Премини към съдържанието

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

S0S

Съмнения за заразен лаптоп

Препоръчан отговор


Здравейте !!! От известно време имам проблеми с лаптопа ми. Значи става въпрос за това, като отварям страници с Експлорер и ми се отварят други нежелани уеб страницни, някой път са на китайки език (за езика не съм на 100 % сигурен че е китайки), също така друг проблем е когато искам да влезна в пощата си в абв и когато натисна да си напиша името, и тогава пак ми излизат такива страници и изобщо не ми дава маркера за да си напиша името и паролата.

Лаптопа е HP Pavilion g6 , 4GB Ram, 750 HDD, B960 - procesor.

Windows Home Premium ми е операционната система, която е оригинална и карам с нея 2 години.

Общо взето това е , ако имате въпроси ще отговоря в последствие. Благодаря много :)

Ето ги и лог файловете:

 

DDS

 

DDS (Ver_2011-09-30.01) - NTFS_AMD64 Internet Explorer: 9.10.9200.16635 Run by Dzhemal at 14:51:29 on 2013-07-22 Microsoft Windows 7 Home Premium 6.1.7601.1.1251.359.1033.18.4044.2405 [GMT 3:00] . AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:Windowssystem32wininit.exe C:Windowssystem32lsm.exe C:Windowssystem32svchost.exe -k DcomLaunch C:Program Files (x86)IObitAdvanced SystemCare 6ASCService.exe C:Windowssystem32svchost.exe -k RPCSS C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted C:Program Files (x86)Software Platesvcgdp.exe C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted C:Windowssystem32svchost.exe -k LocalService C:Windowssystem32svchost.exe -k netsvcs C:Program FilesIDTWDMSTacSV64.exe C:Windowssystem32svchost.exe -k GPSvcGroup C:Windowssystem32svchost.exe -k NetworkService C:WindowsSystem32spoolsv.exe C:Windowssystem32svchost.exe -k LocalServiceNoNetwork C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe C:Program Files (x86)Common FilesDeviceHelperDeviceManager.exe C:WindowsSysWOW64ezSharedSvcHost.exe C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe C:Program Files (x86)Norton Internet SecurityEngine19.9.1.14ccSvcHst.exe C:Program Files (x86)MicrosoftBingBarSeaPort.EXE C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe C:Program Files (x86)SafeIPSafeIPs.exe C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe C:Windowssystem32SearchIndexer.exe C:Windowssystem32taskhost.exe C:Program Files (x86)Norton Internet SecurityEngine19.9.1.14ccSvcHst.exe C:Windowssystem32Dwm.exe C:WindowsExplorer.EXE C:Program FilesSynapticsSynTPSynTPEnh.exe C:Program FilesIDTWDMsttray64.exe C:Program FilesWindows Sidebarsidebar.exe C:Program Files (x86)IObitAdvanced SystemCare 6ASCTray.exe C:Program Files (x86)SkypePhoneSkype.exe C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe C:Program Files (x86)Hewlett-PackardHP Connection ManagerhpConnectionManager.exe C:Program Files (x86)Winampwinampa.exe C:Program Files (x86)VIVACOM 3G USB MODEMModemListener.exe C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe C:Program FilesSynapticsSynTPSynTPHelper.exe C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe C:Windowssystem32wbemwmiprvse.exe C:Windowssystem32taskeng.exe C:Program Files (x86)CyberLinkYouCamYCMMirage.exe C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe C:Program Files (x86)Hewlett-PackardHP Connection ManagerhpCMSrv.exe C:Program Files (x86)uTorrentuTorrent.exe C:Program Files (x86)VIVACOM 3G USB MODEMHspa USB Modem.exe C:Program Files (x86)Smiley Bar for FacebookPropertySync.exe C:Windowssystem32MacromedFlashFlashUtil64_11_1_102_ActiveX.exe C:Windowssystem32wbemwmiprvse.exe C:WindowsSystem32WUDFHost.exe C:Program FilesInternet Exploreriexplore.exe C:Program Files (x86)Internet ExplorerIEXPLORE.EXE C:Program Files (x86)Internet ExplorerIEXPLORE.EXE C:WindowsSystem32MsSpellCheckingFacility.exe C:Windowssystem32conhost.exe C:WindowsSystem32cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:Program Files (x86)BS_PlayerprxtbBS_P.dll mURLSearchHooks: Winamp Toolbar Search Class: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:Program Files (x86)Winamp Toolbarwinamptb.dll mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:Program Files (x86)uTorrentBarprxtbuTor.dll mURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:Program Files (x86)MyAshampootbMyAs.dll mURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:Program Files (x86)BS_PlayerprxtbBS_P.dll mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:Program Files (x86)Winamp Toolbarwinamptb.dll BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:Program Files (x86)BabylonToolbarBabylonToolbar1.5.3.17bhBabylonToolbar.dll BHO: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:Program Files (x86)ConduitEngineprxConduitEngin.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program Files (x86)Norton Internet SecurityEngine19.9.1.14coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:Program Files (x86)Norton Internet SecurityEngine19.9.1.14ipsipsbho.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll BHO: Smiley Bar for Facebook: {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - C:Program Files (x86)Smiley Bar for FacebookScriptHost.dll BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:Program Files (x86)MyAshampootbMyAs.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:Program Files (x86)IObitAdvanced SystemCare 6BrowerProtectASCPlugin_Protection.dll BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:Program Files (x86)uTorrentBarprxtbuTor.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll BHO: Proxy Help: {F386E548-C533-472E-8C61-C026FB14FEB9} - C:WindowsSysWOW64Newtabs_22find.dll BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:Program Files (x86)BS_PlayerprxtbBS_P.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Internet SecurityEngine19.9.1.14coieplg.dll TB: BS Player Toolbar: {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:Program Files (x86)BS_PlayerprxtbBS_P.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:Program Files (x86)uTorrentBarprxtbuTor.dll TB: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:Program Files (x86)ConduitEngineprxConduitEngin.dll TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:Program Files (x86)Winamp Toolbarwinamptb.dll TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:Program Files (x86)MyAshampootbMyAs.dll TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:Program Files (x86)BabylonToolbarBabylonToolbar1.5.3.17BabylonToolbarTlbr.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Internet SecurityEngine19.9.1.14coieplg.dll TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:Program Files (x86)BS_PlayerprxtbBS_P.dll uRun: [Google Update] "C:UsersDzhemalAppDataLocalGoogleUpdateGoogleUpdate.exe" /c uRun: [sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun uRun: [Advanced SystemCare 6] "C:Program Files (x86)IObitAdvanced SystemCare 6ASCTray.exe" /AutoStart uRun: [skype] "C:Program Files (x86)SkypePhoneSkype.exe" /minimized /regrun uRun: [GoogleDriveSync] "C:Program Files (x86)GoogleDrivegoogledrivesync.exe" /autostart uRunOnce: [FlashPlayerUpdate] C:WindowsSystem32MacromedFlashFlashUtil64_11_1_102_ActiveX.exe -update activex mRun: [iAStorIcon] C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe mRun: [HPConnectionManager] C:Program Files (x86)Hewlett-PackardHP Connection ManagerHPCMDelayStart.exe mRun: [Easybits Recovery] C:Program Files (x86)EasyBits For KidsezRecover.exe mRun: [WinampAgent] "C:Program Files (x86)Winampwinampa.exe" mRun: [ModemListener] C:Program Files (x86)VIVACOM 3G USB MODEMModemListener.exe start mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe" mRun: [HPOSD] C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe mRun: [HP Quick Launch] C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: EnableShellExecuteHooks = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckNCLauncherFromIE.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:Program Files (x86)EvernoteEvernoteEvernoteIE.dll/204 LSP: C:WindowsSystem32SafeIPs.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: Interfaces{076D2BED-0D24-460C-918E-196FE4EEA97E} : DHCPNameServer = 192.168.1.1 TCP: Interfaces{076D2BED-0D24-460C-918E-196FE4EEA97E}1417E637B696 : DHCPNameServer = 192.168.2.1 TCP: Interfaces{076D2BED-0D24-460C-918E-196FE4EEA97E}354716D42633475502940786F6E656 : DHCPNameServer = 172.30.139.17 172.30.140.69 TCP: Interfaces{076D2BED-0D24-460C-918E-196FE4EEA97E}4596D6566796D2144435C4 : DHCPNameServer = 192.168.1.1 TCP: Interfaces{076D2BED-0D24-460C-918E-196FE4EEA97E}84F64756C6F52516A7C6F676F553 : DHCPNameServer = 192.168.66.1 TCP: Interfaces{076D2BED-0D24-460C-918E-196FE4EEA97E}D4562796461633 : DHCPNameServer = 212.39.90.42 212.39.90.43 TCP: Interfaces{076D2BED-0D24-460C-918E-196FE4EEA97E}D494C4C454E49455D4 : DHCPNameServer = 212.39.90.42 8.8.8.8 TCP: Interfaces{081680D8-998A-4C20-B247-3A6FC448AA3D} : DHCPNameServer = 194.141.86.3 194.141.0.3 194.141.0.4 TCP: Interfaces{3CD6BAB7-D4B1-470B-ACCE-77332F076F19} : NameServer = 212.39.90.42 212.39.90.43 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program Files (x86)Common FilesSkypeSkype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:WindowsSysWOW64ezUPBHook.dll LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet Explorer x64skypeieplugin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll x64-Run: [igfxTray] C:WindowsSystem32igfxtray.exe x64-Run: [HotKeysCmds] C:WindowsSystem32hkcmd.exe x64-Run: [Persistence] C:WindowsSystem32igfxpers.exe x64-Run: [synTPEnh] C:Program Files (x86)SynapticsSynTPSynTPEnh.exe x64-Run: [sysTrayApp] C:Program FilesIDTWDMsttray64.exe x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorer x64skypeieplugin.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorer x64skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 ifrhgnqeeotnzrmz.ru tgp.buzzsession.com upgrade.questscantwo.com images.specialnetoffer.com boldchat.com viqrzfvi.freewww.biz scrooge.nbcsandiego.com ptichka.ru ads.bleepingcomputer.com . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:WindowsSystem32driversNISx641309010.00Esymds64.sys [2013-2-6 451192] R0 SymEFA;Symantec Extended File Attributes;C:WindowsSystem32driversNISx641309010.00Esymefa64.sys [2013-2-6 1129120] R1 BHDrvx64;BHDrvx64;C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.8.0.14DefinitionsBASHDefs20130715.001BHDrvx64.sys [2013-7-17 1393240] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:WindowsSystem32driversNISx641309010.00Eccsetx64.sys [2013-2-6 167072] R1 IDSVia64;IDSVia64;C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.8.0.14DefinitionsIPSDefs20130719.002IDSviA64.sys [2013-7-19 513184] R1 SymIRON;Symantec Iron Driver;C:WindowsSystem32driversNISx641309010.00Eironx64.sys [2013-2-6 190072] R1 SymNetS;Symantec Network Security WFP Driver;C:WindowsSystem32driversNISx641309010.00Esymnets.sys [2013-2-6 405624] R1 vwififlt;Virtual WiFi Filter Driver;C:WindowsSystem32driversvwififlt.sys [2009-7-14 59904] R2 AdobeARMservice;Adobe Acrobat Update Service;C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-1-3 63928] R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:Program Files (x86)IObitAdvanced SystemCare 6ASCService.exe [2012-12-24 464256] R2 DeviceManager;DeviceManager;C:Program Files (x86)Common FilesDeviceHelperDeviceManager.exe -start --> C:Program Files (x86)Common FilesDeviceHelperDeviceManager.exe -start [?] R2 ezSharedSvc;Easybits Services for Windows;C:WindowsSystem32ezSharedSvcHost.exe --> C:WindowsSystem32ezSharedSvcHost.exe [?] R2 HP Support Assistant Service;HP Support Assistant Service;C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSA_Service.exe [2012-9-27 86528] R2 HPClientSvc;HP Client Services;C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe [2010-8-6 291896] R2 HPWMISVC;HPWMISVC;C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe [2012-3-5 35200] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe [2011-5-30 13336] R2 IconMan_R;IconMan_R;C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe [2011-5-30 2372096] R2 NIS;Norton Internet Security;C:Program Files (x86)Norton Internet SecurityEngine19.9.1.14ccsvchst.exe [2013-2-6 138272] R2 svcgdp;software services;C:Program Files (x86)Software Platesvcgdp.exe [2012-8-18 224416] R2 UNS;Intel® Management and Security Application User Notification Service;C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2011-5-30 2656280] R3 clwvd;CyberLink WebCam Virtual Driver;C:WindowsSystem32driversclwvd.sys [2010-7-28 31088] R3 hpCMSrv;HP Connection Manager 4.0 Service;C:Program Files (x86)Hewlett-PackardHP Connection ManagerhpCMSrv.exe [2011-2-16 1071160] R3 IntcDAud;Intel® Display Audio;C:WindowsSystem32driversIntcDAud.sys [2011-4-12 317440] R3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;C:WindowsSystem32driversjrdusbser.sys [2011-12-14 119680] R3 MEIx64;Intel® Management Engine Interface;C:WindowsSystem32driversHECIx64.sys [2010-10-20 56344] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:WindowsSystem32driversnetr28x.sys [2011-5-30 1860672] R3 RTL8167;Realtek 8167 NT Driver;C:WindowsSystem32driversRt64win7.sys [2013-1-9 565352] R3 SafeIPS;SafeIPS;C:Program Files (x86)SafeIPSafeIPS.exe [2012-12-26 3797184] S2 gupdate;Услуга на Google Актуализация (gupdate);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2012-8-18 116648] S2 SkypeUpdate;Skype Updater;C:Program Files (x86)SkypeUpdaterUpdater.exe [2013-1-8 161536] S3 BBSvc;Bing Bar Update Service;C:Program Files (x86)MicrosoftBingBarBBSvc.EXE [2011-3-2 183560] S3 GamesAppService;GamesAppService;C:Program Files (x86)WildTangent GamesAppGamesAppService.exe [2010-10-12 206072] S3 gupdatem;Услуга на Google Актуализация (gupdatem);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2012-8-18 116648] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:WindowsSystem32driversrdpvideominiport.sys [2012-12-15 19456] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:WindowsSystem32driversRtsPStor.sys [2011-5-30 335464] S3 SrvHsfHDA;SrvHsfHDA;C:WindowsSystem32driversVSTAZL6.SYS [2009-7-14 292864] S3 SrvHsfV92;SrvHsfV92;C:WindowsSystem32driversVSTDPV6.SYS [2009-7-14 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:WindowsSystem32driversVSTCNXT6.SYS [2009-7-14 740864] S3 TsUsbFlt;TsUsbFlt;C:WindowsSystem32driversTsUsbFlt.sys [2012-12-15 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:WindowsSystem32driversTsUsbGD.sys [2012-12-15 30208] S3 WatAdminSvc;Windows Activation Technologies Service;C:WindowsSystem32WatWatAdminSvc.exe [2012-8-18 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:Program FilesWindows LiveMeshwlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2013-07-20 01:09:38 9216 ----a-w- C:Program Files (x86)Windows DefenderMpAsDesc.dll 2013-07-20 01:09:38 571904 ----a-w- C:Program FilesWindows DefenderMpClient.dll 2013-07-20 01:09:38 54784 ----a-w- C:Program Files (x86)Windows DefenderMpOAV.dll 2013-07-20 01:09:38 4608 ----a-w- C:Program Files (x86)Windows DefenderMsMpLics.dll 2013-07-20 01:09:38 392704 ----a-w- C:Program Files (x86)Windows DefenderMpClient.dll 2013-07-20 01:09:38 314880 ----a-w- C:Program FilesWindows DefenderMpCommu.dll 2013-07-20 01:09:38 1011712 ----a-w- C:Program FilesWindows DefenderMpSvc.dll 2013-07-20 01:04:30 1887744 ----a-w- C:WindowsSystem32WMVDECOD.DLL 2013-07-20 01:04:29 1620480 ----a-w- C:WindowsSysWow64WMVDECOD.DLL 2013-07-20 00:59:37 3153920 ----a-w- C:WindowsSystem32win32k.sys 2013-07-12 07:04:20 1367040 ----a-w- C:Program FilesCommon FilesMicrosoft Sharedinkjournal.dll 2013-07-12 07:04:19 936448 ----a-w- C:Program Files (x86)Common FilesMicrosoft Sharedinkjournal.dll 2013-07-12 06:54:07 1643520 ----a-w- C:WindowsSystem32DWrite.dll 2013-07-12 06:54:07 1247744 ----a-w- C:WindowsSysWow64DWrite.dll 2013-07-12 06:44:55 624128 ----a-w- C:WindowsSystem32qedit.dll 2013-07-12 06:44:55 509440 ----a-w- C:WindowsSysWow64qedit.dll 2013-07-09 09:14:13 -------- d-s---w- C:UsersDzhemalGoogle Диск 2013-06-22 18:49:54 8199504 ----a-w- C:ProgramDataMicrosoftWindows DefenderDefinition UpdatesBackupmpengine.dll 2013-06-22 18:49:48 9552976 ----a-w- C:ProgramDataMicrosoftWindows DefenderDefinition Updates{6181C238-CB68-4B11-AFB2-ADFF05264407}mpengine.dll . ==================== Find3M  ==================== . 2013-06-13 20:26:22 1910632 ----a-w- C:WindowsSystem32driverstcpip.sys 2013-06-13 20:24:56 751104 ----a-w- C:WindowsSystem32win32spl.dll 2013-06-13 20:24:56 492544 ----a-w- C:WindowsSysWow64win32spl.dll 2013-06-13 20:24:38 30720 ----a-w- C:WindowsSystem32cryptdlg.dll 2013-06-13 20:24:38 24576 ----a-w- C:WindowsSysWow64cryptdlg.dll 2013-06-11 23:43:37 1767936 ----a-w- C:WindowsSysWow64wininet.dll 2013-06-11 23:43:00 2877440 ----a-w- C:WindowsSysWow64jscript9.dll 2013-06-11 23:42:58 61440 ----a-w- C:WindowsSysWow64iesetup.dll 2013-06-11 23:42:58 109056 ----a-w- C:WindowsSysWow64iesysprep.dll 2013-06-11 23:26:20 2241024 ----a-w- C:WindowsSystem32wininet.dll 2013-06-11 23:25:16 3958784 ----a-w- C:WindowsSystem32jscript9.dll 2013-06-11 23:25:13 67072 ----a-w- C:WindowsSystem32iesetup.dll 2013-06-11 23:25:13 136704 ----a-w- C:WindowsSystem32iesysprep.dll 2013-06-11 22:51:45 71680 ----a-w- C:WindowsSysWow64RegisterIEPKEYs.exe 2013-06-11 22:50:58 89600 ----a-w- C:WindowsSystem32RegisterIEPKEYs.exe 2013-06-07 03:22:18 2706432 ----a-w- C:WindowsSystem32mshtml.tlb 2013-06-07 02:37:52 2706432 ----a-w- C:WindowsSysWow64mshtml.tlb 2013-05-28 20:50:06 9728 ---ha-w- C:WindowsSysWow64api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-05-20 17:12:53 983400 ----a-w- C:WindowsSystem32driversdxgkrnl.sys 2013-05-20 17:12:53 265064 ----a-w- C:WindowsSystem32driversdxgmms1.sys 2013-05-20 17:12:53 144384 ----a-w- C:WindowsSystem32cdd.dll 2013-05-20 16:36:14 1930752 ----a-w- C:WindowsSystem32authui.dll 2013-05-20 16:36:13 70144 ----a-w- C:WindowsSystem32appinfo.dll 2013-05-20 16:36:13 1796096 ----a-w- C:WindowsSysWow64authui.dll 2013-05-20 16:36:13 111448 ----a-w- C:WindowsSystem32consent.exe 2013-05-20 16:19:39 48640 ----a-w- C:WindowsSystem32wwanprotdim.dll 2013-05-20 16:19:39 230400 ----a-w- C:WindowsSystem32wwansvc.dll 2013-05-20 16:19:27 474624 ----a-w- C:WindowsapppatchAcSpecfc.dll 2013-05-20 16:19:27 350208 ----a-w- C:WindowsapppatchAppPatch64AcLayers.dll 2013-05-20 16:19:27 308736 ----a-w- C:WindowsapppatchAppPatch64AcGenral.dll 2013-05-20 16:19:27 2176512 ----a-w- C:WindowsapppatchAcGenral.dll 2013-05-20 16:19:27 135168 ----a-w- C:WindowsapppatchAppPatch64AcXtrnal.dll 2013-05-20 16:19:27 111104 ----a-w- C:WindowsapppatchAppPatch64acspecfc.dll 2013-05-06 10:13:15 1656680 ----a-w- C:WindowsSystem32driversntfs.sys 2013-05-06 10:11:53 223752 ----a-w- C:WindowsSystem32driversfvevol.sys 2013-05-01 23:06:08 278800 ------w- C:WindowsSystem32MpSigStub.exe . ============= FINISH: 14:52:20,54 ===============

