Премини към съдържанието
vratarqt

Facebook вирусът --> Enhаnced Protection Mode на антивирусната

    Препоръчан отговор


    Здравейте,

    преди известно време(1 седмица може би) и аз се натъкнах на вируса от фейсбук (Hi. How are you? .... , после ти праща уж весел клип) Уви , вързах се, отворих клипа(за целта дръпнах някакъв препоръчителен Flash Player) и вирусът започна да препраща същите съобщение и клип от моя профил многократно на много от приятелите ми. Смених си паролата и не знам това ли му повлия, но спря да изпраща споменатите неща от мое име. На следващия ден и профилът на сестра ми във ФБ се зарази със същото нещо, но промяната на паролата първоначално не промени нищо, от профила и продължиха да се препращат съобщението и клипа на приятелите и. След още един ден вече не можехме да влизаме в ФБ, излизаше ни съобщение, че ФБ има проблем и се опитва да го оправи (в същото време обаче от лаптопа на баща ни влизахме във ФБ). И така до вчера това беше картината.От вчера вече не ни излиза съобщението,че ФБ има проблем,сестра ми казва,че като си влезе в профила вече и при нея не се препращат от само себе си съобщението и клипа (явно по някакъв начин от само себе си се е оправил ФБ-профила и, или може би това е временно и може пак да се появи? ). Сега проблемът е друг. От вчера излезе на антивирусната (долу вдясно до часовника) познатият червен прозорец Enhanced Protection Mode.Помислих, че е от самата антивирусна (Avira) ,тъй като преди около седмица и изтече лицензът, с който я дръпнах от нета. Странно, в Control Panel, добавяне/премахвяне на програми нямаше Avira-файл, но рекох си , Avira се е деинсталнала сама, понеже е изтекъл лицензът. Дръпнах си Avast. Но след инсталацията и ристартиранито на компа, при което Аваст го сканира, се появи отново червеният прозорец с Enhanced Protection Mode. Към момента обаче Аваст все още не се е деинсталирала от само себе си, или по точно - виждам я все още в Contol Panel.

    Знаех вече , че имам проблем, влязох в интернет и попаднах на вашия форум. Прочетох доста теми,в които се описваше същият или отчасти същият проблем като при мен. Прочетох още, че при всеки се действа отделно, и затова публикувам нова тема.

    Компютърът ми е Windows XP,версия 2002,Service Pack 3 пише също.

    А да, още нещо, и при мен се появи в Диспечера на задачите ufa.exe ,койта също товари много процесора. Не знам грешка ли е , но доста пъти му давах край на процеса, за да мога въобще да влизам в нета и да правя нещо на компа.

    Мисля , че това е всичко, извинявайте, ако съм Ви отегчил с дългия разказ, но не знам кое може да се окаже важно,затова описах всичко, както го видях.

    Предварително благодаря,че отделяте време и за мен!

    DDS файла приключи работата си. Ето двата отчета, които се появиха:

    .

    DDS (Ver_2011-06-23.01) - NTFSx86

    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

    Run by Vlado Kurtev at 11:05:53 on 2011-07-26

    Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.767.473 [GMT 3:00]

    .

    AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

    AV: avast! antivirus 4.8.1368 [VPS 091127-1] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    .

    ============== Running Processes ===============

    .

    C:\WINDOWS\system32\svchost -k DcomLaunch

    svchost.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs

    svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\Documents and Settings\Vlado Kurtev\Application Data\dwm.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Documents and Settings\Vlado Kurtev\Application Data\Microsoft\conhost.exe

    C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe

    C:\DOCUME~1\VLADOK~1\LOCALS~1\Temp\csrss.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\WINDOWS\system32\rundll32.exe

    "C:\WINDOWS\update.tray-7-0\svchost.exe"

    C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe

    C:\WINDOWS\l1rezerv.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe

    C:\WINDOWS\system32\drivers\CDAC11BA.EXE

    C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\update.2\svchost.exe srv

    C:\WINDOWS\sysdriver32.exe

    svchost.exe

    C:\WINDOWS\system32\svchost.exe -k imgsvc

    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    C:\WINDOWS\system32\UAService7.exe

    C:\WINDOWS\update.1\svchost.exe srv

    C:\Program Files\Canon\CAL\CALMAIN.exe

    "C:\WINDOWS\update.2\svchost.exe" stand

    C:\WINDOWS\System32\svchost.exe -k HTTPFilter

    C:\Program Files\Common Files\Java\Java Update\jucheck.exe

    C:\WINDOWS\update.5.0\svchost.exe srv

    "C:\WINDOWS\update.5.0\svchost.exe" stand

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://search.babylon.com/home?AF=18776

    uSearch Page = hxxp://www.google.com

    uSearch Bar = hxxp://www.google.com/ie

    uDefault_Search_URL = hxxp://www.google.com/ie

    uInternet Connection Wizard,ShellNext = iexplore

    uInternet Settings,ProxyServer = http=127.0.0.1:54667

    uSearchAssistant = hxxp://www.google.com/ie

    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

    mSearchAssistant = hxxp://www.google.com/ie

    uURLSearchHooks: IsoBuster Toolbar: {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - c:\program files\isobuster\prxtbIso0.dll

    uWinlogon: Shell=explorer.exe,c:\documents and settings\vlado kurtev\application data\dwm.exe

    uWindows: Load=c:\docume~1\vladok~1\locals~1\temp\csrss.exe

    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

    BHO: IsoBuster Toolbar: {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - c:\program files\isobuster\prxtbIso0.dll

    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    TB: IsoBuster Toolbar: {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - c:\program files\isobuster\prxtbIso0.dll

    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

    uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe

    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

    mRun: [nwiz] nwiz.exe /install

    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

    mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

    mRun: [soundMan] SOUNDMAN.EXE

    mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

    mRun: [wxpdrv] c:\windows\services32.exe

    mRun: [tray_ico0] c:\windows\update.tray-7-0\svchost.exe

    mRun: [sysdriver32.exe] "c:\windows\sysdriver32.exe" rezerv

    mRun: [sysdriver32_.exe] "c:\windows\sysdriver32_.exe" rezerv

    mRun: [l1rezerv.exe] "c:\windows\l1rezerv.exe"

    mRun: [conhost] c:\documents and settings\vlado kurtev\application data\microsoft\conhost.exe

    mRun: [84932378-loader2.exe] "c:\docume~1\vladok~1\locals~1\temp\84932378-loader2.exe"

    mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"

    mRun: [tray_ico]

    mRun: [tray_ico1]

    mRun: [tray_ico2]

    mRun: [tray_ico3]

    mRun: [tray_ico4]

    mRun: [7952985.exe] "c:\windows\temp\7952985.exe"

    mRun: [1005973.exe] "c:\windows\temp\1005973.exe"

    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

    StartupFolder: c:\documents and settings\vlado kurtev\start menu\programs\startup\PowerReg Scheduler.exe

    mPolicies-system: EnableLUA = 0 (0x0)

    mPolicies-system: EnableSecureUIAPaths = 0 (0x0)

    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000

    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

    TCP: DhcpNameServer = 93.155.247.2 192.168.0.1

    TCP: Interfaces\{DC13E36A-826C-45EE-9466-28CAB974A7DA} : DhcpNameServer = 93.155.247.2 192.168.0.1

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - c:\documents and settings\vlado kurtev\application data\mozilla\firefox\profiles\rvbk65cl.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&SearchSource=3&q={searchTerms}

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/

    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=

    FF - prefs.js: network.proxy.http - 127.0.0.1

    FF - prefs.js: network.proxy.http_port - 54667

    FF - prefs.js: network.proxy.type - 1

    FF - component: c:\documents and settings\vlado kurtev\application

    data\mozilla\firefox\profiles\rvbk65cl.default\extensions\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}\components\FFAlert.dll

    FF - component: c:\documents and settings\vlado kurtev\application data\mozilla\firefox\profiles\rvbk65cl.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll

    FF - plugin: c:\documents and settings\vlado kurtev\application data\facebook\npfbplugin_1_0_3.dll

    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

    FF - Ext: Babylon OCR: ocr@babylon.com - c:\program files\mozilla firefox\extensions\ocr@babylon.com

    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

    FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org

    FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com

    FF - Ext: myBabylon Toolbar: {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - %profile%\extensions\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}

    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

    FF - Ext: Freemake Video Downloader: fmdownloader@gmail.com - c:\program files\freemake\freemake video downloader\browserplugin\Firefox

    .

    ---- FIREFOX POLICIES ----

    FF - user.js: network.http.max-connections-per-server - 4

    FF - user.js: content.max.tokenizing.time - 1500000

    FF - user.js: nglayout.initialpaint.delay - 100

    .

    ============= SERVICES / DRIVERS ===============

    .

    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-7-21 353168]

    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-26 56816]

    R2 srvbtcclient;srvbtcclient;c:\windows\update.5.0\svchost.exe srv --> c:\windows\update.5.0\svchost.exe srv [?]

    R2 srviecheck;srviecheck;c:\windows\update.2\svchost.exe srv --> c:\windows\update.2\svchost.exe srv [?]

    R2 srvsysdriver32;srvsysdriver32;c:\windows\sysdriver32.exe srv --> c:\windows\sysdriver32.exe srv [?]

    R2 wxpdrivers;wxpdrivers;c:\windows\update.1\svchost.exe srv --> c:\windows\update.1\svchost.exe srv [?]

    S1 avgio;avgio;\??\c:\program files\avira\antivir desktop\avgio.sys --> c:\program files\avira\antivir desktop\avgio.sys [?]

    S2 0234281243324666mcinstcleanup;McAfee Application Installer Cleanup (0234281243324666);c:\docume~1\vladok~1\locals~1\temp\0234281243324666mcinst.exe

    c:\progra~1\common~1\mcafee\installer\cleanup.ini -cleanup -nolog -service --> c:\docume~1\vladok~1\locals~1\temp\0234281243324666mcinst.exe

    c:\progra~1\common~1\mcafee\installer\cleanup.ini -cleanup -nolog -service [?]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S3 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [2000-6-29 3584]

    S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\g:\test\everest 4.00 build 975 ultimate+crack\kerneld.wnt --> g:\test\everest 4.00 build 975 ultimate+crack\kerneld.wnt [?]

    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18

    753504]

    S3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [2008-7-3 391688]

    S4 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\avira\antivir desktop\sched.exe" --> c:\program files\avira\antivir desktop\sched.exe [?]

    S4 AntiVirService;Avira AntiVir Guard;"c:\program files\avira\antivir desktop\avguard.exe" --> c:\program files\avira\antivir desktop\avguard.exe [?]

    S4 Ippieccsmp;Ippieccsmp; [x]

    .

    =============== File Associations ===============

    .

    regfile=regedit.exe "%1" %*

    .

    =============== Created Last 30 ================

    .

    2011-07-25 13:28:13 -------- d--h--w- c:\windows\system32\GroupPolicy

    2011-07-25 13:17:23 -------- d--h--w- c:\windows\update.tray-7-0-lnk

    2011-07-25 13:17:23 -------- d--h--w- c:\windows\update.tray-7-0

    2011-07-21 12:41:26 -------- d-----w- c:\program files\IObit

    2011-07-19 19:37:36 -------- d-----w- c:\windows\rpcminer

    2011-07-19 19:37:36 -------- d-----w- c:\windows\phoenix

    2011-07-19 19:29:44 246272 ----a-w- c:\windows\unrar.exe

    2011-07-19 09:30:20 181248 ----a-w- c:\documents and settings\vlado kurtev\application data\dwm.exe

    2011-07-19 09:29:54 169472 ----a-w- c:\documents and settings\vlado kurtev\application data\microsoft\conhost.exe

    2011-07-18 18:28:12 -------- d-----w- c:\documents and settings\vlado kurtev\local settings\application data\Media Get LLC

    2011-07-18 18:27:54 -------- d-----w- c:\documents and settings\vlado kurtev\local settings\application data\MediaGet2

    2011-07-18 15:40:59 -------- d-----w- c:\documents and settings\vlado kurtev\application data\Ldoce

    2011-07-18 15:40:44 -------- d-----w- c:\program files\common files\Macrovision Shared

    2011-07-18 15:40:43 54784 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE

    2011-07-18 15:40:40 12464 ----a-w- c:\windows\system32\drivers\CdaC15BA.SYS

    2011-07-18 12:37:09 -------- d-----w- c:\windows\ufa

    2011-07-18 11:37:20 232960 ----a-w- c:\windows\l1rezerv.exe

    2011-07-18 10:31:17 -------- d-----w- c:\documents and settings\vlado kurtev\local settings\application data\Solid State Networks

    2011-07-18 10:07:40 181760 ----a-w- c:\program files\windows nt\dwm.exe

    2011-07-18 10:07:17 169472 ----a-w- c:\program files\internet explorer\conhost.exe

    2011-07-18 10:07:17 -------- d-----w- C:\Microsoft

    2011-07-18 10:07:07 169472 ----a-w- c:\windows\gbot111.exe

    2011-07-18 10:07:00 -------- d--h--w- c:\windows\update.2

    2011-07-18 10:06:47 -------- d--h--w- c:\windows\update.5.0

    2011-07-18 10:06:41 256000 ----a-w- c:\windows\sysdriver32_.exe

    2011-07-18 10:06:25 256000 ----a-w- c:\windows\sysdriver32.exe

    2011-07-18 10:06:02 -------- d-----w- c:\windows\av_ico

    2011-07-18 10:03:48 -------- d--h--w- c:\windows\update.1

    2011-07-18 10:03:38 -------- d--h--w- c:\windows\update.tray-8-0-lnk

    2011-07-18 10:03:38 -------- d--h--w- c:\windows\update.tray-8-0

    2011-07-17 20:19:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2011-07-17 20:11:05 1170432 ----a-w- c:\windows\services32.exe

    .

    ==================== Find3M ====================

    .

    2011-06-24 09:35:01 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

    2011-06-04 08:06:43 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

    2009-04-03 18:57:13 266240 ----a-w- c:\program files\Uninstall Pando Toolbar.dll

    2008-05-07 15:42:45 409695 ----a-w- c:\program files\Uninstall Fun Web Products.dll

    .

    =================== ROOTKIT ====================

    .

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

    Windows 5.1.2600 Disk: ST3120022A rev.8.01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

    .

    device: opened successfully

    user: MBR read successfully

    .

    Disk trace:

    called modules: ntoskrnl.exe >>UNKNOWN [0x82F8AC78]<<

    _asm { MOV EAX, 0x82f8ab98; XCHG [ESP], EAX; PUSH EAX; PUSH 0x82fdba74; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL;

    ADD [EAX], AL; ADD [EAX], AL; }

    1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x82F54AB8]

    \Driver\Disk[0x82F04A08] -> IRP_MJ_CREATE -> 0x82F8AC78

    kernel: MBR read successfully

    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP

    MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

    detected disk devices:

    detected hooks:

    \Driver\Disk -> 0x82f8ac78

    user & kernel MBR OK

    Warning: possible MBR rootkit infection !

    .

    ============= FINISH: 11:06:29.76 ===============

    Ето сега и Attach файла :

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2011-06-23.01)

    .

    Microsoft Windows XP Professional

    Boot Device: \Device\HarddiskVolume1

    Install Date: 2/13/2008 15:57:52

    System Uptime: 7/26/2011 10:00:00 (1 hours ago)

    .

    Motherboard: Gigabyte Technology Co., Ltd. | | GA-7VT600

    Processor: AMD Athlon™ XP 2200+ | Socket A | 1808/133mhz

    .

    ==== Disk Partitions =========================

    .

    A: is Removable

    C: is FIXED (NTFS) - 20 GiB total, 4.712 GiB free.

    D: is FIXED (NTFS) - 49 GiB total, 15.069 GiB free.

    E: is FIXED (NTFS) - 43 GiB total, 1.545 GiB free.

    F: is CDROM ()

    H: is CDROM (CDFS)

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    RP360: 7/18/2011 14:38:06 - Контролна точка на системата

    RP361: 7/19/2011 15:26:01 - Контролна точка на системата

    RP362: 7/21/2011 16:05:14 - Контролна точка на системата

    RP363: 7/22/2011 16:28:32 - Контролна точка на системата

    RP364: 7/25/2011 18:05:28 - Контролна точка на системата

    .

    ==== Installed Programs ======================

    .

