016-09-06 10:50 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\2012 2016-09-06 10:50 - 2016-09-06 10:50 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\2011 2016-09-06 10:47 - 2015-08-11 12:22 - 02895360 _____ C:\WINDOWS\system32\pwNative.exe 2016-09-06 10:47 - 2015-03-05 10:15 - 00017160 ____N C:\WINDOWS\system32\pwdrvio.sys 2016-09-06 10:47 - 2015-03-05 10:15 - 00013064 ____N C:\WINDOWS\system32\pwdspio.sys 2016-09-06 10:46 - 2016-09-06 10:47 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Free 9.1 2016-09-06 10:46 - 2016-09-06 10:46 - 00000854 _____ C:\Documents and Settings\All Users\Desktop\MiniTool Partition Wizard Free.lnk 2016-09-06 10:46 - 2016-09-06 10:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\MiniTool Partition Wizard Free 9.1 2016-09-06 09:55 - 2016-09-06 09:55 - 00373248 _____ (Acronis) C:\WINDOWS\system32\autoprnt.exe 2016-09-06 09:55 - 2016-09-06 09:55 - 00102400 _____ (Acronis) C:\WINDOWS\system32\snapapi.dll 2016-09-06 09:55 - 2016-09-06 09:55 - 00065856 _____ (Acronis) C:\WINDOWS\system32\Drivers\snapman.sys 2016-09-06 09:55 - 2016-09-06 09:55 - 00037888 _____ C:\WINDOWS\system32\setupnt.dll 2016-09-06 09:55 - 2016-09-06 09:55 - 00000936 _____ C:\Documents and Settings\Valio\Desktop\Acronis MigrateEasy.lnk 2016-09-06 09:55 - 2016-09-06 09:55 - 00000000 ____D C:\Program Files\Common Files\Acronis 2016-09-06 09:55 - 2016-09-06 09:55 - 00000000 ____D C:\Program Files\Acronis 2016-09-06 09:55 - 2016-09-06 09:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Acronis 2016-09-05 23:52 - 2016-09-05 23:53 - 41700480 _____ (Skype Technologies S.A.) C:\Documents and Settings\Valio\Desktop\SkypeSetupFullXp.exe 2016-09-05 20:50 - 2016-09-06 13:46 - 00000875 _____ C:\Documents and Settings\Valio\Desktop\Viber.lnk 2016-09-05 19:51 - 2016-09-05 19:51 - 00937080 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Documents and Settings\Valio\Desktop\rufus-2.10p.exe 2016-09-04 22:28 - 2012-03-17 19:07 - 259157272 _____ C:\Documents and Settings\Valio\Desktop\3123v_hi.avi 2016-09-04 20:19 - 2016-02-10 20:51 - 19057568 _____ (Microsoft) C:\Documents and Settings\Valio\Desktop\NokiaSoftwareRecoveryToolInstaller.exe 2016-09-02 22:39 - 2016-09-02 22:39 - 01038335 _____ C:\Documents and Settings\Valio\Desktop\[Guru3D.com]-DDU.zip 2016-09-02 21:42 - 2016-09-06 13:17 - 00000656 _____ C:\Documents and Settings\Valio\Desktop\Пряк път до Ultra Video Joiner.exe.lnk 2016-09-02 21:41 - 2016-09-02 21:41 - 00000706 _____ C:\Documents and Settings\Valio\Desktop\Пряк път до DCPlusPlus.exe.lnk 2016-09-02 21:36 - 2016-09-06 13:18 - 00000706 _____ C:\Documents and Settings\Valio\Desktop\PIXresizer.lnk 2016-09-02 21:30 - 2016-09-06 13:33 - 00000682 _____ C:\Documents and Settings\Valio\Desktop\Пряк път до BitComet.exe.lnk 2016-09-02 21:25 - 2016-09-02 21:25 - 03826240 _____ C:\Documents and Settings\Valio\Desktop\adwcleaner_6.010.exe 2016-09-02 21:01 - 2016-09-02 21:02 - 36580047 _____ (KLCP ) C:\Documents and Settings\Valio\Desktop\K-Lite_Codec_Pack_1235_Full.exe 2016-09-01 18:13 - 2016-08-27 21:44 - 06543984 _____ (IObit ) C:\Documents and Settings\Valio\Desktop\AWCSetup_Major.exe 2016-09-01 18:13 - 2016-03-05 18:57 - 31095938 _____ C:\Documents and Settings\Valio\Desktop\bg-science86.pdf 2016-09-01 18:13 - 2016-01-14 21:26 - 30984401 _____ C:\Documents and Settings\Valio\Desktop\bg-science84.pdf 2016-09-01 18:13 - 2015-12-18 21:59 - 19819451 ____R C:\Documents and Settings\Valio\Desktop\2015-12-18 Valio 2690.nbu 2016-09-01 18:13 - 2015-01-23 10:38 - 156129250 _____ C:\Documents and Settings\Valio\Desktop\95a14b0fd6153328c12fe1072b3f3be0.flv 2016-09-01 18:13 - 2010-04-17 14:28 - 56804132 _____ C:\Documents and Settings\Valio\Desktop\2DB06C3-48942980.avi 2016-09-01 18:13 - 2010-03-03 19:08 - 00921011 _____ C:\Documents and Settings\Valio\Desktop\ConnectifyInstaller.exe 2016-09-01 18:12 - 2016-09-06 13:17 - 00000620 _____ C:\Documents and Settings\Valio\Desktop\Sweet Home 3D.lnk 2016-09-01 18:12 - 2016-09-04 19:47 - 00000734 _____ C:\Documents and Settings\Valio\Desktop\Start Tor Browser.lnk 2016-09-01 18:12 - 2016-09-04 18:27 - 00000697 _____ C:\Documents and Settings\Valio\Desktop\StrongDC.lnk 2016-09-01 18:12 - 2016-08-26 21:21 - 02342176 _____ (Panda Security, S.L.) C:\Documents and Settings\Valio\Desktop\PANDAFREEAV.exe 2016-09-01 18:12 - 2016-03-25 22:22 - 00088238 _____ C:\Documents and Settings\Valio\Desktop\lv6tboxhda2 notonly на vali преминават на стендбай - Страница 16 - Digital TV Forums - БЪЛГАРСКИЯТ ФОРУМ ЗА ЦИФРОВА ТЕЛЕВИЗИЯ.htm 2016-09-01 18:12 - 2016-03-25 21:35 - 02603732 _____ C:\Documents and Settings\Valio\Desktop\J1300660_MC6379_LV6TBOXHDA2_V1.0.9_20131120-.rar 2016-09-01 18:12 - 2016-03-07 18:49 - 09553766 _____ C:\Documents and Settings\Valio\Desktop\rsload.net.HL.P.4.1.203.zip 2016-09-01 18:12 - 2016-03-04 22:55 - 01094289 _____ C:\Documents and Settings\Valio\Desktop\Psiloc_ir_remote_update_database_1.04-worked.rar 2016-09-01 18:12 - 2016-02-26 22:22 - 00000062 _____ C:\Documents and Settings\Valio\Desktop\listen.pls 2016-09-01 18:12 - 2016-01-09 15:19 - 02500096 _____ (rejetto) C:\Documents and Settings\Valio\Desktop\hfs.exe 2016-09-01 18:12 - 2015-11-05 19:46 - 00101811 _____ C:\Documents and Settings\Valio\Desktop\results-2015-11-04.pdf 2016-09-01 18:12 - 2015-09-25 22:33 - 13935966 _____ (Favorite-Games 2001-2013 © ) C:\Documents and Settings\Valio\Desktop\favorite-games_bg.exe 2016-09-01 18:12 - 2015-09-21 15:58 - 06930432 _____ C:\Documents and Settings\Valio\Desktop\SkypeWebPlugin.msi 2016-09-01 18:12 - 2015-09-04 23:46 - 24178176 _____ (SAMSUNG Electronics Co., Ltd.) C:\Documents and Settings\Valio\Desktop\samsung_android_usb_driver.exe 2016-09-01 18:12 - 2015-06-26 21:25 - 07332272 _____ C:\Documents and Settings\Valio\Desktop\MyPhoneExplorer_Setup_v1.8.6.exe 2016-09-01 18:12 - 2014-08-20 22:07 - 19531504 _____ (SAMSUNG Electronics Co., Ltd.) C:\Documents and Settings\Valio\Desktop\SAMSUNG_USB_Driver_for_Mobile_Phones.exe 2016-09-01 18:12 - 2014-08-20 08:51 - 21633320 _____ (Skype Technologies S.A.) C:\Documents and Settings\Valio\Desktop\Sky38i.exe 2016-09-01 18:12 - 2014-04-30 09:31 - 01954304 _____ (Topala Software Solutions) C:\Documents and Settings\Valio\Desktop\siw.exe 2016-09-01 18:12 - 2012-03-19 15:46 - 67735119 ____H (PortableAppZ.blogspot.com) C:\Documents and Settings\Valio\Desktop\Photoshop_Portable_12.0_en-fr-de-es-it-ru-zh-tw.paf.exe 2016-09-01 18:12 - 2010-08-15 14:16 - 02769333 _____ C:\Documents and Settings\Valio\Desktop\thebible.pdf 2016-09-01 18:12 - 2010-06-06 18:03 - 00320849 _____ C:\Documents and Settings\Valio\Desktop\standart_psihiatriq.pdf 2016-09-01 18:12 - 2010-03-05 12:07 - 00904704 _____ (KaKasoft) C:\Documents and Settings\Valio\Desktop\lockdir.exe 2016-09-01 18:12 - 2007-07-22 16:39 - 00032768 _____ (KenamicK Entertainment) C:\Documents and Settings\Valio\Desktop\opencd.exe 2016-09-01 18:12 - 2005-09-11 22:57 - 00331776 _____ () C:\Documents and Settings\Valio\Desktop\ShutdownTimer.exe 2016-09-01 18:11 - 2016-09-04 19:10 - 00000936 _____ C:\Documents and Settings\Valio\Desktop\Пряк път до GIMPPortable.exe.lnk 2016-09-01 18:11 - 2016-09-04 18:28 - 00000914 _____ C:\Documents and Settings\Valio\Desktop\Пряк път до FSViewer.exe.lnk 2016-09-01 18:11 - 2016-09-04 18:28 - 00000675 _____ C:\Documents and Settings\Valio\Desktop\Пряк път до Diction.exe.lnk 2016-09-01 18:11 - 2016-09-04 18:27 - 00000664 _____ C:\Documents and Settings\Valio\Desktop\Пряк път до WNetWatcher.exe.lnk 2016-09-01 18:11 - 2016-03-04 12:03 - 32047935 _____ C:\Documents and Settings\Valio\Desktop\Мега окончание.mp4 2016-09-01 18:11 - 2015-11-29 15:18 - 00000036 _____ C:\Documents and Settings\Valio\Desktop\Нов Текстов документ (3).txt 2016-09-01 18:11 - 2011-03-27 13:27 - 00000146 _____ C:\Documents and Settings\Valio\Desktop\Нов Текстов документ (2).txt 2016-09-01 18:11 - 2010-01-31 18:30 - 00000019 _____ C:\Documents and Settings\Valio\Desktop\Нов Текстов документ (4).bat 2016-09-01 18:11 - 2008-12-21 18:09 - 00146378 _____ C:\Documents and Settings\Valio\Desktop\Нов Текстов документ.txt 2016-08-31 21:15 - 2016-09-06 18:35 - 00000706 _____ C:\Documents and Settings\Valio\Desktop\WhoCrashed.lnk 2016-08-10 20:14 - 2016-08-10 20:14 - 00000000 ____D C:\Program Files\Samsung 2016-08-10 20:14 - 2016-08-10 20:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Samsung 2016-08-10 20:12 - 2016-08-10 20:12 - 00000000 ____D C:\Documents and Settings\Valio\Desktop\TL-WN721N_V1_140915 2016-08-10 20:12 - 2013-06-29 06:49 - 01763584 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athuw.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-06 22:35 - 2010-11-07 20:23 - 00000000 ____D C:\Documents and Settings\Valio\Local Settings\Temp 2016-09-06 22:32 - 2010-11-07 22:01 - 00000000 ___HD C:\WINDOWS\inf 2016-09-06 22:32 - 2010-11-07 20:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-09-06 22:18 - 2010-11-07 21:02 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt 2016-09-06 22:18 - 2010-11-07 20:23 - 00000178 ___SH C:\Documents and Settings\Valio\ntuser.ini 2016-09-06 22:18 - 2010-11-07 20:22 - 00029312 _____ C:\WINDOWS\SchedLgU.Txt 2016-09-06 22:17 - 2015-12-02 20:37 - 01037824 _____ (Microsoft Corporation) C:\WINDOWS\system32\svсhоst.exe 2016-09-06 20:58 - 2014-08-13 17:05 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2016-09-06 20:58 - 2010-11-07 22:08 - 00000000 ____D C:\Documents and Settings\All Users 2016-09-06 20:56 - 2010-11-07 22:09 - 00464096 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-09-06 20:36 - 2013-06-29 21:20 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2016-09-06 20:36 - 2013-06-29 21:20 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2016-09-06 20:30 - 2011-01-30 20:58 - 00000000 ____D C:\Documents and Settings\Valio\Application Data\Skype 2016-09-06 20:21 - 2013-07-14 13:08 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-09-06 20:15 - 2011-01-30 20:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype 2016-09-06 19:27 - 2010-11-07 20:23 - 00000000 ____D C:\Documents and Settings\Valio 2016-09-06 19:21 - 2011-01-30 21:00 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-09-06 18:54 - 2002-01-01 01:12 - 00000000 ____D C:\WINDOWS\Minidump 2016-09-06 18:31 - 2010-11-07 22:01 - 00000000 RSHDC C:\WINDOWS\system32\dllcache 2016-09-06 16:47 - 2010-11-07 20:23 - 00000803 _____ C:\Documents and Settings\Valio\Start Menu\Programs\Internet Explorer.lnk 2016-09-06 16:47 - 2010-11-07 20:23 - 00000000 ___RD C:\Documents and Settings\Valio\My Documents\My Pictures 2016-09-06 16:47 - 2010-11-07 20:23 - 00000000 ___RD C:\Documents and Settings\Valio\My Documents\My Music 2016-09-06 16:47 - 2010-11-07 20:23 - 00000000 ___RD C:\Documents and Settings\Valio\My Documents 2016-09-06 16:47 - 2010-11-07 20:22 - 00000000 __SHD C:\Documents and Settings\LocalService 2016-09-06 16:46 - 2010-11-07 22:08 - 00100640 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-09-06 16:46 - 2010-11-07 22:01 - 00000000 ____D C:\WINDOWS\Help 2016-09-06 16:22 - 2010-11-07 22:01 - 00000000 ____D C:\WINDOWS\Media 2016-09-06 14:47 - 2016-03-20 22:30 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-09-06 14:43 - 2010-11-07 22:08 - 00000000 ____D C:\Documents and Settings 2016-09-06 14:38 - 2016-03-20 22:29 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2016-09-06 14:38 - 2016-03-20 22:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2016-09-06 14:38 - 2016-03-20 22:24 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2016-09-06 13:15 - 2014-04-14 22:56 - 00000000 ____D C:\Documents and Settings\Valio\Application Data\Panda Security 2016-09-06 13:15 - 2014-04-14 22:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Panda Security 2016-09-06 13:15 - 2010-11-07 20:54 - 00012800 _____ C:\Documents and Settings\Valio\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2016-09-06 13:14 - 2016-03-08 20:49 - 00000000 ____D C:\Program Files\Panda Security 2016-09-06 10:47 - 2010-11-07 22:07 - 00000211 ___SH C:\boot.ini 2016-09-06 09:46 - 2008-04-14 15:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2016-08-28 18:36 - 2010-11-07 20:16 - 00000000 ____D C:\WINDOWS\system32\Macromed 2016-08-10 20:06 - 2010-11-07 20:21 - 00000000 __SHD C:\Documents and Settings\NetworkService 2016-08-10 20:06 - 2010-11-07 20:15 - 00000000 ____D C:\WINDOWS\Registration 2016-08-10 20:04 - 2014-04-14 23:06 - 00227960 _____ C:\WINDOWS\ntbtlog.txt ==================== Files in the root of some directories ======= 2016-03-06 19:04 - 2016-03-06 19:04 - 0000000 _____ () C:\Documents and Settings\All Users\Application Data\0x0304A000.sfl Some files in TEMP: ==================== C:\Documents and Settings\Valio\Local Settings\Temp\libeay32.dll C:\Documents and Settings\Valio\Local Settings\Temp\lsаss.exe C:\Documents and Settings\Valio\Local Settings\Temp\msvcr120.dll C:\Documents and Settings\Valio\Local Settings\Temp\SkypeSetup.exe C:\Documents and Settings\Valio\Local Settings\Temp\Skype_7.0.0.102.exe C:\Documents and Settings\Valio\Local Settings\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================