 

 

 

Attack:

 

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-09-30.01) . Microsoft Windows 7 Home Premium Boot Device: DeviceHarddiskVolume2 Install Date: 19.8.2011 г. 18:03:06 System Uptime: 21.7.2013 г. 22:18:53 (16 hours ago) . Motherboard: Hewlett-Packard |  | 166F Processor: Intel® Pentium® CPU B940 @ 2.00GHz | CPU1 | 800/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 343 GiB total, 221,082 GiB free. D: is FIXED (NTFS) - 14 GiB total, 1,513 GiB free. E: is CDROM () F: is Removable G: is FIXED (NTFS) - 342 GiB total, 175,825 GiB free. H: is FIXED (FAT32) - 0 GiB total, 0,082 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP165: 22.6.2013 г. 21:20:01 - Windows Modules Installer RP166: 2.7.2013 г. 13:19:45 - Scheduled Checkpoint RP167: 12.7.2013 г. 00:15:06 - Scheduled Checkpoint RP168: 12.7.2013 г. 10:48:44 - Windows Update RP169: 19.7.2013 г. 18:23:09 - Scheduled Checkpoint RP170: 21.7.2013 г. 03:00:12 - Windows Update . ==== Installed Programs ====================== . µTorrent 50 FREE MP3s +1 Free Audiobook! Adobe AIR Adobe Flash Player 11 ActiveX 64-bit Adobe Reader X (10.1.3) MUI Advanced SystemCare 6 Agatha Christie - Peril at End House Ashampoo Magical Optimizer 1.22 Babylon toolbar on IE Bejeweled 2 Deluxe Bejeweled 3 Bing Bar Blackhawk Striker 2 Blasterball 3 Bounce Symphony BS Player Toolbar BS.Player FREE Build-a-lot 2 Cake Mania Chuzzle Deluxe Conduit Engine CyberLink YouCam D3DX10 Diner Dash 2 Restaurant Rescue Dora's World Adventure Download Updater (AOL LLC) Energy Star Digital Logo ESU for Microsoft Windows 7 Evernote v. 4.2.2 Farm Frenzy FATE - The Traitor Soul Final Drive Nitro Google Chrome Google Drive Google Earth Google Update Helper Hewlett-Packard ACLM.NET v1.2.1.1 HP Auto HP Client Services HP Connection Manager HP Customer Experience Enhancements HP Documentation HP Games HP On Screen Display HP Power Manager HP Quick Launch HP Setup HP Setup Manager HP Software Framework HP Support Assistant IDT Audio Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Java Auto Updater Java 6 Update 24 Java 6 Update 24 (64-bit) Junk Mail filter update K-Lite Codec Pack 6.0.0 (Full) Magic Desktop Mah Jong Medley Mesh Runtime Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT MSVCRT_amd64 MyAshampoo Toolbar Mystery P.I. - Stolen in San Francisco Namco All-Stars PAC-MAN Nero 7 Premium NewTabs Uninstall Norton Internet Security Penguins! Plants vs. Zombies - Game of the Year Poker Superstars III Polar Bowler Polar Golfer Ralink RT5390 802.11b/g/n WiFi Adapter Realtek Ethernet Controller Driver Realtek PCIE Card Reader Recovery Manager SA Dictionary 2008 Beta 4 SafeIP Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Shared C Run-time for x64 Skype Click to Call Skype™ 6.1 Slingo Supreme Smiley Bar for Facebook Software Plate Synaptics Pointing Device Driver The KMPlayer (remove only) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition Update Installer for WildTangent Games App uTorrentBar Toolbar V9 Homepage Uninstaller Virtual Villagers 4 - The Tree of Life VIVACOM 3G USB MODEM WildTangent Games App (HP Games) Winamp Winamp Detector Plug-in Winamp Toolbar Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR archiver Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 21.7.2013 г. 03:13:22, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service. 21.7.2013 г. 03:13:22, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-2147218173. 21.7.2013 г. 03:11:07, Error: Service Control Manager [7024]  - The Windows Firewall service terminated with service-specific error Access is denied.. 21.7.2013 г. 03:10:13, Error: volmgr [46]  - Crash dump initialization failed! 19.7.2013 г. 00:38:40, Error: Service Control Manager [7034]  - The Audio Service service terminated unexpectedly.  It has done this 1 time(s). 17.7.2013 г. 16:19:04, Error: Schannel [36888]  - The following fatal alert was generated: 10. The internal error state is 10. . ==== End Of File ===========================

 

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте..! Да започнем с това;

  • [*]Изтеглете
RogueKiller.exe и го запазете на десктопа. [*]Стартирайте приложението и натиснете бутона SCAN. [*]Ще се създаде лог файл на десктопа с името RKreport.txt на десктопа. [*]Публикувайте лог файла в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте , изпълних всичко което казахте, но малко преди са приключи сканирането програмата заби, и излезна квадратче на което пише RoogueKiller was stop wornikg. Повторих пак и този път завърши сканирането . Ето го лога :

 

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Dzhemal [Admin rights] Mode : Scan -- Date : 07/22/2013 16:54:25 | ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤ [DNS] HKLM[...]CCSet[...]{3CD6BAB7-D4B1-470B-ACCE-77332F076F19} : NameServer (212.39.90.42 212.39.90.43) -> FOUND [DNS] HKLM[...]CS001[...]{3CD6BAB7-D4B1-470B-ACCE-77332F076F19} : NameServer (212.39.90.42 212.39.90.43) -> FOUND [HJ POL] HKLM[...]System : DisableTaskMgr (0) -> FOUND [HJ POL] HKLM[...]System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM[...]Wow6432Node[...]System : DisableTaskMgr (0) -> FOUND [HJ POL] HKLM[...]Wow6432Node[...]System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKCU[...]ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKLM[...]NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM[...]NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : Mal.Hosts|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%System32driversetchosts