    1503 A.D.

    A4 Tech PC Camera V

    Adobe Flash Player 10 ActiveX

    Adobe Reader 8.3.0

    Advanced SystemCare 4

    Ashampoo Burning Studio 2007

    Auto Gordian Knot 2.45

    avast! Antivirus

    AviSynth 2.5

    BitLord 1.1

    C-Media WDM Audio Driver

    Canon Camera Access Library

    Canon Camera Support Core Library

    Canon Camera Window DC_DV 5 for ZoomBrowser EX

    Canon Camera Window DC_DV 6 for ZoomBrowser EX

    Canon Camera Window MC 6 for ZoomBrowser EX

    Canon G.726 WMP-Decoder

    Canon MovieEdit Task for ZoomBrowser EX

    Canon RAW Image Task for ZoomBrowser EX

    Canon RemoteCapture Task for ZoomBrowser EX

    Canon Utilities EOS Utility

    Canon Utilities PhotoStitch

    Canon Utilities ZoomBrowser EX

    Codec pack Base (DivX, Xvid, 3ivx)

    Compatibility Pack for the 2007 Office system

    Counter-Strike 1.0

    Facebook Plug-In

    ffdshow (remove only)

    FlexType 2K

    FormatFactory 2.40

    Freemake Video Downloader version 2.0.3

    GOM Player

    Google Earth

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

    Hotfix for Windows XP (KB952287)

    Hotfix for Windows XP (KB961118)

    Hotfix for Windows XP (KB970653-v3)

    HPCarePackProducts

    hppMSRedist

    hppusgP1000

    HPSSupply

    Icy Tower v1.3.1

    InterVideo DeviceService

    IsoBuster Toolbar

    IZArc 3.81

    Java Auto Updater

    Java™ 6 Update 24

    Java™ 6 Update 7

    K-Lite Codec Pack 3.9.0 Full

    Knights Of Honor

    KoralSoft - EuroDictXP

    L&H TTS3000 British English

    LDOCE

    MarketResearch

    Medal of Honor Allied Assault

    Microsoft .NET Framework 2.0 Service Pack 2

    Microsoft .NET Framework 3.0 Service Pack 2

    Microsoft .NET Framework 3.5 SP1

    Microsoft .NET Framework 4 Client Profile

    Microsoft Office XP Professional with FrontPage

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Mozilla Firefox (3.5.6)

    MrvlUsgTracking

    MSXML 4.0 SP2 (KB936181)

    MSXML 4.0 SP2 (KB954430)

    MSXML 6 Service Pack 2 (KB954459)

    NVIDIA Drivers

    OpenOffice.org Installer 1.0

    Platform

    PonyProg v1.17h

    Pro Evolution Soccer 6

    Realtek AC'97 Audio

    Revo Uninstaller 1.83

    SA Dictionary 2005 T2

    SafeCast Shared Components

    Security Update for Windows Internet Explorer 8 (KB969897)

    Security Update for Windows Internet Explorer 8 (KB972260)

    Security Update for Windows Media Encoder (KB954156)

    Security Update for Windows Media Player (KB952069)

    Security Update for Windows Media Player (KB973540)

    Security Update for Windows Media Player 10 (KB936782)

    Security Update for Windows XP (KB923561)

    Security Update for Windows XP (KB938464-v2)

    Security Update for Windows XP (KB938464)

    Security Update for Windows XP (KB941569)

    Security Update for Windows XP (KB946648)

    Security Update for Windows XP (KB950759)

    Security Update for Windows XP (KB950760)

    Security Update for Windows XP (KB950762)

    Security Update for Windows XP (KB950974)

    Security Update for Windows XP (KB951066)

    Security Update for Windows XP (KB951376-v2)

    Security Update for Windows XP (KB951376)

    Security Update for Windows XP (KB951698)

    Security Update for Windows XP (KB951748)

    Security Update for Windows XP (KB952004)

    Security Update for Windows XP (KB952954)

    Security Update for Windows XP (KB953838)

    Security Update for Windows XP (KB953839)

    Security Update for Windows XP (KB954211)

    Security Update for Windows XP (KB954600)

    Security Update for Windows XP (KB955069)

    Security Update for Windows XP (KB956390)

    Security Update for Windows XP (KB956391)

    Security Update for Windows XP (KB956572)

    Security Update for Windows XP (KB956744)

    Security Update for Windows XP (KB956802)

    Security Update for Windows XP (KB956803)

    Security Update for Windows XP (KB956841)

    Security Update for Windows XP (KB957095)

    Security Update for Windows XP (KB957097)

    Security Update for Windows XP (KB958215)

    Security Update for Windows XP (KB958644)

    Security Update for Windows XP (KB958687)

    Security Update for Windows XP (KB958690)

    Security Update for Windows XP (KB959426)

    Security Update for Windows XP (KB960225)

    Security Update for Windows XP (KB960714)

    Security Update for Windows XP (KB960715)

    Security Update for Windows XP (KB960803)

    Security Update for Windows XP (KB960859)

    Security Update for Windows XP (KB961371)

    Security Update for Windows XP (KB961373)

    Security Update for Windows XP (KB961501)

    Security Update for Windows XP (KB968537)

    Security Update for Windows XP (KB969898)

    Security Update for Windows XP (KB970238)

    Security Update for Windows XP (KB971557)

    Security Update for Windows XP (KB971633)

    Security Update for Windows XP (KB971657)

    Security Update for Windows XP (KB973346)

    Security Update for Windows XP (KB973354)

    Security Update for Windows XP (KB973507)

    Security Update for Windows XP (KB973869)

    Skype™ 5.3

    SmartSound Quicktracks Plugin

    SMS version 3.0.2.8

    Software Update for Web Folders

    Spelling Dictionaries Support For Adobe Reader 8

    SubDownloader2

    The KMPlayer (remove only)

    TuneUp Utilities 2008

    Ulead VideoStudio 11

    Update for Windows Internet Explorer 8 (KB968220)

    Update for Windows Media Player 10 (KB926251)

    Update for Windows XP (KB951072-v2)

    Update for Windows XP (KB951978)

    Update for Windows XP (KB955839)

    Update for Windows XP (KB967715)

    Update for Windows XP (KB968389)

    Update for Windows XP (KB973815)

    VIA ї»ї

    VideoLAN VLC media player 0.8.6c

    VideoStudio

    vloader-bg 1.59

    VP-EYE

    WebFldrs XP

    Winamp (remove only)

    Windows Bulgarian Interface Pack

    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

    Windows Media Encoder 9 Series

    Windows XP Service Pack 3

    Xilisoft Video Converter Ultimate

    xplorerІ professional

    съ»і°рсєё ёЅтµрфµ№с ·° TuneUp Utilities 2008

    су ї°єµт ·° Ashampoo Burning Studio 2007

    .

    ==== Event Viewer Messages From Past Week ========

    .

    7/25/2011 16:17:22, error: DCOM [10005] - DCOM got error "%1084"

    attempting to start the service EventSystem with arguments "" in order to run

    the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    7/25/2011 16:13:11, error: W32Time [17] - Time Provider NtpClient: An error

    occurred during DNS lookup of the manually configured peer

    'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15

    minutes. The error was: A socket operation was attempted to an unreachable

    host. (0x80072751)

    7/21/2011 10:52:50, error: Service Control Manager [7026] - The following

    boot-start or system-start driver(s) failed to load: avgio

    7/21/2011 10:52:48, error: Service Control Manager [7000] - The Avira

    AntiVir Scheduler service failed to start due to the following error: The system

    cannot find the path specified.

    7/21/2011 10:52:48, error: Service Control Manager [7000] - The Avira

    AntiVir Guard service failed to start due to the following error: The system

    cannot find the path specified.

    7/19/2011 22:28:28, error: Service Control Manager [7034] - The srvbtcclient

    service terminated unexpectedly. It has done this 1 time(s).

    .

    ==== End Of File ===========================

    Това е. Нещо ,което пропуснах , е че съм почти сигурен , че нямам CD с Windows XP.

    Редактирано от kal (преглед на промените)
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    • Изтеглете OTL.exe и го запазете на десктопа.
    • Стартирайте файла Публикувано изображение с двукратен клик на мишката.
    • Сложете отметка пред Scan All Users Публикувано изображение
    • Под менюто File Age => изберете 90 days
    • Под менюто Standard Registry => променете на ALL
    • Сложете отметки пред LOP и Purity Check
    • Под Публикувано изображение с Copy/ Paste въведете следната текстова информация:
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\Application Data\*.*
    %USERPROFILE%\Local Settings\Application Data\*.*
    %AllUsersProfile%\*.*
    %AllUsersProfile%\Application Data\*.*
    %USERPROFILE%\My Documents\*.*
    %CommonProgramFiles%\*.*
    %PROGRAMFILES%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    /md5start
    hlp.dat
    winlogon.exe
    wininit.exe
    userinit.exe
    explorer.exe
    volsnap.sys
    /md5stop
    
    • Натиснете маркираният в синьо бутон: Публикувано изображение.
    • Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt.
    • Публикувайте съдържанието на лог файловете в следващия си коментар.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Извинявам се забавянето...не сме ви забравили...просто имаме много случаи и при това не само в този форум...доста българи са засегнати от този вирус. След малко ще пиша като анализирам резултатите. Очите ми станаха на палачинки от взиране в това бялото.

    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Деинсталирайте остатъците от AVIRA и avast! от Control Panel-a

    Това приложение да ви е познато за да знам дали да затворя тези портове ?

    "45000:UDP" = 45000:UDP:*:Enabled:msisvchost

    "45001:UDP" = 45001:UDP:*:Enabled:msisvchost

    "45003:UDP" = 45003:UDP:*:Enabled:msisvchost

    Стартирайте отново OTL, копирайте (Copy) и поставете (Paste) скриптовия текст от текстовото поле по-долу под колонката Custom Scans/Fixes, като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта.

    
    
    
    
    :Processes
    killallprocesses
    :OTL
    SRV - File not found [Disabled | Stopped] --  -- (AntiVirService)
    SRV - File not found [Disabled | Stopped] --  -- (AntiVirSchedulerService)
    SRV - File not found [Auto | Stopped] --  -- (0234281243324666mcinstcleanup) McAfee Application Installer Cleanup (0234281243324666)
    SRV - [2011/07/26 10:08:20 | 000,348,672 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.5.0\svchost.exe -- (srvbtcclient)
    SRV - [2011/07/25 17:44:05 | 000,256,000 | ---- | M] () [Auto | Running] -- C:\WINDOWS\sysdriver32.exe -- (srvsysdriver32)
    SRV - [2011/07/25 17:21:00 | 000,495,616 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.2\svchost.exe -- (srviecheck)
    SRV - [2011/07/17 23:10:50 | 001,170,432 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\update.1\svchost.exe -- (wxpdrivers)
    DRV - [2009/12/07 20:36:38 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2009/11/25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2009/06/11 11:28:57 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009/05/26 17:07:52 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61717
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61717
    IE - HKU\S-1-5-21-602162358-813497703-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-602162358-813497703-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54667
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 54667
    FF - prefs.js..network.proxy.type: 1
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
    [2009/05/16 20:02:56 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Vlado Kurtev\Application Data\Mozilla\Firefox\Profiles\rvbk65cl.default\searchplugins\ask.xml
    [2011/01/08 23:40:30 | 000,002,394 | ---- | M] () -- C:\Documents and Settings\Vlado Kurtev\Application Data\Mozilla\Firefox\Profiles\rvbk65cl.default\searchplugins\askcom.xml
    [2010/09/22 14:47:46 | 000,000,909 | ---- | M] () -- C:\Documents and Settings\Vlado Kurtev\Application Data\Mozilla\Firefox\Profiles\rvbk65cl.default\searchplugins\conduit.xml
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [1005973.exe] C:\WINDOWS\TEMP\1005973.exe ()
    O4 - HKLM..\Run: [7952985.exe] C:\WINDOWS\TEMP\7952985.exe ()
    O4 - HKLM..\Run: [84932378-loader2.exe] C:\Documents and Settings\Vlado Kurtev\Local Settings\Temp\84932378-loader2.exe ()
    O4 - HKLM..\Run: [conhost] C:\Documents and Settings\Vlado Kurtev\Application Data\Microsoft\conhost.exe ()
    O4 - HKLM..\Run: [l1rezerv.exe] C:\WINDOWS\l1rezerv.exe ()
    O4 - HKLM..\Run: [sysdriver32.exe] C:\WINDOWS\sysdriver32.exe ()
    O4 - HKLM..\Run: [sysdriver32_.exe] C:\WINDOWS\sysdriver32_.exe ()
    O4 - HKLM..\Run: [tray_ico]  File not found
    O4 - HKLM..\Run: [tray_ico0] C:\WINDOWS\update.tray-7-0\svchost.exe ()
    O4 - HKLM..\Run: [tray_ico1]  File not found
    O4 - HKLM..\Run: [tray_ico2]  File not found
    O4 - HKLM..\Run: [tray_ico3]  File not found
    O4 - HKLM..\Run: [tray_ico4]  File not found
    O4 - HKLM..\Run: [wxpdrv] C:\WINDOWS\services32.exe ()
    F3 - HKU\S-1-5-21-602162358-813497703-839522115-1003 WinNT: Load - (C:\DOCUME~1\VLADOK~1\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\Vlado Kurtev\Local Settings\Temp\csrss.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Program Files\Windows NT\dwm.exe) - C:\Program Files\Windows NT\dwm.exe ()
    O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Program Files\Windows NT\dwm.exe) - C:\Program Files\Windows NT\dwm.exe ()
    O20 - HKU\S-1-5-21-602162358-813497703-839522115-1003 Winlogon: Shell - (C:\Documents and Settings\Vlado Kurtev\Application Data\dwm.exe) - C:\Documents and Settings\Vlado Kurtev\Application Data\dwm.exe ()
    O31 - SafeBoot: AlternateShell - services32.exe
    O33 - MountPoints2\{aacdb56e-a1c6-11dd-875a-000d612d6c81}\Shell\AutoRun\command - "" = ysep1.exe
    O33 - MountPoints2\{aacdb56e-a1c6-11dd-875a-000d612d6c81}\Shell\open\Command - "" = ysep1.exe
    O33 - MountPoints2\{c7bff842-da40-11dc-b656-000d612d6c81}\Shell - "" = AutoRun
    [2011/07/25 16:17:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-7-0-lnk
    [2011/07/25 16:17:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-7-0
    [2011/07/25 15:05:55 | 000,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/07/25 15:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Antivirus
    [2011/07/25 15:05:54 | 000,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/07/25 15:05:54 | 000,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/07/25 15:05:52 | 000,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/07/25 15:05:52 | 000,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
    [2011/07/25 15:05:52 | 000,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/07/25 15:05:52 | 000,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/07/25 15:05:52 | 000,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/07/25 15:05:30 | 001,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/07/19 22:37:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer
    [2011/07/19 22:37:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix
    [2011/07/18 15:37:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa
    [2011/07/18 13:07:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2
    [2011/07/18 13:06:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0
    [2011/07/18 13:06:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\av_ico
    [2011/07/18 13:03:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1
    [2011/07/18 13:03:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-8-0-lnk
    [2011/07/18 13:03:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-8-0
    [2011/07/26 11:23:46 | 000,000,179 | ---- | M] () -- C:\WINDOWS\info1
    [2011/07/26 10:00:30 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
    [2011/07/25 17:44:05 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32_.exe
    [2011/07/25 17:44:05 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe
    [2011/07/25 17:26:41 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
    [2011/07/21 12:39:56 | 000,181,248 | ---- | M] () -- C:\Documents and Settings\Vlado Kurtev\Application Data\dwm.exe
    [2011/07/21 10:52:36 | 000,009,659 | ---- | M] () -- C:\Documents and Settings\Vlado Kurtev\Application Data\FDFA.A02
    [2011/07/19 22:37:35 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar
    [2011/07/19 22:37:35 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe
    [2011/07/19 22:37:35 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar
    [2011/07/19 22:37:31 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar
    [2011/07/19 22:29:44 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar
    [2011/07/18 13:07:07 | 000,169,472 | ---- | M] () -- C:\WINDOWS\gbot111.exe
    [2011/07/18 13:06:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok
    [2011/07/17 23:10:50 | 001,170,432 | ---- | M] () -- C:\WINDOWS\services32.exe
    [2011/07/17 03:24:20 | 004,636,907 | ---- | M] () -- C:\WINDOWS\geoiplist
    [2011/07/19 22:37:35 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar
    [2011/07/19 22:37:34 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar
    [2011/07/19 22:37:31 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar
    [2011/07/19 22:29:46 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist
    [2011/07/19 22:29:44 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar
    [2011/07/19 22:29:44 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
    [2011/07/19 12:30:20 | 000,181,248 | ---- | C] () -- C:\Documents and Settings\Vlado Kurtev\Application Data\dwm.exe
    [2011/07/19 12:29:55 | 000,009,659 | ---- | C] () -- C:\Documents and Settings\Vlado Kurtev\Application Data\FDFA.A02
    [2011/07/18 14:37:20 | 000,232,960 | ---- | C] () -- C:\WINDOWS\l1rezerv.exe
    [2011/07/18 13:07:07 | 000,169,472 | ---- | C] () -- C:\WINDOWS\gbot111.exe
    [2011/07/18 13:06:47 | 000,000,179 | ---- | C] () -- C:\WINDOWS\info1
    [2011/07/18 13:06:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
    [2011/07/18 13:06:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\sysdriver32_.exe
    [2011/07/18 13:06:25 | 000,256,000 | ---- | C] () -- C:\WINDOWS\sysdriver32.exe
    [2011/07/17 23:11:05 | 001,170,432 | ---- | C] () -- C:\WINDOWS\services32.exe
    @Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BF2F6B5
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6152D44C
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1940DBE8
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66B13F37
    :files
    C:\WINDOWS\update.5.0
    C:\WINDOWS\sysdriver32.exe
    C:\WINDOWS\l1rezerv.exe
    C:\WINDOWS\update.2
    C:\Documents and Settings\Vlado Kurtev\Local Settings\Temp\csrss.exe
    C:\Documents and Settings\Vlado Kurtev\Application Data\dwm.exe
    C:\Documents and Settings\Vlado Kurtev\Application Data\Microsoft\conhost.exe
    C:\WINDOWS\update.tray-7-0
    C:\WINDOWS\update.1
    C:\WINDOWS\services32.exe
    C:\WINDOWS\update.1\svchost.exe
    C:\WINDOWS\update.tray-8-0\svchost.exe
    C:\WINDOWS\update.2\svchost.exe
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify"=dword:00000000
    "FirewallDisableNotify"=dword:00000000
    "UpdatesDisableNotify"=dword:00000000
    "AntiVirusOverride"=dword:00000000
    "FirewallOverride"=dword:00000000
    "DisableThumbnailCache"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\services32.exe"=-
    "C:\WINDOWS\update.1\svchost.exe"=-
    "C:\WINDOWS\update.tray-8-0\svchost.exe"=-
    "C:\WINDOWS\update.2\svchost.exe"=-
    :commands
    [resethosts]
    [emptytemp]
    
    След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

    Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

    Изтеглете SystemLook и запазете програмата на десктопа.

    • Кликнете два пъти върху SystemLook.exe, за да стартирате програмата.
    • Копирайте съдържанието от цитата по-долу в текстовото поле на програмата:
    :reg
    HKEY_USERS\S-1-5-21-602162358-813497703-839522115-1003\Software\Microsoft\Windows NT\CurrentVersion\Windows
    
    • Кликнете на бутона Look, за да започне сканирането.
    • Когато сканирането завърши ще се отвори Notepad с резултата от сканирането. После публикувайте лог файла в следващия си коментар.

    • Харесва ми 3

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравей отново! Извинявяй за забавянето, имах работа извън къщи. Разбирам, че и ти си зает - просто още едно голямо благодаря от всички нас за вашата помощ!

    Така, това приложиние msisvchost съм го виждал и преди в диспечъра на задачите, при процеси, но не знам каква му е функцията, нито дали е полезен или вреден за компютъра.Във всеки случай не е инсталирано (ако е програма) от мен или някой от семейството ми. Вредно ли е това приложение ?

    Сега ще направя каквото си ми посочил и пак ще пиша .