  13. Моля за помощ! Имам проблем с драйвер ucguard. С нищо не се изтрива, опитах всичко, което знам. Набутал се е в C:\Windows\System32\DRIVERS\ucguard.sys Имам и лог файлове. Предварително благодаря за помощта! FRST.txt Addition.txt
  14. След инсталиране на програма Gameroom във Фейсбук спря да работи антивирусната.Деинсталирах тази програма,също и Avira,след това нова инсталация,но ми дава съобщение за corupted files и не тръгва.Пуснах и възстановяване на системата от преди да инсталацията на това недоразумение Gameroom,но резултата е същия. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-05-2017 01 Ran by kostadin (administrator) on KOSTADIN-PC (04-05-2017 09:40:48) Running from C:\Users\kostadin\Downloads Loaded Profiles: kostadin (Available Profiles: kostadin & UpdatusUser & _ashbackup_) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Английски (Съединени щати) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Windows\SysWOW64\PnkBstrA.exe (TorrentsTime) C:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe (Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.5.6\WsAppService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\kostadin\Downloads\FRST64 (2).exe Addition.txt
  15. Здравейте! Извинете,че пак досаждам но днес HitmanPro ми засече вирус. Хиляди извинения за безпокойство и благодаря предварително Addition.txt FRST.txt HitmanPro_20170726_1458.log
  16. Здравейте! Преди горе-долу два часа ми откраднаха стийм акаунта, но за щастие си го върнах, малко преди да изпратя съобщение за проблема на съпорта. Тъй като телефона ми се развали, а стийм ми пращат код за да мога да влизам в акунта по-защитено, реших да го премахна, тъй като няма да имам постоянен достъп до моя номер няколко дена. Остава ми защитата само чрез емайл, т.е. там ми пращат код за да вляза в акаунта си. Всичко е наред, докато изведнъж не ми показва прозорец в стийм да си попълня паролата отново. Без успех. От тук започна всичко, като ми промениха емайла, сложиха си и техен мобилен номер. Но за да пусна тази тема, ме узадачи нещо много странно. Стийм ми пращат на пощата, че данните за акунта ми са променени. В този момент гледам как едно по едно ми изчезват писмата САМО от стийм, което ме въвежда към мисълта, че нарочно те ги изтриват, за да се затрудня с доказателствата към съпорта, че ми е откраднат акаунта.За информация: Имах една игра кракната, която я изтрих веднага след случая, поради причината, че единствено тя ме усъмни за случилото се. Проверих и с пълно сканиране на Нод32 за вируси - нищо нямаше. Уиндоуса е 64 бита с послени ъпдейти. Ако може някой да ме насочи какво е станало и да разберем надеждно ли е всичко в системата ми. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-06-2017 Ran by Excess (administrator) on EXCESS (11-06-2017 22:12:13) Running from C:\Users\Excess\Desktop Loaded Profiles: Excess (Available Profiles: defaultuser0 & Excess) Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSMonitorServicePDVD16.exe (Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Realtek semiconductor) C:\Windows\RTFTrack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe\Music.UI.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSServerPDVD16.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_171.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_171.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Valve Corporation) D:\Steam\Steam.exe (Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [5060864 2015-09-03] (Realtek semiconductor) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-01-11] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1483264 2017-01-11] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1483264 2017-01-11] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1483264 2017-01-11] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [PowerDVD16Agent] => C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD16Agent.exe [525352 2016-05-13] (CyberLink Corp.) HKU\S-1-5-21-3778179891-1135805482-3287728762-1001\...\Run: [World of Tanks] => D:\World_of_Tanks\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net) HKU\S-1-5-21-3778179891-1135805482-3287728762-1001\...\Run: [Steam] => D:\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation) GroupPolicy: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-3778179891-1135805482-3287728762-1001] => 23.111.130.210:3128 Hosts: 127.0.0.1 cap.cyberlink.com Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{187e4edd-27dd-44a6-b263-6cfcdedba360}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{496365e8-e050-44c6-b74d-11dde0f2580e}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== FireFox: ======== FF DefaultProfile: jz7ani3q.default FF ProfilePath: C:\Users\Excess\AppData\Roaming\Mozilla\Firefox\Profiles\jz7ani3q.default [2017-06-11] FF NetworkProxy: Mozilla\Firefox\Profiles\jz7ani3q.default -> http", "75.151.213.85" FF NetworkProxy: Mozilla\Firefox\Profiles\jz7ani3q.default -> http_port", 8080 FF NetworkProxy: Mozilla\Firefox\Profiles\jz7ani3q.default -> no_proxies_on", "" FF NetworkProxy: Mozilla\Firefox\Profiles\jz7ani3q.default -> proxy_over_tls", false FF NetworkProxy: Mozilla\Firefox\Profiles\jz7ani3q.default -> type", 0 FF Extension: (Adblock Plus) - C:\Users\Excess\AppData\Roaming\Mozilla\Firefox\Profiles\jz7ani3q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07] FF Extension: (Follow-on Search Telemetry) - C:\Users\Excess\AppData\Roaming\Mozilla\Firefox\Profiles\jz7ani3q.default\features\{d5f0676c-30fd-45e6-9898-835e0231ee81}\[email protected] [2017-06-10] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-13] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-13] () FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-18] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-18] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\Excess\AppData\Local\Google\Chrome\User Data\Default [2017-06-11] CHR Extension: (Google Slides) - C:\Users\Excess\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-11] CHR Extension: (Google Docs) - C:\Users\Excess\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-11] CHR Extension: (Google Drive) - C:\Users\Excess\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-11] CHR Extension: (YouTube) - C:\Users\Excess\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-11] CHR Extension: (Google Sheets) - C:\Users\Excess\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-11] CHR Extension: (Google Docs Offline) - C:\Users\Excess\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-11] CHR Extension: (Chrome Web Store Payments) - C:\Users\Excess\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09] CHR Extension: (Gmail) - C:\Users\Excess\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-11] CHR Extension: (Chrome Media Router) - C:\Users\Excess\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-15] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [77872 2017-03-08] (CyberGhost S.R.L) R2 CyberLink PowerDVD 16 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSMonitorServicePDVD16.exe [119224 2016-03-31] (CyberLink) R2 CyberLink PowerDVD 16 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSServerPDVD16.exe [366520 2016-03-31] (CyberLink) S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-05-25] (EasyAntiCheat Ltd) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2836296 2016-12-14] (ESET) U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-05-12] (Hi-Rez Studios) [File not signed] R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-18] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-18] (NVIDIA Corporation) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255096 2016-01-20] (Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 CLVirtualBus02; C:\WINDOWS\System32\drivers\CLVirtualBus02.sys [103176 2016-03-28] (CyberLink) R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132272 2016-12-14] (ESET) S3 EasyAntiCheatSys; C:\WINDOWS\system32\drivers\EasyAntiCheat.sys [746024 2017-06-10] () S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-12-14] (ESET) R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180544 2016-12-14] (ESET) R1 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [70960 2016-12-14] (ESET) R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2017-03-18] (Intel Corporation) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_ed616d55e0bead92\nvlddmkm.sys [14458264 2017-05-19] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-05-18] (NVIDIA Corporation) S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-06-15] (The OpenVPN Project) R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3068160 2015-09-03] (Realtek Semiconductor Corp.) S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] () R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51320 2016-01-20] (Synaptics Incorporated) R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2017-04-26] (Anchorfree Inc.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation) R2 {41E8078B-96D9-42DC-8789-A1CF102CD880}; C:\Program Files (x86)\CyberLink\PowerDVD16\Common\NavFilter\000.fcl [29624 2016-03-28] (CyberLink Corp.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-11 22:12 - 2017-06-11 22:12 - 00013853 _____ C:\Users\Excess\Desktop\FRST.txt 2017-06-11 22:11 - 2017-06-11 22:12 - 00000000 ____D C:\FRST 2017-06-11 22:11 - 2017-06-11 22:11 - 02438656 _____ (Farbar) C:\Users\Excess\Desktop\FRST64.exe 2017-06-11 20:30 - 2017-06-11 20:30 - 00000000 ____D C:\Users\Excess\Desktop\steam stolen 2017-06-11 19:46 - 2017-06-11 20:19 - 00003072 ____H C:\Users\Excess\Desktop\photothumb.db 2017-06-11 19:45 - 2017-06-11 19:55 - 00000000 ____D C:\Users\Excess\AppData\Roaming\PhotoScape 2017-06-11 19:44 - 2017-06-11 19:44 - 00001104 _____ C:\Users\Excess\Desktop\PhotoScape.lnk 2017-06-11 19:44 - 2017-06-11 19:44 - 00000000 ____D C:\Program Files (x86)\PhotoScape 2017-06-11 19:19 - 2017-06-11 19:20 - 39173612 _____ C:\Users\Excess\Desktop\MSIAfterburnerSetup.zip 2017-06-11 18:48 - 2017-06-11 18:48 - 00000560 _____ C:\Users\Public\Desktop\Steam.lnk 2017-06-07 19:26 - 2017-06-07 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2017-06-05 23:18 - 2017-06-05 23:18 - 00000000 ____D C:\Program Files (x86)\qBittorrent 2017-06-04 02:18 - 2017-06-04 02:18 - 00000000 ____D C:\Users\Excess\AppData\Local\UnrealEngine 2017-06-04 02:18 - 2017-06-04 02:18 - 00000000 ____D C:\Users\Excess\AppData\Local\SummerCamp 2017-06-04 02:17 - 2017-02-22 18:48 - 00633144 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll 2017-06-04 02:16 - 2017-04-19 13:35 - 00095656 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll 2017-06-03 18:03 - 2017-06-03 18:03 - 00000000 ____D C:\Users\Excess\Documents\ViberDownloads 2017-06-02 01:02 - 2017-06-02 01:02 - 00042127 _____ C:\Users\Excess\Downloads\Tai.Chi.Zero.2012.(subs.sab.bz) (1).rar 2017-06-02 00:58 - 2017-06-02 00:58 - 00042127 _____ C:\Users\Excess\Downloads\Tai.Chi.Zero.2012.