127.0.0.1 awakenedwithin.com iv.doubleclick.net www.counter14.sextracker.be gpaper149.112.2o7.net cdn.allegedmedia.com middlemanether.ru esjkedsafe.com rodijo.com.au eloqua.com --> Potentially malicious! 127.0.0.1 7c74a4bc5dd3df5db4c2aa7a3dd5cce6.org blackmandz.com kkkarow-judo.de www3.doubleclick.com gpaper117.112.2o7.net ufhwf8093hrdsf.com www.flash-counter.com ads27.hpg.com.br watisawarosydok.org --> Potentially malicious! 127.0.0.1 lejbomor.ru clickauditor.net jarasumjazz.com ad.eg.doubleclick.net ads.jpost.com toronto-locksmith.biz upmqpwyndzwzmmwy.ru c1z.at ad73.hpg.com.br --> Potentially malicious! 127.0.0.1 intervalsselfservice.pro ads.wunderground.com ciao.ivwbox.de betasreceivable.org count72.51yes.com count621.51yes.com 718unlimited.com rewardster.com googleads.g.doubleclick.net --> Potentially malicious! 127.0.0.1 08.185.87.17.liveadvert.com downx.52z.com pamiangsao.com counter.bloke.com 208.185.87.112.liveadvert.com ad.primopdf.com ad.eurosport.com chemmannurkuries.com gan.doubleclick.net --> Potentially malicious! 127.0.0.1 widowadvertising.net gnndfe.zyns.com ad203.hpg.com.br brandnameshoppin.cn imperial-groupsvc.net bakveli.net ad236.paycount.com count833.51yes.com ad.au.doubleclick.net --> Potentially malicious! 127.0.0.1 ads.creative-serving.com 7254da45bf6a7e358e456f1a86cd92c1.org 9bfc110f5d387f09e74910496b35181f.org ad.it.doubleclick.net www.exactadvertising.com 186.6.87.194.dynamic.dol.ru sb.scorecardresearch.com count847.51yes.com advert234.hpg.com.br --> Potentially malicious! 127.0.0.1 calicutinternationalschool.com clicktrade.linkexchange.net clicks.net doubleclick.d4p.net ads1.theglobeandmail.com boom.ro classbasecamp.pro kaleidosskop.ru tns-counter.ru --> Potentially malicious! 127.0.0.1 ads.51.net www.counter4all.de ad.pt.doubleclick.net www-google-analytics.l.google.com media.popuptraffic.com tracker.snowball.com koelnrsc.ivwbox.de jewelsactuality.ru cassandrarice.com --> Potentially malicious! 127.0.0.1 uwfekfyj.ru ad.pl.doubleclick.net imapscans.info tds-23vb8g5ff.co.cc emulatesdigital.pro 08.185.87.146.liveadvert.com etritotube.net ter00alsy.rr.nu adnet.worldreviewer.com --> Potentially malicious! 127.0.0.1 rampidads.com easy-ad.info nrtjny.sellclassics.com bannercampaign.com ads07.focalink.com c7.statcounter.com 7x70.com count801.51yes.com trackads.com --> Potentially malicious! 127.0.0.1 invoicedimplementations.info 179fed8d388a1afd3e901cd2bdd761c0.info goptres.co.cc sedfer.com ns1.doubleclick.net dominoforsale.biz penavare.com lottomeca.com count455.51yes.com --> Potentially malicious! 127.0.0.1 c16.statcounter.com crowgerber.ru ypmptx.in ad191.hpg.com.br geoloc78.geovisite.com count931.51yes.com sdlcuauo.cn ad.gt.doubleclick.net thldkvcgbkzcbfxw.ru --> Potentially malicious! 127.0.0.1 rovio3.appads.com ad174.paycount.com ad.co.doubleclick.net adimage.guardian.co.uk helpmetoretire.com qnit9x.com adrotate.sytes.net adminder.com www.istats.nl --> Potentially malicious! 127.0.0.1 www5.yesadvertising.com professorbanner.com scrooge.wsoctv.com weirdplanet.net visit.webhosting.yahoo.com ads.bigasia.com ad.ca.doubleclick.net securitymonitor2012in.com successfulmpfs.org --> Potentially malicious! 127.0.0.1 08.185.87.176.liveadvert.com ds.ign.us.intellitxt.com img.msgtag.com bizad.nikkeibp.co.jp ads.top500.org admeta.com 142.6.87.194.dynamic.dol.ru c32.statcounter.com ads.edbindex.dk --> Potentially malicious! 127.0.0.1 stat.alibaba.com netshelter.net thelemoncity.com ads123.hpg.com.br allcomrades.com c12.statcounter.com aprombz.com super67.me gassystem.co.kr --> Potentially malicious! 127.0.0.1 kiportal.net yesky.com simlossim.epac.to 08.185.87.143.liveadvert.com wfslwzbmj.freewww.biz ad.fr.doubleclick.net mnszyhxgp.freewww.biz a19.g.akamai.net www.marketplacemanager.com --> Potentially malicious! 127.0.0.1 hyoxnckrngodoret.ru 08.185.87.35.liveadvert.com www.mytiwi.com pannatex.com 123counts.com ad210.paycount.com ad.jp.doubleclick.net earing-debasededit.hk.ms antispy-online90.com --> Potentially malicious! 127.0.0.1 stats.trafficjuicer.com selmoipourtoi.net ewnnd.ru activetrakresponsible.pro storesseeks.in www.doubleclick.ne.jp 910ec64a02c66d8b2ce0454051de1d09.info u074.03.spylog.com avgtechnologies.112.2o7.net --> Potentially malicious! 127.0.0.1 ad.ie.doubleclick.net secree.com mysa.belointeractive.com n6sc.info ohbjirqfm.freewww.biz vg07.met.vgwort.de wdata.ero-advertising.com partners.priceline.com keepit.freebieandcouponmom.com --> Potentially malicious! 127.0.0.1 cashengines.com trytokickmewhenimoneywwww2.com rantcloned.org wswb1.surf-town.net ads.outpersonals.com ad.no.doubleclick.net sugoicounter.com xml.adtech.fr alenty.com --> Potentially malicious! 127.0.0.1 count880.51yes.com cheapflightsonsale.com securelive.co.kr pics3.inxhost.com u1773.34.spylog.com mcfestaseventos.com.br www.sociomantic.com live.sekindo.com doubleclick.shockwave.com --> Potentially malicious! 127.0.0.1 eightfoldlogic.com affiliate.ab1trk.com trafficparade.com adclick.com ad.mx.doubleclick.net 411affiliates.ca click.dagbladet.no 5.6.87.194.dynamic.dol.ru westernillusion.com --> Potentially malicious! 127.0.0.1 nyttechnology.112.2o7.net 08.185.87.31.liveadvert.com www.yourhitstats.com adsklick.de creast.afkepock.com rupeksa.com www.wwwetracker.com ad-emea.doubleclick.net count450.51yes.com --> Potentially malicious! 127.0.0.1 clavosdecristo.es u024.10.spylog.com ad.cl.doubleclick.net rgadvert.com rubiconproject.com myeducationcompany.com ahyea.com 28.6.87.194.dynamic.dol.ru count225.51yes.com --> Potentially malicious! 127.0.0.1 adthis.com 208.185.87.32.liveadvert.com www.pigment-adv.co.il kelaxserv56.in tldadserv.com ad.us.doubleclick.net ad176.hpg.com.br xerta.lenuerry.com razumtds.ws --> Potentially malicious! 127.0.0.1 ads.asp.net blog.ero-advertising.com c10.statcounter.com stoorvogelsoftware.nl yasarsigorta.com high-update.com adclient.detelefoongids.nl top-site-list.com integrate.com --> Potentially malicious! 127.0.0.1 prefisio.com.br trk.blamads.com 11.blogbestsites.com anapoli.ru ad.tw.doubleclick.net cbird6.sextracker.com ad.hyena.cz latebin.ru tracking.voltagesearch.com --> Potentially malicious! 127.0.0.1 zaefofin.ru leprisoruim.ru www.achmedia.com a5.websponsors.com entrepreneur.us.intellitxt.com norilsknikeli.ru s2.statcounter.com count988.51yes.com baeisa.co.cc --> Potentially malicious! 127.0.0.1 adsonar.com netreflector.com counter17.bravenet.com mi-web31.prod.millennialmedia.com count783.51yes.com ads.isoftmarketing.com ir.doubleclick.net secure.quantserve.com ad160.hpg.com.br --> Potentially malicious! 127.0.0.1 2fflatfee.ero-advertising.com cobrands.mailermailer.com ad235.paycount.com rubilonk.info apendiksator.ru ad.dk.doubleclick.net traffka.eu www5.click-fr.com bank44.ads.mp.mydas.mobi --> Potentially malicious! 127.0.0.1 ictgroupnet.cc splitteroverwhelmingly.pro nmnandomedia.112.2o7.net ads.nordichardware.com truehits1.gits.net.th ads.bigfoot.com epiccash.com kvvkprxkpnbebixguhtcfajrdm.info www.doubleclick.de --> Potentially malicious! 127.0.0.1 count840.51yes.com ad.es.doubleclick.net zvhtkpsnmdy.info itillc.com nl.topstat.com ads.adohana.com siteminer.superstats.com ad15.paycount.com darkscape.info --> Potentially malicious! 127.0.0.1 domssingomangos.net secguard.biz affiliate.travelnow.com tarakc1.net cyberantiquemall.com ads.aol.com itbannerexchange.com adx.allstar.cz ad.ar.doubleclick.net --> Potentially malicious! 127.0.0.1 count437.51yes.com jytorqu.ru munchkin.marketo.net adinterax.com banner.nixnet.cz recover88888.com oepjvondifnnkskfcxzvjiefrkd.com ads.fool.com c17.statcounter.com --> Potentially malicious! 127.0.0.1 8xvideos-tube.mobi recessionwire.com ad.my.doubleclick.net flyghtairline.ru 111309a301e46e230013eada1a63b079.info dialerporn.com ad.sexcount.de brainrace.ru nytrwilmington.112.2o7.net --> Potentially malicious! 127.0.0.1 count268.51yes.com werkendwachtik.nl ad.br.doubleclick.net bin.hnissa.com hoycktsjwqsmklnv.biz xgmrtookfnjibguofinhqcwodxwq.ru wsqwehnnjppxrgxp.org page1.name count113.51yes.com --> Potentially malicious! 127.0.0.1 logv18.xiti.com demo.doubleclick.net ads.5ci.lt zmbagc.com nesamithran.com sis-street.com fb64b06873291207414862989cb55799.info forum-cs.net76.net 08.185.87.115.liveadvert.com --> Potentially malicious! 127.0.0.1 ankursociety.org 57.6.87.194.dynamic.dol.ru thecounter.com c1.statcounter.com erostracker.com ads15.hpg.com.br download13-socinenie.ru j5b.kr pluto.adcycle.com --> Potentially malicious! 127.0.0.1 banners254.hpg.com.br woteucv.freewww.biz upadoo.xpg.com.br 208.185.87.121.liveadvert.com ad.sg.doubleclick.net sunbeltinverting.pro mydreamnewone.com dsfh.ru ad242.hpg.com.br --> Potentially malicious! 127.0.0.1 hyydsglxirgykbxcmlntmvhi.ru ww2.xp115.com n4403ad.doubleclick.net threefooktiro.no-ip.info vacationrentalcabins.com websponsors.com zoferxtube8.info igahicfrwwfpjhef.ru mediamind.com --> Potentially malicious! 127.0.0.1 cashforsurveys.net domteks-volga.ru deadonseparating.ru analyticdns.org nuert.lenuerry.com logisticservices.info denisdenisstation.cu.cc engine.4dsply.com reports.doubleclick.net --> Potentially malicious! 127.0.0.1 kron-energo.ru c13.statcounter.com 964b2ff96df2ba9951881c168282189c.org track.ft.com ads.krawall.de accountpro046.ru createsend3.com axf8.net gamesitestop100.com --> Potentially malicious! 127.0.0.1 dragongut.co.cc www.statcounter.com ads.alt.com expresshomecinema.com www.adshuh.com adspics.com zuchezhaowo.com counter24.bravenet.com aspn.ddns.info --> Potentially malicious! 127.0.0.1 travel.netster.com ad187.paycount.com taktiku.biz bb.connextra.com banner-count.com gobiernofacil.go.cr tnktrck.com reelshandsoff.info c6.statcounter.com --> Potentially malicious! 127.0.0.1 ads.adpulse.com www.linkybank.com ad.kw.doubleclick.net ad233.paycount.com sj-g-lbs.focalink.com 208.185.87.138.liveadvert.com bvalphaserver.com pfvfsi.freewww.biz www.mega-traf.net --> Potentially malicious! 127.0.0.1 ad.sa.doubleclick.net lmvwnv.in securepaths.com www.ewordofmouth.com wsclick.infospace.com count817.51yes.com z0.extreme-dm.com royalwinnipegballet.net server-br.imrworldwide.com --> Potentially malicious! 127.0.0.1 ad.m5prod.net accountpro007.ru hstest.surf-town.net counter15.sextracker.be count40.51yes.com adsalvo.com onlineadvertclick.org sinher24itedsc.rr.nu ad.is.doubleclick.net --> Potentially malicious! 127.0.0.1 o1.plus-zone.co.kr ecd52048dace94e20d35d8a47b04b35d.org c15.statcounter.com g.adspeed.net opienetwork.com content-cooperation.com blogdetranssexuel.com jokenqi.ru 125search.com --> Potentially malicious! 127.0.0.1 indobilling.com eqw002.cn c11.statcounter.com ads140.hpg.com.br hollabackvideo.com tecchan.ivwbox.de cogirunner.ru ru03-hits.spylog.com 429861812.3322.org --> Potentially malicious! 127.0.0.1 dfilmcounderw.su rspzdtpxll.com users.marketleverage.com bqtl.in g243gtdsgsdg.vv.cc usamoney.nl.ai ads189.hpg.com.br officebook1.org learn.doubleclick.net --> Potentially malicious! 127.0.0.1 rxbuy-itewvaha.ru dsvseee.nl.ai aloeroyal.com sre13vea.rr.nu microsoftwga.112.2o7.net icentric.us.intellitxt.com 123002915.cn.com help.doubleclick.net ad.realmedia.co.kr --> Potentially malicious! 127.0.0.1 ads.mgnetwork.com mooo.com ad.in.doubleclick.net abc.googlezuju.com assoc-amazon.com nhoimwl.mysecondarydns.com www.click-under.info us.a1.yimg.com ads.webme.com --> Potentially malicious! 127.0.0.1 puertoalmirante.com bank27.mi.ads.mp.mydas.mobi www.doubleclick.com step2me.net static.appwatch.com kjbbc.net ylufida.com lwtcxuzbdrsnpqfb.ru www6.testtradedoubler.com --> Potentially malicious! 127.0.0.1 count915.51yes.com ad.doubleclick.de squirtingsblog.com tag.tlvmedia.com fp.gad-network.com a.doktorhappy.com u017.76.spylog.com www.parse.ly bannermat.com --> Potentially malicious! 127.0.0.1 bx.clickmedia.ro websmeter.com 208.185.87.36.liveadvert.com ads.alwayson-network.com xb8.ru flierstrusting.biz n4052ad.doubleclick.net 157.6.87.194.dynamic.dol.ru adq.nextag.com --> Potentially malicious! 127.0.0.1 maidarm.ru ads.swirve.com hosting-controlpin.tk ad-g.doubleclick.net imgddd.net ck.jp.ap.valuecommerce.com support.semptoshiba.com.br software.xoomcounter.com verfer.com --> Potentially malicious! 127.0.0.1 adboost.de.vu dimpact.co.il javacentricunencumbered.org uybeor.freewww.biz exitexchange.com sexxxstaz.org ad.za.doubleclick.net adprojekt.pl scorpionbkn.xpg.com.br --> Potentially malicious! 127.0.0.1 ad.cn.doubleclick.net zcloumedia.com kerchna.in ad31.paycount.com ad5.speedbit.com 59.6.87.194.dynamic.dol.ru icnhedsafe.com abroad.name top50.co.uk --> Potentially malicious! 127.0.0.1 lustler.com 3ew.ru ad.gmtracker.com count196.51yes.com banner.list.ru toringkerk.co.za usigroupnet.cc biozavr.ru doubleclick.de --> Potentially malicious! 127.0.0.1 www3.smartadserver.com ad10.focalink.com ads27.focalink.com banners251.hpg.com.br www2.doubleclick.com 208.185.87.16.liveadvert.com ads.pixfuture.net count388.51yes.com kepen.ru --> Potentially malicious! 127.0.0.1 zxlngj.eu buyhitscheap.com cashspace.com alnce21.com www2.doubleclick.net thenetnameshop.cn 4.whereinmilan.com img.buchananjenkinshyundai.com count699.51yes.com --> Potentially malicious! 127.0.0.1 ad.ru.doubleclick.net geoloc58.geovisite.com weidenhof.at x9w.ru 0d8d348a9f374540d947c126e712fa23.org containercox.ru tewnrpvxbdjc.info uxosgik.ru marlaktuell.de --> Potentially malicious! 127.0.0.1 ads.detelefoongids.nl m.doubleclick.net advert243.hpg.com.br uskamalchik.ru www.c-on-text.com ad185.hpg.com.br 101.6.87.194.dynamic.dol.ru thinkgeek.112.2o7.net mgmgroupnet.cc --> Potentially malicious! 127.0.0.1 www.doubleclick.net.my ad.120.tbn.ru bfantastic.com hatsvisuals.org xomcui.com ergebruibgebigbei.com 118.6.87.194.dynamic.dol.ru ef9710b691fa9df28214ad21c2019822.org diamonstar.cn --> Potentially malicious! 127.0.0.1 swathespicture.org ads.mariuana.it wbs.tmkvmv.eu ad.se.doubleclick.net count87.51yes.com pillspharmacyrx.ru a.total-media.net lsvdxjpwykxxvryd.ru sillacareer.or.kr --> Potentially malicious! 127.0.0.1 anbfse.ru newnetnameshop.cn ojnrirhnfemxpnhepnlaeyhmfph.biz jquery-framework.com logv7.xiti.com globaltrack.com j-vision.co.kr ad.cz.doubleclick.net rr1.xxxcounter.com --> Potentially malicious! 127.0.0.1 akaelyr.cn goreeotuma.ru gloriousflooring.com clearerstats.com.es azelas.net ad.gr.doubleclick.net secure-unitedonline.cleanprint.net d4e71869070fd9133c2ec4fe6e728e70.org vexuliritynetwork.com --> Potentially malicious! 127.0.0.1 38efe6484281ec752b4426a55d20de1c.info xn--pauone-4q9l.com namessguibulk.net poekdf.ru ad1.trafficx.com wiombejwxrddpkkx.ru u130.01.spylog.com tex.ero-advertising.com dfp.doubleclick.net --> Potentially malicious! 127.0.0.1 count70.51yes.com ad.hk.doubleclick.net ads1.canoe.ca rp.hit.gemius.pl ad157.paycount.com pagubev.ru pilldrugstoregroup.com infolinks.com ioad.info --> Potentially malicious! 127.0.0.1 count584.51yes.com members.swimsuitnetwork.com us5.forward-to-friend1.com sitebrand.geeks.com 156.6.87.194.dynamic.dol.ru blachervers-2.com paypalssl.doubleclick.net stats.surf-town.net scaner-sdee.tk --> Potentially malicious! 127.0.0.1 www.keywordblocks.com xonio.ivwbox.de c5.statcounter.com count716.51yes.com moderndating2012.asia villusoftreit.ru ideet.ru lfstmedia.com freeroom66.com --> Potentially malicious! 127.0.0.1 unixpoint02.xpg.com.br qaxgckzkn.changeip.name ads.tmcs.net fls.doubleclick.net statsl.com dnads.directnic.com 3cw.ru banner.coza.com count978.51yes.com --> Potentially malicious! 127.0.0.1 fxdas.lflinkup.net ecoresearch.hu achmedia.com n479ad.doubleclick.net quickcamsassembled.net keymedia.hu ailway42staging.rr.nu o.zeroredirect.com cornermarketmedia.com --> Potentially malicious! 127.0.0.1 webfrogs.ru u117.45.spylog.com paymonsters.com kondratev.popunder.ru adcloud.net dnsnum11.com c8.statcounter.com u072.93.spylog.com miguelrubio.sites.uol.com.br --> Potentially malicious! 127.0.0.1 ebtmarketing.com wcbsimg.dayport.com surprise-knsmd.tk ads.discovery.com cerzdtolonknkneibekjbavwgqvk.info statcounter.com atc-groop.com criptxvidsyde.co.cc bfupndesgjnzgakkbeytoljcmugjf.com --> Potentially malicious! 127.0.0.1 bannermall.com i1.createsend5.com l.zeroredirect.com glakvpxu.org global-charge.com ylyhjz.in ads131.hpg.com.br 2.gaza-hackers.info doubleclick.de --> Potentially malicious! 127.0.0.1 counter5.sextracker.be hostscounter.com u3239.08.spylog.com nytrgadsden.112.2o7.net c3.statcounter.com vchysb.freewww.biz fad-411.mtl4.targetnet.com downloadtorrent.org.uk.tc count849.51yes.com --> Potentially malicious! 127.0.0.1 106.6.87.194.dynamic.dol.ru stat24.com 08.185.87.1.liveadvert.com maaandhra.com banners31.hpg.com.br x1v.ru jastreb.hr ad.fi.doubleclick.net traffic.gabmage.in --> Potentially malicious! 127.0.0.1 tigerloads.com ads.softure.com ads4homes.com ads227.hpg.com.br agbasky.com mokingbirdgives.org top90.ro bank42.mi.ads.mp.mydas.mobi ad.uk.doubleclick.net --> Potentially malicious! 127.0.0.1 bannerconnect.com ad.doubleclick.net lnkgo.com goldboat.net s.thetvpool.com adserver.click4cash.de count230.51yes.com chinchwaddevasthantrust.org webwatcherdata.com --> Potentially malicious! 127.0.0.1 tablethealthphysicians.net kesenai.org registry.cu.cc list.ru gduobyc.freewww.biz doubleclick.com www.mokono.com ak1.abmr.net visitor.benchmarkemail.com --> Potentially malicious! 127.0.0.1 banners63.hpg.com.br fixavpu.ru afe6882e298064090f884696cb48c3b5.info cakuxeco.tk federetoktyt.net opt-media.com derinobi.com capa01.com www3.doubleclick.net --> Potentially malicious! 127.0.0.1 jkhteqa.com www.doubleclick.net fipscertifiedenables.ru basijkarmandan.danaportal.ir ads112.hpg.com.br spe.atdmt.com alertpay.net.au 78.6.87.194.dynamic.dol.ru delivery6.trafficjunky.net --> Potentially malicious! 127.0.0.1 advert241.hpg.com.br searchportal.information.com modinali.com 08.185.87.49.liveadvert.com si.netmng.com shoponlinefilmsite.cn banners.babylon-x.com ns1.123go.net ad.terra.doubleclick.net --> Potentially malicious! 127.0.0.1 talliedclassit.info 4.luca-volonte.org update.powercare.co.kr elanablimka.github.com xn--szobafests-j7a.eu ad.n2434.doubleclick.net db0.net-filter.com antik-dom.ru createsend5.com --> Potentially malicious! 127.0.0.1 adlantic.nl protaxet.com adf.ero-advertising.com nt002.cn ads.iafrica.com alkarmel.com.jo statcounter.com banners130.hpg.com.br jabbawockeez.us --> Potentially malicious! 127.0.0.1 201.6.87.194.dynamic.dol.ru adnet.asahi.com l1.zedo.com ad114.paycount.com ads228.hpg.com.br wzus.ask.com sgisolution.com.br ad.be.doubleclick.net daeyoolife.com --> Potentially malicious! 127.0.0.1 centanysenrere.com ad.nz.doubleclick.net tcr111.tynt.com torstarcollect.247realmedia.com bigtopleads.cn 18hhhgh3.justdied.com img.dt00.net quintaavenue.com susnoj.cn --> Potentially malicious! 127.0.0.1 9f9473183778647a979b99045b901711.info visit.playerevaluator.com ad.kr.doubleclick.net bank07.mi.ads.mp.mydas.mobi mondayswizardnet.info 69.6.87.194.dynamic.dol.ru 372kzsds7661.com taokakao.com hitcents.com --> Potentially malicious! 127.0.0.1 mmsrierihon.com c6h.at dncdh.ws doubleclick.net e.yieldmanager.net static.ndoverdrive.net www.008.free-counter.co.uk taskiran.net 87.6.87.194.dynamic.dol.ru --> Potentially malicious! 127.0.0.1 fawcztqwomnnjnrtseirkrcp.biz c2.statcounter.com comics.ign.us.intellitxt.com text-link-ads.com top.one.ru msnbc.112.2o7.net 2faa5e9617513ac0df0a8ee150c0864b.info berfry43bgrbf.vv.cc stats.groupninetyfour.com --> Potentially malicious! 127.0.0.1 homeemployed.com ad-x.com ads2.advance.de www.counter6.sextracker.be mappery.com log10.doubleverify.com u96s.info evoloutainary.co.cc ad.ch.doubleclick.net --> Potentially malicious! 127.0.0.1 doubleclick.net newwave.orge.pl apex-ad.com ultimatetrafficpack.com chanchala.cz click-under.info w612.nb.host127-0-0-1.com uneugroup.com ads246.hpg.com.br --> Potentially malicious! 127.0.0.1 u093.76.spylog.com adserv.evo-x.de cash2002.de nabilams.org gpaper118.112.2o7.net mediavisor.doubleclick.net s.clicktale.net u.outbrain.com www.spinbox.net --> Potentially malicious! 127.0.0.1 creatives.doubleclick.net zlnobdqpfnvworzpayylpvolle.ru lrogs.info admarvel.com ads.web.cs.com web2.deja.com adlev.neodatagroup.com count511.51yes.com adserver.zylom.com --> Potentially malicious! 127.0.0.1 verygood2013.ru geoloc62.geovisite.com angelaonfl.ru geotarget.info prestamistape.us banners16.hpg.com.br submenusonlineoriented.info c28.statcounter.com i-clicks.net --> Potentially malicious! 127.0.0.1 ad.hu.doubleclick.net count265.51yes.com stetomoney.org advert53.hpg.com.br banner.trifle.net www.123webmarketing.com af9b7985802bc09fb9e19663.merseine.nu netbiosmediocre.org ads.tripod.lycos.es --> Potentially malicious! 127.0.0.1 penguinplanning.com wielerclinics.nl ompassik.ru bank56.mi.ads.mp.mydas.mobi www.magentanews.com bigdeal777.com ad.ve.doubleclick.net stats0.one.ru sabnorway.com --> Potentially malicious! 127.0.0.1 ads.adultfriendfinder.com demandware.edgesuite.net go.adify.com u053.48.spylog.com gerincmuhely.hu pagead2.googlesyndication.com meethotties.mobi zendekor.com.tr c44.statcounter.com --> Potentially malicious! 127.0.0.1 tvinfo.ivwbox.de doubleclick.com ywh18olly.rr.nu noexcuseentertainment.com takru.com www4.yesadvertising.com ads.technoratimedia.com shopfilmworld.cn ziffdavisglobal.112.2o7.net --> Potentially malicious! 127.0.0.1 www.marketingtips.com ads6.focalink.com ad.nl.doubleclick.net smert-test.ru wt1888.com adplacers.com ad123.hpg.com.br mobilcom.ivwbox.de 08.185.87.151.liveadvert.com --> Potentially malicious! 127.0.0.1 jsbjlsdjlkb234jblkba8899sjkb.com media.adlegend.com azbuka001.pro kreditsikacsre.ru tyryfpix.ru odnklog.net mjhcymist.freewww.biz m.doubleclick.com nfwcleizdgexdcqoblpncuxcqonz.ru --> Potentially malicious! 127.0.0.1 adserv007.adtech.fr henshiwuliao.com adscomplete.info ad.ph.doubleclick.net qokzierihon.com webcreditreport.com logv13.xiti.com adpepper.dk m77s.cn --> Potentially malicious! 127.0.0.1 aboutnorth2012.ru ns2.doubleclick.net security-laboratory.ru ad1.emediate.dk ads134.hpg.com.br gusanito-postal.org count381.51yes.com ap34.pro banner.relcom.ru --> Potentially malicious! 127.0.0.1 ad.ma.doubleclick.net a.coughstuffs.com buenos-varilias.com age-ega.ru in.getclicky.com websitehostingsouthafrica.com count337.51yes.com vijetha.co.in thorpeinstitute.com --> Potentially malicious! 127.0.0.1 ultsearch.com freipres.ivwbox.de 4879cd460080edbe30f5e03a3c6e179d.info a1000000.mayhemavz.pro cnetnews.112.2o7.net counter11.sextracker.com ads.as4x.tmcs.net ad.ro.doubleclick.net b4118165b89a10b5f3da449626e5e9e9.org --> Potentially malicious! 127.0.0.1 sieg-vergaser.de ads190.hpg.com.br anon.doubleclick.speedera.net ad35.paycount.com faststudiodvwalked.ru berdonet2011.dlinkddns.com yoraclick.com snamedb.com jibertytciako.pl --> Potentially malicious! 127.0.0.1 meredithjacobonline.com rx-white.com description2011.ru k.iinfo.cz adimages.go.com ng3.ads.warnerbros.com casinomahjongsikkim.com ad.de.doubleclick.net worgukiw.ru --> Potentially malicious! 127.0.0.1 flexbeta.us.intellitxt.com canwest.112.207.net execulink.112.2o7.net homevisions.com traffichome.de s.vidsmak.com banner1.50megs.com 208.185.87.90.liveadvert.com ad.at.doubleclick.net --> Potentially malicious! 127.0.0.1 ws8.surf-town.net ad.il.doubleclick.net static.fragbite.com armonipiyanodersi.com kottaslama.org directstuff.com affiliate.doubleyourdating.com ad.grafika.cz verygoods2010.ru --> Potentially malicious! 127.0.0.1 unuere.freewww.biz ads.forbes.com ad.tr.doubleclick.net adteractive.com 179.6.87.194.dynamic.dol.ru ads.amarillo.com count551.51yes.com rabbitharky.net vw-freaks.net --> Potentially malicious! 127.0.0.1 208.185.87.146.liveadvert.com tcdykfjrtweypzxbqyrsfidecmln.com thewebs.ru analytics.ero-advertising.com ad.ero.nl xk9.ru itsptp.com banner.grupos.com.br c41.statcounter.com --> Potentially malicious! 127.0.0.1 www.ssangyong.co.il ads.yupimsn.com convertervocal.net track.gawker.com rxbuy-itewhuli.ru cellus-usa.com ad.about.com doubleclick.ne.jp textcube.com --> Potentially malicious! 127.0.0.1 banners.bol.com.br count729.51yes.com advert.hpg.com.br workathometeacher.com ads.cgnetworks.com geoloc12.geovisite.com gpaper112.112.2o7.net ad60.paycount.com ad.th.doubleclick.net --> Potentially malicious! 127.0.0.1 c4.statcounter.com gyneco-saint-andre.fr ad204.paycount.com trackalyzer.com ad4.api.ero-advertising.com textad.net yiiw.in vsii.spinbox.net bomsabor.com.br --> Potentially malicious! 127.0.0.1 usi-groupinc.net aqsf.knxhsn.eu 9843c4f1f195375184625a1525cf83b9.info adbucks.com avigorstats.pro msn.ivwbox.de bannersng.yell.com ad.sk.doubleclick.net 08.185.87.08.liveadvert.com --> Potentially malicious! 127.0.0.1 www.fusespot.com banners.bol.com.br banners234.hpg.com.br smt-enterprises.com bopwyeb.ru ad2.doubleclick.net whpdn.freewww.biz hugo.lenuerry.com oascentral.adage.com --> Potentially malicious! 127.0.0.1 banners.moviegoods.com fineclicks.com xq0.ru bqgqucwoeyswvgcigqknyllbyytiblf.net count.rin.ru count596.51yes.com c14.statcounter.com great-antispy2012.com pzydthkbdjbxkfinhurwcyd.com --> Potentially malicious!