    Имам въпрос:

    Премахнах от Control Pdnel всички файлове,свързани с двете Антивирусни. Сега ще направя това, което ми писа за OTL програмата. Въпросът е , трябва ли отново да настроя OTL, както при първото използване - File Age -> 90 Days,Standart Registry -> All и т.н.?

    Редактирано от vratarqt (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Не, просто копирайте скрипта в полето отдолу и натискате Run Fix. ;) После ще проверим и този msisvchost.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравей отново! Така, направих операцията с OTL, но след рестарта не излезе нищо, просто Windows си зареди.Следователно , откъде да взема Лог файла, за да ти го дам? Междувременно , докато чаках, забелязaх , че след като в диспечъра на задачите изключа процеса ufo.exe , процесът firefox.exe започва да натоварва процесорa много - 90% и нагоре. Не знам дали това ти говори нещо , просто споделям. Та откъде да взема лог файла?

    Редактирано от vratarqt (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Лог файла се намира в папката C:\_OTL\Movedfiles Копирайте го в следващия си пост...има опасност да не се е получила процедурата, защото процеса ufa.exe бе маркиран в скрипта ми за триене, но щом още стои ще се наложи да използваме алтернативен инструмент.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    В посочената папка има само една друга папка, наименувана с номера: 07262011_170155 . Тази папка пък от своя страна е празна.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Значи лог файл йок....добре минаваме на тежката артилерия, после ще се върнем на OTL да доизчистим:

    1. Изтеглете ComboFix от BleepingComputer

    и го запазете (бутон Save -> Save as) ComboFix на вашия десктоп:

    Публикувано изображение

    След приключване на изтеглянето на ComboFix, иконката на програмата би трябвало да изглежда така:

    Публикувано изображение

    2. Затворете всички работещи приложения, отворени прозорци и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност, ако има такива. За целта може да прегледате информацията от този линк: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs.

    3. Стартирайте с двоен клик Combofix.exe. Изберете YES, за да се съгласите с условията за използване на програмата. Важно: По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.

    4. ComboFix ще провери дали Windows Recovery Console e инсталиранa.

    *Ако Windows Recovery Console не е инсталирана, ще е необходимо да използвате YES за инсталация на Windows Recovery Console

    *Ако Windows Recovery Console е инсталирана, ComboFix ще продължи работата си.

    Публикувано изображение

    Забележка: Необходимо е да сте свързани към Интернет за да може Windows Recovery Console да се изтегли.

    След инсталация на Windows Recovery Console потвърдете с YES, за да продължите напред. Снимка:

    Публикувано изображение

    5. ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на Combofix, моля да прочетете това: Manually restoring the Internet connection section.

    Забележка: При проблеми с ComboFix копирайте с (Copy) и поставете с (Paste) съдържанието на C:\BUG.txt в следващия си коментар.

    6. Когато работата на ComboFix приключи, ще се появи текстов документ (log) в Notepad:

    Публикувано изображение

    Копирайте с (Copy) и поставете с (Paste) съдържанието на лога в следващия си коментар.

    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Срещам трудност! След като дръпнах CamboFix файла, четох в линка How to temporally desable your Anti-virus. Но там пише, че за да изключа Аваст , трябва да кликна с десен бутон и да направя така и така. Но това е невъзможно, понеже Аваст-иконката до часовника долу вдясно е оранжева и с който и от бутоните на мишката да кликна излиза Enhanced Protection Mode. Затова директно включих Cambo Fix. Със самото кликване върху иконката и , Аваст иконата до часовника изчезна. Но в следващата секунда CamboFix ми показа съобщение , че : antivirus: AntiVir Dekstop antivirus: avast! antivirus 4.8.1368 [VPS 091127-1] The above real time scanner(s) are still active. и ме призовава да ги изключа. При което аз влязох в Control Panel,Security Center и направих така, че WindowsFirewall да е е изключена (пише Not Monitored) а срещу Automatic Updates, Virus Proteсtion има OFF. После натиснах ОК на CamboFix Съобщението. Ноизлезе второ ,което гласи почти същото : antivirus: AntiVir Dekstop antivirus: avast! antivirus 4.8.1368 [VPS 091127-1] The above real time scanner(s) are still active but CamboFix shall continue to run.Kindly note that this is at your own risk. При това съобщение реших да ти пиша. Какво да направя, да дам ОК и на второто Съобщение от CamboFix или пък как да ги изключа тези - antivirus: AntiVir Dekstop ,аntivirus: avast! antivirus 4.8.1368 [VPS 091127-1]

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Пробвайте направо да деинсталирате антивирусната и тогава да продължите...ако не се получи просто натиснете OK.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравей отново!

    Така CamboFix свърши работата си. Сега ще Paste лог файла.(Въпрос: Да пусна ли вече Windows Firewall?)

    ComboFix 11-07-26.02 - Vlado Kurtev 07/26/2011 19:00:09.1.1 - x86

    Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.767.500 [GMT 3:00]

    Running from: c:\documents and settings\Vlado Kurtev\Desktop\ComboFix.exe

    AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

    AV: avast! antivirus 4.8.1368 [VPS 091127-1] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\documents and settings\Vlado Kurtev\Application Data\Desktopicon

    c:\documents and settings\Vlado Kurtev\Application Data\dwm.exe

    c:\documents and settings\Vlado Kurtev\Application Data\Microsoft\conhost.exe

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\1.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\a.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\b.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\c.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\d.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\e.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\f.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\g.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\h.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\i.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\J.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\k.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\l.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\m.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\mru.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\n.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\o.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\p.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\q.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\r.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\s.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\t.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\u.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\v.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\w.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\x.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\y.xml

    c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\z.xml

    c:\documents and settings\Vlado Kurtev\WINDOWS

    C:\Microsoft

    c:\program files\Internet Explorer\conhost.exe

    c:\program files\Mozilla Firefox\components\npclntax.xpt

    c:\program files\Uninstall Fun Web Products.dll

    c:\windows\btc_client_iplist.txt

    c:\windows\ddh_iplist.txt

    c:\windows\front_ip_list.txt

    c:\windows\gbot111.exe

    c:\windows\iecheck_iplist.txt

    c:\windows\info1

    c:\windows\iplist.txt

    c:\windows\l1rezerv.exe

    c:\windows\loader2.exe_ok

    c:\windows\msvrc20.dll

    c:\windows\phoenix.rar

    c:\windows\proc_list1.log

    c:\windows\rpcminer.rar

    c:\windows\services32.exe

    c:\windows\sysdriver32.exe

    c:\windows\sysdriver32_.exe

    c:\windows\system32\drivers\etc\hѕsts

    c:\windows\TEMP\1005973.exe

    c:\windows\ufa.rar

    c:\windows\update.1

    c:\windows\update.1\svchost.exe

    c:\windows\update.2

    c:\windows\update.2\svchost.exe

    c:\windows\update.5.0

    c:\windows\update.5.0\svchost.exe

    c:\windows\update.tray-7-0\svchost.exe

    c:\windows\VM305Cap.exe

    c:\windows\winlog-dirs.txt

    c:\windows\winlog-ids.txt

    c:\windows\winsetupapi.log

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    -------\Legacy_SRVIECHECK

    -------\Legacy_SRVSYSDRIVER32

    -------\Legacy_WXPDRIVERS

    -------\Service_srviecheck

    -------\Service_srvsysdriver32

    -------\Service_wxpdrivers

    -------\Legacy_srvbtcclient

    -------\Legacy_srvbtcclient

    -------\Service_srvbtcclient

    -------\Service_srvbtcclient

    .

    .

    ((((((((((((((((((((((((( Files Created from 2011-06-26 to 2011-07-26 )))))))))))))))))))))))))))))))

    .

    .

    2011-07-26 14:01 . 2011-07-26 14:01 -------- d-----w- C:\_OTL

    2011-07-25 13:28 . 2011-07-25 13:28 -------- d--h--w- c:\windows\system32\GroupPolicy

    2011-07-25 13:17 . 2011-07-26 16:04 -------- d--h--w- c:\windows\update.tray-7-0

    2011-07-25 13:17 . 2011-07-25 13:17 -------- d--h--w- c:\windows\update.tray-7-0-lnk

    2011-07-25 12:05 . 2009-11-24 22:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys

    2011-07-25 12:05 . 2009-11-24 22:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys

    2011-07-25 12:05 . 2009-11-24 22:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

    2011-07-25 12:05 . 2009-11-24 22:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

    2011-07-25 12:05 . 2009-11-24 22:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

    2011-07-25 12:05 . 2009-11-24 22:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

    2011-07-25 12:05 . 2009-11-24 22:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

    2011-07-25 12:05 . 2009-11-24 22:47 97480 ----a-w- c:\windows\system32\AvastSS.scr

    2011-07-25 12:05 . 2009-11-24 22:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe

    2011-07-25 12:05 . 2004-01-09 08:13 380928 ----a-w- c:\windows\system32\actskin4.ocx

    2011-07-21 12:41 . 2011-07-21 12:41 -------- d-----w- c:\program files\IObit

    2011-07-19 19:37 . 2011-07-19 19:37 -------- d-----w- c:\windows\rpcminer

    2011-07-19 19:37 . 2011-07-19 19:37 -------- d-----w- c:\windows\phoenix

    2011-07-19 19:29 . 2011-07-19 19:37 246272 ----a-w- c:\windows\unrar.exe

    2011-07-18 18:28 . 2011-07-18 18:28 -------- d-----w- c:\documents and settings\Vlado Kurtev\Local Settings\Application Data\Media Get LLC

    2011-07-18 18:27 . 2011-07-18 18:29 -------- d-----w- c:\documents and settings\Vlado Kurtev\Local Settings\Application Data\MediaGet2

    2011-07-18 15:40 . 2011-07-18 15:41 -------- d-----w- c:\documents and settings\Vlado Kurtev\Application Data\Ldoce

    2011-07-18 15:40 . 2011-07-18 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision

    2011-07-18 15:40 . 2011-07-18 15:40 -------- d-----w- c:\program files\Common Files\Macrovision Shared

    2011-07-18 15:40 . 2011-07-18 15:40 54784 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE

    2011-07-18 15:40 . 2011-07-18 15:40 12464 ----a-w- c:\windows\system32\drivers\CdaC15BA.SYS

    2011-07-18 12:37 . 2011-07-19 19:37 -------- d-----w- c:\windows\ufa

    2011-07-18 10:31 . 2011-07-18 10:31 -------- d-----w- c:\documents and settings\Vlado Kurtev\Local Settings\Application Data\Solid State Networks

    2011-07-18 10:07 . 2011-07-18 10:07 181760 ----a-w- c:\program files\Windows NT\dwm.exe

    2011-07-18 10:06 . 2011-07-25 13:19 -------- d-----w- c:\windows\av_ico

    2011-07-18 10:03 . 2011-07-18 10:03 -------- d--h--w- c:\windows\update.tray-8-0

    2011-07-18 10:03 . 2011-07-18 10:03 -------- d--h--w- c:\windows\update.tray-8-0-lnk

    2011-07-17 20:19 . 2011-07-18 10:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2011-06-24 09:35 . 2010-06-23 09:09 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

    2011-06-04 08:06 . 2011-01-23 15:24 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

    2009-04-03 18:57 . 2009-04-03 19:10 266240 ----a-w- c:\program files\Uninstall Pando Toolbar.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

    "{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\prxtbIso0.dll" [2011-01-17 175912]

    .

    [HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

    .

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

    2011-01-17 14:54 175912 ----a-w- c:\program files\IsoBuster\prxtbIso0.dll

    .

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

    2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\prxtbIso0.dll" [2011-01-17 175912]

    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]

    .

    [HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

    .

    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

    .

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

    "{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}"= "c:\program files\IsoBuster\prxtbIso0.dll" [2011-01-17 175912]

    .

    [HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-06-16 413072]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

    "nwiz"="nwiz.exe" [2006-10-22 1622016]

    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

    .

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    .

    c:\documents and settings\Vlado Kurtev\Start Menu\Programs\Startup\

    PowerReg Scheduler.exe [2008-6-21 256000]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableSecureUIAPaths"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

    BootExecute REG_MULTI_SZ autocheck autochk /p \??\G:\0autocheck autochk *

    .

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced WindowsCare V2 Personal

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

    .

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

    "ctfmon.exe"=c:\windows\system32\ctfmon.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

    "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd

    "BigDog305"=c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

    "HPUsageTracking"=c:\program files\HP\HP UT\bin\hppusg.exe "c:\program files\HP\HP UT\"

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "FirewallOverride"=dword:00000001

    "DisableThumbnailCache"=dword:00000001

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Program Files\\BitLord\\BitLord.exe"=

    "e:\\Games to Nicki\\cs\\Counter-Strike\\hl.exe"=

    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    "c:\\WINDOWS\\update.tray-8-0\\svchost.exe"=

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

    "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

    "500:UDP"= 500:UDP:@xpsp2res.dll,-22017

    "57967:TCP"= 57967:TCP:Pando P2P TCP Listening Port

    "57967:UDP"= 57967:UDP:Pando P2P UDP Listening Port

    "58943:TCP"= 58943:TCP:Pando P2P TCP Listening Port

    "58943:UDP"= 58943:UDP:Pando P2P UDP Listening Port

    "58894:TCP"= 58894:TCP:Pando P2P TCP Listening Port

    "58894:UDP"= 58894:UDP:Pando P2P UDP Listening Port

    "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

    "45000:UDP"= 45000:UDP:msisvchost

    "45001:UDP"= 45001:UDP:msisvchost

    "45003:UDP"= 45003:UDP:msisvchost

    .

    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/13/2008 17:33 643072]

    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [7/21/2011 15:41 353168]

    S2 0234281243324666mcinstcleanup;McAfee Application Installer Cleanup (0234281243324666);c:\docume~1\VLADOK~1\LOCALS~1\Temp\0234281243324666mcinst.exe c:\progra~1\COMMON~1\McAfee\Installer\cleanup.ini -cleanup -nolog -service --> c:\docume~1\VLADOK~1\LOCALS~1\Temp\0234281243324666mcinst.exe c:\progra~1\COMMON~1\McAfee\Installer\cleanup.ini -cleanup -nolog -service [?]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 13:16 130384]

    S3 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [6/29/2000 17:24 3584]

    S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\g:\test\EVEREST 4.00 Build 975 Ultimate+Crack\kerneld.wnt --> g:\test\EVEREST 4.00 Build 975 Ultimate+Crack\kerneld.wnt [?]

    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 13:16 753504]

    S3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [7/3/2008 12:32 391688]

    S4 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]

    S4 Ippieccsmp;Ippieccsmp; [x]

    .

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

    UxTuneUp

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2011-07-26 c:\windows\Tasks\1-Click Maintenance.job

    - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 06:09]

    .

    2011-07-22 c:\windows\Tasks\ASC4_AutoCare.job

    - c:\program files\IObit\Advanced SystemCare 4\AutoCare.exe [2011-07-21 11:29]

    .

    2011-07-26 c:\windows\Tasks\ASC4_AutoSweep.job

    - c:\program files\IObit\Advanced SystemCare 4\AutoSweep.exe [2011-07-21 11:29]

    .

    2011-07-26 c:\windows\Tasks\ASC4_AutoUpdate.job

    - c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2011-07-21 11:29]

    .

    2011-07-26 c:\windows\Tasks\ASC4_PerformanceMonitor.job

    - c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-07-21 11:29]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://search.babylon.com/home?AF=18776

    uDefault_Search_URL = hxxp://www.google.com/ie

    uInternet Connection Wizard,ShellNext = iexplore

    uInternet Settings,ProxyServer = http=127.0.0.1:54667

    uSearchAssistant = hxxp://www.google.com/ie

    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

    TCP: DhcpNameServer = 93.155.247.2 192.168.0.1

    FF - ProfilePath - c:\documents and settings\Vlado Kurtev\Application Data\Mozilla\Firefox\Profiles\rvbk65cl.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&SearchSource=3&q={searchTerms}

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/

    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=

    FF - prefs.js: network.proxy.http - 127.0.0.1

    FF - prefs.js: network.proxy.http_port - 54667

    FF - prefs.js: network.proxy.type - 1

    FF - Ext: Babylon OCR: ocr@babylon.com - c:\program files\Mozilla Firefox\extensions\ocr@babylon.com

    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

    FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org

    FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com

    FF - Ext: myBabylon Toolbar: {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - %profile%\extensions\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}

    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

    FF - Ext: Freemake Video Downloader: fmdownloader@gmail.com - c:\program files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox

    FF - user.js: network.http.max-connections-per-server - 4

    FF - user.js: content.max.tokenizing.time - 1500000

    FF - user.js: nglayout.initialpaint.delay - 100

    .

    - - - - ORPHANS REMOVED - - - -

    .

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

    HKLM-Run-Cmaudio - cmicnfg.cpl

    HKLM-Run-wxpdrv - c:\windows\services32.exe

    HKLM-Run-tray_ico0 - c:\windows\update.tray-7-0\svchost.exe

    HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe

    HKLM-Run-tray_ico - (no file)

    HKLM-Run-tray_ico1 - (no file)

    HKLM-Run-tray_ico2 - (no file)

    HKLM-Run-tray_ico3 - (no file)

    HKLM-Run-tray_ico4 - (no file)

    AddRemove-Codec pack Base (DivX, Xvid, 3ivx) - c:\windows\system32\uninst Codec pack Base (DivX

    .

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2011-07-26 19:07

    Windows 5.1.2600 Service Pack 3 NTFS

    .

    scanning hidden processes ...

    .

    scanning hidden autostart entries ...

    .

    scanning hidden files ...

    .

    scan completed successfully

    hidden files: 0

    .

    **************************************************************************

    .

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

    "ImagePath"="\??\g:\test\EVEREST 4.00 Build 975 Ultimate+Crack\kerneld.wnt"

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    .

    - - - - - - - > 'explorer.exe'(3556)

    c:\windows\system32\WININET.dll

    c:\windows\system32\nview.dll

    c:\windows\system32\ieframe.dll

    c:\windows\system32\nvwddi.dll

    c:\windows\system32\webcheck.dll

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\windows\system32\drivers\CDAC11BA.EXE

    c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe

    c:\program files\Java\jre6\bin\jqs.exe

    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    c:\windows\system32\nvsvc32.exe

    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    c:\windows\system32\UAService7.exe

    c:\windows\SOUNDMAN.EXE

    c:\windows\system32\rundll32.exe

    c:\program files\Canon\CAL\CALMAIN.exe

    c:\windows\system32\wscntfy.exe

    .