(subs.sab.bz).rar 2017-06-02 00:58 - 2017-06-02 00:58 - 00014875 _____ C:\Users\Excess\Downloads\Tai.Chi.0.2012.BDRip.XviD.AC3-WAR.torrent 2017-06-02 00:57 - 2017-06-02 00:57 - 00021237 _____ C:\Users\Excess\Downloads\The.Tai_Chi.Master.1993.BDRip.x264.AC3_WAF.(subs.sab.bz).rar 2017-06-02 00:56 - 2017-06-02 00:56 - 00018426 _____ C:\Users\Excess\Downloads\Tai.Chi.Hero.2012.720p.BRRip.Xvid-DiN (2).torrent 2017-06-02 00:56 - 2017-06-02 00:56 - 00008211 _____ C:\Users\Excess\Downloads\The.Tai-Chi.Master.1993.BDRip.x264.AC3-WAF.torrent 2017-06-02 00:54 - 2017-06-02 00:54 - 00063439 _____ C:\Users\Excess\Downloads\Tai.Chi.Hero.(subs.sab.bz).rar 2017-06-02 00:54 - 2017-06-02 00:54 - 00018426 _____ C:\Users\Excess\Downloads\Tai.Chi.Hero.2012.720p.BRRip.Xvid-DiN.torrent 2017-06-02 00:54 - 2017-06-02 00:54 - 00018426 _____ C:\Users\Excess\Downloads\Tai.Chi.Hero.2012.720p.BRRip.Xvid-DiN (1).torrent 2017-06-02 00:52 - 2017-06-02 00:52 - 00020774 _____ C:\Users\Excess\Downloads\man.of.tai.chi.2013.bluray.720p.dts.x264-chd(subsunacs.net).rar 2017-06-02 00:51 - 2017-06-02 00:51 - 00011748 _____ C:\Users\Excess\Downloads\Man.of.Tai.Chi.2013.BDRip.x264.AAC-WARHD.torrent 2017-06-02 00:48 - 2017-06-02 00:48 - 00024193 _____ C:\Users\Excess\Downloads\Man.of.Tai.Chi.2013.BluRay.720p.DTS.x264-CHD.torrent 2017-06-02 00:47 - 2017-06-02 00:47 - 00015077 _____ C:\Users\Excess\Downloads\Tai Chi Zero 2012 BRRip XviD AC3 vigo.torrent 2017-05-24 02:32 - 2017-05-24 02:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm 2017-05-24 02:19 - 2017-05-24 02:53 - 00000000 ____D C:\Users\Excess\Documents\Heroes of the Storm 2017-05-23 01:26 - 2017-05-18 10:35 - 00513144 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2017-05-23 01:26 - 2017-05-18 08:21 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2017-05-23 01:22 - 2017-05-18 10:35 - 40201848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 35390072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 35282040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 28624504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 11056456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 11028664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 10551072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 09248144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 09014976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 08808488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 03797112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 03256440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 01988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438233.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 01606592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438233.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 01278528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 01056704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 00995736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 00993912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 00964032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 00914880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 00775864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 00725112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 00688968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 00612272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 00583800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 00577728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll 2017-05-23 01:22 - 2017-05-18 10:35 - 00499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2017-05-23 01:15 - 2017-05-23 01:15 - 00004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-23 01:14 - 2017-05-03 23:21 - 00175736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll 2017-05-23 01:14 - 2017-05-03 23:21 - 00143480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll 2017-05-21 13:44 - 2017-05-21 13:44 - 00000000 ____D C:\Users\Excess\AppData\Local\DBG 2017-05-19 09:04 - 2017-05-19 09:04 - 00008192 _____ C:\WINDOWS\system32\config\userdiff 2017-05-19 09:04 - 2017-05-18 22:12 - 00000000 ____D C:\WINDOWS\ServiceProfiles 2017-05-19 09:02 - 2017-05-19 09:02 - 00000000 ____D C:\Program Files\Reference Assemblies 2017-05-19 09:02 - 2017-05-19 09:02 - 00000000 ____D C:\Program Files\MSBuild 2017-05-19 09:02 - 2017-05-19 09:02 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2017-05-19 09:02 - 2017-05-19 09:02 - 00000000 ____D C:\Program Files (x86)\MSBuild 2017-05-19 09:01 - 2017-02-10 22:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2017-05-19 09:01 - 2017-02-10 22:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2017-05-19 09:01 - 2017-02-10 22:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2017-05-19 09:01 - 2017-02-10 22:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2017-05-19 09:01 - 2017-02-10 22:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2017-05-19 09:01 - 2017-02-10 22:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2017-05-19 08:43 - 2017-05-19 08:43 - 00000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER 2017-05-19 00:52 - 2017-04-28 04:07 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2017-05-19 00:52 - 2017-04-28 03:57 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2017-05-19 00:52 - 2017-04-28 03:56 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2017-05-19 00:52 - 2017-04-28 03:55 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-05-19 00:52 - 2017-04-28 03:51 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-05-19 00:52 - 2017-04-28 03:46 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-05-19 00:52 - 2017-04-28 03:40 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-05-19 00:52 - 2017-04-28 03:40 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-05-19 00:52 - 2017-04-28 03:26 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-05-19 00:52 - 2017-04-28 03:04 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-05-19 00:52 - 2017-04-28 03:00 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-05-19 00:52 - 2017-04-28 02:58 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-05-19 00:52 - 2017-04-28 02:57 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-05-19 00:52 - 2017-04-28 02:57 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2017-05-19 00:52 - 2017-04-19 09:11 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2017-05-19 00:52 - 2017-04-19 09:10 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2017-05-19 00:52 - 2017-04-19 09:10 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll 2017-05-19 00:52 - 2017-04-14 03:35 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2017-05-19 00:52 - 2017-04-14 02:43 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2017-05-19 00:52 - 2017-04-14 02:39 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-05-19 00:52 - 2017-04-14 02:35 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll 2017-05-19 00:52 - 2017-04-14 02:33 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2017-05-19 00:52 - 2017-04-14 02:29 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2017-05-19 00:52 - 2017-04-14 02:21 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-05-19 00:51 - 2017-04-28 04:38 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2017-05-19 00:51 - 2017-04-28 04:19 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2017-05-19 00:51 - 2017-04-28 04:19 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2017-05-19 00:51 - 2017-04-28 04:18 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2017-05-19 00:51 - 2017-04-28 04:16 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2017-05-19 00:51 - 2017-04-28 04:12 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2017-05-19 00:51 - 2017-04-28 04:12 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2017-05-19 00:51 - 2017-04-28 04:11 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2017-05-19 00:51 - 2017-04-28 04:09 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2017-05-19 00:51 - 2017-04-28 04:08 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-05-19 00:51 - 2017-04-28 04:08 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2017-05-19 00:51 - 2017-04-28 04:08 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2017-05-19 00:51 - 2017-04-28 04:08 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2017-05-19 00:51 - 2017-04-28 04:07 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2017-05-19 00:51 - 2017-04-28 04:06 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll 2017-05-19 00:51 - 2017-04-28 04:06 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2017-05-19 00:51 - 2017-04-28 04:05 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2017-05-19 00:51 - 2017-04-28 04:04 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2017-05-19 00:51 - 2017-04-28 04:03 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2017-05-19 00:51 - 2017-04-28 04:00 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-05-19 00:51 - 2017-04-28 03:59 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll 2017-05-19 00:51 - 2017-04-28 03:59 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2017-05-19 00:51 - 2017-04-28 03:59 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2017-05-19 00:51 - 2017-04-28 03:59 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2017-05-19 00:51 - 2017-04-28 03:59 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe 2017-05-19 00:51 - 2017-04-28 03:58 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2017-05-19 00:51 - 2017-04-28 03:58 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2017-05-19 00:51 - 2017-04-28 03:55 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2017-05-19 00:51 - 2017-04-28 03:53 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll 2017-05-19 00:51 - 2017-04-28 03:52 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-05-19 00:51 - 2017-04-28 03:52 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2017-05-19 00:51 - 2017-04-28 03:52 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll 2017-05-19 00:51 - 2017-04-28 03:49 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx 2017-05-19 00:51 - 2017-04-28 03:49 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll 2017-05-19 00:51 - 2017-04-28 03:46 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2017-05-19 00:51 - 2017-04-28 03:46 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2017-05-19 00:51 - 2017-04-28 03:45 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2017-05-19 00:51 - 2017-04-28 03:44 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2017-05-19 00:51 - 2017-04-28 03:44 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2017-05-19 00:51 - 2017-04-28 03:42 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2017-05-19 00:51 - 2017-04-28 03:42 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2017-05-19 00:51 - 2017-04-28 03:42 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2017-05-19 00:51 - 2017-04-28 03:42 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2017-05-19 00:51 - 2017-04-28 03:41 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2017-05-19 00:51 - 2017-04-28 03:40 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2017-05-19 00:51 - 2017-04-28 03:40 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2017-05-19 00:51 - 2017-04-28 03:40 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2017-05-19 00:51 - 2017-04-28 03:40 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll 2017-05-19 00:51 - 2017-04-28 03:39 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2017-05-19 00:51 - 2017-04-28 03:39 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-05-19 00:51 - 2017-04-28 03:39 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-05-19 00:51 - 2017-04-28 03:38 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 2017-05-19 00:51 - 2017-04-28 03:38 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2017-05-19 00:51 - 2017-04-28 03:37 