127.0.0.1 www.qdigital.co.il sigeta.org oascentral.villagevoice.com bands-inc.com se.cqcounter.com ads.bmais.net imagec14.247realmedia.com pmraiugdqhyhmqccfacupypmzor.com www.widgetadvertising.biz 127.0.0.1 admex.com dis.criteo.com bazarafcantoscabiz.com utm.trk.popularscreensavers.com lycoscollect.realmedia.com count44.51yes.com burstmedia.com amberandrobertmedia.com ecall09edytu.rr.nu 127.0.0.1 208.185.87.193.liveadvert.com cash4popup.de m1.nedstatbasic.net ad1.ero-advertising.com webnoivos.com 3ddown.com pirate.1000houses.biz perseusgroupllc.cc pub.chez.com 127.0.0.1 zeroclan.net damisystem.com alexandre.peis.free.fr pairpull.ru lerelais.com 39.6.87.194.dynamic.dol.ru palazziogt.ru adsweb.tiscali.de ads.returnpath.net 127.0.0.1 programmpower.ru muchbetter.ru buttonjp.org ads82.hpg.com.br web-counter-online.ru trayscoffeecup.org snhbe.ru testossteron.ru ads8.c.no1.asap-asp.net 127.0.0.1 awakenedwithin.com iv.doubleclick.net www.counter14.sextracker.be gpaper149.112.2o7.net cdn.allegedmedia.com middlemanether.ru esjkedsafe.com rodijo.com.au eloqua.com 127.0.0.1 bf410f0b5dda6f72725a191d7086d05c.org 193.6.87.194.dynamic.dol.ru banners185.hpg.com.br geoloc92.geovisite.com geoloc36.geovisite.com coupons-inc.com adtrade.net ads.v3.com ad.moscowtimes.ru 127.0.0.1 a.vidtruck.com 3322.org i5.createsend5.com icredoname10012.com bank42.clicks.mp.mydas.mobi allforpeople.net gpaper169.112.2o7.net xn--iimizmzik-v9a79h.com datais.com 127.0.0.1 accountsiq.us stat.tudou.com banner.clubdicecasino.com ads.kinxxx.com onlinestoredsnow.info a6q7.com zanox.com serokolservice.com ad.hpg.com.br 127.0.0.1 adbunker.com justwebads.com office.partnerearning.com untesmakina.com wapclub.biz eu-se.euroinnov.eu windowsneratepack.info speed-tube.net linker.eightfoldlogic.com 127.0.0.1 a.fandango.com 208.185.87.40.liveadvert.com zs.ffshrine.org ads.motormedia.nl deryam.biz switch6.castup.net ads244.hpg.com.br ad.nttnavi.co.jp 404.dummywebsitedatabase.com 127.0.0.1 teamltg.com cache.adviva.net seamrippers.org prague-luxury-hotel.com adnedat.ru prosperplug.info reachjunction.com banner.elisa.net telenorstartsiden.112.2o7.net 127.0.0.1 mi-web12.prod.millennialmedia.com vg01.met.vgwort.de rank8.de bioticshypermodular.org topazinsaat.com.tr mokono.com www2.portdetective.com clicknvote.com banners152.hpg.com.br 127.0.0.1 feedoms.org.uk peopleopera.cn smscolony.com shockingrates.com storeoffers.info gpaper193.112.2o7.net hitfarm.com grapeshot.co.uk tourskorea.com 127.0.0.1 count979.51yes.com ads.hideyourarms.com wetifjam.ru gyhhdykust.org ads.iwon.com ads.asiafriendfinder.com ad.keenspace.com galaxien.com theartsgarage.com 127.0.0.1 banners238.hpg.com.br realmedia.com ad00.hpg.com.br www.backtype.com neurodermitistextilien.de cyxwtkcetscuwaevsxczxxkhccu.info lb.trellian.com 208.185.87.123.liveadvert.com inrxyxuwhkjwfeytucauaqpvt.com 127.0.0.1 adreporting.com u005.33.spylog.com onepassnetwork.com svmerosao.sites.uol.com.br clickhelp.net ad207.hpg.com.br media-a.vpptechnologies.com lprshcsmijfovp.com ace.advertising.com 127.0.0.1 tendonsof.com geoloc46.geovisite.com count660.51yes.com ynkicyr.ru iserverupdates.com winmyminiads.com 216.6.87.194.dynamic.dol.ru www.bettingmarket.com gpaper174.112.2o7.net 127.0.0.1 germannewslinks.info adserver.sharewareonline.com count100.51yes.com trafficfile.com spaceyourfilesbig.chickenkiller.com bank44.clicks.mp.mydas.mobi 239.6.87.194.dynamic.dol.ru r32r32fg34g33g43f3.nl.ai mrskincash.com 127.0.0.1 8bec584679a2faabc60bd6aed5a1e175.info mycomputer.superstats.com banner.hyl.no brumund.de xml.fusionxml.com www.qrcodetrackers.com reisprei.ivwbox.de b066421814a96881d6c7c01c0c164107.org indo-production-fixer.com [...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++ --- User --- [MBR] e7291a51bdd97332dc7de6d4a517066e [bSP] 43acc1143e6db16be49149e712bbde49 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo 1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 409600 | Size: 351194 Mo 3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 719654912 | Size: 364009 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 7d1b6db635bd5729c751827a64459154 [bSP] 8cb2736df4e3428c618e11c1ff6aa842 : MBR Code unknown Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo 1 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159793152 | Size: 400 Mo