    **************************************************************************

    .

    Completion time: 2011-07-26 19:11:50 - machine was rebooted

    ComboFix-quarantined-files.txt 2011-07-26 16:11

    .

    Pre-Run: 4,959,739,904 bytes free

    Post-Run: 4,835,659,776 bytes free

    .

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    UnsupportedDebug="do not select this" /debug

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect

    .

    - - End Of File - - EFB16EBAAE34E91D8C8F6A8AC8DF663D

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Деинсталирайте ли от Control Panel => ADD or Remove Programs => следните програми:

    Avira

    avast

    (накрая ще инсталираме антивирусна, но само една)

    *. Отворете notepad.exe и с copy/paste въведете следната информация:

    KILLALL::
    Driver::
    0234281243324666mcinstcleanup
    Ippieccsmp
    AntiVirSchedulerService
    File::
    c:\windows\unrar.exe
    c:\windows\system32\ConduitEngine.tmp
    Folder::
    c:\windows\update.tray-7-0
    c:\windows\update.tray-7-0-lnk
    c:\windows\rpcminer
    c:\windows\phoenix
    c:\windows\ufa
    c:\windows\av_ico
    c:\windows\update.tray-8-0
    c:\windows\update.tray-8-0-lnk
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    [-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    "BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000000
    "DisableThumbnailCache"=dword:00000000
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\update.tray-8-0\\svchost.exe"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "45000:UDP"=-
    "45001:UDP"=-
    "45003:UDP"=-
    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:54667
    Firefox::
    FF - ProfilePath - c:\documents and settings\Vlado Kurtev\Application Data\Mozilla\Firefox\Profiles\rvbk65cl.default\
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 54667
    FF - prefs.js: network.proxy.type - 1
    

    Запазете файла с име CFScript и го провлачете и пуснете в Combofix (както е показано на картинката отдолу).

    Публикувано изображение

    *. По време на сканиране от страна на ComboFix не стартирайте никакви други приложения, не натискайте клавиши от клавиатурата и не местете мишката !

    *. Когато Combofix приключи ще създаде лог файла. Моля, публикувайте този файл в следващия си пост.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Относно Антивирусните (Avira , Avast) - в Контрол панела, Добавяне/премахване на програми , не виждам нито едната, нито другата, което би трябвало да значе, че са деинсталирани?Не знам. Не знам също дали това е важно, но в момента Mozilla Firefox не ми е активна - в момента съм в нета чрез Интернет Експлолера на Уиндълс. За Мозилата ми пише, че Прокси сърварът отказва свързване. Така, сега ще направя следващата стъпка с CamboFix.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Просто се виждат остатъци от антивирусните и затова ви питах...нищо това е поправимо...колкото до активния браузър - Combofix прави Internet Explorer браузър по-подразбиране (и това се оправя). Прокситата също ще бъдат оправени...включени са в скрипта ми...Действайте. :mistaken:

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравей отново! Така, и ComcoFix свърши работата ,ето лог файла: (Мозилата се оправи, в момента чрез нея съм в нета :mistaken: ) ComboFix 11-07-26.02 - Vlado Kurtev 07/26/2011 19:58:00.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.767.378 [GMT 3:00] Running from: c:\documents and settings\Vlado Kurtev\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Vlado Kurtev\Desktop\CFScript.txt AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: avast! antivirus 4.8.1368 [VPS 091127-1] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . FILE :: "c:\windows\system32\ConduitEngine.tmp" "c:\windows\unrar.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Vlado Kurtev\Application Data\PriceGong c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\1.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\a.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\b.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\c.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\d.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\e.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\f.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\g.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\h.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\i.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\J.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\k.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\l.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\m.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\n.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\o.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\p.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\q.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\r.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\s.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\t.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\u.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\v.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\w.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\x.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\y.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\z.xml c:\windows\av_ico c:\windows\av_ico\ico_avast_desktop.ico c:\windows\av_ico\ico_avast_start.ico c:\windows\av_ico\ico_avira_start.ico c:\windows\phoenix c:\windows\phoenix\kernels\phatk\__init__.py c:\windows\phoenix\kernels\phatk\__init__.pyc c:\windows\phoenix\kernels\phatk\BFIPatcher.py c:\windows\phoenix\kernels\phatk\kernel.cl c:\windows\phoenix\kernels\poclbm\__init__.py c:\windows\phoenix\kernels\poclbm\__init__.pyc c:\windows\phoenix\kernels\poclbm\BFIPatcher.py c:\windows\phoenix\kernels\poclbm\kernel.cl c:\windows\phoenix\phoenix.exe c:\windows\rpcminer c:\windows\rpcminer\bitcoinminercuda_10.cubin c:\windows\rpcminer\bitcoinminercuda_11.cubin c:\windows\rpcminer\bitcoinminercuda_20.cubin c:\windows\rpcminer\bitcoinmineropencl.cl c:\windows\rpcminer\cudart32_32_16.dll c:\windows\rpcminer\curllib.dll c:\windows\rpcminer\libeay32.dll c:\windows\rpcminer\libsasl.dll c:\windows\rpcminer\openldap.dll c:\windows\rpcminer\rpcminer-4way.exe c:\windows\rpcminer\rpcminer-cpu.exe c:\windows\rpcminer\rpcminer-cuda.exe c:\windows\rpcminer\rpcminer-opencl.exe c:\windows\rpcminer\ssleay32.dll c:\windows\system32\ConduitEngine.tmp c:\windows\system32\drivers\etc\hѕsts c:\windows\ufa c:\windows\ufa\ufa.exe c:\windows\unrar.exe c:\windows\update.tray-7-0-lnk c:\windows\update.tray-7-0-lnk\svchost.exe c:\windows\update.tray-7-0 c:\windows\update.tray-8-0-lnk c:\windows\update.tray-8-0-lnk\svchost.exe c:\windows\update.tray-8-0 c:\windows\update.tray-8-0\svchost.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_0234281243324666MCINSTCLEANUP -------\Legacy_ANTIVIRSCHEDULERSERVICE -------\Service_0234281243324666mcinstcleanup -------\Service_AntiVirSchedulerService -------\Service_Ippieccsmp . . ((((((((((((((((((((((((( Files Created from 2011-06-26 to 2011-07-26 ))))))))))))))))))))))))))))))) . . 2011-07-26 14:01 . 2011-07-26 14:01 -------- d-----w- C:\_OTL 2011-07-25 13:28 . 2011-07-25 13:28 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-07-25 12:05 . 2009-11-24 22:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-07-25 12:05 . 2009-11-24 22:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-07-25 12:05 . 2009-11-24 22:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-07-25 12:05 . 2009-11-24 22:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-07-25 12:05 . 2009-11-24 22:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-07-25 12:05 . 2009-11-24 22:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-07-25 12:05 . 2009-11-24 22:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-07-25 12:05 . 2009-11-24 22:47 97480 ----a-w- c:\windows\system32\AvastSS.scr 2011-07-25 12:05 . 2009-11-24 22:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2011-07-25 12:05 . 2004-01-09 08:13 380928 ----a-w- c:\windows\system32\actskin4.ocx 2011-07-21 12:41 . 2011-07-21 12:41 -------- d-----w- c:\program files\IObit 2011-07-18 18:28 . 2011-07-18 18:28 -------- d-----w- c:\documents and settings\Vlado Kurtev\Local Settings\Application Data\Media Get LLC 2011-07-18 18:27 . 2011-07-18 18:29 -------- d-----w- c:\documents and settings\Vlado Kurtev\Local Settings\Application Data\MediaGet2 2011-07-18 15:40 . 2011-07-18 15:41 -------- d-----w- c:\documents and settings\Vlado Kurtev\Application Data\Ldoce 2011-07-18 15:40 . 2011-07-18 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision 2011-07-18 15:40 . 2011-07-18 15:40 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2011-07-18 15:40 . 2011-07-18 15:40 54784 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE 2011-07-18 15:40 . 2011-07-18 15:40 12464 ----a-w- c:\windows\system32\drivers\CdaC15BA.SYS 2011-07-18 10:31 . 2011-07-18 10:31 -------- d-----w- c:\documents and settings\Vlado Kurtev\Local Settings\Application Data\Solid State Networks 2011-07-18 10:07 . 2011-07-18 10:07 181760 ----a-w- c:\program files\Windows NT\dwm.exe 2011-07-17 20:19 . 2011-07-18 10:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-24 09:35 . 2010-06-23 09:09 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2009-04-03 18:57 . 2009-04-03 19:10 266240 ----a-w- c:\program files\Uninstall Pando Toolbar.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-07-26_16.07.45 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-26 17:05 . 2011-07-26 17:05 16384 c:\windows\temp\Perflib_Perfdata_254.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\prxtbIso0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}] 2011-01-17 14:54 175912 ----a-w- c:\program files\IsoBuster\prxtbIso0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\prxtbIso0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}"= "c:\program files\IsoBuster\prxtbIso0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "nwiz"="nwiz.exe" [2006-10-22 1622016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Vlado Kurtev\Start Menu\Programs\Startup\ PowerReg Scheduler.exe [2008-6-21 256000] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableSecureUIAPaths"= 0 (0x0) . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd "BigDog305"=c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) "HPUsageTracking"=c:\program files\HP\HP UT\bin\hppusg.exe "c:\program files\HP\HP UT\" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitLord\\BitLord.exe"= "e:\\Games to Nicki\\cs\\Counter-Strike\\hl.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 "57967:TCP"= 57967:TCP:Pando P2P TCP Listening Port "57967:UDP"= 57967:UDP:Pando P2P UDP Listening Port "58943:TCP"= 58943:TCP:Pando P2P TCP Listening Port "58943:UDP"= 58943:UDP:Pando P2P UDP Listening Port "58894:TCP"= 58894:TCP:Pando P2P TCP Listening Port "58894:UDP"= 58894:UDP:Pando P2P UDP Listening Port "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/13/2008 17:33 643072] R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [7/21/2011 15:41 353168] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 13:16 130384] S3 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [6/29/2000 17:24 3584] S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\g:\test\EVEREST 4.00 Build 975 Ultimate+Crack\kerneld.wnt --> g:\test\EVEREST 4.00 Build 975 Ultimate+Crack\kerneld.wnt [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 13:16 753504] S3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [7/3/2008 12:32 391688] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder . 2011-07-26 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 06:09] . 2011-07-22 c:\windows\Tasks\ASC4_AutoCare.job - c:\program files\IObit\Advanced SystemCare 4\AutoCare.exe [2011-07-21 11:29] . 2011-07-26 c:\windows\Tasks\ASC4_AutoSweep.job - c:\program files\IObit\Advanced SystemCare 4\AutoSweep.exe [2011-07-21 11:29] . 2011-07-26 c:\windows\Tasks\ASC4_AutoUpdate.job - c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2011-07-21 11:29] . 2011-07-26 c:\windows\Tasks\ASC4_PerformanceMonitor.job - c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-07-21 11:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.bg/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 93.155.247.2 192.168.0.1 FF - ProfilePath - c:\documents and settings\Vlado Kurtev\Application Data\Mozilla\Firefox\Profiles\rvbk65cl.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q= FF - Ext: Babylon OCR: ocr@babylon.com - c:\program files\Mozilla Firefox\extensions\ocr@babylon.com FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com FF - Ext: myBabylon Toolbar: {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - %profile%\extensions\{34ea1c70-42cc-42c5-aa29-ec58b95a343e} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Freemake Video Downloader: fmdownloader@gmail.com - c:\program files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox FF - user.js: network.http.max-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 1500000 FF - user.js: nglayout.initialpaint.delay - 100 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-26 20:05 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\g:\test\EVEREST 4.00 Build 975 Ultimate+Crack\kerneld.wnt" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1876) c:\windows\system32\WININET.dll c:\windows\system32\nview.dll c:\windows\system32\ieframe.dll c:\windows\system32\nvwddi.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\drivers\CDAC11BA.EXE c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\UAService7.exe c:\windows\SOUNDMAN.EXE c:\windows\system32\rundll32.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2011-07-26 20:09:01 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-26 17:08 ComboFix2.txt 2011-07-26 16:11 . Pre-Run: 4,826,783,744 bytes free Post-Run: 4,808,097,792 bytes free . - - End Of File - - EF5D67D1C6F97E86B6339CB855089F12

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Добра работа...повторете сканирането с OTL с настройките от началния ми пост и публикувайте логовете. Ще продължим късно вечерта или утре, защото имам лични ангажименти.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравей отново! Благодаря ти за отделеното от теб време дотук ! Благодаря не само за точните инструкции, но и за коректното и любезно отношение. Мисля единствено да включа отново Windows Firewall, като все пак някаква защита ,докато компютъра работи. Очаквам следващата ни среща.До скоро! Така, OTL даде следния отчет,прикачвам.

    OTL.Txt

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте отново...имаме още доста работа...

    Тъй като си имаме работа с unicode characters с които форумната система не може да работи ще се наложи да използваме алтернативен метод.

    Архивирам скрипт файла към поста си. Изтеглете го и го разархивирайте.

    Стартирайте файла OTL.TXT и копирайте цялото съдържание с бутона Ctrl + A (за да го маркирате), след това Ctrl + C (за да го копирате) и след това Ctrl + V (за да го поставите в OTL под колонката Custom Scans/Fixes като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта).

    След като въведете скрипта натиснете бутона, маркиран в червено: Run Fix

    Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

    Лог файла би трябвало да се съхранява в C:\_OTL\MovedFiles.

    Изтеглете SystemLook и запазете програмата на десктопа.

    • Кликнете два пъти върху SystemLook.exe, за да стартирате програмата.
    • Копирайте съдържанието от цитата по-долу в текстовото поле на програмата:
    :reg
    HKEY_USERS\S-1-5-21-602162358-813497703-839522115-1003\Software\Microsoft\Windows NT\CurrentVersion\Windows
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections /sub
    
    • Кликнете на бутона Look, за да започне сканирането.
    • Когато сканирането завърши ще се отвори Notepad с резултата от сканирането. После публикувайте лог файла в следващия си коментар.

    OTL.zip

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Добро утро! Така, OTL свърши с работата си, сега ще копирам резултата.Да изчакам ли с SystemLook докато анализираш OTL резултата? All processes killed ========== OTL ========== Service HidServ stopped successfully! Service HidServ deleted successfully! Service AntiVirService stopped successfully! Service AntiVirService deleted successfully! Service catchme stopped successfully! Service catchme deleted successfully! Error: Unable to stop service avgntflt! Unable to delete service\driver key avgntflt. File move failed. C:\WINDOWS\system32\drivers\avgntflt.sys scheduled to be moved on reboot. Service aswRdr stopped successfully! Service aswRdr deleted successfully! C:\WINDOWS\system32\drivers\aswRdr.sys moved successfully. Service ssmdrv stopped successfully! Service ssmdrv deleted successfully! C:\WINDOWS\system32\drivers\ssmdrv.sys moved successfully. Service avipbb stopped successfully! Service avipbb deleted successfully! C:\WINDOWS\system32\drivers\avipbb.sys moved successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Ask.com" removed from browser.search.defaultenginename Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "Ask.com" removed from browser.search.order.1 C:\Documents and Settings\Vlado Kurtev\Application Data\Mozilla\Firefox\Profiles\rvbk65cl.default\searchplugins\ask.xml moved successfully. C:\Documents and Settings\Vlado Kurtev\Application Data\Mozilla\Firefox\Profiles\rvbk65cl.default\searchplugins\askcom.xml moved successfully. C:\Documents and Settings\Vlado Kurtev\Application Data\Mozilla\Firefox\Profiles\rvbk65cl.default\searchplugins\conduit.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-21-602162358-813497703-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Program Files\Windows NT\dwm.exe deleted successfully. C:\Program Files\Windows NT\dwm.exe moved successfully. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Program Files\Windows NT\dwm.exe deleted successfully. File C:\Program Files\Windows NT\dwm.exe not found. File C:\WINDOWS\System32\drivers\aswRdr.sys not found. C:\WINDOWS\system32\drivers\aswTdi.sys moved successfully. C:\WINDOWS\system32\drivers\aavmker4.sys moved successfully. C:\WINDOWS\system32\drivers\aswSP.sys moved successfully. C:\WINDOWS\system32\AvastSS.scr moved successfully. C:\WINDOWS\system32\drivers\aswmon2.sys moved successfully. C:\WINDOWS\system32\drivers\aswmon.sys moved successfully. C:\WINDOWS\system32\drivers\aswFsBlk.sys moved successfully. C:\WINDOWS\system32\aswBoot.exe moved successfully. C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk moved successfully. C:\Documents and Settings\Vlado Kurtev\Application Data\FDFA.A02 moved successfully. C:\WINDOWS\geoiplist moved successfully. C:\WINDOWS\geoiplist.rar moved successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:4BF2F6B5 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:6152D44C deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:1940DBE8 deleted successfully. Unable to delete ADS C:\WINDOWS: . ADS C:\Documents and Settings\All Users\Application Data\TEMP:66B13F37 deleted successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 49219 bytes User: Vlado Kurtev ->Temp folder emptied: 3141 bytes ->Temporary Internet Files folder emptied: 335766 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 64965348 bytes ->Google Chrome cache emptied: 103147259 bytes ->Flash cache emptied: 456 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 53768 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 483 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 161.00 mb OTL by OldTimer - Version 3.2.26.1 log created on 07272011_094654 Files\Folders moved on Reboot... C:\WINDOWS\system32\drivers\avgntflt.sys moved successfully. Registry entries deleted on Reboot...

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Преди да продължим трябва да премахнем още един ред...(явно не съм запазил документа като UNICODE, а като ANSI). Да опитаме отново...пак изтеглете прикачения файл и повторете инструкциите ми от предишния ми пост. След това продължете със SystemLook.