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2017-05-19 00:51 - 2017-04-28 03:37 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2017-05-19 00:51 - 2017-04-28 03:34 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe 2017-05-19 00:51 - 2017-04-28 03:33 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2017-05-19 00:51 - 2017-04-28 03:15 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-05-19 00:51 - 2017-04-28 03:15 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2017-05-19 00:51 - 2017-04-28 03:14 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll 2017-05-19 00:51 - 2017-04-28 03:11 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx 2017-05-19 00:51 - 2017-04-28 03:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys 2017-05-19 00:51 - 2017-04-28 03:11 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll 2017-05-19 00:51 - 2017-04-28 03:09 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2017-05-19 00:51 - 2017-04-28 03:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-05-19 00:51 - 2017-04-28 03:08 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2017-05-19 00:51 - 2017-04-28 03:08 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll 2017-05-19 00:51 - 2017-04-28 03:08 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2017-05-19 00:51 - 2017-04-28 03:07 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2017-05-19 00:51 - 2017-04-28 03:06 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll 2017-05-19 00:51 - 2017-04-28 03:06 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2017-05-19 00:51 - 2017-04-28 03:06 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2017-05-19 00:51 - 2017-04-28 03:06 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2017-05-19 00:51 - 2017-04-28 03:05 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2017-05-19 00:51 - 2017-04-28 03:05 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-05-19 00:51 - 2017-04-28 03:04 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2017-05-19 00:51 - 2017-04-28 03:04 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2017-05-19 00:51 - 2017-04-28 03:04 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2017-05-19 00:51 - 2017-04-28 03:03 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2017-05-19 00:51 - 2017-04-28 03:03 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2017-05-19 00:51 - 2017-04-28 03:03 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2017-05-19 00:51 - 2017-04-28 03:03 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2017-05-19 00:51 - 2017-04-28 03:03 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll 2017-05-19 00:51 - 2017-04-28 03:02 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2017-05-19 00:51 - 2017-04-28 03:01 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2017-05-19 00:51 - 2017-04-28 03:01 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2017-05-19 00:51 - 2017-04-28 02:59 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll 2017-05-19 00:51 - 2017-04-28 02:59 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-05-19 00:51 - 2017-04-28 02:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-05-19 00:51 - 2017-04-28 02:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-05-19 00:51 - 2017-04-28 02:59 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2017-05-19 00:51 - 2017-04-28 02:58 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2017-05-19 00:51 - 2017-04-28 02:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2017-05-19 00:51 - 2017-04-28 02:57 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-05-19 00:51 - 2017-04-28 02:54 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll 2017-05-19 00:51 - 2017-04-28 02:54 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe 2017-05-19 00:51 - 2017-04-28 02:54 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2017-05-19 00:51 - 2017-04-28 02:52 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll 2017-05-19 00:51 - 2017-04-19 10:07 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2017-05-19 00:51 - 2017-04-19 10:06 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2017-05-19 00:51 - 2017-04-19 10:04 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys 2017-05-19 00:51 - 2017-04-19 10:02 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2017-05-19 00:51 - 2017-04-19 09:19 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2017-05-19 00:51 - 2017-04-19 09:18 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys 2017-05-19 00:51 - 2017-04-19 09:16 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll 2017-05-19 00:51 - 2017-04-19 09:15 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2017-05-19 00:51 - 2017-04-19 09:14 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll 2017-05-19 00:51 - 2017-04-19 09:13 - 00980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2017-05-19 00:51 - 2017-04-19 09:13 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2017-05-19 00:51 - 2017-04-19 09:13 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2017-05-19 00:51 - 2017-04-19 09:12 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2017-05-19 00:51 - 2017-04-19 09:12 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2017-05-19 00:51 - 2017-04-19 09:12 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll 2017-05-19 00:51 - 2017-04-19 09:11 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2017-05-19 00:51 - 2017-04-19 09:10 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll 2017-05-19 00:51 - 2017-04-19 09:08 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2017-05-19 00:51 - 2017-04-19 09:08 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2017-05-19 00:51 - 2017-04-19 09:07 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll 2017-05-19 00:51 - 2017-04-19 09:07 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2017-05-19 00:51 - 2017-04-19 09:06 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2017-05-19 00:51 - 2017-04-19 09:04 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2017-05-19 00:51 - 2017-04-19 09:04 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2017-05-19 00:51 - 2017-04-19 09:02 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2017-05-19 00:51 - 2017-04-19 09:01 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll 2017-05-19 00:51 - 2017-04-19 08:59 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2017-05-19 00:51 - 2017-04-19 08:59 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2017-05-19 00:51 - 2017-04-19 08:58 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-05-19 00:51 - 2017-04-19 08:37 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll 2017-05-19 00:51 - 2017-04-19 08:36 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2017-05-19 00:51 - 2017-04-19 08:35 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2017-05-19 00:51 - 2017-04-19 08:34 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2017-05-19 00:51 - 2017-04-19 08:34 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2017-05-19 00:51 - 2017-04-19 08:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll 2017-05-19 00:51 - 2017-04-19 08:32 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll 2017-05-19 00:51 - 2017-04-19 08:30 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2017-05-19 00:51 - 2017-04-19 08:29 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2017-05-19 00:51 - 2017-04-14 03:35 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll 2017-05-19 00:51 - 2017-04-14 03:35 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll 2017-05-19 00:51 - 2017-04-14 03:33 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll 2017-05-19 00:51 - 2017-04-14 03:32 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll 2017-05-19 00:51 - 2017-04-14 03:30 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll 2017-05-19 00:51 - 2017-04-14 03:25 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll 2017-05-19 00:51 - 2017-04-14 03:25 - 01452960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll 2017-05-19 00:51 - 2017-04-14 02:43 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll 2017-05-19 00:51 - 2017-04-14 02:41 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll 2017-05-19 00:51 - 2017-04-14 02:41 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2017-05-19 00:51 - 2017-04-14 02:40 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll 2017-05-19 00:51 - 2017-04-14 02:39 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe 2017-05-19 00:51 - 2017-04-14 02:39 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2017-05-19 00:51 - 2017-04-14 02:39 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll 2017-05-19 00:51 - 2017-04-14 02:39 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll 2017-05-19 00:51 - 2017-04-14 02:38 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll 2017-05-19 00:51 - 2017-04-14 02:38 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll 2017-05-19 00:51 - 2017-04-14 02:37 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2017-05-19 00:51 - 2017-04-14 02:37 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll 2017-05-19 00:51 - 2017-04-14 02:37 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll 2017-05-19 00:51 - 2017-04-14 02:37 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2017-05-19 00:51 - 2017-04-14 02:36 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll 2017-05-19 00:51 - 2017-04-14 02:36 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll 2017-05-19 00:51 - 2017-04-14 02:35 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll 2017-05-19 00:51 - 2017-04-14 02:35 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2017-05-19 00:51 - 2017-04-14 02:34 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2017-05-19 00:51 - 2017-04-14 02:34 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll 2017-05-19 00:51 - 2017-04-14 02:33 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2017-05-19 00:51 - 2017-04-14 02:31 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll 2017-05-19 00:51 - 2017-04-14 02:31 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll 2017-05-19 00:51 - 2017-04-14 02:29 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2017-05-19 00:51 - 2017-04-14 02:29 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2017-05-19 00:51 - 2017-04-14 02:29 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2017-05-19 00:51 - 2017-04-14 02:29 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2017-05-19 00:51 - 2017-04-14 02:28 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-05-19 00:51 - 2017-04-14 02:26 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll 2017-05-19 00:51 - 2017-04-14 02:25 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2017-05-19 00:51 - 2017-04-14 02:24 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2017-05-19 00:51 - 2017-04-14 02:21 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll 2017-05-19 00:51 - 2017-04-14 02:18 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe 2017-05-19 00:51 - 2017-04-14 02:18 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2017-05-19 00:51 - 2017-04-14 02:15 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll 2017-05-19 00:51 - 2017-04-14 02:15 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll 2017-05-19 00:51 - 2017-04-14 02:13 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll 2017-05-19 00:51 - 2017-04-14 02:13 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2017-05-19 00:51 - 2017-04-14 02:08 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2017-05-19 00:51 - 2017-04-14 02:06 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll 2017-05-19 00:51 - 2017-04-14 02:04 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll 2017-05-19 00:51 - 2017-04-14 02:01 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll 2017-05-19 00:51 - 2017-04-01 04:05 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2017-05-19 00:51 - 2017-04-01 04:04 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-05-19 00:51 - 2017-04-01 04:04 