Finished : << RKreport[0]_S_07222013_165425.txt >>

 

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стартирайте отново RogueKiller и изчакайте първоначалната проверка да приключи.

След това натиснете Scan.

След като приключи отидете до секцията Hosts и натиснете таба Fix Hosts

 

Възможно е да ви  поиска рестарт. Съгласете се.

След рестарта моля публикувайте новите лог файлове от RogueKiller в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

не ми поиска рестарт. Логовете :

 

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Dzhemal [Admin rights] Mode : Scan -- Date : 07/22/2013 18:26:03 | ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤ [DNS] HKLM[...]CCSet[...]{3CD6BAB7-D4B1-470B-ACCE-77332F076F19} : NameServer (212.39.90.42 212.39.90.43) -> FOUND [DNS] HKLM[...]CS001[...]{3CD6BAB7-D4B1-470B-ACCE-77332F076F19} : NameServer (212.39.90.42 212.39.90.43) -> FOUND [HJ POL] HKLM[...]System : DisableTaskMgr (0) -> FOUND [HJ POL] HKLM[...]System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM[...]Wow6432Node[...]System : DisableTaskMgr (0) -> FOUND [HJ POL] HKLM[...]Wow6432Node[...]System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKCU[...]ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKLM[...]NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM[...]NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : Mal.Hosts|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%System32driversetchosts