    OTL.Txt

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Така, направих операцията с OTL, а после и тази с SystemLook. Ето резуртата от SystemLook : SystemLook 04.09.10 by jpshortstuff Log created at 10:45 on 27/07/2011 by Vlado Kurtev Administrator - Elevation successful ========== reg ========== [HKEY_USERS\S-1-5-21-602162358-813497703-839522115-1003\Software\Microsoft\Windows NT\CurrentVersion\Windows] "DebugOptions"="2048" "Documents"="" "DosPrint"="no" "NetMessage"="no" "NullPort"="None" "Programs"="com exe bat pif cmd" "Device"="Microsoft XPS Document Writer,winspool,Ne00:" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections] "DefaultConnectionSettings"=46 00 00 00 99 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 38 d9 73 4a 6e c8 01 01 00 00 00 57 e3 cb 99 00 00 00 00 00 00 00 00 00 00 00 00 (REG_BINARY) "SavedLegacySettings"=46 00 00 00 c8 48 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 38 d9 73 4a 6e c8 01 01 00 00 00 57 e3 cb 99 00 00 00 00 00 00 00 00 00 00 00 00 (REG_BINARY) -= EOF =- IСега виждам , че в папката : C:\_OTL\MovedFiles има нов Notepad файл от OTL.Ето какво пише в него: ========== OTL ========== Unable to delete ADS C:\WINDOWS: . ========== COMMANDS ========== OTL by OldTimer - Version 3.2.26.1 log created on 07272011_104004

    Редактирано от vratarqt (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Аххх как мразя Unicode...

    Отворете прикачение файл от вашия пост тук:

    Под секцията:

    ========== Alternate Data Streams ==========

    ще видите един ред с името @Alternate Data Stream - 108 bytes -> C:\WINDOWS (с един ченгел отзад)...

    копирайте този ред в OTL....

    Над него сложете следния ред:

    :OTL

    тук сложете реда @Alternate Data Stream - 108 bytes -> C:\WINDOWS с ченгела отзад и натиснете Run Fix.

    Публикувайте лог файла,

    Дано да се получи.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    • Горещи теми в момента

    • Подобни теми

      • от tany
        От известно време 3-4 пъти месечно "Актуализация" ми иска съгласието да го инсталирам.Аз отказвам но след 6-7 дни пак опит 
        и така вече няколко месеца.Нямам представа дали е вирус,нямам проблеми с компютъра,няма забивания или забавяне.
        Ето за това става въпрос
         
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-09-2017
        Ran by Стоянчо (administrator) on DESKTOP-HV76MO6 (24-09-2017 23:11:02)
        Running from C:\Users\Стоянчо\Downloads
        Loaded Profiles: Стоянчо (Available Profiles: Стоянчо)
        Platform: Windows 10 Pro Version 1703 (X64) Language: Български (България)
        Internet Explorer Version 11 (Default browser: Chrome)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
        (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
        (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
        (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
        (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
        (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
        () C:\Program Files\Gramblr\gramblr.exe
        (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
        (Intel Corporation) C:\Windows\System32\igfxEM.exe
        (Intel Corporation) C:\Windows\System32\igfxHK.exe
        () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
        (Microsoft Corporation) C:\Windows\System32\dllhost.exe
        (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
        (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
        (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe
        () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\Video.UI.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        ==================== Registry (Whitelisted) ===========================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
        HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
        Winlogon\Notify\igfxcui: igfxdev.dll [X]
        HKU\S-1-5-21-3274723310-3931731729-1199849900-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48138880 2015-10-14] (Skype Technologies S.A.)
        HKU\S-1-5-21-3274723310-3931731729-1199849900-1001\...\Run: [GoogleChromeAutoLaunch_7AC76D272A3C9865EEE36FF327D0728E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848 2017-08-23] (Google Inc.)
        Startup: C:\Users\Стоянчо\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2016-12-26]
        ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Стоянчо\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Hosts: 127.0.0.1    localhost
        Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
        Tcpip\..\Interfaces\{2b43ead3-416b-49fc-acb0-4ea078b43530}: [DhcpNameServer] 192.168.42.129
        Tcpip\..\Interfaces\{9146b479-0d48-411c-83c0-18542761f0fe}: [DhcpNameServer] 95.87.194.4 192.168.0.1
        Tcpip\..\Interfaces\{a5340c57-e453-40ab-bfb5-c36cda227066}: [DhcpNameServer] 192.168.1.1
        Internet Explorer:
        ==================
        BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-19] (Microsoft Corporation)
        BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-19] (Microsoft Corporation)
        BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-19] (Microsoft Corporation)
        BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-19] (Microsoft Corporation)
        Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
        Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
        Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
        Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
        FireFox:
        ========
        FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
        FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
        FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
        FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
        FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-19] (Microsoft Corporation)
        FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-19] (Microsoft Corporation)
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
        Chrome: 
        =======
        CHR DefaultProfile: Default
        CHR Profile: C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default [2017-09-24]
        CHR Extension: (Google Презентации) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-11]
        CHR Extension: (Google Документи) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-11]
        CHR Extension: (Google Диск) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-11]
        CHR Extension: (YouTube) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-11]
        CHR Extension: (Video Downloader professional) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-08-04]
        CHR Extension: (Електронни таблици от Google) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-11]
        CHR Extension: (Farmville 2 Beacon) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkkmnngogaccacpomdhdiahljbjihoc [2017-05-08]
        CHR Extension: (Google Документи офлайн) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-11]
        CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
        CHR Extension: (Gmail) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-11]
        CHR Extension: (Chrome Media Router) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
        CHR Extension: (JobBoxPro) - C:\Users\Стоянчо\Downloads\Нова папка (6)\jobboxpro [2017-01-25]
        CHR Profile: C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-09-14]
        CHR Profile: C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-11]
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
        R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-09-08] (Microsoft Corporation)
        R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [11867216 2017-09-23] () [File not signed]
        R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
        S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
        S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-05-04] (Enigma Software Group USA, LLC.)
        R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255584 2017-08-19] (Synaptics Incorporated)
        R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
        R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-30] (Microsoft Corporation)
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
        S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [22704 2016-05-04] ()
        R1 MpKsl1045740a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D1018B7D-39B5-48CE-97D7-3CAF92792300}\MpKsl1045740a.sys [44928 2017-09-24] (Microsoft Corporation)
        R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-03-18] (MediaTek Inc.)
        R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895224 2016-02-17] (Realtek )
        R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2015-09-13] (Ralink Technology, Corp.)
        S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
        S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
        S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2017-03-18] (Microsoft Corporation)
        S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
        R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
        R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
        R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-24 23:11 - 2017-09-24 23:12 - 000012716 _____ C:\Users\Стоянчо\Downloads\FRST.txt
        2017-09-24 23:10 - 2017-09-24 23:11 - 000000000 ____D C:\FRST
        2017-09-24 23:10 - 2017-09-24 23:10 - 002399744 _____ (Farbar) C:\Users\Стоянчо\Downloads\FRST64.exe
        2017-09-20 22:41 - 2017-09-20 22:43 - 000000000 ____D C:\Users\Стоянчо\Desktop\други
        2017-09-15 23:41 - 2017-09-15 23:41 - 017675071 _____ C:\Users\Стоянчо\Downloads\Milk and Honey- Didi(DVD Quality).mp4
        2017-09-13 07:05 - 2017-09-05 08:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
        2017-09-13 07:05 - 2017-09-05 08:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
        2017-09-13 07:05 - 2017-09-05 08:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
        2017-09-13 07:05 - 2017-09-05 08:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
        2017-09-13 07:05 - 2017-09-05 08:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
        2017-09-13 07:05 - 2017-09-05 08:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
        2017-09-13 07:05 - 2017-09-05 07:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
        2017-09-13 07:05 - 2017-09-05 07:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
        2017-09-13 07:05 - 2017-09-05 07:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
        2017-09-13 07:05 - 2017-09-05 07:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
        2017-09-13 07:05 - 2017-09-05 07:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
        2017-09-13 07:05 - 2017-09-05 07:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
        2017-09-13 07:05 - 2017-09-05 07:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
        2017-09-13 07:05 - 2017-09-05 07:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
        2017-09-13 07:05 - 2017-09-05 07:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
        2017-09-13 07:05 - 2017-09-05 07:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
        2017-09-13 07:05 - 2017-09-05 07:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
        2017-09-13 07:05 - 2017-09-05 07:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
        2017-09-13 07:05 - 2017-09-05 07:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
        2017-09-13 07:05 - 2017-09-05 07:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
        2017-09-13 07:05 - 2017-09-05 07:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
        2017-09-13 07:05 - 2017-09-05 07:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
        2017-09-13 07:05 - 2017-09-05 07:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
        2017-09-13 07:05 - 2017-09-05 07:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
        2017-09-13 07:05 - 2017-09-05 07:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
        2017-09-13 07:05 - 2017-09-05 07:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
        2017-09-13 07:05 - 2017-09-05 07:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
        2017-09-13 07:05 - 2017-09-05 07:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
        2017-09-13 07:05 - 2017-09-05 07:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
        2017-09-13 07:05 - 2017-09-05 07:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
        2017-09-13 07:05 - 2017-09-05 07:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
        2017-09-13 07:05 - 2017-09-05 07:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
        2017-09-13 07:05 - 2017-09-05 07:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
        2017-09-13 07:05 - 2017-09-05 07:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
        2017-09-13 07:05 - 2017-09-05 07:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
        2017-09-13 07:05 - 2017-09-05 07:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
        2017-09-13 07:05 - 2017-09-05 07:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
        2017-09-13 07:05 - 2017-09-05 07:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
        2017-09-13 07:05 - 2017-09-05 07:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
        2017-09-13 07:05 - 2017-09-05 07:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
        2017-09-13 07:05 - 2017-09-05 07:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
        2017-09-13 07:05 - 2017-09-05 07:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
        2017-09-13 07:05 - 2017-09-05 07:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
        2017-09-13 07:05 - 2017-09-05 07:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
        2017-09-13 07:05 - 2017-09-05 07:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
        2017-09-13 07:05 - 2017-09-05 07:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
        2017-09-13 07:05 - 2017-09-05 07:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
        2017-09-13 07:05 - 2017-09-05 07:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
        2017-09-13 07:05 - 2017-09-05 07:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
        2017-09-13 07:05 - 2017-09-05 07:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
        2017-09-13 07:05 - 2017-09-05 07:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
        2017-09-13 07:05 - 2017-09-05 07:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
        2017-09-13 07:05 - 2017-09-05 07:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
        2017-09-13 07:05 - 2017-09-05 07:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
        2017-09-13 07:05 - 2017-09-05 07:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
        2017-09-13 07:05 - 2017-09-05 07:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
        2017-09-13 07:05 - 2017-09-05 07:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
        2017-09-13 07:05 - 2017-09-05 07:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
        2017-09-13 07:05 - 2017-09-05 07:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
        2017-09-13 07:05 - 2017-09-05 07:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
        2017-09-13 07:05 - 2017-09-05 07:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
        2017-09-13 07:05 - 2017-09-05 07:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
        2017-09-13 07:05 - 2017-09-05 07:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
        2017-09-13 07:05 - 2017-09-05 07:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
        2017-09-13 07:05 - 2017-09-05 07:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
        2017-09-13 07:05 - 2017-09-05 07:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
        2017-09-13 07:05 - 2017-09-05 07:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
        2017-09-13 07:05 - 2017-09-05 07:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
        2017-09-13 07:05 - 2017-09-05 07:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
        2017-09-13 07:05 - 2017-09-05 07:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
        2017-09-13 07:05 - 2017-09-05 07:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
        2017-09-13 07:05 - 2017-09-05 07:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
        2017-09-13 07:05 - 2017-09-05 07:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
        2017-09-13 07:05 - 2017-09-05 07:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
        2017-09-13 07:05 - 2017-09-05 07:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
        2017-09-13 07:05 - 2017-09-05 07:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
        2017-09-13 07:05 - 2017-09-05 07:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
        2017-09-13 07:05 - 2017-09-05 07:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
        2017-09-13 07:05 - 2017-09-05 07:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
        2017-09-13 07:05 - 2017-09-05 07:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
        2017-09-13 07:05 - 2017-09-05 07:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
        2017-09-13 07:05 - 2017-09-05 07:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
        2017-09-13 07:05 - 2017-09-05 07:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
        2017-09-13 07:05 - 2017-09-05 07:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
        2017-09-13 07:05 - 2017-09-05 07:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
        2017-09-13 07:05 - 2017-09-05 07:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
        2017-09-13 07:05 - 2017-09-05 07:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
        2017-09-13 07:05 - 2017-09-05 07:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
        2017-09-13 07:05 - 2017-09-05 07:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
        2017-09-13 07:05 - 2017-09-05 07:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
        2017-09-13 07:05 - 2017-09-05 07:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
        2017-09-13 07:05 - 2017-09-05 07:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
        2017-09-13 07:05 - 2017-09-05 07:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
        2017-09-13 07:05 - 2017-09-05 07:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
        2017-09-13 07:05 - 2017-09-05 07:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
        2017-09-13 07:05 - 2017-09-05 07:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
        2017-09-13 07:05 - 2017-09-05 07:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
        2017-09-13 07:04 - 2017-09-05 08:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
        2017-09-13 07:04 - 2017-09-05 08:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
        2017-09-13 07:04 - 2017-09-05 08:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
        2017-09-13 07:04 - 2017-09-05 08:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
        2017-09-13 07:04 - 2017-09-05 08:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
        2017-09-13 07:04 - 2017-09-05 08:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
        2017-09-13 07:04 - 2017-09-05 08:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
        2017-09-13 07:04 - 2017-09-05 08:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
        2017-09-13 07:04 - 2017-09-05 08:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
        2017-09-13 07:04 - 2017-09-05 08:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
        2017-09-13 07:04 - 2017-09-05 08:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
        2017-09-13 07:04 - 2017-09-05 08:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
        2017-09-13 07:04 - 2017-09-05 08:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
        2017-09-13 07:04 - 2017-09-05 08:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
        2017-09-13 07:04 - 2017-09-05 08:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
        2017-09-13 07:04 - 2017-09-05 08:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
        2017-09-13 07:04 - 2017-09-05 08:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
        2017-09-13 07:04 - 2017-09-05 08:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
        2017-09-13 07:04 - 2017-09-05 08:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
        2017-09-13 07:04 - 2017-09-05 07:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
        2017-09-13 07:04 - 2017-09-05 07:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