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-05-19 00:51 - 2017-04-01 04:04 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2017-05-19 00:51 - 2017-04-01 03:57 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2017-05-19 00:51 - 2017-04-01 03:57 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2017-05-19 00:51 - 2017-04-01 03:52 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2017-05-19 00:51 - 2017-04-01 03:51 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2017-05-19 00:51 - 2017-04-01 03:29 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2017-05-19 00:51 - 2017-04-01 03:28 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2017-05-19 00:51 - 2017-04-01 03:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2017-05-19 00:51 - 2017-04-01 03:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll 2017-05-19 00:51 - 2017-04-01 03:05 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2017-05-19 00:51 - 2017-04-01 03:04 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2017-05-19 00:51 - 2017-04-01 03:04 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll 2017-05-19 00:51 - 2017-04-01 03:02 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll 2017-05-19 00:51 - 2017-04-01 03:01 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2017-05-19 00:51 - 2017-04-01 02:58 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll 2017-05-19 00:51 - 2017-04-01 02:58 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2017-05-19 00:51 - 2017-04-01 02:56 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll 2017-05-19 00:51 - 2017-04-01 02:55 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2017-05-19 00:51 - 2017-04-01 02:55 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll 2017-05-19 00:51 - 2017-04-01 02:52 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll 2017-05-19 00:51 - 2017-04-01 02:52 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll 2017-05-19 00:51 - 2017-04-01 02:50 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll 2017-05-19 00:51 - 2017-04-01 02:50 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll 2017-05-19 00:51 - 2017-04-01 02:45 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll 2017-05-19 00:51 - 2017-04-01 02:44 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll 2017-05-19 00:51 - 2017-04-01 00:00 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin 2017-05-18 22:44 - 2017-05-18 22:44 - 00003274 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-05-18 22:44 - 2017-05-18 22:44 - 00002370 _____ C:\Users\Excess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-05-18 22:41 - 2017-05-18 22:41 - 00000000 ____D C:\ProgramData\Microsoft OneDrive 2017-05-18 22:38 - 2017-05-18 22:38 - 00000020 ___SH C:\Users\Excess\ntuser.ini 2017-05-18 22:37 - 2017-05-18 22:37 - 00000000 _SHDL C:\Users\Default\My Documents 2017-05-18 22:35 - 2017-05-18 22:36 - 00011433 _____ C:\WINDOWS\diagwrn.xml 2017-05-18 22:35 - 2017-05-18 22:36 - 00011433 _____ C:\WINDOWS\diagerr.xml 2017-05-18 22:33 - 2017-05-18 22:33 - 00000000 ____D C:\ProgramData\USOShared 2017-05-18 22:30 - 2017-06-10 23:43 - 00959550 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-05-18 22:29 - 2017-06-10 23:38 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-05-18 22:29 - 2017-05-23 01:15 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-18 22:29 - 2017-05-23 01:15 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-18 22:29 - 2017-05-23 01:15 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-18 22:29 - 2017-05-23 01:15 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-18 22:29 - 2017-05-23 01:15 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-18 22:29 - 2017-05-23 01:15 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-18 22:29 - 2017-05-23 01:15 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-18 22:29 - 2017-05-18 22:29 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat 2017-05-18 22:29 - 2017-05-18 22:29 - 00003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-05-18 22:29 - 2017-05-18 22:29 - 00003278 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2017-05-18 22:29 - 2017-05-18 22:29 - 00003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-05-18 22:29 - 2017-05-18 22:29 - 00002278 _____ C:\WINDOWS\System32\Tasks\{CD52772C-C127-4B2A-B318-B0DAC4A35933} 2017-05-18 22:24 - 2017-05-18 22:34 - 00000000 ____D C:\Users\Public\Documents\CyberLink 2017-05-18 22:21 - 2017-05-18 22:21 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2017-05-18 22:19 - 2017-05-18 22:21 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate 2017-05-18 22:18 - 2017-06-10 23:40 - 00000000 ____D C:\Users\Excess 2017-05-18 22:18 - 2017-05-18 22:29 - 00000000 ____D C:\Users\defaultuser0 2017-05-18 22:18 - 2017-05-18 22:18 - 00000000 _SHDL C:\Users\Excess\My Documents 2017-05-18 22:18 - 2017-05-18 22:18 - 00000000 _SHDL C:\Users\Excess\Documents\My Videos 2017-05-18 22:18 - 2017-05-18 22:18 - 00000000 _SHDL C:\Users\Excess\Documents\My Pictures 2017-05-18 22:18 - 2017-05-18 22:18 - 00000000 _SHDL C:\Users\Excess\Documents\My Music 2017-05-18 22:18 - 2017-05-18 22:18 - 00000000 _SHDL C:\Users\defaultuser0\My Documents 2017-05-18 22:18 - 2017-05-18 22:18 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Videos 2017-05-18 22:18 - 2017-05-18 22:18 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Pictures 2017-05-18 22:18 - 2017-05-18 22:18 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Music 2017-05-18 22:16 - 2017-06-11 14:39 - 00000000 ____D C:\ProgramData\NVIDIA 2017-05-18 22:16 - 2017-05-23 01:15 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-05-18 22:16 - 2017-05-18 08:55 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat 2017-05-18 22:16 - 2017-05-18 08:48 - 06437824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2017-05-18 22:16 - 2017-05-18 08:48 - 02479736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2017-05-18 22:16 - 2017-05-18 08:48 - 01762936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2017-05-18 22:16 - 2017-05-18 08:48 - 00548984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2017-05-18 22:16 - 2017-05-18 08:48 - 00392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2017-05-18 22:16 - 2017-05-18 08:48 - 00146880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll 2017-05-18 22:16 - 2017-05-18 08:48 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2017-05-18 22:16 - 2017-05-18 08:48 - 00069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2017-05-18 22:16 - 2017-05-16 21:09 - 07993157 _____ C:\WINDOWS\system32\nvcoproc.bin 2017-05-18 22:15 - 2017-05-23 01:27 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2017-05-18 22:15 - 2017-05-23 01:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2017-05-18 22:15 - 2017-05-18 22:15 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf 2017-05-18 22:15 - 2017-05-18 22:15 - 00000000 ____H C:\ProgramData\DP45977C.lfl 2017-05-18 22:15 - 2017-05-18 22:15 - 00000000 ____D C:\WINDOWS\system32\DAX2 2017-05-18 22:15 - 2017-03-18 23:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2017-05-18 22:14 - 2017-05-18 22:14 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf 2017-05-18 22:14 - 2017-05-18 22:14 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2017-05-18 22:14 - 2017-05-18 22:14 - 00000000 ____D C:\Program Files\Synaptics 2017-05-18 22:14 - 2017-05-18 22:14 - 00000000 ____D C:\Program Files\Realtek 2017-05-18 22:12 - 2017-06-11 21:14 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-05-18 22:12 - 2017-06-10 23:39 - 00225552 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-05-14 15:11 - 2017-05-18 10:35 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys 2017-05-14 15:11 - 2017-05-02 01:38 - 01600560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll 2017-05-14 15:11 - 2017-05-02 01:38 - 00218040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys 2017-05-14 15:11 - 2017-05-02 01:38 - 00046008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll 2017-05-13 06:08 - 2017-05-13 06:08 - 00000000 ____D C:\Users\Excess\Desktop\realtemp 2017-05-13 06:07 - 2017-05-13 06:07 - 00330853 _____ C:\Users\Excess\Desktop\RealTemp_370.zip ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-11 22:09 - 2017-05-02 01:21 - 00001629 _____ C:\Users\Excess\Desktop\New Text Document.txt 2017-06-11 21:31 - 2017-03-18 23:51 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-06-11 16:19 - 2017-01-11 04:36 - 00000000 ____D C:\Users\Excess\AppData\LocalLow\Mozilla 2017-06-11 01:30 - 2017-01-11 05:32 - 00000000 ____D C:\Users\Excess\AppData\Local\CrashDumps 2017-06-11 01:29 - 2017-01-30 13:28 - 00000000 ____D C:\Users\Excess\AppData\Local\Battle.net 2017-06-10 23:48 - 2017-01-30 13:31 - 00000000 ____D C:\Program Files (x86)\Hearthstone 2017-06-10 23:43 - 2017-01-30 13:26 - 00000000 ____D C:\Program Files (x86)\Battle.net 2017-06-10 23:37 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-06-10 22:49 - 2017-03-31 15:02 - 00746024 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys 2017-06-10 20:49 - 2017-01-11 06:58 - 00000000 ____D C:\Users\Excess\AppData\Roaming\qBittorrent 2017-06-10 16:39 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-06-09 20:30 - 2017-01-11 04:21 - 00000000 ____D C:\Users\Excess\AppData\Local\NVIDIA Corporation 2017-06-09 18:57 - 2017-03-19 00:01 - 00000000 ____D C:\WINDOWS\INF 2017-06-08 19:08 - 2017-03-19 00:03 - 00000000 ___HD C:\Program Files\WindowsApps 2017-06-07 02:24 - 2017-01-26 03:27 - 00000000 ____D C:\KMPlayer 2017-05-25 22:08 - 2017-03-31 13:58 - 00383016 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe 2017-05-25 01:10 - 2017-03-18 14:40 - 01572864 _____ C:\WINDOWS\system32\config\BBI 2017-05-25 01:02 - 2017-01-18 07:17 - 00000552 __RSH C:\ProgramData\ntuser.pol 2017-05-24 19:53 - 2017-01-11 11:00 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-05-24 19:51 - 2017-01-11 11:00 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-05-24 17:46 - 2017-01-11 04:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-05-24 17:46 - 2017-01-11 04:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-05-24 02:52 - 2017-01-30 13:30 - 00000000 ____D C:\ProgramData\Blizzard Entertainment 2017-05-23 01:26 - 2017-01-11 04:04 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2017-05-23 01:15 - 2017-01-11 04:21 - 00001489 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2017-05-22 00:34 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\rescache 2017-05-19 19:00 - 2017-01-11 03:39 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-05-19 17:44 - 2017-03-19 00:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12 2017-05-19 17:44 - 2017-03-19 00:03 - 00000000 ___SD C:\WINDOWS\system32\F12 2017-05-19 17:44 - 2017-03-19 00:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-05-19 17:44 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2017-05-19 17:44 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2017-05-19 17:44 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\system32\appraiser 2017-05-19 17:44 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\ShellExperiences 2017-05-19 17:44 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\Provisioning 2017-05-19 17:44 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2017-05-19 17:44 - 2017-03-19 00:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2017-05-19 17:44 - 2017-03-19 00:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-05-19 17:44 - 2017-03-18 14:40 - 00000000 ____D C:\WINDOWS\system32\Dism 2017-05-19 09:11 - 2017-03-19 00:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template 2017-05-19 09:05 - 2017-03-19 00:06 - 00000000 ____D C:\WINDOWS\Setup 2017-05-19 04:48 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\appcompat 2017-05-18 22:56 - 2017-01-11 03:39 - 00000000 ____D C:\Users\Excess\AppData\Local\Packages 2017-05-18 22:44 - 2017-01-11 03:41 - 00000000 ___RD C:\Users\Excess\OneDrive 2017-05-18 22:39 - 2017-05-08 04:29 - 00000000 ___DC C:\WINDOWS\Panther 2017-05-18 22:36 