127.0.0.1 awakenedwithin.com iv.doubleclick.net www.counter14.sextracker.be gpaper149.112.2o7.net cdn.allegedmedia.com middlemanether.ru esjkedsafe.com rodijo.com.au eloqua.com --> Potentially malicious! 127.0.0.1 7c74a4bc5dd3df5db4c2aa7a3dd5cce6.org blackmandz.com kkkarow-judo.de www3.doubleclick.com gpaper117.112.2o7.net ufhwf8093hrdsf.com www.flash-counter.com ads27.hpg.com.br watisawarosydok.org --> Potentially malicious! 127.0.0.1 lejbomor.ru clickauditor.net jarasumjazz.com ad.eg.doubleclick.net ads.jpost.com toronto-locksmith.biz upmqpwyndzwzmmwy.ru c1z.at ad73.hpg.com.br --> Potentially malicious! 127.0.0.1 intervalsselfservice.pro ads.wunderground.com ciao.ivwbox.de betasreceivable.org count72.51yes.com count621.51yes.com 718unlimited.com rewardster.com googleads.g.doubleclick.net --> Potentially malicious! 127.0.0.1 08.185.87.17.liveadvert.com downx.52z.com pamiangsao.com counter.bloke.com 208.185.87.112.liveadvert.com ad.primopdf.com ad.eurosport.com chemmannurkuries.com gan.doubleclick.net --> Potentially malicious! 127.0.0.1 widowadvertising.net gnndfe.zyns.com ad203.hpg.com.br brandnameshoppin.cn imperial-groupsvc.net bakveli.net ad236.paycount.com count833.51yes.com ad.au.doubleclick.net --> Potentially malicious! 127.0.0.1 ads.creative-serving.com 7254da45bf6a7e358e456f1a86cd92c1.org 9bfc110f5d387f09e74910496b35181f.org ad.it.doubleclick.net www.exactadvertising.com 186.6.87.194.dynamic.dol.ru sb.scorecardresearch.com count847.51yes.com advert234.hpg.com.br --> Potentially malicious! 127.0.0.1 calicutinternationalschool.com clicktrade.linkexchange.net clicks.net doubleclick.d4p.net ads1.theglobeandmail.com boom.ro classbasecamp.pro kaleidosskop.ru tns-counter.ru --> Potentially malicious! 127.0.0.1 ads.51.net www.counter4all.de ad.pt.doubleclick.net www-google-analytics.l.google.com media.popuptraffic.com tracker.snowball.com koelnrsc.ivwbox.de jewelsactuality.ru cassandrarice.com --> Potentially malicious! 127.0.0.1 uwfekfyj.ru ad.pl.doubleclick.net imapscans.info tds-23vb8g5ff.co.cc emulatesdigital.pro 08.185.87.146.liveadvert.com etritotube.net ter00alsy.rr.nu adnet.worldreviewer.com --> Potentially malicious! 127.0.0.1 rampidads.com easy-ad.info nrtjny.sellclassics.com bannercampaign.com ads07.focalink.com c7.statcounter.com 7x70.com count801.51yes.com trackads.com --> Potentially malicious! 127.0.0.1 invoicedimplementations.info 179fed8d388a1afd3e901cd2bdd761c0.info goptres.co.cc sedfer.com ns1.doubleclick.net dominoforsale.biz penavare.com lottomeca.com count455.51yes.com --> Potentially malicious! 127.0.0.1 c16.statcounter.com crowgerber.ru ypmptx.in ad191.hpg.com.br geoloc78.geovisite.com count931.51yes.com sdlcuauo.cn ad.gt.doubleclick.net thldkvcgbkzcbfxw.ru --> Potentially malicious! 127.0.0.1 rovio3.appads.com ad174.paycount.com ad.co.doubleclick.net adimage.guardian.co.uk helpmetoretire.com qnit9x.com adrotate.sytes.net adminder.com www.istats.nl --> Potentially malicious! 127.0.0.1 www5.yesadvertising.com professorbanner.com scrooge.wsoctv.com weirdplanet.net visit.webhosting.yahoo.com ads.bigasia.com ad.ca.doubleclick.net securitymonitor2012in.com successfulmpfs.org --> Potentially malicious! 127.0.0.1 08.185.87.176.liveadvert.com ds.ign.us.intellitxt.com img.msgtag.com bizad.nikkeibp.co.jp ads.top500.org admeta.com 142.6.87.194.dynamic.dol.ru c32.statcounter.com ads.edbindex.dk --> Potentially malicious! 127.0.0.1 stat.alibaba.com netshelter.net thelemoncity.com ads123.hpg.com.br allcomrades.com c12.statcounter.com aprombz.com super67.me gassystem.co.kr --> Potentially malicious! 127.0.0.1 kiportal.net yesky.com simlossim.epac.to 08.185.87.143.liveadvert.com wfslwzbmj.freewww.biz ad.fr.doubleclick.net mnszyhxgp.freewww.biz a19.g.akamai.net www.marketplacemanager.com --> Potentially malicious! 127.0.0.1 hyoxnckrngodoret.ru 08.185.87.35.liveadvert.com www.mytiwi.com pannatex.com 123counts.com ad210.paycount.com ad.jp.doubleclick.net earing-debasededit.hk.ms antispy-online90.com --> Potentially malicious! 127.0.0.1 stats.trafficjuicer.com selmoipourtoi.net ewnnd.ru activetrakresponsible.pro storesseeks.in www.doubleclick.ne.jp 910ec64a02c66d8b2ce0454051de1d09.info u074.03.spylog.com avgtechnologies.112.2o7.net --> Potentially malicious! 127.0.0.1 ad.ie.doubleclick.net secree.com mysa.belointeractive.com n6sc.info ohbjirqfm.freewww.biz vg07.met.vgwort.de wdata.ero-advertising.com partners.priceline.com keepit.freebieandcouponmom.com --> Potentially malicious! 127.0.0.1 cashengines.com trytokickmewhenimoneywwww2.com rantcloned.org wswb1.surf-town.net ads.outpersonals.com ad.no.doubleclick.net sugoicounter.com xml.adtech.fr alenty.com --> Potentially malicious! 127.0.0.1 count880.51yes.com cheapflightsonsale.com securelive.co.kr pics3.inxhost.com u1773.34.spylog.com mcfestaseventos.com.br www.sociomantic.com live.sekindo.com doubleclick.shockwave.com --> Potentially malicious! 127.0.0.1 eightfoldlogic.com affiliate.ab1trk.com trafficparade.com adclick.com ad.mx.doubleclick.net 411affiliates.ca click.dagbladet.no 5.6.87.194.dynamic.dol.ru westernillusion.com --> Potentially malicious! 127.0.0.1 nyttechnology.112.2o7.net 08.185.87.31.liveadvert.com www.yourhitstats.com adsklick.de creast.afkepock.com rupeksa.com www.wwwetracker.com ad-emea.doubleclick.net count450.51yes.com --> Potentially malicious! 127.0.0.1 clavosdecristo.es u024.10.spylog.com ad.cl.doubleclick.net rgadvert.com rubiconproject.com myeducationcompany.com ahyea.com 28.6.87.194.dynamic.dol.ru count225.51yes.com --> Potentially malicious! 127.0.0.1 adthis.com 208.185.87.32.liveadvert.com www.pigment-adv.co.il kelaxserv56.in tldadserv.com ad.us.doubleclick.net ad176.hpg.com.br xerta.lenuerry.com razumtds.ws --> Potentially malicious! 127.0.0.1 ads.asp.net blog.ero-advertising.com c10.statcounter.com stoorvogelsoftware.nl yasarsigorta.com high-update.com adclient.detelefoongids.nl top-site-list.com integrate.com --> Potentially malicious! 127.0.0.1 prefisio.com.br trk.blamads.com 11.blogbestsites.com anapoli.ru ad.tw.doubleclick.net cbird6.sextracker.com ad.hyena.cz latebin.ru tracking.voltagesearch.com --> Potentially malicious! 127.0.0.1 zaefofin.ru leprisoruim.ru www.achmedia.com a5.websponsors.com entrepreneur.us.intellitxt.com norilsknikeli.ru s2.statcounter.com count988.51yes.com baeisa.co.cc --> Potentially malicious! 127.0.0.1 adsonar.com netreflector.com counter17.bravenet.com mi-web31.prod.millennialmedia.com count783.51yes.com ads.isoftmarketing.com ir.doubleclick.net secure.quantserve.com ad160.hpg.com.br --> Potentially malicious! 127.0.0.1 2fflatfee.ero-advertising.com cobrands.mailermailer.com ad235.paycount.com rubilonk.info apendiksator.ru ad.dk.doubleclick.net traffka.eu www5.click-fr.com bank44.ads.mp.mydas.mobi --> Potentially malicious! 127.0.0.1 ictgroupnet.cc splitteroverwhelmingly.pro nmnandomedia.112.2o7.net ads.nordichardware.com truehits1.gits.net.th ads.bigfoot.com epiccash.com kvvkprxkpnbebixguhtcfajrdm.info www.doubleclick.de --> Potentially malicious! 127.0.0.1 count840.51yes.com ad.es.doubleclick.net zvhtkpsnmdy.info itillc.com nl.topstat.com ads.adohana.com siteminer.superstats.com ad15.paycount.com darkscape.info --> Potentially malicious! 127.0.0.1 domssingomangos.net secguard.biz affiliate.travelnow.com tarakc1.net cyberantiquemall.com ads.aol.com itbannerexchange.com adx.allstar.cz ad.ar.doubleclick.net --> Potentially malicious! 127.0.0.1 count437.51yes.com jytorqu.ru munchkin.marketo.net adinterax.com banner.nixnet.cz recover88888.com oepjvondifnnkskfcxzvjiefrkd.com ads.fool.com c17.statcounter.com --> Potentially malicious! 127.0.0.1 8xvideos-tube.mobi recessionwire.com ad.my.doubleclick.net flyghtairline.ru 111309a301e46e230013eada1a63b079.info dialerporn.com ad.sexcount.de brainrace.ru nytrwilmington.112.2o7.net --> Potentially malicious! 127.0.0.1 count268.51yes.com werkendwachtik.nl ad.br.doubleclick.net bin.hnissa.com hoycktsjwqsmklnv.biz xgmrtookfnjibguofinhqcwodxwq.ru wsqwehnnjppxrgxp.org page1.name count113.51yes.com --> Potentially malicious! 127.0.0.1 logv18.xiti.com demo.doubleclick.net ads.5ci.lt zmbagc.com nesamithran.com sis-street.com fb64b06873291207414862989cb55799.info forum-cs.net76.net 08.185.87.115.liveadvert.com --> Potentially malicious! 127.0.0.1 ankursociety.org 57.6.87.194.dynamic.dol.ru thecounter.com c1.statcounter.com erostracker.com ads15.hpg.com.br download13-socinenie.ru j5b.kr pluto.adcycle.com --> Potentially malicious! 127.0.0.1 banners254.hpg.com.br woteucv.freewww.biz upadoo.xpg.com.br 208.185.87.121.liveadvert.com ad.sg.doubleclick.net sunbeltinverting.pro mydreamnewone.com dsfh.ru ad242.hpg.com.br --> Potentially malicious! 127.0.0.1 hyydsglxirgykbxcmlntmvhi.ru ww2.xp115.com n4403ad.doubleclick.net threefooktiro.no-ip.info vacationrentalcabins.com websponsors.com zoferxtube8.info igahicfrwwfpjhef.ru mediamind.com --> Potentially malicious! 127.0.0.1 cashforsurveys.net domteks-volga.ru deadonseparating.ru analyticdns.org nuert.lenuerry.com logisticservices.info denisdenisstation.cu.cc engine.4dsply.com reports.doubleclick.net --> Potentially malicious! 127.0.0.1 kron-energo.ru c13.statcounter.com 964b2ff96df2ba9951881c168282189c.org track.ft.com ads.krawall.de accountpro046.ru createsend3.com axf8.net gamesitestop100.com --> Potentially malicious! 127.0.0.1 dragongut.co.cc www.statcounter.com ads.alt.com expresshomecinema.com www.adshuh.com adspics.com zuchezhaowo.com counter24.bravenet.com aspn.ddns.info --> Potentially malicious! 127.0.0.1 travel.netster.com ad187.paycount.com taktiku.biz bb.connextra.com banner-count.com gobiernofacil.go.cr tnktrck.com reelshandsoff.info c6.statcounter.com --> Potentially malicious! 127.0.0.1 ads.adpulse.com www.linkybank.com ad.kw.doubleclick.net ad233.paycount.com sj-g-lbs.focalink.com 208.185.87.138.liveadvert.com bvalphaserver.com pfvfsi.freewww.biz www.mega-traf.net --> Potentially malicious! 127.0.0.1 ad.sa.doubleclick.net lmvwnv.in securepaths.com www.ewordofmouth.com wsclick.infospace.com count817.51yes.com z0.extreme-dm.com royalwinnipegballet.net server-br.imrworldwide.com --> Potentially malicious! 127.0.0.1 ad.m5prod.net accountpro007.ru hstest.surf-town.net counter15.sextracker.be count40.51yes.com adsalvo.com onlineadvertclick.org sinher24itedsc.rr.nu ad.is.doubleclick.net --> Potentially malicious! 127.0.0.1 o1.plus-zone.co.kr ecd52048dace94e20d35d8a47b04b35d.org c15.statcounter.com g.adspeed.net opienetwork.com content-cooperation.com blogdetranssexuel.com jokenqi.ru 125search.com --> Potentially malicious! 127.0.0.1 indobilling.com eqw002.cn c11.statcounter.com ads140.hpg.com.br hollabackvideo.com tecchan.ivwbox.de cogirunner.ru ru03-hits.spylog.com 429861812.3322.org --> Potentially malicious! 127.0.0.1 dfilmcounderw.su rspzdtpxll.com users.marketleverage.com bqtl.in g243gtdsgsdg.vv.cc usamoney.nl.ai ads189.hpg.com.br officebook1.org learn.doubleclick.net --> Potentially malicious! 127.0.0.1 rxbuy-itewvaha.ru dsvseee.nl.ai aloeroyal.com sre13vea.rr.nu microsoftwga.112.2o7.net icentric.us.intellitxt.com 123002915.cn.com help.doubleclick.net ad.realmedia.co.kr --> Potentially malicious! 127.0.0.1 ads.mgnetwork.com mooo.com ad.in.doubleclick.net abc.googlezuju.com assoc-amazon.com nhoimwl.mysecondarydns.com www.click-under.info us.a1.yimg.com ads.webme.com --> Potentially malicious! 127.0.0.1 puertoalmirante.com bank27.mi.ads.mp.mydas.mobi www.doubleclick.com step2me.net static.appwatch.com kjbbc.net ylufida.com lwtcxuzbdrsnpqfb.ru www6.testtradedoubler.com --> Potentially malicious! 127.0.0.1 count915.51yes.com ad.doubleclick.de squirtingsblog.com tag.tlvmedia.com fp.gad-network.com a.doktorhappy.com u017.76.spylog.com www.parse.ly bannermat.com --> Potentially malicious! 127.0.0.1 bx.clickmedia.ro websmeter.com 208.185.87.36.liveadvert.com ads.alwayson-network.com xb8.ru flierstrusting.biz n4052ad.doubleclick.net 157.6.87.194.dynamic.dol.ru adq.nextag.com --> Potentially malicious! 127.0.0.1 maidarm.ru ads.swirve.com hosting-controlpin.tk ad-g.doubleclick.net imgddd.net ck.jp.ap.valuecommerce.com support.semptoshiba.com.br software.xoomcounter.com verfer.com --> Potentially malicious! 127.0.0.1 adboost.de.vu dimpact.co.il javacentricunencumbered.org uybeor.freewww.biz exitexchange.com sexxxstaz.org ad.za.doubleclick.net adprojekt.pl scorpionbkn.xpg.com.br --> Potentially malicious! 127.0.0.1 ad.cn.doubleclick.net zcloumedia.com kerchna.in ad31.paycount.com ad5.speedbit.com 59.6.87.194.dynamic.dol.ru icnhedsafe.com abroad.name top50.co.uk --> Potentially malicious! 127.0.0.1 lustler.com 3ew.ru ad.gmtracker.com count196.51yes.com banner.list.ru toringkerk.co.za usigroupnet.cc biozavr.ru doubleclick.de --> Potentially malicious! 127.0.0.1 www3.smartadserver.com ad10.focalink.com ads27.focalink.com banners251.hpg.com.br www2.doubleclick.com 208.185.87.16.liveadvert.com ads.pixfuture.net count388.51yes.com kepen.ru --> Potentially malicious! 127.0.0.1 zxlngj.eu buyhitscheap.com cashspace.com alnce21.com www2.doubleclick.net thenetnameshop.cn 4.whereinmilan.com img.buchananjenkinshyundai.com count699.51yes.com --> Potentially malicious! 127.0.0.1 ad.ru.doubleclick.net geoloc58.geovisite.com weidenhof.at x9w.ru 0d8d348a9f374540d947c126e712fa23.org containercox.ru tewnrpvxbdjc.info uxosgik.ru marlaktuell.de --> Potentially malicious! 127.0.0.1 ads.detelefoongids.nl m.doubleclick.net advert243.hpg.com.br uskamalchik.ru www.c-on-text.com ad185.hpg.com.br 101.6.87.194.dynamic.dol.ru thinkgeek.112.2o7.net mgmgroupnet.cc --> Potentially malicious! 127.0.0.1 www.doubleclick.net.my ad.120.tbn.ru bfantastic.com hatsvisuals.org xomcui.com ergebruibgebigbei.com 118.6.87.194.dynamic.dol.ru ef9710b691fa9df28214ad21c2019822.org diamonstar.cn --> Potentially malicious! 127.0.0.1 swathespicture.org ads.mariuana.it wbs.tmkvmv.eu ad.se.doubleclick.net count87.51yes.com pillspharmacyrx.ru a.total-media.net lsvdxjpwykxxvryd.ru sillacareer.or.kr --> Potentially malicious! 127.0.0.1 anbfse.ru newnetnameshop.cn ojnrirhnfemxpnhepnlaeyhmfph.biz jquery-framework.com logv7.xiti.com globaltrack.com j-vision.co.kr ad.cz.doubleclick.net rr1.xxxcounter.com --> Potentially malicious! 127.0.0.1 akaelyr.cn goreeotuma.ru gloriousflooring.com clearerstats.com.es azelas.net ad.gr.doubleclick.net secure-unitedonline.cleanprint.net d4e71869070fd9133c2ec4fe6e728e70.org vexuliritynetwork.com --> Potentially malicious! 127.0.0.1 38efe6484281ec752b4426a55d20de1c.info xn--pauone-4q9l.com namessguibulk.net poekdf.ru ad1.trafficx.com wiombejwxrddpkkx.ru u130.01.spylog.com tex.ero-advertising.com dfp.doubleclick.net --> Potentially malicious! 127.0.0.1 count70.51yes.com ad.hk.doubleclick.net ads1.canoe.ca rp.hit.gemius.pl ad157.paycount.com pagubev.ru pilldrugstoregroup.com infolinks.com ioad.info --> Potentially malicious! 127.0.0.1 count584.51yes.com members.swimsuitnetwork.com us5.forward-to-friend1.com sitebrand.geeks.com 156.6.87.194.dynamic.dol.ru blachervers-2.com paypalssl.doubleclick.net stats.surf-town.net scaner-sdee.tk --> Potentially malicious! 127.0.0.1 www.keywordblocks.com xonio.ivwbox.de c5.statcounter.com count716.51yes.com moderndating2012.asia villusoftreit.ru ideet.ru lfstmedia.com freeroom66.com --> Potentially malicious! 127.0.0.1 unixpoint02.xpg.com.br qaxgckzkn.changeip.name ads.tmcs.net fls.doubleclick.net statsl.com dnads.directnic.com 3cw.ru banner.coza.com count978.51yes.com --> Potentially malicious! 127.0.0.1 fxdas.lflinkup.net ecoresearch.hu achmedia.com n479ad.doubleclick.net quickcamsassembled.net keymedia.hu ailway42staging.rr.nu o.zeroredirect.com cornermarketmedia.com --> Potentially malicious! 127.0.0.1 webfrogs.ru u117.45.spylog.com paymonsters.com kondratev.popunder.ru adcloud.net dnsnum11.com c8.statcounter.com u072.93.spylog.com miguelrubio.sites.uol.com.br --> Potentially malicious! 127.0.0.1 ebtmarketing.com wcbsimg.dayport.com surprise-knsmd.tk ads.discovery.com cerzdtolonknkneibekjbavwgqvk.info statcounter.com atc-groop.com criptxvidsyde.co.cc bfupndesgjnzgakkbeytoljcmugjf.com --> Potentially malicious! 127.0.0.1 bannermall.com i1.createsend5.com l.zeroredirect.com glakvpxu.org global-charge.com ylyhjz.in ads131.hpg.com.br 2.gaza-hackers.info doubleclick.de --> Potentially malicious! 127.0.0.1 counter5.sextracker.be hostscounter.com u3239.08.spylog.com nytrgadsden.112.2o7.net c3.statcounter.com vchysb.freewww.biz fad-411.mtl4.targetnet.com downloadtorrent.org.uk.tc count849.51yes.com --> Potentially malicious! 127.0.0.1 106.6.87.194.dynamic.dol.ru stat24.com 08.185.87.1.liveadvert.com maaandhra.com banners31.hpg.com.br x1v.ru jastreb.hr ad.fi.doubleclick.net traffic.gabmage.in --> Potentially malicious! 127.0.0.1 tigerloads.com ads.softure.com ads4homes.com ads227.hpg.com.br agbasky.com mokingbirdgives.org top90.ro bank42.mi.ads.mp.mydas.mobi ad.uk.doubleclick.net --> Potentially malicious! 127.0.0.1 bannerconnect.com ad.doubleclick.net lnkgo.com goldboat.net s.thetvpool.com adserver.click4cash.de count230.51yes.com chinchwaddevasthantrust.org webwatcherdata.com --> Potentially malicious! 127.0.0.1 tablethealthphysicians.net kesenai.org registry.cu.cc list.ru gduobyc.freewww.biz doubleclick.com www.mokono.com ak1.abmr.net visitor.benchmarkemail.com --> Potentially malicious! 127.0.0.1 banners63.hpg.com.br fixavpu.ru afe6882e298064090f884696cb48c3b5.info cakuxeco.tk federetoktyt.net opt-media.com derinobi.com capa01.com www3.doubleclick.net --> Potentially malicious! 127.0.0.1 jkhteqa.com www.doubleclick.net fipscertifiedenables.ru basijkarmandan.danaportal.ir ads112.hpg.com.br spe.atdmt.com alertpay.net.au 78.6.87.194.dynamic.dol.ru delivery6.trafficjunky.net --> Potentially malicious! 127.0.0.1 advert241.hpg.com.br searchportal.information.com modinali.com 08.185.87.49.liveadvert.com si.netmng.com shoponlinefilmsite.cn banners.babylon-x.com ns1.123go.net ad.terra.doubleclick.net --> Potentially malicious! 127.0.0.1 talliedclassit.info 4.luca-volonte.org update.powercare.co.kr elanablimka.github.com xn--szobafests-j7a.eu ad.n2434.doubleclick.net db0.net-filter.com antik-dom.ru createsend5.com --> Potentially malicious! 127.0.0.1 adlantic.nl protaxet.com adf.ero-advertising.com nt002.cn ads.iafrica.com alkarmel.com.jo statcounter.com banners130.hpg.com.br jabbawockeez.us --> Potentially malicious! 127.0.0.1 201.6.87.194.dynamic.dol.ru adnet.asahi.com l1.zedo.com ad114.paycount.com ads228.hpg.com.br wzus.ask.com sgisolution.com.br ad.be.doubleclick.net daeyoolife.com --> Potentially malicious! 127.0.0.1 centanysenrere.com ad.nz.doubleclick.net tcr111.tynt.com torstarcollect.247realmedia.com bigtopleads.cn 18hhhgh3.justdied.com img.dt00.net quintaavenue.com susnoj.cn --> Potentially malicious! 127.0.0.1 9f9473183778647a979b99045b901711.info visit.playerevaluator.com ad.kr.doubleclick.net bank07.mi.ads.mp.mydas.mobi mondayswizardnet.info 69.6.87.194.dynamic.dol.ru 372kzsds7661.com taokakao.com hitcents.com --> Potentially malicious! 127.0.0.1 mmsrierihon.com c6h.at dncdh.ws doubleclick.net e.yieldmanager.net static.ndoverdrive.net www.008.free-counter.co.uk taskiran.net 87.6.87.194.dynamic.dol.ru --> Potentially malicious! 127.0.0.1 fawcztqwomnnjnrtseirkrcp.biz c2.statcounter.com comics.ign.us.intellitxt.com text-link-ads.com top.one.ru msnbc.112.2o7.net 2faa5e9617513ac0df0a8ee150c0864b.info berfry43bgrbf.vv.cc stats.groupninetyfour.com --> Potentially malicious! 127.0.0.1 homeemployed.com ad-x.com ads2.advance.de www.counter6.sextracker.be mappery.com log10.doubleverify.com u96s.info evoloutainary.co.cc ad.ch.doubleclick.net --> Potentially malicious! 127.0.0.1 doubleclick.net newwave.orge.pl apex-ad.com ultimatetrafficpack.com chanchala.cz click-under.info w612.nb.host127-0-0-1.com uneugroup.com ads246.hpg.com.br --> Potentially malicious! 127.0.0.1 u093.76.spylog.com adserv.evo-x.de cash2002.de nabilams.org gpaper118.112.2o7.net mediavisor.doubleclick.net s.clicktale.net u.outbrain.com www.spinbox.net --> Potentially malicious! 127.0.0.1 creatives.doubleclick.net zlnobdqpfnvworzpayylpvolle.ru lrogs.info admarvel.com ads.web.cs.com web2.deja.com adlev.neodatagroup.com count511.51yes.com adserver.zylom.com --> Potentially malicious! 127.0.0.1 verygood2013.ru geoloc62.geovisite.com angelaonfl.ru geotarget.info prestamistape.us banners16.hpg.com.br submenusonlineoriented.info c28.statcounter.com i-clicks.net --> Potentially malicious! 127.0.0.1 ad.hu.doubleclick.net count265.51yes.com stetomoney.org advert53.hpg.com.br banner.trifle.net www.123webmarketing.com af9b7985802bc09fb9e19663.merseine.nu netbiosmediocre.org ads.tripod.lycos.es --> Potentially malicious! 127.0.0.1 penguinplanning.com wielerclinics.nl ompassik.ru bank56.mi.ads.mp.mydas.mobi www.magentanews.com bigdeal777.com ad.ve.doubleclick.net stats0.one.ru sabnorway.com --> Potentially malicious! 127.0.0.1 ads.adultfriendfinder.com demandware.edgesuite.net go.adify.com u053.48.spylog.com gerincmuhely.hu pagead2.googlesyndication.com meethotties.mobi zendekor.com.tr c44.statcounter.com --> Potentially malicious! 127.0.0.1 tvinfo.ivwbox.de doubleclick.com ywh18olly.rr.nu noexcuseentertainment.com takru.com www4.yesadvertising.com ads.technoratimedia.com shopfilmworld.cn ziffdavisglobal.112.2o7.net --> Potentially malicious! 127.0.0.1 www.marketingtips.com ads6.focalink.com ad.nl.doubleclick.net smert-test.ru wt1888.com adplacers.com ad123.hpg.com.br mobilcom.ivwbox.de 08.185.87.151.liveadvert.com --> Potentially malicious! 127.0.0.1 jsbjlsdjlkb234jblkba8899sjkb.com media.adlegend.com azbuka001.pro kreditsikacsre.ru tyryfpix.ru odnklog.net mjhcymist.freewww.biz m.doubleclick.com nfwcleizdgexdcqoblpncuxcqonz.ru --> Potentially malicious! 127.0.0.1 adserv007.adtech.fr henshiwuliao.com adscomplete.info ad.ph.doubleclick.net qokzierihon.com webcreditreport.com logv13.xiti.com adpepper.dk m77s.cn --> Potentially malicious! 127.0.0.1 aboutnorth2012.ru ns2.doubleclick.net security-laboratory.ru ad1.emediate.dk ads134.hpg.com.br gusanito-postal.org count381.51yes.com ap34.pro banner.relcom.ru --> Potentially malicious! 127.0.0.1 ad.ma.doubleclick.net a.coughstuffs.com buenos-varilias.com age-ega.ru in.getclicky.com websitehostingsouthafrica.com count337.51yes.com vijetha.co.in thorpeinstitute.com --> Potentially malicious! 127.0.0.1 ultsearch.com freipres.ivwbox.de 4879cd460080edbe30f5e03a3c6e179d.info a1000000.mayhemavz.pro cnetnews.112.2o7.net counter11.sextracker.com ads.as4x.tmcs.net ad.ro.doubleclick.net b4118165b89a10b5f3da449626e5e9e9.org --> Potentially malicious! 127.0.0.1 sieg-vergaser.de ads190.hpg.com.br anon.doubleclick.speedera.net ad35.paycount.com faststudiodvwalked.ru berdonet2011.dlinkddns.com yoraclick.com snamedb.com jibertytciako.pl --> Potentially malicious! 127.0.0.1 meredithjacobonline.com rx-white.com description2011.ru k.iinfo.cz adimages.go.com ng3.ads.warnerbros.com casinomahjongsikkim.com ad.de.doubleclick.net worgukiw.ru --> Potentially malicious! 127.0.0.1 flexbeta.us.intellitxt.com canwest.112.207.net execulink.112.2o7.net homevisions.com traffichome.de s.vidsmak.com banner1.50megs.com 208.185.87.90.liveadvert.com ad.at.doubleclick.net --> Potentially malicious! 127.0.0.1 ws8.surf-town.net ad.il.doubleclick.net static.fragbite.com armonipiyanodersi.com kottaslama.org directstuff.com affiliate.doubleyourdating.com ad.grafika.cz verygoods2010.ru --> Potentially malicious! 127.0.0.1 unuere.freewww.biz ads.forbes.com ad.tr.doubleclick.net adteractive.com 179.6.87.194.dynamic.dol.ru ads.amarillo.com count551.51yes.com rabbitharky.net vw-freaks.net --> Potentially malicious! 127.0.0.1 208.185.87.146.liveadvert.com tcdykfjrtweypzxbqyrsfidecmln.com thewebs.ru analytics.ero-advertising.com ad.ero.nl xk9.ru itsptp.com banner.grupos.com.br c41.statcounter.com --> Potentially malicious! 127.0.0.1 www.ssangyong.co.il ads.yupimsn.com convertervocal.net track.gawker.com rxbuy-itewhuli.ru cellus-usa.com ad.about.com doubleclick.ne.jp textcube.com --> Potentially malicious! 127.0.0.1 banners.bol.com.br count729.51yes.com advert.hpg.com.br workathometeacher.com ads.cgnetworks.com geoloc12.geovisite.com gpaper112.112.2o7.net ad60.paycount.com ad.th.doubleclick.net --> Potentially malicious! 127.0.0.1 c4.statcounter.com gyneco-saint-andre.fr ad204.paycount.com trackalyzer.com ad4.api.ero-advertising.com textad.net yiiw.in vsii.spinbox.net bomsabor.com.br --> Potentially malicious! 127.0.0.1 usi-groupinc.net aqsf.knxhsn.eu 9843c4f1f195375184625a1525cf83b9.info adbucks.com avigorstats.pro msn.ivwbox.de bannersng.yell.com ad.sk.doubleclick.net 08.185.87.08.liveadvert.com --> Potentially malicious! 127.0.0.1 www.fusespot.com banners.bol.com.br banners234.hpg.com.br smt-enterprises.com bopwyeb.ru ad2.doubleclick.net whpdn.freewww.biz hugo.lenuerry.com oascentral.adage.com --> Potentially malicious! 127.0.0.1 banners.moviegoods.com fineclicks.com xq0.ru bqgqucwoeyswvgcigqknyllbyytiblf.net count.rin.ru count596.51yes.com c14.statcounter.com great-antispy2012.com pzydthkbdjbxkfinhurwcyd.com --> Potentially malicious!