        2017-09-13 07:04 - 2017-09-05 07:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
        2017-09-13 07:04 - 2017-09-05 07:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
        2017-09-13 07:04 - 2017-09-05 07:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
        2017-09-13 07:04 - 2017-09-05 07:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
        2017-09-13 07:04 - 2017-09-05 07:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
        2017-09-13 07:04 - 2017-09-05 07:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
        2017-09-13 07:04 - 2017-09-05 07:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
        2017-09-13 07:04 - 2017-09-05 07:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
        2017-09-13 07:04 - 2017-09-05 07:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
        2017-09-13 07:04 - 2017-09-05 07:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
        2017-09-13 07:04 - 2017-09-05 07:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
        2017-09-13 07:04 - 2017-09-05 07:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
        2017-09-13 07:04 - 2017-09-05 07:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
        2017-09-13 07:04 - 2017-09-05 07:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
        2017-09-13 07:04 - 2017-09-05 07:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
        2017-09-13 07:04 - 2017-09-05 07:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
        2017-09-13 07:04 - 2017-09-05 07:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
        2017-09-13 07:04 - 2017-09-05 07:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
        2017-09-13 07:04 - 2017-09-05 07:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
        2017-09-13 07:04 - 2017-09-05 07:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
        2017-09-13 07:04 - 2017-09-05 07:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
        2017-09-13 07:04 - 2017-09-05 07:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
        2017-09-13 07:04 - 2017-09-05 07:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
        2017-09-13 07:04 - 2017-09-05 07:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
        2017-09-13 07:04 - 2017-09-05 07:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
        2017-09-13 07:04 - 2017-09-05 07:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
        2017-09-13 07:04 - 2017-09-05 07:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
        2017-09-13 07:04 - 2017-09-05 07:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
        2017-09-13 07:04 - 2017-09-05 07:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
        2017-09-13 07:04 - 2017-09-05 07:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
        2017-09-13 07:04 - 2017-09-05 07:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
        2017-09-13 07:04 - 2017-09-05 07:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
        2017-09-13 07:04 - 2017-09-05 07:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
        2017-09-13 07:04 - 2017-09-05 07:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
        2017-09-13 07:04 - 2017-09-05 07:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
        2017-09-13 07:04 - 2017-09-05 07:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
        2017-09-13 07:04 - 2017-09-05 07:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
        2017-09-13 07:04 - 2017-09-05 07:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
        2017-09-13 07:04 - 2017-09-05 07:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
        2017-09-13 07:04 - 2017-09-05 07:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
        2017-09-13 07:04 - 2017-09-05 07:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
        2017-09-13 07:04 - 2017-09-05 07:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
        2017-09-13 07:04 - 2017-09-05 07:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
        2017-09-13 07:04 - 2017-09-05 07:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
        2017-09-13 07:04 - 2017-09-05 07:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
        2017-09-13 07:04 - 2017-09-05 07:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
        2017-09-13 07:04 - 2017-09-05 07:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
        2017-09-13 07:04 - 2017-09-05 07:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
        2017-09-13 07:04 - 2017-09-05 07:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
        2017-09-13 07:03 - 2017-09-05 08:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
        2017-09-13 07:03 - 2017-09-05 08:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
        2017-09-13 07:03 - 2017-09-05 08:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
        2017-09-13 07:03 - 2017-09-05 08:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
        2017-09-13 07:03 - 2017-09-05 08:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
        2017-09-13 07:03 - 2017-09-05 08:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
        2017-09-13 07:03 - 2017-09-05 08:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
        2017-09-13 07:03 - 2017-09-05 08:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
        2017-09-13 07:03 - 2017-09-05 08:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
        2017-09-13 07:03 - 2017-09-05 08:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
        2017-09-13 07:03 - 2017-09-05 08:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
        2017-09-13 07:03 - 2017-09-05 08:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
        2017-09-13 07:03 - 2017-09-05 08:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
        2017-09-13 07:03 - 2017-09-05 08:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
        2017-09-13 07:03 - 2017-09-05 08:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
        2017-09-13 07:03 - 2017-09-05 08:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
        2017-09-13 07:03 - 2017-09-05 08:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
        2017-09-13 07:03 - 2017-09-05 08:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
        2017-09-13 07:03 - 2017-09-05 08:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
        2017-09-13 07:03 - 2017-09-05 08:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
        2017-09-13 07:03 - 2017-09-05 08:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
        2017-09-13 07:03 - 2017-09-05 08:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
        2017-09-13 07:03 - 2017-09-05 08:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
        2017-09-13 07:03 - 2017-09-05 08:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
        2017-09-13 07:03 - 2017-09-05 08:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
        2017-09-13 07:03 - 2017-09-05 08:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
        2017-09-13 07:03 - 2017-09-05 08:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
        2017-09-13 07:03 - 2017-09-05 08:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
        2017-09-13 07:03 - 2017-09-05 08:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
        2017-09-13 07:03 - 2017-09-05 08:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
        2017-09-13 07:03 - 2017-09-05 08:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
        2017-09-13 07:03 - 2017-09-05 08:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
        2017-09-13 07:03 - 2017-09-05 08:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
        2017-09-13 07:03 - 2017-09-05 08:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
        2017-09-13 07:03 - 2017-09-05 08:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
        2017-09-13 07:03 - 2017-09-05 08:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
        2017-09-13 07:03 - 2017-09-05 08:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
        2017-09-13 07:03 - 2017-09-05 08:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
        2017-09-13 07:03 - 2017-09-05 08:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
        2017-09-13 07:03 - 2017-09-05 07:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
        2017-09-13 07:03 - 2017-09-05 07:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
        2017-09-13 07:03 - 2017-09-05 07:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
        2017-09-13 07:03 - 2017-09-05 07:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
        2017-09-13 07:03 - 2017-09-05 07:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
        2017-09-13 07:03 - 2017-09-05 07:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
        2017-09-13 07:03 - 2017-09-05 07:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
        2017-09-13 07:03 - 2017-09-05 07:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
        2017-09-13 07:03 - 2017-09-05 07:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
        2017-09-13 07:03 - 2017-09-05 07:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
        2017-09-13 07:03 - 2017-09-05 07:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
        2017-09-13 07:03 - 2017-09-05 07:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
        2017-09-13 07:03 - 2017-09-05 07:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
        2017-09-13 07:03 - 2017-09-05 07:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
        2017-09-13 07:03 - 2017-09-05 07:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
        2017-09-13 07:03 - 2017-09-05 07:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
        2017-09-13 07:03 - 2017-09-05 07:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
        2017-09-13 07:03 - 2017-09-05 07:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
        2017-09-13 07:03 - 2017-09-05 07:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
        2017-09-13 07:03 - 2017-09-05 07:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
        2017-09-13 07:03 - 2017-09-05 07:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
        2017-09-13 07:03 - 2017-09-05 07:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
        2017-09-13 07:03 - 2017-09-05 07:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
        2017-09-13 07:03 - 2017-09-05 07:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
        2017-09-13 07:03 - 2017-09-05 07:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
        2017-09-13 07:03 - 2017-09-05 07:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
        2017-09-13 07:03 - 2017-09-05 07:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
        2017-09-13 07:03 - 2017-09-05 07:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
        2017-09-13 07:03 - 2017-09-05 07:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
        2017-09-13 07:03 - 2017-09-05 07:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
        2017-09-13 07:03 - 2017-09-05 07:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
        2017-09-13 07:03 - 2017-09-05 07:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
        2017-09-13 07:03 - 2017-09-05 07:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
        2017-09-13 07:03 - 2017-09-05 07:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
        2017-09-13 07:03 - 2017-09-05 07:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
        2017-09-13 07:03 - 2017-09-05 07:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
        2017-09-13 07:03 - 2017-09-05 07:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
        2017-09-13 07:03 - 2017-09-05 07:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
        2017-09-13 07:03 - 2017-09-05 07:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
        2017-09-13 07:03 - 2017-09-05 07:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
        2017-09-13 07:03 - 2017-09-05 07:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
        2017-09-13 07:03 - 2017-09-05 07:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
        2017-09-13 07:03 - 2017-09-05 07:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
        2017-09-13 07:03 - 2017-09-05 07:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
        2017-09-13 07:03 - 2017-09-05 07:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
        2017-09-13 07:03 - 2017-09-05 07:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
        2017-09-13 07:03 - 2017-09-05 07:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
        2017-09-13 07:03 - 2017-09-05 07:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
        2017-09-13 07:03 - 2017-09-05 07:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
        2017-09-13 07:03 - 2017-09-05 07:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
        2017-09-13 07:03 - 2017-09-05 07:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
        2017-09-13 07:03 - 2017-09-05 07:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
        2017-09-13 07:03 - 2017-09-05 07:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
        2017-09-13 07:03 - 2017-09-05 07:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
        2017-09-13 07:03 - 2017-09-05 07:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
        2017-09-13 07:03 - 2017-09-05 07:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
        2017-09-13 07:03 - 2017-09-05 07:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
        2017-09-13 07:03 - 2017-09-05 07:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
        2017-09-13 07:03 - 2017-09-05 07:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
        2017-09-13 07:03 - 2017-09-05 07:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
        2017-09-13 07:03 - 2017-09-05 07:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
        2017-09-13 07:03 - 2017-09-05 07:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
        2017-09-13 07:03 - 2017-09-05 07:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
        2017-09-13 07:03 - 2017-09-05 07:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
        2017-09-13 07:03 - 2017-09-05 07:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
        2017-09-13 07:03 - 2017-09-05 07:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
        2017-09-13 07:03 - 2017-09-05 07:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
        2017-09-13 07:03 - 2017-09-05 07:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
        2017-09-13 07:03 - 2017-09-05 07:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
        2017-09-13 07:03 - 2017-09-05 07:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
        2017-09-13 07:03 - 2017-09-05 07:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
        2017-09-13 07:03 - 2017-09-05 07:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
        2017-09-13 07:03 - 2017-09-05 07:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
        2017-09-13 07:03 - 2017-09-05 07:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
        2017-09-13 07:03 - 2017-09-05 07:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
        2017-09-13 07:03 - 2017-09-05 07:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
        2017-09-13 07:03 - 2017-09-05 07:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
        2017-09-13 07:03 - 2017-09-01 08:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
        2017-08-25 23:36 - 2017-09-13 21:06 - 000000000 ____D C:\Users\Стоянчо\Desktop\red
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-24 23:13 - 2017-02-05 23:56 - 000000000 ____D C:\ProgramData\Gramblr
        2017-09-24 22:54 - 2017-06-18 07:23 - 000000000 ____D C:\Users\Стоянчо\Desktop\яяь
        2017-09-24 20:10 - 2017-06-30 01:05 - 000004212 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{33349A0F-B0C0-4DB3-AFE6-0F51132F45D5}
        2017-09-24 19:38 - 2017-06-30 00:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
        2017-09-24 17:36 - 2017-06-30 01:05 - 000004276 _____ C:\WINDOWS\System32\Tasks\Software Updater
        2017-09-24 13:12 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\AppReadiness
        2017-09-24 13:06 - 2015-09-13 15:31 - 000000000 __SHD C:\Users\Стоянчо\IntelGraphicsProfiles
        2017-09-23 19:06 - 2015-09-13 15:01 - 000000000 ____D C:\Users\Стоянчо\AppData\Local\Packages
        2017-09-23 19:04 - 2015-09-25 17:35 - 000000000 ____D C:\Users\Стоянчо\AppData\Roaming\uTorrent
        2017-09-23 18:02 - 2017-07-18 10:48 - 000001085 _____ C:\Users\Стоянчо\Desktop\Нов текстов документ.txt
        2017-09-23 15:14 - 2017-02-05 23:57 - 000000000 ____D C:\Program Files\Gramblr
        2017-09-23 13:05 - 2017-06-30 01:03 - 002547028 _____ C:\WINDOWS\system32\PerfStringBackup.INI
        2017-09-23 13:05 - 2015-12-04 21:09 - 001132696 _____ C:\WINDOWS\system32\perfh002.dat
        2017-09-23 13:05 - 2015-12-04 21:09 - 000334978 _____ C:\WINDOWS\system32\perfc002.dat
        2017-09-23 13:00 - 2017-06-30 01:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
        2017-09-23 13:00 - 2017-03-18 14:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
        2017-09-23 07:37 - 2017-03-19 00:03 - 000000000 ___HD C:\Program Files\WindowsApps
        2017-09-22 07:46 - 2017-06-30 00:48 - 000000000 ____D C:\Users\Стоянчо
        2017-09-22 06:18 - 2017-07-27 20:57 - 000003382 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3274723310-3931731729-1199849900-1001
        2017-09-22 06:17 - 2015-09-13 15:03 - 000002401 _____ C:\Users\Стоянчо\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
        2017-09-22 06:17 - 2015-09-13 15:03 - 000000000 ___RD C:\Users\Стоянчо\OneDrive
        2017-09-19 06:55 - 2015-10-09 22:20 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
        2017-09-18 21:49 - 2017-03-19 00:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
        2017-09-14 02:24 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\rescache
        2017-09-14 02:16 - 2017-03-19 00:01 - 000000000 ____D C:\WINDOWS\INF
        2017-09-13 18:18 - 2015-09-13 15:01 - 000000000 __RHD C:\Users\Public\AccountPictures
        2017-09-13 18:15 - 2017-06-30 00:42 - 000381448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
        2017-09-13 07:44 - 2017-03-20 06:21 - 000000000 ____D C:\WINDOWS\system32\bg
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ___SD C:\WINDOWS\system32\F12
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\system32\setup
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
        2017-09-13 07:20 - 2015-09-13 17:14 - 000000000 ____D C:\WINDOWS\system32\MRT
        2017-09-13 07:16 - 2017-03-18 23:51 - 000000000 ____D C:\WINDOWS\CbsTemp
        2017-09-13 07:16 - 2015-09-13 17:14 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
        2017-09-02 18:15 - 2017-03-19 00:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
        2017-09-02 18:15 - 2017-03-19 00:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
        2017-08-29 06:58 - 2016-09-11 19:33 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
        2017-08-26 15:34 - 2017-08-05 17:48 - 000000000 ____D C:\Users\Стоянчо\Desktop\;[;.[plpl
        2017-08-25 07:37 - 2017-07-28 23:11 - 000000000 ____D C:\Users\Стоянчо\Desktop\dfere
        ==================== Files in the root of some directories =======
        2016-01-17 08:06 - 2017-07-17 07:19 - 000009216 _____ () C:\Users\Стоянчо\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
        2016-07-17 20:30 - 2016-07-17 20:30 - 000000036 _____ () C:\Users\Стоянчо\AppData\Local\housecall.guid.cache
        2015-09-13 15:16 - 2015-09-13 15:16 - 000000003 _____ () C:\Users\Стоянчо\AppData\Local\updater.log
        2015-09-13 15:16 - 2017-05-06 19:17 - 000000425 _____ () C:\Users\Стоянчо\AppData\Local\UserProducts.xml
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\WINDOWS\system32\winlogon.exe => File is digitally signed
        C:\WINDOWS\system32\wininit.exe => File is digitally signed
        C:\WINDOWS\explorer.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
        C:\WINDOWS\system32\svchost.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
        C:\WINDOWS\system32\services.exe => File is digitally signed
        C:\WINDOWS\system32\User32.dll => File is digitally signed
        C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
        C:\WINDOWS\system32\userinit.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
        C:\WINDOWS\system32\rpcss.dll => File is digitally signed
        C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
        C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
        C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-09-19 19:38
        ==================== End of FRST.txt ============================
         