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2017-05-18 22:36 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\Registration 2017-05-18 22:34 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2017-05-18 22:33 - 2017-03-19 00:03 - 00000000 ____D C:\ProgramData\USOPrivate 2017-05-18 22:33 - 2017-03-19 00:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-05-18 22:30 - 2017-03-19 05:31 - 00000000 ____D C:\WINDOWS\HoloShell 2017-05-18 22:29 - 2017-03-19 00:03 - 00000000 __RHD C:\Users\Public\Libraries 2017-05-18 22:26 - 2017-01-11 21:26 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-05-18 22:21 - 2017-05-03 19:42 - 00000000 ____D C:\WINDOWS\system32\UNP 2017-05-18 22:21 - 2017-05-01 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6 2017-05-18 22:21 - 2017-04-07 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone 2017-05-18 22:21 - 2017-03-31 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios 2017-05-18 22:21 - 2017-01-30 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2017-05-18 22:21 - 2017-01-26 06:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek 2017-05-18 22:21 - 2017-01-26 03:27 - 00000000 ____D C:\Users\Excess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer 2017-05-18 22:21 - 2017-01-11 04:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2017-05-18 22:20 - 2017-05-09 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2017-05-18 22:20 - 2017-03-19 05:30 - 00000000 ____D C:\WINDOWS\OCR 2017-05-18 22:20 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-05-18 22:20 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2017-05-18 22:20 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\system32\spool 2017-05-18 22:20 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-05-18 22:20 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-05-18 22:20 - 2017-01-11 07:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes 2017-05-18 22:20 - 2017-01-11 05:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2017-05-18 22:20 - 2017-01-11 04:27 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles 2017-05-18 22:20 - 2017-01-11 04:25 - 00000000 ____D C:\Program Files (x86)\Intel 2017-05-18 22:19 - 2017-03-19 00:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2017-05-18 22:19 - 2017-01-11 04:25 - 00000000 ____D C:\Program Files\Intel 2017-05-18 22:19 - 2017-01-11 03:37 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Packages 2017-05-18 22:19 - 2016-07-16 14:47 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2017-05-18 22:17 - 2017-03-18 14:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2017-05-18 22:16 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\Help 2017-05-18 10:35 - 2017-04-30 20:13 - 04114248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2017-05-18 10:35 - 2017-04-30 20:13 - 03624784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2017-05-18 10:35 - 2017-04-30 20:13 - 00045061 _____ C:\WINDOWS\system32\nvinfo.pb 2017-05-18 10:35 - 2017-04-07 19:55 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat 2017-05-18 10:35 - 2017-03-19 05:31 - 00418752 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll 2017-05-16 00:17 - 2017-01-11 21:26 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-05-13 05:35 - 2017-01-18 00:40 - 00000000 ____D C:\Users\Excess\AppData\Local\Adobe ==================== Files in the root of some directories ======= 2017-05-18 22:15 - 2017-05-18 22:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== 2017-05-14 15:16 - 2017-05-01 23:14 - 0869200 _____ (NVIDIA Corporation) C:\Users\Excess\AppData\Local\Temp\nvSCPAPI64.dll 2017-05-23 01:22 - 2017-05-01 23:14 - 0367552 _____ (NVIDIA Corporation) C:\Users\Excess\AppData\Local\Temp\nvStInst.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-06-01 22:46 ==================== End of FRST.txt ============================ Addition.txt
  17. Здравейте, имам проблем с една игра и тя има защита за хакове и всякaкви подобни и от error лог-а ми изписва, че трябва да затворя приложението AC Tool, но не мога да намеря нищо такова. [HackShield] DLL Injection detected, close this app: AC Tool Също усещам, че компютърът ми започва да лагва много и ми забива, а пък характеристиките му не са стари. На win10 съм FRST.txt Addition.txt
  18. Здравейте,това е заплахата която открих при сканиране на PC-то с антивирусна- Trojan.BHO.AN .Единственото което видях е че се случва по време на сесия във фейсбук,всички снимки и икони които се виждаха на екрана изчезнаха за секунди,остана само текста.После всичко си бе както преди.Получих съобщение в чата на фейсбук че нарушавам политиката на сайта и някой може да ме докладва.Иначе компютъра работи без забележки .Не мога да влизам в профила си във фейсбук вече-администраторите ми пратиха съобщение че не мога да го ползвам докато не се изчисти компютъра: Your Computer Needs to Be Cleaned It looks like your computer is being affected by malware. We’ll help you fix the problem to keep your account secure and prevent malware from spreading to friends. Malware is software that tries to steal personal information and causes problems when you use Facebook. Clicking or sharing links that contain spam can give your computer malware. Начало Прилагам логовете от FRST': Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-06-2016 01 Ran by GERGANA (administrator) on GERGANA-PC (13-06-2016 00:36:58) Running from C:\Users\GERGANA\Desktop Loaded Profiles: GERGANA (Available Profiles: GERGANA) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [2577832 2016-04-25] (QIHU 360 SOFTWARE CO. LIMITED) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2015-01-08] ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe () BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 84.54.128.100 84.54.128.9 Tcpip\..\Interfaces\{050FEA5C-3630-4D0F-A8E4-8EC183BF8AE8}: [DhcpNameServer] 84.54.128.100 84.54.128.9 Tcpip\..\Interfaces\{94C064C5-8139-44AB-810C-1E9D0A2F024F}: [DhcpNameServer] 84.54.128.100 84.54.128.9 Tcpip\..\Interfaces\{C9DE01DF-38AF-422C-8292-00BF45A44DE5}: [DhcpNameServer] 217.18.252.131 87.246.20.11 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation) BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-04-25] (Qihu 360 Software Co., Ltd.) FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\GERGANA\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Диск) - C:\Users\GERGANA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (YouTube) - C:\Users\GERGANA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google Търсене) - C:\Users\GERGANA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Watch Later) - C:\Users\GERGANA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hneblhapdjagodpfkenaiiaajkkbcfph [2016-01-31] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\GERGANA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Gmail) - C:\Users\GERGANA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] Opera: ======= OPR StartupUrls: "hxxp://google.bg/" ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation) R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [915880 2016-04-25] (QIHU 360 SOFTWARE CO. LIMITED) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137808 2016-04-25] (360.cn) R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2016-04-25] (360.cn) R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [77904 2016-04-25] (360.cn) R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2016-04-25] (360.cn) R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2016-04-25] (360.cn) R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [370768 2016-04-25] (360.cn) R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [181328 2016-04-25] (360.cn) R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] () S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security) S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-11] (Intel Corporation) S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [119680 2009-11-17] (TCT International Mobile Ltd) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-19] (Qualcomm Atheros Co., Ltd.) S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-13 00:36 - 2016-06-13 00:37 - 00009323 _____ C:\Users\GERGANA\Desktop\FRST.txt 2016-06-13 00:36 - 2016-06-13 00:36 - 00000000 ____D C:\FRST 2016-06-13 00:35 - 2016-06-13 00:35 - 02385408 _____ (Farbar) C:\Users\GERGANA\Desktop\FRST64.exe 2016-06-13 00:27 - 2016-06-13 00:27 - 00000000 ____D C:\cce_linux 2016-06-13 00:12 - 2016-06-13 00:12 - 524288000 _____ C:\REMOVE_THIS_FILE.livecd.swap 2016-06-12 21:49 - 2016-06-12 23:04 - 00000888 _____ C:\Windows\SysWOW64\SBRC.dat 2016-06-12 21:49 - 2016-06-12 23:03 - 00000000 ____D C:\VIPRERESCUE 2016-06-04 22:04 - 2016-06-04 22:04 - 00582239 _____ C:\Users\GERGANA\Desktop\2120.pdf 2016-06-04 21:55 - 2016-06-04 21:55 - 00651354 _____ C:\Users\GERGANA\Desktop\обявление 2485 2012.pdf 2016-05-29 22:41 - 2016-05-29 22:41 - 00014098 _____ C:\Users\GERGANA\Desktop\The.Sex.Factor.S01E02.720p.WEB.x264-JAWN - [SRIGGA].torrent 2016-05-27 01:36 - 2016-06-13 00:29 - 00000000 ____D C:\Users\GERGANA\AppData\Roaming\Skype 2016-05-21 23:51 - 2016-05-21 23:51 - 00031579 _____ C:\Users\GERGANA\Desktop\The.100.S03E16.HDTV.x264-DEFiNE.torrent 2016-05-16 22:10 - 2016-05-16 22:11 - 00014811 _____ C:\Users\GERGANA\Desktop\The.Huntsman.Winters.War.2016.HC.HDRip.XviD.AC3-EVO.torrent ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-12 23:52 - 2013-12-11 16:41 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-12 21:56 - 2016-05-09 19:30 - 00000000 ____D C:\Users\GERGANA\AppData\LocalLow\360WD 2016-06-12 21:52 - 2013-12-11 16:41 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-12 21:52 - 2009-07-14 07:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-06-12 21:52 - 2009-07-14 07:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-06-12 21:51 - 2016-05-08 15:52 - 00594316 _____ C:\Windows\system32\perfh002.dat 2016-06-12 21:51 - 2016-05-08 15:52 - 00096648 _____ C:\Windows\system32\perfc002.dat 2016-06-12 21:51 - 2009-07-14 08:13 - 01365408 _____ C:\Windows\system32\PerfStringBackup.INI 2016-06-12 21:51 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf 2016-06-12 21:45 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-06-09 20:54 - 2013-12-11 16:42 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-07 04:01 - 2014-11-10 20:54 - 00003862 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1415642044 2016-06-06 22:52 - 2014-11-10 20:54 - 00000000 ____D C:\Program Files (x86)\Opera 2016-06-06 22:34 - 2009-07-14 08:08 - 00032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-05-30 01:19 - 2013-12-11 15:23 - 00000000 ____D C:\Users\GERGANA\AppData\Roaming\uTorrent 2016-05-26 22:18 - 2014-09-09 23:39 - 00000000 __SHD C:\Users\GERGANA\AppData\LocalLow\EmieUserList 2016-05-26 22:18 - 2014-09-09 23:02 - 00000000 __SHD C:\Users\GERGANA\AppData\Local\EmieUserList 2016-05-26 22:18 - 2014-09-09 23:02 - 00000000 __SHD C:\Users\GERGANA\AppData\Local\EmieSiteList 2016-05-26 22:18 - 2014-09-04 15:04 - 00000000 __SHD C:\Users\GERGANA\AppData\LocalLow\EmieSiteList ==================== Files in the root of some directories ======= 2016-05-11 08:48 - 2016-05-11 08:48 - 6748160 _____ () C:\Program Files (x86)\GUT6E0F.tmp 2014-03-20 23:13 - 2016-05-06 22:43 - 0008704 _____ () C:\Users\GERGANA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-12-17 20:46 - 2014-09-03 23:44 - 0007668 _____ () C:\Users\GERGANA\AppData\Local\resmon.resmoncfg 2014-02-02 00:20 - 2014-02-02 00:20 - 0000000 _____ () C:\ProgramData\0x0304A000.sfl Some files in TEMP: ==================== C:\Users\GERGANA\AppData\Local\Temp\PCloudCleanerUpdater.exe C:\Users\GERGANA\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-06-07 08:47 ==================== End of FRST.txt ============================ Addition.txt
  19. Здравейте, имам проблем с браузърите. Имам някакво вирусче, когато отворя Google и започна да пиша, ме препраща в plus network, отварят ми се нови прозорци без причина. Сканирах с Anti-malware- нищо не откри, кажете какво да правя?