127.0.0.1 www.qdigital.co.il sigeta.org oascentral.villagevoice.com bands-inc.com se.cqcounter.com ads.bmais.net imagec14.247realmedia.com pmraiugdqhyhmqccfacupypmzor.com www.widgetadvertising.biz 127.0.0.1 admex.com dis.criteo.com bazarafcantoscabiz.com utm.trk.popularscreensavers.com lycoscollect.realmedia.com count44.51yes.com burstmedia.com amberandrobertmedia.com ecall09edytu.rr.nu 127.0.0.1 208.185.87.193.liveadvert.com cash4popup.de m1.nedstatbasic.net ad1.ero-advertising.com webnoivos.com 3ddown.com pirate.1000houses.biz perseusgroupllc.cc pub.chez.com 127.0.0.1 zeroclan.net damisystem.com alexandre.peis.free.fr pairpull.ru lerelais.com 39.6.87.194.dynamic.dol.ru palazziogt.ru adsweb.tiscali.de ads.returnpath.net 127.0.0.1 programmpower.ru muchbetter.ru buttonjp.org ads82.hpg.com.br web-counter-online.ru trayscoffeecup.org snhbe.ru testossteron.ru ads8.c.no1.asap-asp.net 127.0.0.1 awakenedwithin.com iv.doubleclick.net www.counter14.sextracker.be gpaper149.112.2o7.net cdn.allegedmedia.com middlemanether.ru esjkedsafe.com rodijo.com.au eloqua.com 127.0.0.1 bf410f0b5dda6f72725a191d7086d05c.org 193.6.87.194.dynamic.dol.ru banners185.hpg.com.br geoloc92.geovisite.com geoloc36.geovisite.com coupons-inc.com adtrade.net ads.v3.com ad.moscowtimes.ru 127.0.0.1 a.vidtruck.com 3322.org i5.createsend5.com icredoname10012.com bank42.clicks.mp.mydas.mobi allforpeople.net gpaper169.112.2o7.net xn--iimizmzik-v9a79h.com datais.com 127.0.0.1 accountsiq.us stat.tudou.com banner.clubdicecasino.com ads.kinxxx.com onlinestoredsnow.info a6q7.com zanox.com serokolservice.com ad.hpg.com.br 127.0.0.1 adbunker.com justwebads.com office.partnerearning.com untesmakina.com wapclub.biz eu-se.euroinnov.eu windowsneratepack.info speed-tube.net linker.eightfoldlogic.com 127.0.0.1 a.fandango.com 208.185.87.40.liveadvert.com zs.ffshrine.org ads.motormedia.nl deryam.biz switch6.castup.net ads244.hpg.com.br ad.nttnavi.co.jp 404.dummywebsitedatabase.com 127.0.0.1 teamltg.com cache.adviva.net seamrippers.org prague-luxury-hotel.com adnedat.ru prosperplug.info reachjunction.com banner.elisa.net telenorstartsiden.112.2o7.net 127.0.0.1 mi-web12.prod.millennialmedia.com vg01.met.vgwort.de rank8.de bioticshypermodular.org topazinsaat.com.tr mokono.com www2.portdetective.com clicknvote.com banners152.hpg.com.br 127.0.0.1 feedoms.org.uk peopleopera.cn smscolony.com shockingrates.com storeoffers.info gpaper193.112.2o7.net hitfarm.com grapeshot.co.uk tourskorea.com 127.0.0.1 count979.51yes.com ads.hideyourarms.com wetifjam.ru gyhhdykust.org ads.iwon.com ads.asiafriendfinder.com ad.keenspace.com galaxien.com theartsgarage.com 127.0.0.1 banners238.hpg.com.br realmedia.com ad00.hpg.com.br www.backtype.com neurodermitistextilien.de cyxwtkcetscuwaevsxczxxkhccu.info lb.trellian.com 208.185.87.123.liveadvert.com inrxyxuwhkjwfeytucauaqpvt.com 127.0.0.1 adreporting.com u005.33.spylog.com onepassnetwork.com svmerosao.sites.uol.com.br clickhelp.net ad207.hpg.com.br media-a.vpptechnologies.com lprshcsmijfovp.com ace.advertising.com 127.0.0.1 tendonsof.com geoloc46.geovisite.com count660.51yes.com ynkicyr.ru iserverupdates.com winmyminiads.com 216.6.87.194.dynamic.dol.ru www.bettingmarket.com gpaper174.112.2o7.net 127.0.0.1 germannewslinks.info adserver.sharewareonline.com count100.51yes.com trafficfile.com spaceyourfilesbig.chickenkiller.com bank44.clicks.mp.mydas.mobi 239.6.87.194.dynamic.dol.ru r32r32fg34g33g43f3.nl.ai mrskincash.com 127.0.0.1 8bec584679a2faabc60bd6aed5a1e175.info mycomputer.superstats.com banner.hyl.no brumund.de xml.fusionxml.com www.qrcodetrackers.com reisprei.ivwbox.de b066421814a96881d6c7c01c0c164107.org indo-production-fixer.com [...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++ --- User --- [MBR] e7291a51bdd97332dc7de6d4a517066e [bSP] 43acc1143e6db16be49149e712bbde49 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo 1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 409600 | Size: 351194 Mo 3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 719654912 | Size: 364009 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 7d1b6db635bd5729c751827a64459154 [bSP] 8cb2736df4e3428c618e11c1ff6aa842 : MBR Code unknown Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo 1 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159793152 | Size: 400 Mo