        Addition.txt
         
        Благодаря предварително.
      • от doktorkartar
        Здравейте, мина доста време от както ползвах услугите ви и съм изключително доволен от това. Проблема е че възстанових един стар backup (от преди години) на системата и загубих защитата си. Като цяло системата ми работи добре и не мисля че има кой знае какво притеснително в нея но за всеки случай да я проверим.
        Не съм сигурен но мисля че тук ми дадохте един файл (по скоро съдържание на host) в който бяха добавени много сайтове който да се блокирват при опит за посещение.
        Примерно: 0.0.0.0 www.google.com
         
        Другото за което също не съм сигурен е дали вие ми дадохте филтър на adblock за Мозила . От него също бях много доволен.
        И последното което ме притеснява проблем със самата Мозила. Не знам дали е от вирус или от самата програма. Проблема се изразява в това че като натисна на падащото меню в адресната лента то не се отваря. Всъщност се отваря но не се вижда абсолютно нищо. Цялото е чисто бяло и не се виждат сайтовете. Същото е при всички падащи менюта от Мозила: Падащото меню за търсачките (какво сме търсили) както и падащото меню на запазените регистрации.
         
        Общо взето това са ми притесненията а останалото те първа ще излезе на яве след сканиранията
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-10-2017 01 Ran by eclips (administrator) on ECLIPS-PC (19-10-2017 21:33:45) Running from C:\Users\eclips\Desktop Loaded Profiles: eclips (Available Profiles: eclips & Guest) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe () C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe () D:\- MOI NE6TA\DLNA\Serviio\bin\ServiioService.exe () D:\- MOI NE6TA\DLNA\Serviio\bin\ServiioService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Transaction Software, D 81829 Munich) H:\TECDOC_CD\1_2014\db\tbmux32.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation) HKU\S-1-5-21-1144684173-3877916052-1330907298-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{1E0F611B-DAE1-48B6-8208-5A38B3F56DB9}: [DhcpNameServer] 62.221.132.211 85.130.60.11 Tcpip\..\Interfaces\{5A334197-46EE-4622-AD06-D1F2AE57959E}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1144684173-3877916052-1330907298-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1144684173-3877916052-1330907298-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10181_1360_171019__yaie HKU\S-1-5-21-1144684173-3877916052-1330907298-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-1144684173-3877916052-1330907298-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10181_1360_171019__yaie&p={searchTerms} BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2017-10-14] (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2017-10-14] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-17] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2017-10-14] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-17] (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2017-10-14] (Kaspersky Lab ZAO) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated) BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.11.9.dll [2010-11-09] (BitComet) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2017-10-14] (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2017-10-14] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-17] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2017-10-14] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-17] (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2017-10-14] (Kaspersky Lab ZAO) FireFox: ======== FF DefaultProfile: 7lwtatk8.default-1507842258539 FF ProfilePath: C:\Users\eclips\AppData\Roaming\Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539 [2017-10-19] FF NewTab: Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539 -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10181_1360_171019__yaff FF DefaultSearchEngine: Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539 -> Yahoo® FF SelectedSearchEngine: Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539 -> Yahoo® FF Homepage: Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539 -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10181_1360_171019__yaff FF Extension: (Search Shield Study) - C:\Users\eclips\AppData\Roaming\Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539\Extensions\@unified-urlbar-shield-study-opt-out-new-users.xpi [2017-10-13] FF Extension: (AdBlock) - C:\Users\eclips\AppData\Roaming\Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2017-10-14] FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\eclips\AppData\Roaming\Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-13] FF Extension: (Adblock Plus) - C:\Users\eclips\AppData\Roaming\Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-10-19] FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: (Kaspersky URL Advisor) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2017-10-14] [not signed] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: (Virtual Keyboard) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2017-10-14] [not signed] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: (Dangerous Websites Blocker) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2017-10-14] [not signed] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: (Anti-Banner) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2017-10-14] [not signed] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: (Safe Money) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2017-10-14] [not signed] FF HKU\S-1-5-21-1144684173-3877916052-1330907298-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: (McAfee Security Scan Plus) - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_170.dll [2017-10-18] () FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2013-12-10] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-17] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-18] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-17] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-17] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-14] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-11] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.) FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll [No File] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll [2010-08-24] (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2011-09-05] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013-04-09] (Nullsoft, Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-06-17] CHR crx: C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\default_apps\search.crx [2014-03-15] CHR crx: C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\default_apps\search.crx [2014-02-20] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed] R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2017-10-14] (Kaspersky Lab ZAO) S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com) S4 CyberLink PowerDVD 13 Media Server Monitor Service; D:\PROGRAMKI\Power DVD\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-05-03] (CyberLink) S4 CyberLink PowerDVD 13 Media Server Service; D:\PROGRAMKI\Power DVD\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-05-03] (CyberLink) R2 Leawo_service; C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe [1232880 2014-05-04] () R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S4 Samsung Link Service; D:\- MOI NE6TA\Samsung Link\Samsung Link.exe [604512 2014-05-19] (Copyright 2013 SAMSUNG) R2 Serviio; D:\- MOI NE6TA\DLNA\Serviio\bin\ServiioService.exe [413696 2016-10-17] () [File not signed] S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed] R2 Transbase TECDOC CD 1_2014 Service; H:\TECDOC_CD\1_2014\db\tbmux32.exe [360448 2013-02-25] (Transaction Software, D 81829 Munich) [File not signed] R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2013-12-18] (TuneUp Software) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-06-14] (VIA Technologies, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-10-16] (Microsoft Corporation) S2 Hamachi2Svc; H:\Programki\Hamachi\hamachi-2.exe -s [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2012-11-06] (Advanced Micro Devices) [File not signed] R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-11-20] (DT Soft Ltd) R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-10-19] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2017-10-14] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2017-10-14] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2017-10-14] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2017-10-14] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2017-10-14] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2017-10-14] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2017-10-14] (Kaspersky Lab ZAO) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [192952 2017-10-19] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-10-19] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [45504 2017-10-19] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-10-19] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2017-10-19] (Malwarebytes) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [60416 2013-10-16] (Microsoft Corporation) R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; D:\PROGRAMKI\Power DVD\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-05-03] (CyberLink Corp.) S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X] S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-19 21:33 - 2017-10-19 21:34 - 000021252 _____ C:\Users\eclips\Desktop\FRST.txt 2017-10-19 21:30 - 2017-10-19 21:30 - 002402816 _____ (Farbar) C:\Users\eclips\Desktop\FRST64.exe 2017-10-19 21:25 - 2017-10-19 21:25 - 019012622 _____ C:\Users\eclips\Desktop\unhackme.zip 2017-10-19 20:51 - 2017-10-19 20:51 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2017-10-19 20:51 - 2017-10-19 20:51 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2017-10-19 20:51 - 2017-10-19 20:51 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-10-19 20:50 - 2017-10-19 20:50 - 000045504 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-10-19 20:07 - 2017-10-19 20:51 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-10-19 20:07 - 2017-10-19 20:50 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-10-19 20:07 - 2017-10-19 20:07 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-10-19 20:07 - 2017-10-19 20:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-10-19 20:05 - 2017-10-19 20:05 - 000000000 ____D C:\Windows\system32\Drivers\etc\BACKUP 2017-10-19 16:27 - 2017-10-19 20:41 - 000000000 ____D C:\Users\eclips\Desktop\bsplayer_pro271.1081 2017-10-19 16:20 - 2017-10-19 16:20 - 000003164 _____ C:\Windows\System32\Tasks\klcp_update 2017-10-19 16:20 - 2017-10-19 16:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2017-10-19 16:20 - 2017-10-19 16:20 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2017-10-19 16:20 - 2017-07-30 13:50 - 003850240 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll 2017-10-19 16:20 - 2017-07-30 13:50 - 003799552 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll 2017-10-19 16:20 - 2015-12-18 12:00 - 000755200 _____ C:\Windows\system32\xvidcore.dll 2017-10-19 16:20 - 2015-12-18 12:00 - 000309248 _____ C:\Windows\system32\xvidvfw.dll 2017-10-19 16:20 - 2015-12-18 12:00 - 000282112 _____ C:\Windows\SysWOW64\xvidvfw.dll 2017-10-19 16:20 - 2015-10-24 19:00 - 000126976 _____ C:\Windows\system32\ff_vfw.dll 2017-10-19 16:20 - 2015-10-24 19:00 - 000112128 _____ C:\Windows\SysWOW64\ff_vfw.dll 2017-10-19 16:20 - 2012-07-21 13:55 - 000180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm 2017-10-19 16:20 - 2012-07-21 13:54 - 000122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm 2017-10-19 16:20 - 2011-12-07 20:37 - 000148992 _____ ( ) C:\Windows\system32\lagarith.dll 2017-10-19 16:20 - 2011-12-07 20:32 - 000216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll 2017-10-19 16:16 - 2017-10-19 16:18 - 052381992 _____ (KLCP ) C:\Users\eclips\Desktop\K-Lite_Codec_Pack_1359_Mega.exe 2017-10-19 15:58 - 2017-10-19 15:58 - 010563576 _____ C:\Users\eclips\Desktop\bsplayer271.setup.exe 2017-10-19 15:54 - 2017-10-19 15:58 - 000000000 ____D C:\Users\eclips\AppData\Roaming\Lavasoft 2017-10-19 15:54 - 2017-10-19 15:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2017-10-19 15:54 - 2017-10-19 15:58 - 000000000 ____D C:\Program Files (x86)\Lavasoft 2017-10-19 15:54 - 2017-10-19 15:54 - 000000000 ____D C:\Users\eclips\AppData\Local\Lavasoft 2017-10-19 15:53 - 2017-10-19 15:58 - 000000000 ____D C:\ProgramData\Lavasoft 2017-10-19 15:44 - 2017-10-19 16:29 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player PRO.lnk 2017-10-19 15:44 - 2017-10-19 16:29 - 000001147 _____ C:\Users\Public\Desktop\BS.Player PRO.lnk 2017-10-19 15:44 - 2017-10-19 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webteh 2017-10-19 15:37 - 2017-10-19 15:39 - 053285758 _____ (KLCP ) C:\Users\eclips\Desktop\K-Lite_Codec_Pack_1360_Mega.exe 2017-10-19 14:57 - 2017-10-19 14:57 - 000091280 _____ C:\Users\eclips\Desktop\WAR_2017.(subs.sab.bz).rar 2017-10-17 23:41 - 2013-12-10 14:50 - 000955888 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2017-10-17 23:41 - 2013-12-10 14:50 - 000839152 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2017-10-17 23:40 - 2017-10-17 23:40 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2017-10-17 23:39 - 2017-10-17 23:39 - 000000000 ____D C:\Users\eclips\AppData\Roaming\Sun 2017-10-17 23:38 - 2017-10-17 23:38 - 000000000 ____D C:\Users\eclips\AppData\LocalLow\Oracle 2017-10-14 20:33 - 2017-10-14 20:33 - 000032774 _____ C:\Users\eclips\Desktop\IT_2017_NEW_HD_TS_60FPS_x264_HQ_CPG.(subs.sab.bz).rar 2017-10-14 19:44 - 2017-10-17 23:33 - 000000000 ____D C:\Program Files\Common Files\AV 2017-10-14 19:44 - 2017-10-14 19:44 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2017-10-14 19:16 - 2017-10-14 19:16 - 008250832 _____ (Malwarebytes) C:\Users\eclips\Downloads\adwcleaner_7.0.3.1.exe 2017-10-14 19:12 - 2017-10-17 23:33 - 000002334 _____ C:\Users\eclips\Desktop\Safe Money.lnk 2017-10-14 19:12 - 2017-10-14 19:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2017-10-14 19:12 - 2017-10-14 19:11 - 000001124 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2017-10-14 19:11 - 2017-10-14 19:43 - 000625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2017-10-14 19:11 - 2017-10-14 19:43 - 000115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2017-10-14 19:11 - 2017-10-14 19:11 - 000000000 ____D C:\Windows\ELAMBKUP 2017-10-14 19:11 - 2017-10-14 19:11 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab 2017-10-14 19:11 - 2013-05-06 09:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2017-10-14 16:17 - 2017-10-19 20:41 - 000000000 ____D C:\ProgramData\NVIDIA 2017-10-14 16:17 - 2017-10-14 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2017-10-14 16:16 - 2009-07-10 07:01 - 000539168 _____ (NVIDIA Corporation) C:\Windows\system32\NVUNINST.EXE 2017-10-14 16:15 - 2009-12-03 18:43 - 000000000 ____D C:\Users\eclips\Downloads\VGA_Win7-64(190.38)e 2017-10-14 16:15 - 2009-07-14 11:54 - 015005696 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 011327776 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2017-10-14 16:15 - 2009-07-14 11:54 - 010854400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 009375232 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 007565824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 002617856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 002258976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 002169376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 001983488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 001723424 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 001706528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 001291776 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 001044992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 000930272 _____ (Microsoft Corporation) C:\Windows\system32\dpinst.exe 2017-10-14 16:15 - 2009-07-14 11:54 - 000539168 _____ (NVIDIA Corporation) C:\Windows\system32\nvudisp.exe 2017-10-14 16:15 - 2009-07-14 11:54 - 000167936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod157.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 000167936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 000011168 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvBridge.kmd 2017-10-14 16:15 - 2009-07-14 11:54 - 000010161 _____ C:\Windows\system32\nvdisp.nvu 2017-10-14 16:14 - 2017-10-14 16:15 - 153992488 _____ C:\Users\eclips\Downloads\VGA_Win7-64(190.38)e.zip 2017-10-14 16:13 - 2017-10-19 21:13 - 000000000 ____D C:\Users\eclips\AppData\LocalLow\Mozilla 2017-10-13 22:03 - 2017-10-13 22:03 - 000033952 _____ C:\Users\eclips\Downloads\the.flash.2014.s04e01.hdtv.x264(subsunacs.net).rar 2017-10-13 01:17 - 2017-10-13 01:17 - 000000000 ____D C:\ProgramData\MB2Migration 2017-10-13 01:17 - 2017-10-13 01:17 - 000000000 ____D C:\Program Files\Malwarebytes 2017-10-13 01:12 - 2017-10-14 15:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-10-13 00:34 - 2017-10-18 00:30 - 005818880 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2017-10-13 00:04 - 2017-10-13 00:04 - 000000000 ____D C:\Users\eclips\Desktop\Стари данни Firefox 2017-10-13 00:01 - 2017-10-13 01:17 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2017-10-12 23:30 - 2017-10-13 00:35 - 000000000 ____D C:\Users\eclips\AppData\Local\Dropbox 2017-10-12 23:30 - 2017-10-12 23:30 - 000000000 ____D C:\ProgramData\Dropbox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-19 21:33 - 2014-07-01 19:48 - 000000000 ____D C:\FRST 2017-10-19 21:15 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\tracing 2017-10-19 20:49 - 2009-07-14 07:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-10-19 20:49 - 2009-07-14 07:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-10-19 20:43 - 2014-02-12 12:17 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2017-10-19 20:41 - 2013-11-19 23:28 - 000065536 _____ C:\Windows\system32\Ikeext.etl 2017-10-19 20:41 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-10-19 20:40 - 2013-11-19 19:37 - 000000000 ____D C:\Users\eclips\AppData\Roaming\BitComet 2017-10-19 20:06 - 2013-12-07 21:43 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-10-19 19:14 - 2014-05-28 13:04 - 000000000 ____D C:\AdwCleaner 2017-10-19 16:28 - 2013-11-19 23:49 - 000000000 ____D C:\Users\eclips\AppData\Roaming\BSplayer Pro 2017-10-19 16:27 - 2013-11-19 23:49 - 000000000 ____D C:\Program Files (x86)\Webteh 2017-10-19 16:23 - 2013-11-19 23:49 - 000000000 ____D C:\Users\eclips\AppData\Roaming\BSplayer 2017-10-18 19:40 - 2014-02-13 20:08 - 000000000 ____D C:\ADCDA2 2017-10-18 11:24 - 2013-12-18 22:51 - 000000000 ____D C:\Users\eclips\AppData\Roaming\Skype 2017-10-18 00:30 - 2013-12-10 11:19 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-10-18 00:30 - 2013-11-20 11:44 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-10-18 00:30 - 2013-11-20 11:44 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-10-18 00:30 - 2013-11-20 11:44 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-10-18 00:30 - 2013-11-20 11:44 - 000000000 ____D C:\Windows\system32\Macromed 2017-10-17 23:42 - 2014-01-21 17:33 - 000000000 ____D C:\Program Files (x86)\Java 2017-10-17 23:41 - 2014-01-21 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-10-17 23:41 - 2013-12-10 14:50 - 000000000 ____D C:\Program Files\Java 2017-10-17 23:40 - 2013-12-10 14:50 - 000319552 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2017-10-17 23:40 - 2013-12-10 14:50 - 000206912 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2017-10-17 23:40 - 2013-12-10 14:50 - 000206912 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2017-10-17 23:39 - 2014-09-01 14:38 - 000270912 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2017-10-17 23:39 - 2014-09-01 14:38 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2017-10-17 23:39 - 2014-01-21 17:34 - 000000000 ____D C:\ProgramData\Oracle 2017-10-14 21:22 - 2013-12-04 16:02 - 000000000 ____D C:\Users\eclips\AppData\Roaming\vlc 2017-10-14 19:43 - 2013-06-10 12:27 - 000029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys 2017-10-14 19:43 - 2013-06-06 17:38 - 000178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys 2017-10-14 19:43 - 2013-05-06 09:22 - 000458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys 2017-10-14 19:43 - 2013-05-05 22:42 - 000029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys 2017-10-14 19:43 - 2013-05-05 22:42 - 000029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys 2017-10-14 19:28 - 2013-11-20 17:22 - 000000000 ____D C:\Windows\pss 2017-10-14 19:11 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf 2017-10-14 18:40 - 2014-01-05 21:34 - 000000000 ____D C:\Users\eclips\AppData\Roaming\Dropbox 2017-10-14 16:24 - 2009-07-14 08:13 - 000785366 _____ C:\Windows\system32\PerfStringBackup.INI 2017-10-14 16:17 - 2014-05-12 23:13 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-10-14 16:17 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\Help 2017-10-14 15:37 - 2013-12-10 11:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-10-13 22:40 - 2013-11-19 23:41 - 000000000 ____D C:\ProgramData\AMD 2017-10-13 00:01 - 2013-12-07 21:44 - 000000000 ____D C:\Users\eclips\AppData\Roaming\Malwarebytes 2017-10-13 00:01 - 2013-12-07 21:43 - 000000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2017-10-13 00:00 - 2013-11-19 21:24 - 000000000 ____D C:\ProgramData\TuneUp Software ==================== Files in the root of some directories ======= 2014-01-04 21:14 - 2014-01-04 21:14 - 001615904 ____R () C:\Users\eclips\AppData\Local\ASbs.ac 2014-05-12 11:02 - 2014-05-12 11:02 - 000585728 _____ () C:\Users\eclips\AppData\Local\file__0.localstorage 2013-11-19 22:07 - 2013-11-19 22:07 - 000000017 ____R () C:\Users\eclips\AppData\Local\resmon.resmoncfg 2014-09-14 20:59 - 2014-09-15 21:08 - 010807116 _____ () C:\ProgramData\OfflineCatalogue_1_2014_TECDOC_CD.log 2014-09-14 21:05 - 2014-09-14 21:05 - 000006106 _____ () C:\ProgramData\UninstallOfflineCatalogue.log Some files in TEMP: ==================== 2014-09-15 19:44 - 2011-02-11 18:36 - 023454528 ____N ( ) C:\Users\eclips\AppData\Local\Temp\AdbeRdr_en_US.exe 2014-09-07 14:19 - 2014-09-07 14:19 - 007850088 _____ (Microsoft Corporation) C:\Users\eclips\AppData\Local\Temp\BingBarSetup-Partner.exe 2017-10-13 22:07 - 2017-10-13 22:07 - 016739360 _____ () C:\Users\eclips\AppData\Local\Temp\BitBEFB.tmp.exe 2017-10-14 18:40 - 2017-10-14 18:40 - 000043008 _____ () C:\Users\eclips\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprkbc9q.dll 2014-01-31 06:29 - 2014-01-31 06:29 - 000341120 _____ (Gretech Corporation) C:\Users\eclips\AppData\Local\Temp\ExPromo.exe 2014-07-01 12:48 - 2014-09-29 20:15 - 000035224 _____ () C:\Users\eclips\AppData\Local\Temp\i4jdel0.exe 2014-07-28 08:15 - 2014-07-28 08:15 - 000918440 _____ (Oracle Corporation) C:\Users\eclips\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe 2017-09-08 19:04 - 2017-09-08 19:04 - 001856576 _____ (Oracle Corporation) C:\Users\eclips\AppData\Local\Temp\jre-8u151-windows-au.exe 2014-07-29 18:48 - 2014-07-29 18:48 - 000021888 _____ () C:\Users\eclips\AppData\Local\Temp\ochelper.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-10-18 20:24 ==================== End of FRST.txt ============================  
        Addition.txt
      • от Rada Beliata
        Здравейте, тази сутрин, отваряйки си компа установих, че се е самонастанила непоискана от мен търсачка Bing мястото на стандартния ми Google. Не зная да не би проблема да е по-голям и за това не пробвам да я чистя , а директно пускам тук файловете от сканирането:
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
        Ran by User (administrator) on USER-PC (06-11-2017 14:32:42)
        Running from C:\Users\User\Desktop
        Loaded Profiles: User (Available Profiles: User & Guest)
        Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
        Internet Explorer Version 11 (Default browser: Chrome)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
        (AMD) C:\Windows\System32\atiesrxx.exe
        (AMD) C:\Windows\System32\atieclxx.exe
        (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
        (Microsoft Corporation) C:\Windows\System32\wlanext.exe
        (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
        (Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
        () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
        (Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
        (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
        (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
        (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
        (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
        (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
        (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe
        (Viber Media S.à r.l.) C:\Users\User\AppData\Local\Viber\Viber.exe
        (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
        (© 2015 Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe
        (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
        (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
        (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
        (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
        () C:\Program Files (x86)\SoundTouch\SoundTouchHelper\SoundTouchHelper.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Bose Corporation) C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Microsoft Corporation) C:\Windows\System32\dllhost.exe
        ==================== Registry (Whitelisted) ===========================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-16] (Dell Inc.)
        HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
        HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
        HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
        HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [1836328 2007-09-20] (Nero AG)
        HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1611160 2011-03-28] (CANON INC.)
        HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-20] (Wondershare)
        HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
        HKLM-x32\...\Run: [SoundTouchHelper] => C:\Program Files (x86)\SoundTouch\SoundTouchHelper\SoundTouchHelper.exe [952832 2017-09-18] ()
        HKLM-x32\...\Run: [SoundTouch Music Server] => C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.lnk [2172 2017-09-26] ()
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [googletalk] => C:\Users\User\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-30] (Google Inc.)
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2007-09-20] (Nero AG)
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\User\AppData\Local\Akamai\netsession_win.exe"
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [Viber] => C:\Users\User\AppData\Local\Viber\Viber.exe [38871120 2017-10-24] (Viber Media S.à r.l.)
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [BingSvc] => C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Policies\Explorer: [] 
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\MountPoints2: {b89e904f-c580-11e0-ae91-806e6f6e6963} - E:\setup.exe
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
        Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
        Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
        Tcpip\..\Interfaces\{61285D62-0825-4C6A-8F7B-F187EF6B7C4E}: [DhcpNameServer] 192.168.0.1
        Tcpip\..\Interfaces\{BEC2B3B5-8A62-4C8D-947B-942060F59681}: [NameServer] 10.250.238.3 10.250.238.4
        Tcpip\..\Interfaces\{E2C5FBF5-BC9E-4F83-8514-C9EC7DB41090}: [DhcpNameServer] 192.168.1.1
        Internet Explorer:
        ==================
        HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
        HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
        SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
        SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
        SearchScopes: HKU\.DEFAULT -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
        SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
        SearchScopes: HKU\S-1-5-21-2108872990-2365937994-3429966836-1000 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ADFA_en
        SearchScopes: HKU\S-1-5-21-2108872990-2365937994-3429966836-1000 -> {01331362-9AB4-4EF8-B80F-17A753AABA26} URL = hxxps://www.google.com/search?q={searchTerms}
        SearchScopes: HKU\S-1-5-21-2108872990-2365937994-3429966836-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ADFA_en
        BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
        BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
        BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-08-19] (Oracle Corporation)
        Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
        DPF: HKLM-x32 {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://e-fibank.bg/EBank/CAPICOM/capicom.cab
        DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
        Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)
        FireFox:
        ========
        FF DefaultProfile: 0nh7i0xu.default-1396792165575
        FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 [2017-10-19]
        FF DefaultSearchEngine: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> Bing 
        FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> Bing 
        FF SelectedSearchEngine: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> Bing 
        FF Homepage: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=en-us
        hxxps://www.malwarebytes.org/restorebrowser//?u=10b253f49536d7c82625e2601c9d32eb&c=1000_2&src=hp&inst=1471229042
        FF Keyword.URL: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q=
        FF Extension: (Bing Search) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575\Extensions\bingsearch.full@microsoft.com.xpi [2017-09-10]
        FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575\searchplugins\bing-.xml [2017-09-10]
        FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575\searchplugins\google-.xml [2016-05-02]
        FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
        FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
        FF Plugin-x32: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-08-19] (Oracle Corporation)
        FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\new_plugin\npjp2.dll [No File]
        FF Plugin-x32: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-08-19] (Oracle Corporation)
        FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
        FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
        FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
        FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
        FF Plugin HKU\S-1-5-21-2108872990-2365937994-3429966836-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
        FF Plugin HKU\S-1-5-21-2108872990-2365937994-3429966836-1000: @talk.google.com/O1DPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
        FF Plugin HKU\S-1-5-21-2108872990-2365937994-3429966836-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
        FF Plugin HKU\S-1-5-21-2108872990-2365937994-3429966836-1000: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
        FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
        FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
        FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
        FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
        Chrome: 
        =======
        CHR DefaultProfile: Profile 1
        CHR HomePage: Profile 1 -> msn.com
        CHR StartupUrls: Profile 1 -> "hxxp://www.google.com"
        CHR NewTab: Profile 1 ->  Active:"chrome-extension://fcfenmboojpjinhpgggodefccipikbpd/newTab.html", Not-active:"chrome-extension://mallpejgeafdahhflmliiahjdpgbegpk/stubby.html"
        CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-07-03]
        CHR Extension: (Google Translate) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-20]
        CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
        CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
        CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
        CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-07]
        CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
        CHR Extension: (Dropbox for Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-01-31]
        CHR Extension: (Email Game) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehbobaphhmjpchjknfpcnlhcbkjbclge [2015-07-19]
        CHR Extension: (Gmail Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-07-19]
        CHR Extension: (Google Calendar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-14]
        CHR Extension: (Dnevnik.bg) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgpgbimpbapjogkgkgmdkcdimopnnljb [2015-07-19]
        CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
        CHR Extension: (Pin It Button) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-24]
        CHR Extension: (Facebook Invite All) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2016-01-31]
        CHR Extension: (Download Master) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf [2016-01-31]
        CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
        CHR Extension: (MultiHighlighter) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifbglmlbpgpbflnkfpclkmckoollbn [2015-09-04]
        CHR Extension: (OokiCookie) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjmnhgnkikbajikhhbplekfmljhdhjm [2015-07-19]
        CHR Extension: (word highlight) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooabkmkhabkahcjbgpiajffckeibpdoa [2015-07-19]
        CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
        CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-03]
        CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-11-06]
        CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
        CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
        CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-02]
        CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-20]
        CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-02]
        CHR Extension: (Adobe Acrobat) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-26]
        CHR Extension: (Bing) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-11-06]
        CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
        CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
        CHR Extension: (FromDocToPDF) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2017-11-05]
        CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
        CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-30]
        CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-29]
        CHR Extension: (10b253f49536d7c82625e2601c9d32eb_2) - C:\Program Files (x86)\Google\Chrome\Application\10b253f49536d7c82625e2601c9d32eb_2 [2016-08-18]
        CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-03]
        CHR HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
        CHR HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
        S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-04-12] (Macrovision Europe Ltd.) [File not signed]
        R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
        R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
        R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
        R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
        R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-09-20] (Nero AG)
        R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
        S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
        R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-16] (Dell Inc.) [File not signed]
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [46960 2016-08-20] ()
        R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
        R1 MpKsl1dabfb16; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B742210-A60B-40E6-8C1C-30273624352C}\MpKsl1dabfb16.sys [58120 2017-11-06] (Microsoft Corporation)
        R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
        S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
        S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
        S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
        S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
        S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
        S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
        S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
        S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
        S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-11-06 14:32 - 2017-11-06 14:36 - 000022793 _____ C:\Users\User\Desktop\FRST.txt
        2017-11-06 14:32 - 2017-11-06 14:32 - 000000000 ____D C:\FRST
        2017-11-06 14:31 - 2017-11-06 14:31 - 002403328 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
        2017-10-29 13:08 - 2017-10-29 13:09 - 000000000 ____D C:\Users\User\AppData\Local\Viber
        2017-10-26 21:08 - 2017-10-26 21:08 - 000182233 _____ C:\Users\User\Desktop\Гръбначните изкривявания - Част VI_ Загуба на шийна лордоза (Forward Head Posture syndrome) _ Любомир Иванов.html
        2017-10-26 21:08 - 2017-10-26 21:08 - 000000000 ____D C:\Users\User\Desktop\Гръбначните изкривявания - Част VI_ Загуба на шийна лордоза (Forward Head Posture syndrome) _ Любомир Иванов_files
        2017-10-17 10:55 - 2017-10-17 10:55 - 000136163 _____ C:\Users\User\Desktop\Актуална цена за присъединяване.pdf
        2017-10-12 20:26 - 2017-10-12 20:26 - 000056320 _____ C:\Users\User\Desktop\Таксуване (1).xls
        2017-10-12 19:09 - 2017-10-12 19:09 - 000056320 _____ C:\Users\User\Desktop\Таксуване.xls
        2017-10-11 21:32 - 2017-09-13 17:33 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
        2017-10-11 21:32 - 2017-09-13 17:32 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
        2017-10-11 21:32 - 2017-09-13 17:32 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
        2017-10-11 21:32 - 2017-09-13 17:32 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
        2017-10-11 21:32 - 2017-09-13 17:32 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
        2017-10-11 21:32 - 2017-09-13 17:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000886272 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000448512 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
        2017-10-11 21:32 - 2017-09-13 17:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
        2017-10-11 21:32 - 2017-09-13 17:10 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:05 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
        2017-10-11 21:32 - 2017-09-13 17:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
        2017-10-11 21:32 - 2017-09-13 17:00 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
        2017-10-11 21:32 - 2017-09-13 17:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
        2017-10-11 21:32 - 2017-09-13 17:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
        2017-10-11 21:32 - 2017-09-13 16:57 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
        2017-10-11 21:32 - 2017-09-13 16:56 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
        2017-10-11 21:32 - 2017-09-13 16:53 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
        2017-10-11 21:32 - 2017-09-13 16:53 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
        2017-10-11 21:32 - 2017-09-13 16:53 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
        2017-10-11 21:32 - 2017-09-13 16:52 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
        2017-10-11 21:32 - 2017-09-13 16:52 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
        2017-10-11 21:32 - 2017-09-13 16:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
        2017-10-11 21:32 - 2017-09-13 16:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
        2017-10-11 21:32 - 2017-09-13 16:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
        2017-10-11 21:32 - 2017-09-13 16:46 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
        2017-10-11 21:32 - 2017-09-13 16:46 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
        2017-10-11 21:32 - 2017-09-13 16:46 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 16:46 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 16:46 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 16:46 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 16:46 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
        2017-10-11 21:32 - 2017-09-09 02:45 - 000395984 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
        2017-10-11 21:32 - 2017-09-09 01:47 - 000347344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
        2017-10-11 21:32 - 2017-09-08 17:34 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
        2017-10-11 21:32 - 2017-09-08 17:30 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
        2017-10-11 21:32 - 2017-09-08 17:14 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
        2017-10-11 21:32 - 2017-09-08 17:13 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
        2017-10-11 21:32 - 2017-09-08 17:13 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
        2017-10-11 21:32 - 2017-09-08 17:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
        2017-10-11 21:32 - 2017-09-08 17:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
        2017-10-11 21:32 - 2017-09-08 17:10 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
        2017-10-11 21:32 - 2017-09-08 17:10 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
        2017-10-11 21:32 - 2017-09-08 17:00 - 003222016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
        2017-10-11 21:32 - 2017-09-08 17:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
        2017-10-11 21:32 - 2017-09-08 17:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
        2017-10-11 21:32 - 2017-09-08 16:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
        2017-10-11 21:32 - 2017-09-08 16:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
        2017-10-11 21:32 - 2017-09-08 16:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
        2017-10-11 21:32 - 2017-09-08 16:20 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
        2017-10-11 21:32 - 2017-09-08 16:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
        2017-10-11 21:32 - 2017-09-07 23:38 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
        2017-10-11 21:32 - 2017-09-07 23:37 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
        2017-10-11 21:32 - 2017-09-07 23:19 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
        2017-10-11 21:32 - 2017-09-07 23:18 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
        2017-10-11 21:32 - 2017-09-07 23:18 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
        2017-10-11 21:32 - 2017-09-07 23:17 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
        2017-10-11 21:32 - 2017-09-07 23:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
        2017-10-11 21:32 - 2017-09-07 23:15 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
        2017-10-11 21:32 - 2017-09-07 23:08 - 025729536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
        2017-10-11 21:32 - 2017-09-07 23:08 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
        2017-10-11 21:32 - 2017-09-07 23:07 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
        2017-10-11 21:32 - 2017-09-07 23:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
        2017-10-11 21:32 - 2017-09-07 23:01 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
        2017-10-11 21:32 - 2017-09-07 23:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
        2017-10-11 21:32 - 2017-09-07 23:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
        2017-10-11 21:32 - 2017-09-07 23:00 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
        2017-10-11 21:32 - 2017-09-07 22:52 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
        2017-10-11 21:32 - 2017-09-07 22:48 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
        2017-10-11 21:32 - 2017-09-07 22:40 - 005982208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
        2017-10-11 21:32 - 2017-09-07 22:39 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
        2017-10-11 21:32 - 2017-09-07 22:38 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
        2017-10-11 21:32 - 2017-09-07 22:37 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
        2017-10-11 21:32 - 2017-09-07 22:33 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
        2017-10-11 21:32 - 2017-09-07 22:32 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
        2017-10-11 21:32 - 2017-09-07 22:29 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
        2017-10-11 21:32 - 2017-09-07 22:27 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
        2017-10-11 21:32 - 2017-09-07 22:13 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
        2017-10-11 21:32 - 2017-09-07 22:10 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
        2017-10-11 21:32 - 2017-09-07 22:10 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
        2017-10-11 21:32 - 2017-09-07 22:08 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
        2017-10-11 21:32 - 2017-09-07 22:08 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
        2017-10-11 21:32 - 2017-09-07 21:44 - 015262720 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
        2017-10-11 21:32 - 2017-09-07 21:40 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
        2017-10-11 21:32 - 2017-09-07 21:27 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
        2017-10-11 21:32 - 2017-09-07 21:27 - 001548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
        2017-10-11 21:32 - 2017-09-07 21:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
        2017-10-11 21:32 - 2017-09-07 21:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
        2017-10-11 21:32 - 2017-09-07 21:10 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
        2017-10-11 21:32 - 2017-09-07 21:10 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
        2017-10-11 21:32 - 2017-09-07 21:10 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
        2017-10-11 21:32 - 2017-09-07 21:09 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
        2017-10-11 21:32 - 2017-09-07 21:04 - 020267008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
        2017-10-11 21:32 - 2017-09-07 21:03 - 002292736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
        2017-10-11 21:32 - 2017-09-07 21:03 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
        2017-10-11 21:32 - 2017-09-07 21:02 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
        2017-10-11 21:32 - 2017-09-07 20:59 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
        2017-10-11 21:32 - 2017-09-07 20:58 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
        2017-10-11 21:32 - 2017-09-07 20:58 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
        2017-10-11 21:32 - 2017-09-07 20:58 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
        2017-10-11 21:32 - 2017-09-07 20:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
        2017-10-11 21:32 - 2017-09-07 20:44 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
        2017-10-11 21:32 - 2017-09-07 20:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
        2017-10-11 21:32 - 2017-09-07 20:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
        2017-10-11 21:32 - 2017-09-07 20:40 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
        2017-10-11 21:32 - 2017-09-07 20:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
        2017-10-11 21:32 - 2017-09-07 20:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
        2017-10-11 21:32 - 2017-09-07 20:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
        2017-10-11 21:32 - 2017-09-07 20:29 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
        2017-10-11 21:32 - 2017-09-07 20:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
        2017-10-11 21:32 - 2017-09-07 20:26 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
        2017-10-11 21:32 - 2017-09-07 20:25 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
        2017-10-11 21:32 - 2017-09-07 20:25 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
        2017-10-11 21:32 - 2017-09-07 20:17 - 013677568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
        2017-10-11 21:32 - 2017-09-07 20:01 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
        2017-10-11 21:32 - 2017-09-07 19:57 - 001316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
        2017-10-11 21:32 - 2017-09-07 19:57 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
        2017-10-11 21:32 - 2017-09-07 17:31 - 002851328 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
        2017-10-11 21:32 - 2017-09-07 17:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
        2017-10-11 21:32 - 2017-09-07 16:55 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
        2017-10-11 21:32 - 2017-09-07 16:55 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
        2017-10-11 21:32 - 2017-09-07 16:55 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
        2017-10-11 21:32 - 2017-08-19 17:28 - 004121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
        2017-10-11 21:32 - 2017-08-19 17:28 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
        2017-10-11 21:32 - 2017-08-19 17:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
        2017-10-11 21:32 - 2017-08-19 17:10 - 003209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
        2017-10-11 21:32 - 2017-08-19 17:10 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
        2017-10-11 21:32 - 2017-08-19 17:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
        2017-10-11 21:32 - 2017-08-19 17:08 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
        2017-10-11 21:32 - 2017-08-19 17:08 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
        2017-10-11 21:32 - 2017-08-19 16:57 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
        2017-10-11 21:32 - 2017-08-19 16:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
        2017-10-11 21:32 - 2017-08-14 19:35 - 001032192 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
        2017-10-11 21:32 - 2017-08-14 19:35 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
        2017-10-11 21:32 - 2017-08-14 19:35 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
        2017-10-11 21:32 - 2017-08-13 23:45 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-11-06 14:26 - 2015-06-24 14:51 - 000000000 ____D C:\Users\User\Documents\ViberDownloads
        2017-11-06 14:26 - 2011-04-12 10:47 - 000000000 ____D C:\Users\User\AppData\Roaming\Skype
        2017-11-06 14:17 - 2011-05-26 17:50 - 000001004 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2108872990-2365937994-3429966836-1000UA.job
        2017-11-06 13:32 - 2009-07-14 06:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
        2017-11-06 13:32 - 2009-07-14 06:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
        2017-11-06 13:22 - 2009-07-14 07:13 - 000785786 _____ C:\Windows\system32\PerfStringBackup.INI
        2017-11-06 13:22 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
        2017-11-06 13:20 - 2016-04-14 22:13 - 000000000 ____D C:\Users\User\AppData\Roaming\ViberPC
        2017-11-06 13:17 - 2016-03-27 23:35 - 000065536 _____ C:\Windows\system32\Ikeext.etl
        2017-11-06 13:17 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
        2017-11-05 18:17 - 2011-05-26 17:50 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2108872990-2365937994-3429966836-1000Core.job
        2017-11-05 10:53 - 2017-04-13 22:27 - 000000000 ___RD C:\Program Files (x86)\Skype
        2017-11-05 10:53 - 2011-04-12 10:46 - 000000000 ____D C:\ProgramData\Skype
        2017-11-05 10:47 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\tracing
        2017-10-31 11:15 - 2011-04-12 20:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer
        2017-10-26 19:48 - 2017-07-25 10:39 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
        2017-10-25 19:32 - 2017-07-22 20:42 - 000000000 ____D C:\Users\User\AppData\Roaming\SoundTouch
        2017-10-25 19:32 - 2017-07-22 20:41 - 000000000 ____D C:\Program Files (x86)\SoundTouch
        2017-10-24 15:23 - 2013-01-16 17:48 - 000000000 ____D C:\ProgramData\CanonIJPLM
        2017-10-19 09:39 - 2016-12-19 08:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
        2017-10-19 09:39 - 2016-12-05 20:28 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
        2017-10-12 17:12 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache
        2017-10-12 16:22 - 2009-07-14 06:45 - 002338848 _____ C:\Windows\system32\FNTCACHE.DAT
        2017-10-11 22:02 - 2011-04-12 11:16 - 000762140 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
        ==================== Files in the root of some directories =======
        2011-07-27 22:59 - 2011-07-27 22:59 - 000000000 ____H () C:\Users\User\AppData\Local\BIT7DB1.tmp
        2011-11-10 16:05 - 2011-11-10 16:05 - 000004096 ____H () C:\Users\User\AppData\Local\keyfile3.drm
        2011-07-27 22:59 - 2011-07-27 22:59 - 000000000 _____ () C:\Users\User\AppData\Local\{BE08E1F6-7B92-4E51-B565-F383E741847C}
        2011-07-28 14:34 - 2011-07-28 14:35 - 000000000 _____ () C:\Users\User\AppData\Local\{D390E0A7-E0A7-4120-9348-F90CD935A202}
        2011-04-12 12:27 - 2011-04-12 12:27 - 000000056 ____H () C:\ProgramData\ezsidmv.dat
        2016-03-12 22:11 - 2016-03-12 22:11 - 000000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
        Some files in TEMP:
        ====================
        2017-09-10 14:36 - 2017-09-10 14:36 - 001118360 _____ (© 2015 Microsoft Corporation) C:\Users\User\AppData\Local\Temp\BSvcProcessor.exe
        2017-09-10 14:36 - 2017-09-10 14:36 - 000170128 _____ (© 2015 Microsoft Corporation) C:\Users\User\AppData\Local\Temp\BSvcUpdater.exe
        2017-08-05 17:18 - 2017-10-06 16:51 - 058881488 _____ (Skype Technologies S.A.) C:\Users\User\AppData\Local\Temp\SkypeSetup.exe
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\SysWOW64\wininit.exe => File is digitally signed
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\SysWOW64\explorer.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\SysWOW64\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\SysWOW64\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\SysWOW64\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-10-31 11:55
        ==================== End of FRST.txt ============================
         
        Благодаря предваротелно за съдействието
         
        Addition.txt
      • от N1K17Y
        Теглих съмнителни торенти и мисля, че системата ми е заразена 
         
        Addition.txt
      • от Wrath
        Добър ден ! Днес забелязах, че имам чужди опити за логини във всичките си абв акаунти. От Нидерландия, Алжир, Оман и така нататък. Верятно да е фалшвиш ип адрес, но винаги има все пак.  Опитите за влизане са несполучливи понеже няма как да ми улучат паролата , но все пак се притесних. Ще съм супер благодарен за малко помощ ! 
        Addition.txt
        FRST.txt
    • Разглеждащи в момента   0 потребители

      Няма регистрирани потребители разглеждащи тази страница.

    • Дарение

    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.