  20. Здравейте! От известно време забелязвам нещо странно, което се случва средно 2-3 пъти на ден. Докато пиша нещо на компютъра (било то в сайт или в документ), в един момент все едно съм натиснал някъде и трябва пак да кликна с мишката, за да продължа да пиша. Съмнявам се за троянски кон или нещо подобно, а на компютъра ми има ценни файлове и не искам да се случи нещо с тях. Addition.txt е прикачен. Ето какво ми излезе от FRST.txt : Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:Addition.txt 21-08-2016 01 Ran by Home (administrator) on USER (22-08-2016 16:23:03) Running from C:\Users\Home\Desktop Loaded Profiles: Home (Available Profiles: Home) Platform: Windows 8.1 Pro (Update) (X64) Language: Български (България) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (LolBoT.) C:\Users\Home\Desktop\Spam BoT v1.6.exe (CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe (CyberGhost S.R.L.) C:\Program Files\CyberGhost 6\CyberGhost.exe (The OpenVPN Project) C:\Program Files\CyberGhost 6\Data\OpenVPN\openvpn.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Home\Desktop\FRST64 (1).exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-340910651-1706132204-2474600806-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe HKU\S-1-5-21-340910651-1706132204-2474600806-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 6\CyberGhost.exe [1156656 2016-08-18] (CyberGhost S.R.L.) HKU\S-1-5-21-340910651-1706132204-2474600806-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-07-19] (SUPERAntiSpyware) HKU\S-1-5-21-340910651-1706132204-2474600806-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 217.18.241.110 62.221.132.218 Tcpip\..\Interfaces\{A5B8694A-AE79-46DB-880E-D71D678D76AD}: [DhcpNameServer] 194.187.251.67 185.93.180.131 38.132.106.139 Tcpip\..\Interfaces\{F0633EB8-7F25-4AC3-B3AF-52B66A40127F}: [NameServer] 194.187.251.67,185.93.180.131 Tcpip\..\Interfaces\{F0633EB8-7F25-4AC3-B3AF-52B66A40127F}: [DhcpNameServer] 217.18.241.110 62.221.132.218 Internet Explorer: ================== HKU\S-1-5-21-340910651-1706132204-2474600806-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.bg/ SearchScopes: HKU\S-1-5-21-340910651-1706132204-2474600806-1001 -> DefaultScope {E6A0ADEC-9673-4D7B-AAF9-A6CD68FBC2DD} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-340910651-1706132204-2474600806-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-340910651-1706132204-2474600806-1001 -> {E6A0ADEC-9673-4D7B-AAF9-A6CD68FBC2DD} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\9c9lz5ps.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-11-29] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-11-29] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.) FF Extension: AdBlocker Ultimate - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\9c9lz5ps.default\Extensions\[email protected] [2016-07-02] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.bg/ CHR StartupUrls: Default -> "hxxps://www.google.bg/" CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Презентации) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-11] CHR Extension: (Google Документи) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-11] CHR Extension: (Google Диск) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-11] CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-08-08] CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-11] CHR Extension: (Google Търсене) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-11] CHR Extension: (Електронни таблици от Google) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-11] CHR Extension: (Google Документи офлайн) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (AdBlock) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-28] CHR Extension: (goo.gl URL Shortener) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2016-01-11] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-11] CHR Extension: (Chrome Media Router) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18] Opera: ======= StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com) R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [71728 2016-08-18] (CyberGhost S.R.L) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2541192 2016-06-23] (ESET) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [164736 2012-11-29] (Intel Corporation) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4192344 2016-03-09] (INCA Internet Co., Ltd.) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2015-05-29] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263336 2016-06-23] (ESET) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-13] (ESET) S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15488 2016-06-23] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [197288 2016-06-23] (ESET) R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [181416 2016-06-23] (ESET) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [119712 2016-06-16] (Oracle Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) U4 ekbdflt; \SystemRoot\system32\DRIVERS\ekbdflt.sys [X] U4 epfw; \SystemRoot\system32\DRIVERS\epfw.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-22 16:23 - 2016-08-22 16:23 - 00015571 _____ C:\Users\Home\Desktop\FRST.txt 2016-08-22 16:22 - 2016-08-22 16:22 - 02396672 _____ (Farbar) C:\Users\Home\Desktop\FRST64 (1).exe 2016-08-19 23:42 - 2016-08-19 23:43 - 00000000 ____D C:\Users\Home\AppData\Local\CyberGhost 2016-08-19 23:40 - 2016-08-20 05:57 - 00001744 _____ C:\Users\Home\Desktop\CyberGhost 6.lnk 2016-08-19 23:40 - 2016-08-19 23:42 - 00000000 ____D C:\Program Files\TAP-Windows 2016-08-19 23:40 - 2016-08-19 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6 2016-08-19 21:41 - 2013-08-22 16:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160819-214126.backup 2016-08-19 21:35 - 2016-08-19 21:35 - 00000000 ____D C:\Program Files\Common Files\AV 2016-08-19 21:35 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe 2016-08-19 21:33 - 2016-08-19 22:16 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2016-08-19 21:33 - 2016-08-19 22:05 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2016-08-19 21:33 - 2016-08-19 21:33 - 00001403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2016-08-19 21:33 - 2016-08-19 21:33 - 00001391 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2016-08-19 21:33 - 2016-08-19 21:33 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2016-08-19 21:33 - 2016-08-19 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2016-08-19 21:33 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2016-08-12 23:13 - 2016-08-12 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2016-08-12 23:13 - 2016-08-12 23:13 - 00000000 ____D C:\ProgramData\ESET 2016-08-12 22:53 - 2016-08-12 22:53 - 00000000 ____D C:\Users\Home\AppData\Local\ESET 2016-08-12 19:11 - 2016-08-22 16:23 - 00000000 ____D C:\FRST 2016-08-12 18:52 - 2016-08-12 19:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2016-08-12 18:48 - 2016-08-12 18:48 - 00000000 ____D C:\Users\Home\AppData\Local\PackageAware 2016-08-12 18:48 - 2016-08-12 18:48 - 00000000 ____D C:\ProgramData\Webroot 2016-08-10 23:04 - 2016-08-10 23:35 - 00135698 _____ C:\Windows\ntbtlog.txt 2016-08-10 22:54 - 2016-08-10 23:04 - 00000000 ____D C:\Users\Home\AppData\Local\FSDART 2016-08-10 22:54 - 2016-08-10 22:56 - 00000000 ____D C:\ProgramData\F-Secure 2016-08-10 22:54 - 2016-08-10 22:54 - 00000000 ____D C:\Users\Home\AppData\Local\F-Secure 2016-08-10 22:39 - 2016-08-22 14:39 - 00000518 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e948b6d5-3326-404d-a121-aaf5de858a09.job 2016-08-10 22:39 - 2016-08-10 22:39 - 00003480 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e948b6d5-3326-404d-a121-aaf5de858a09 2016-08-10 22:39 - 2016-08-10 22:39 - 00000000 ____D C:\Users\Home\AppData\Roaming\SUPERAntiSpyware.com 2016-08-10 22:38 - 2016-08-10 22:39 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2016-08-10 22:38 - 2016-08-10 22:38 - 00001780 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2016-08-10 22:38 - 2016-08-10 22:38 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2016-08-10 22:38 - 2016-08-10 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2016-08-10 13:50 - 2016-08-02 09:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-08-10 13:50 - 2016-08-02 09:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-08-10 13:50 - 2016-08-02 09:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-08-10 13:50 - 2016-08-02 09:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-08-10 13:50 - 2016-08-02 09:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-08-10 13:50 - 2016-08-02 09:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-08-10 13:50 - 2016-08-02 08:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-08-10 13:50 - 2016-08-02 08:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-08-10 13:50 - 2016-08-02 08:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-08-10 13:50 - 2016-08-02 08:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-08-10 13:50 - 2016-08-02 08:46 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-08-10 13:50 - 2016-08-02 08:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-08-10 13:50 - 2016-08-02 08:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-08-10 13:50 - 2016-08-02 08:39 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-08-10 13:50 - 2016-08-02 08:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-08-10 13:50 - 2016-08-02 08:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-08-10 13:50 - 2016-08-02 08:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-08-10 13:50 - 2016-08-02 08:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-08-10 13:50 - 2016-08-02 08:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-08-10 13:50 - 2016-08-02 08:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-08-10 13:50 - 2016-08-02 08:20 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-08-10 13:50 - 2016-08-02 08:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-08-10 13:50 - 2016-08-02 08:15 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-08-10 13:50 - 2016-08-02 08:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-08-10 13:50 - 2016-08-02 08:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-08-10 13:50 - 2016-08-02 08:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-08-10 13:50 - 2016-08-02 07:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-08-10 13:50 - 2016-08-02 07:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-08-10 13:50 - 2016-08-02 07:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-08-10 13:50 - 2016-08-02 07:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-08-10 13:50 - 2016-07-08 17:18 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-08-10 13:48 - 2016-07-12 17:08 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll 2016-08-10 13:48 - 2016-07-09 03:09 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-08-10 13:48 - 2016-07-09 03:08 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-08-10 13:48 - 2016-07-08 17:32 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2016-08-10 13:48 - 2016-07-08 17:25 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2016-08-10 13:48 - 2016-07-08 17:22 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-08-10 13:48 - 2016-07-08 17:19 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll 2016-08-10 13:48 - 2016-07-08 17:17 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll 2016-08-10 13:48 - 2016-07-08 01:33 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-08-10 13:48 - 2016-07-08 00:53 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-08-10 13:48 - 2016-07-07 23:06 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-08-10 13:48 - 2016-07-06 17:26 - 07793152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2016-08-10 13:48 - 2016-07-06 17:26 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll 2016-08-10 13:48 - 2016-07-06 17:23 - 05270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll 2016-08-10 13:48 - 2016-07-06 17:21 - 05265920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2016-07-31 12:03 - 2016-08-04 00:14 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-07-31 12:03 - 2016-08-04 00:14 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-07-31 12:02 - 2016-08-22 16:12 - 00001016 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-31 12:02 - 2016-08-22 12:12 - 00001012 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-31 12:02 - 2016-07-31 12:07 - 00003752 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-07-28 04:44 - 2016-03-09 13:51 - 04192344 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des 2016-07-28 04:43 - 2016-07-28 04:43 - 00000000 ____D C:\Program Files\Common Files\INCA Shared 2016-07-28 04:43 - 2004-12-30 15:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys 2016-07-28 04:43 - 2003-07-16 00:17 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd 2016-07-28 04:36 - 2016-07-28 04:36 - 00000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webzen 2016-07-28 04:21 - 2016-07-28 04:27 - 00000000 ____D C:\ProgramData\WEBZEN ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-22 15:44 - 2016-01-11 17:43 - 00000000 ____D C:\Users\Home\AppData\Local\ClassicShell 2016-08-22 15:25 - 2016-01-11 17:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-08-22 13:19 - 2016-01-11 17:28 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{00D94D0E-AC24-41C8-A8A1-1ECCB56AC88E} 2016-08-22 01:13 - 2016-01-11 17:40 - 00000284 _____ C:\Windows\Tasks\AutoKMS.job 2016-08-21 23:08 - 2016-01-11 17:24 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-340910651-1706132204-2474600806-1001 2016-08-21 05:47 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Inf 2016-08-21 03:53 - 2016-01-14 22:43 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-08-21 02:21 - 2016-01-11 20:55 - 09648128 ___SH C:\Users\Home\Desktop\Thumbs.db 2016-08-21 02:07 - 2016-04-10 01:01 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-08-21 02:05 - 2016-01-12 19:12 - 00047512 _____ C:\Windows\system32\perfh002.dat 2016-08-21 02:05 - 2016-01-12 19:12 - 00011800 _____ C:\Windows\system32\perfc002.dat 2016-08-21 02:05 - 2014-03-18 18:45 - 00907186 _____ C:\Windows\system32\PerfStringBackup.INI 2016-08-19 23:43 - 2016-07-11 13:25 - 00000000 ____D C:\Program Files\CyberGhost 6 2016-08-19 17:51 - 2016-01-11 17:27 - 00000000 ____D C:\Users\Home\AppData\Local\Google 2016-08-18 03:55 - 2016-01-11 17:44 - 00000000 __SHD C:\Users\Home\IntelGraphicsProfiles 2016-08-18 03:55 - 2013-08-22 17:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-08-18 02:17 - 2016-06-23 20:20 - 00007620 _____ C:\Users\Home\AppData\Local\Resmon.ResmonCfg 2016-08-18 01:00 - 2016-01-12 18:23 - 00000000 ____D C:\Users\Home\AppData\Local\ElevatedDiagnostics 2016-08-17 15:33 - 2013-08-22 18:20 - 00000000 ____D C:\Windows\CbsTemp 2016-08-12 23:58 - 2016-01-12 01:22 - 00000000 ____D C:\Users\Home\AppData\Roaming\vlc 2016-08-12 23:13 - 2016-01-11 17:41 - 00000000 ____D C:\Program Files\ESET 2016-08-12 23:07 - 2016-01-11 17:17 - 00000000 ____D C:\Program Files\KMSpico 2016-08-12 20:25 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\AppReadiness 2016-08-12 19:45 - 2016-01-11 20:27 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-08-12 19:27 - 2016-04-16 10:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-08-11 16:48 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\rescache 2016-08-10 15:55 - 2013-08-22 17:44 - 00483920 _____ C:\Windows\system32\FNTCACHE.DAT 2016-08-10 15:54 - 2013-08-22 16:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2016-08-10 15:52 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\LiveKernelReports 2016-08-10 15:50 - 2013-08-22 18:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-08-10 15:44 - 2016-01-11 20:27 - 00000000 ____D C:\Windows\system32\MRT 2016-08-10 15:37 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\SecureBootUpdates 2016-08-10 13:46 - 2016-06-24 21:45 - 00563024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2016-08-10 13:46 - 2016-06-24 21:45 - 00397232 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2016-08-10 13:46 - 2016-06-24 21:45 - 00340880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2016-08-10 13:46 - 2016-06-24 21:45 - 00178016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-08-07 21:24 - 2016-05-12 16:40 - 00000000 ____D C:\Program Files\CyberGhost 5 2016-08-07 18:08 - 2016-01-11 17:18 - 00000000 ____D C:\Users\Home\AppData\Local\Packages 2016-08-05 14:24 - 2013-08-22 18:36 - 00000000 ___HD C:\Windows\ELAMBKUP 2016-07-31 12:07 - 2016-01-11 17:26 - 00003988 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-07-31 12:02 - 2016-01-11 17:26 - 00000000 ____D C:\Program Files (x86)\Google 2016-07-31 02:18 - 2014-03-18 18:17 - 00000000 ____D C:\Windows\ShellNew 2016-07-28 08:07 - 2016-01-11 17:38 - 00000000 ____D C:\Users\Home\AppData\Roaming\uTorrent 2016-07-28 04:41 - 2016-01-11 17:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-07-27 22:25 - 2016-01-11 19:56 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-07-23 07:07 - 2016-01-11 17:45 - 00000000 ____D C:\Users\Home\AppData\Roaming\Skype 2016-07-23 07:01 - 2016-01-11 17:32 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-07-23 07:01 - 2016-01-11 17:32 - 00000000 ____D C:\ProgramData\Skype ==================== Files in the root of some directories ======= 2016-06-23 20:20 - 2016-08-18 02:17 - 0007620 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg 2016-06-27 20:07 - 2016-06-27 20:07 - 0000259 _____ () C:\ProgramData\fontcacheev1.dat Files to move or delete: ==================== C:\ProgramData\fontcacheev1.dat ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-08-19 12:12 ==================== End of FRST.txt ============================
  21. Здравейте , Преде 5-6 месеца загубух аблсолютно всички снимки на лаптопа ми. Въс всяка една папка се появи файл с име Help your files и вътре описва вашите файлове бяха криптирани със RSA-2048 CryptoWall . Моля ви ,ако можете да съдействате как да ги спасим. Ще ви бъдя благодарен. Не съм пипал нищо след случилото се преди време -ядосах се оставих нещата така. Ако се нуждате от някаква информация съм на разположение ,мога да прикача и криптиран файл ако е неообходимо Със Windoows 7 съм! Благодаря ви !
  22. Здравейте, Компютърът грее твърде много, вентилатора работи постоянно на много високи обороти. Рестартира се на около час. Благодаря предварително за помощта и отделеното време. Поздрави Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-05-2016 Ran by Цанко (administrator) on ЦАНКО-PC (15-05-2016 22:22:48) Running from C:\Users\Цанко\Desktop Loaded Profiles: Цанко (Available Profiles: Цанко) Platform: Windows 7 Professional Service Pack 1 (X64) Language: Български (България) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe (Panda Security) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (FSPro Labs) C:\Program Files\My Lockbox\mylbx.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\mylbx.exe [2584352 2013-02-02] (FSPro Labs) HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-04-15] (Malwarebytes Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1949877206-2356282544-3030030191-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) HKU\S-1-5-21-1949877206-2356282544-3030030191-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-05] (Valve Corporation) HKU\S-1-5-21-1949877206-2356282544-3030030191-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-07] (Microsoft Corporation) GroupPolicyScripts-x32: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{2AA55182-A17E-47FB-B81D-3A68A10165D4}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{FCB1C0E1-7E77-4A79-845B-0F7A268A9474}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-1949877206-2356282544-3030030191-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-03] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-03] (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Цанко\AppData\Roaming\Mozilla\Firefox\Profiles\h4tir7qj.default-1429521463859 FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] () FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-03] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-03] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-13] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-13] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1949877206-2356282544-3030030191-1000: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll [No File] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-21] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013-06-19] (Nullsoft, Inc.) FF Extension: WOT - C:\Users\Цанко\AppData\Roaming\Mozilla\Firefox\Profiles\h4tir7qj.default-1429521463859\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-10] FF Extension: 1-Click YouTube Video Downloader - C:\Users\Цанко\AppData\Roaming\Mozilla\Firefox\Profiles\h4tir7qj.default-1429521463859\extensions\[email protected] [2016-04-10] FF Extension: NoScript - C:\Users\Цанко\AppData\Roaming\Mozilla\Firefox\Profiles\h4tir7qj.default-1429521463859\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-10] FF Extension: British English Dictionary (Updated) - C:\Users\Цанко\AppData\Roaming\Mozilla\Firefox\Profiles\h4tir7qj.default-1429521463859\Extensions\[email protected] [2015-05-18] [not signed] FF Extension: Adblock Plus - C:\Users\Цанко\AppData\Roaming\Mozilla\Firefox\Profiles\h4tir7qj.default-1429521463859\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29] Chrome: ======= CHR Profile: C:\Users\Цанко\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Презентации) - C:\Users\Цанко\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-06] CHR Extension: (Google Документи) - C:\Users\Цанко\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-06] CHR Extension: (Google Диск) - C:\Users\Цанко\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-15] CHR Extension: (Adblock Plus) - C:\Users\Цанко\AppData\Local\Google\Chrome\User Data\Default\Extensions\bljgpamangnnoojjnncmahkefkhicimb [2015-04-06] CHR Extension: (YouTube) - C:\Users\Цанко\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-20] CHR Extension: (Google Търсене) - C:\Users\Цанко\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-15] CHR Extension: (Електронни таблици от Google) - C:\Users\Цанко\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-06] CHR Extension: (Google Документи офлайн) - C:\Users\Цанко\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-15] CHR Extension: (AdBlock) - C:\Users\Цанко\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-15] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Цанко\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-20] CHR Extension: (Gmail) - C:\Users\Цанко\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06] CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx <not found> Opera: ======= OPR Extension: (SavePass 1.2) - C:\Users\Цанко\AppData\Roaming\Opera Software\Opera Stable\Extensions\ilhhefepljbmehhbmjcflhcchkddfaon [2015-05-14] OPR Extension: (Adblock Plus) - C:\Users\Цанко\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-04-06] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation) R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-04-15] (Malwarebytes Corporation) R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.) R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.) R2 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [296760 2014-09-19] (Panda Security) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-01-29] () R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.) R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-24] (StarWind Software) [File not signed] R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [254904 2016-03-20] (RaMMicHaeL) S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2013-04-12] () [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-09-26] (AVG Technologies) U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.) R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation) S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation) S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-04-15] () R0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [54848 2010-07-22] (FSPro Labs) R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-07-09] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201976 2015-07-09] (Panda Security, S.L.) R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-07-09] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-07-09] (Panda Security, S.L.) R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [57648 2015-05-20] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-07-09] (Panda Security, S.L.) R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [73464 2015-08-31] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-07-09] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-07-09] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [170232 2015-07-09] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-07-09] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257784 2015-07-09] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-07-09] (Panda Security, S.L.) R3 panda_url_filteringd; C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [164088 2015-07-19] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121592 2015-07-19] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197880 2015-07-19] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124152 2015-07-19] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [134392 2015-07-19] (Panda Security, S.L.) R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107768 2015-07-19] (Panda Security, S.L.) R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.) R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-28] (Realtek Semiconductor Corp.) R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [692832 2012-10-02] (Ralink Technology, Corp.) S3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2012-04-06] (Synaptics Incorporated) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2013-05-15] (Duplex Secure Ltd.) U3 a8qtbpmm; C:\Windows\System32\Drivers\a8qtbpmm.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder) U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.) S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] U0 Partizan; system32\drivers\Partizan.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-15 22:22 - 2016-05-15 22:24 - 00017876 _____ C:\Users\Цанко\Desktop\FRST.txt 2016-05-15 22:22 - 2016-05-15 22:22 - 02382336 _____ (Farbar) C:\Users\Цанко\Desktop\FRST64.exe 2016-05-15 22:22 - 2016-05-15 22:22 - 00000000 ____D C:\FRST 2016-05-10 22:08 - 2015-05-22 11:45 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-15 22:20 - 2013-07-02 14:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-05-15 22:14 - 2015-04-06 19:27 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-15 21:34 - 2009-07-14 07:45 - 00009600 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-15 21:34 - 2009-07-14 07:45 - 00009600 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-15 21:33 - 2015-04-06 19:27 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-15 21:21 - 2015-04-25 21:23 - 00000394 ____H C:\Windows\Tasks\{74B1C4E8-6E77-4B9B-A02C-68E5435EB87F}.job 2016-05-15 21:21 - 2015-04-25 20:59 - 00000000 ____D C:\ProgramData\panda_url_filtering 2016-05-13 19:20 - 2013-07-02 14:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-05-13 19:20 - 2013-04-12 16:08 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-05-13 19:20 - 2013-04-12 16:08 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-13 19:17 - 2015-04-06 19:28 - 00002153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-13 19:09 - 2015-04-06 19:27 - 00003994 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-13 19:09 - 2015-04-06 19:27 - 00003742 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-13 19:07 - 2014-08-27 23:06 - 00003862 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1409169997 2016-05-13 19:07 - 2014-08-27 23:06 - 00000000 ____D C:\Program Files (x86)\Opera 2016-05-13 19:04 - 2016-01-29 23:39 - 00108544 _____ C:\Users\Цанко\Desktop\Balans.xls 2016-05-13 19:02 - 2016-01-11 18:17 - 00000000 ____D C:\Program Files (x86)\Steam 2016-05-13 19:01 - 2012-09-26 09:53 - 00000967 _____ C:\Windows\SysWOW64\bscs.ini 2016-05-13 19:01 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-10 22:22 - 2015-04-25 21:06 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2016-05-09 08:45 - 2015-04-25 21:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2016-05-09 08:45 - 2015-04-25 21:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit 2016-05-05 21:27 - 2013-04-12 16:30 - 00000000 ____D C:\Users\Цанко\AppData\Roaming\BitTorrent 2016-05-05 21:25 - 2013-04-12 17:42 - 00000000 ____D C:\Филми 2016-05-05 12:57 - 2013-04-15 11:20 - 00000000 ____D C:\Users\Цанко\AppData\Roaming\Skype 2016-04-30 12:57 - 2013-04-12 22:46 - 00000000 ____D C:\Снимки 2016-04-20 22:47 - 2013-04-19 23:47 - 00000000 ____D C:\Mp3 2016-04-20 22:39 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf 2016-04-19 13:58 - 2015-04-03 22:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-04-18 11:06 - 2014-09-15 13:20 - 00000000 ____D C:\Users\Цанко\AppData\Roaming\.minecraft ==================== Files in the root of some directories ======= 2016-01-27 10:54 - 2016-01-27 10:54 - 0001942 _____ () C:\Users\Цанко\AppData\Local\recently-used.xbel 2013-09-15 14:39 - 2015-01-15 19:20 - 0007604 _____ () C:\Users\Цанко\AppData\Local\Resmon.ResmonCfg 2015-04-25 10:47 - 2015-04-25 10:47 - 0000000 _____ () C:\Users\Цанко\AppData\Local\{38F119BE-B2C0-4255-AA3E-3293971E8BDF} 2015-04-25 10:51 - 2015-04-25 10:51 - 0000000 _____ () C:\Users\Цанко\AppData\Local\{63919EF7-6DD7-4A29-BB0C-2CE5DB01B3CE} Files to move or delete: ==================== C:\Users\Цанко\privatefirewall.exe C:\Windows\Tasks\{74B1C4E8-6E77-4B9B-A02C-68E5435EB87F}.job Some files in TEMP: ==================== C:\Users\Цанко\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll [2013-05-07 21:09] - [2013-10-16 10:41] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79 C:\Windows\SysWOW64\User32.dll [2013-05-07 21:09] - [2013-10-16 10:41] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-04-30 13:49 ==================== End of FRST.txt ============================ Addition.txt
  23. Здравейте, От известно време на 2 от компютрите ми се случва като чета статия или тема в този форум, някои от думите да се показват като хиперлинк към опасни сайтове. На самият линк пише Ads by advertise. Обикновено ме препраща към страници на ефбет (или фалшиви такива нямам представа). Това, което пробвах до момента е сканиране с Malwarebytes и Spybot search and destroy, както и AdwCleaner. И трите програми не откриват причината. Прикачвам снимка, на която се вижда хиперлинк. Предварително благодаря!
  24. Здравейте! Инсталирах софтуер свален от ненадеждни сайтове ,при който се наложи да деактивирам антивирусната и в момента всеки един браузър ,който стартирам ме отвежда до някакви нежелани сайтове. Как мога да оправя това? Как да проверя подробно ,какви други щети е нанесъл на операционната ми система този нежелан софтуер? Ползвам нод 32 и пир първо сканиране откри доста вируси ,доста от тях изтри ,но само това остана ,като проблем ,който така и не успявам да реша.
×
×
  • Добави ново...