Finished : << RKreport[0]_S_07222013_182603.txt >> RKreport[0]_S_07222013_165425.txt

 

 

 

 

 

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Dzhemal [Admin rights] Mode : HOSTSFix -- Date : 07/22/2013 18:26:32 | ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤ [DNS] HKLM[...]CCSet[...]{3CD6BAB7-D4B1-470B-ACCE-77332F076F19} : NameServer (212.39.90.42 212.39.90.43) -> NOT REMOVED, USE DNSFIX [DNS] HKLM[...]CS001[...]{3CD6BAB7-D4B1-470B-ACCE-77332F076F19} : NameServer (212.39.90.42 212.39.90.43) -> NOT REMOVED, USE DNSFIX [HJ POL] HKLM[...]System : DisableTaskMgr (0) -> FOUND [HJ POL] HKLM[...]System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM[...]Wow6432Node[...]System : DisableTaskMgr (0) -> FOUND [HJ POL] HKLM[...]Wow6432Node[...]System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKCU[...]ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKLM[...]NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM[...]NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : Mal.Hosts|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%System32driversetchosts

127.0.0.1 awakenedwithin.com iv.doubleclick.net www.counter14.sextracker.be gpaper149.112.2o7.net cdn.allegedmedia.com middlemanether.ru esjkedsafe.com rodijo.com.au eloqua.com --> Potentially malicious! 127.0.0.1 7c74a4bc5dd3df5db4c2aa7a3dd5cce6.org blackmandz.com kkkarow-judo.de www3.doubleclick.com gpaper117.112.2o7.net ufhwf8093hrdsf.com www.flash-counter.com ads27.hpg.com.br watisawarosydok.org --> Potentially malicious! 127.0.0.1 lejbomor.ru clickauditor.net jarasumjazz.com ad.eg.doubleclick.net ads.jpost.com toronto-locksmith.biz upmqpwyndzwzmmwy.ru c1z.at ad73.hpg.com.br --> Potentially malicious! 127.0.0.1 intervalsselfservice.pro ads.wunderground.com ciao.ivwbox.de betasreceivable.org count72.51yes.com count621.51yes.com 718unlimited.com rewardster.com googleads.g.doubleclick.net --> Potentially malicious! 127.0.0.1 08.185.87.17.liveadvert.com downx.52z.com pamiangsao.com counter.bloke.com 208.185.87.112.liveadvert.com ad.primopdf.com ad.eurosport.com chemmannurkuries.com gan.doubleclick.net --> Potentially malicious! 127.0.0.1 widowadvertising.net gnndfe.zyns.com ad203.hpg.com.br brandnameshoppin.cn imperial-groupsvc.net bakveli.net ad236.paycount.com count833.51yes.com ad.au.doubleclick.net --> Potentially malicious! 127.0.0.1 ads.creative-serving.com 7254da45bf6a7e358e456f1a86cd92c1.org 9bfc110f5d387f09e74910496b35181f.org ad.it.doubleclick.net www.exactadvertising.com 186.6.87.194.dynamic.dol.ru sb.scorecardresearch.com count847.51yes.com advert234.hpg.com.br --> Potentially malicious! 127.0.0.1 calicutinternationalschool.com clicktrade.linkexchange.net clicks.net doubleclick.d4p.net ads1.theglobeandmail.com boom.ro classbasecamp.pro kaleidosskop.ru tns-counter.ru --> Potentially malicious! 127.0.0.1 ads.51.net www.counter4all.de ad.pt.doubleclick.net www-google-analytics.l.google.com media.popuptraffic.com tracker.snowball.com koelnrsc.ivwbox.de jewelsactuality.ru cassandrarice.com --> Potentially malicious! 127.0.0.1 uwfekfyj.ru ad.pl.doubleclick.net imapscans.info tds-23vb8g5ff.co.cc emulatesdigital.pro 08.185.87.146.liveadvert.com etritotube.net ter00alsy.rr.nu adnet.worldreviewer.com --> Potentially malicious! 127.0.0.1 rampidads.com easy-ad.info nrtjny.sellclassics.com bannercampaign.com ads07.focalink.com c7.statcounter.com 7x70.com count801.51yes.com trackads.com --> Potentially malicious! 127.0.0.1 invoicedimplementations.info 179fed8d388a1afd3e901cd2bdd761c0.info goptres.co.cc sedfer.com ns1.doubleclick.net dominoforsale.biz penavare.com lottomeca.com count455.51yes.com --> Potentially malicious! 127.0.0.1 c16.statcounter.com crowgerber.ru ypmptx.in ad191.hpg.com.br geoloc78.geovisite.com count931.51yes.com sdlcuauo.cn ad.gt.doubleclick.net thldkvcgbkzcbfxw.ru --> Potentially malicious! 127.0.0.1 rovio3.appads.com ad174.paycount.com ad.co.doubleclick.net adimage.guardian.co.uk helpmetoretire.com qnit9x.com adrotate.sytes.net adminder.com www.istats.nl --> Potentially malicious! 127.0.0.1 www5.yesadvertising.com professorbanner.com scrooge.wsoctv.com weirdplanet.net visit.webhosting.yahoo.com ads.bigasia.com ad.ca.doubleclick.net securitymonitor2012in.com successfulmpfs.org --> Potentially malicious! 127.0.0.1 08.185.87.176.liveadvert.com ds.ign.us.intellitxt.com img.msgtag.com bizad.nikkeibp.co.jp ads.top500.org admeta.com 142.6.87.194.dynamic.dol.ru c32.statcounter.com ads.edbindex.dk --> Potentially malicious! 127.0.0.1 stat.alibaba.com netshelter.net thelemoncity.com ads123.hpg.com.br allcomrades.com c12.statcounter.com aprombz.com super67.me gassystem.co.kr --> Potentially malicious! 127.0.0.1 kiportal.net yesky.com simlossim.epac.to 08.185.87.143.liveadvert.com wfslwzbmj.freewww.biz ad.fr.doubleclick.net mnszyhxgp.freewww.biz a19.g.akamai.net www.marketplacemanager.com --> Potentially malicious! 127.0.0.1 hyoxnckrngodoret.ru 08.185.87.35.liveadvert.com www.mytiwi.com pannatex.com 123counts.com ad210.paycount.com ad.jp.doubleclick.net earing-debasededit.hk.ms antispy-online90.com --> Potentially malicious! 127.0.0.1 stats.trafficjuicer.com selmoipourtoi.net ewnnd.ru activetrakresponsible.pro storesseeks.in www.doubleclick.ne.jp 910ec64a02c66d8b2ce0454051de1d09.info u074.03.spylog.com avgtechnologies.112.2o7.net --> Potentially malicious! 127.0.0.1 ad.ie.doubleclick.net secree.com mysa.belointeractive.com n6sc.info ohbjirqfm.freewww.biz vg07.met.vgwort.de wdata.ero-advertising.com partners.priceline.com keepit.freebieandcouponmom.com --> Potentially malicious! 127.0.0.1 cashengines.com trytokickmewhenimoneywwww2.com rantcloned.org wswb1.surf-town.net ads.outpersonals.com ad.no.doubleclick.net sugoicounter.com xml.adtech.fr alenty.com --> Potentially malicious! 127.0.0.1 count880.51yes.com cheapflightsonsale.com securelive.co.kr pics3.inxhost.com u1773.34.spylog.com mcfestaseventos.com.br www.sociomantic.com live.sekindo.com doubleclick.shockwave.com --> Potentially malicious! 127.0.0.1 eightfoldlogic.com affiliate.ab1trk.com trafficparade.com adclick.com ad.mx.doubleclick.net 411affiliates.ca click.dagbladet.no 5.6.87.194.dynamic.dol.ru westernillusion.com --> Potentially malicious! 127.0.0.1 nyttechnology.112.2o7.net 08.185.87.31.liveadvert.com www.yourhitstats.com adsklick.de creast.afkepock.com rupeksa.com www.wwwetracker.com ad-emea.doubleclick.net count450.51yes.com --> Potentially malicious! 127.0.0.1 clavosdecristo.es u024.10.spylog.com ad.cl.doubleclick.net rgadvert.com rubiconproject.com myeducationcompany.com ahyea.com 28.6.87.194.dynamic.dol.ru count225.51yes.com --> Potentially malicious! 127.0.0.1 adthis.com 208.185.87.32.liveadvert.com www.pigment-adv.co.il kelaxserv56.in tldadserv.com ad.us.doubleclick.net ad176.hpg.com.br xerta.lenuerry.com razumtds.ws --> Potentially malicious! 127.0.0.1 ads.asp.net blog.ero-advertising.com c10.statcounter.com stoorvogelsoftware.nl yasarsigorta.com high-update.com adclient.detelefoongids.nl top-site-list.com integrate.com --> Potentially malicious! 127.0.0.1 prefisio.com.br trk.blamads.com 11.blogbestsites.com anapoli.ru ad.tw.doubleclick.net cbird6.sextracker.com ad.hyena.cz latebin.ru tracking.voltagesearch.com --> Potentially malicious! 127.0.0.1 zaefofin.ru leprisoruim.ru www.achmedia.com a5.websponsors.com entrepreneur.us.intellitxt.com norilsknikeli.ru s2.statcounter.com count988.51yes.com baeisa.co.cc --> Potentially malicious! 127.0.0.1 adsonar.com netreflector.com counter17.bravenet.com mi-web31.prod.millennialmedia.com count783.51yes.com ads.isoftmarketing.com ir.doubleclick.net secure.quantserve.com ad160.hpg.com.br --> Potentially malicious! 127.0.0.1 2fflatfee.ero-advertising.com cobrands.mailermailer.com ad235.paycount.com rubilonk.info apendiksator.ru ad.dk.doubleclick.net traffka.eu www5.click-fr.com bank44.ads.mp.mydas.mobi --> Potentially malicious! 127.0.0.1 ictgroupnet.cc splitteroverwhelmingly.pro nmnandomedia.112.2o7.net ads.nordichardware.com truehits1.gits.net.th ads.bigfoot.com epiccash.com kvvkprxkpnbebixguhtcfajrdm.info www.doubleclick.de --> Potentially malicious! 127.0.0.1 count840.51yes.com ad.es.doubleclick.net zvhtkpsnmdy.info itillc.com nl.topstat.com ads.adohana.com siteminer.superstats.com ad15.paycount.com darkscape.info --> Potentially malicious! 127.0.0.1 domssingomangos.net secguard.biz affiliate.travelnow.com tarakc1.net cyberantiquemall.com ads.aol.com itbannerexchange.com adx.allstar.cz ad.ar.doubleclick.net --> Potentially malicious! 127.0.0.1 count437.51yes.com jytorqu.ru munchkin.marketo.net adinterax.com banner.nixnet.cz recover88888.com oepjvondifnnkskfcxzvjiefrkd.com ads.fool.com c17.statcounter.com --> Potentially malicious! 127.0.0.1 8xvideos-tube.mobi recessionwire.com ad.my.doubleclick.net flyghtairline.ru 111309a301e46e230013eada1a63b079.info dialerporn.com ad.sexcount.de brainrace.ru nytrwilmington.112.2o7.net --> Potentially malicious! 127.0.0.1 count268.51yes.com werkendwachtik.nl ad.br.doubleclick.net bin.hnissa.com hoycktsjwqsmklnv.biz xgmrtookfnjibguofinhqcwodxwq.ru wsqwehnnjppxrgxp.org page1.name count113.51yes.com --> Potentially malicious! 127.0.0.1 logv18.xiti.com demo.doubleclick.net ads.5ci.lt zmbagc.com nesamithran.com sis-street.com fb64b06873291207414862989cb55799.info forum-cs.net76.net 08.185.87.115.liveadvert.com --> Potentially malicious! 127.0.0.1 ankursociety.org 57.6.87.194.dynamic.dol.ru thecounter.com c1.statcounter.com erostracker.com ads15.hpg.com.br download13-socinenie.ru j5b.kr pluto.adcycle.com --> Potentially malicious! 127.0.0.1 banners254.hpg.com.br woteucv.freewww.biz upadoo.xpg.com.br 208.185.87.121.liveadvert.com ad.sg.doubleclick.net sunbeltinverting.pro mydreamnewone.com dsfh.ru ad242.hpg.com.br --> Potentially malicious! 127.0.0.1 hyydsglxirgykbxcmlntmvhi.ru ww2.xp115.com n4403ad.doubleclick.net threefooktiro.no-ip.info vacationrentalcabins.com websponsors.com zoferxtube8.info igahicfrwwfpjhef.ru mediamind.com --> Potentially malicious! 127.0.0.1 cashforsurveys.net domteks-volga.ru deadonseparating.ru analyticdns.org nuert.lenuerry.com logisticservices.info denisdenisstation.cu.cc engine.4dsply.com reports.doubleclick.net --> Potentially malicious! 127.0.0.1 kron-energo.ru c13.statcounter.com 964b2ff96df2ba9951881c168282189c.org track.ft.com ads.krawall.de accountpro046.ru createsend3.com axf8.net gamesitestop100.com --> Potentially malicious! 127.0.0.1 dragongut.co.cc www.statcounter.com ads.alt.com expresshomecinema.com www.adshuh.com adspics.com zuchezhaowo.com counter24.bravenet.com aspn.ddns.info --> Potentially malicious! 127.0.0.1 travel.netster.com ad187.paycount.com taktiku.biz bb.connextra.com banner-count.com gobiernofacil.go.cr tnktrck.com reelshandsoff.info c6.statcounter.com --> Potentially malicious! 127.0.0.1 ads.adpulse.com www.linkybank.com ad.kw.doubleclick.net ad233.paycount.com sj-g-lbs.focalink.com 208.185.87.138.liveadvert.com bvalphaserver.com pfvfsi.freewww.biz www.mega-traf.net --> Potentially malicious! 127.0.0.1 ad.sa.doubleclick.net lmvwnv.in securepaths.com www.ewordofmouth.com wsclick.infospace.com count817.51yes.com z0.extreme-dm.com royalwinnipegballet.net server-br.imrworldwide.com --> Potentially malicious! 127.0.0.1 ad.m5prod.net accountpro007.ru hstest.surf-town.net counter15.sextracker.be count40.51yes.com adsalvo.com onlineadvertclick.org sinher24itedsc.rr.nu ad.is.doubleclick.net --> Potentially malicious! 127.0.0.1 o1.plus-zone.co.kr ecd52048dace94e20d35d8a47b04b35d.org c15.statcounter.com g.adspeed.net opienetwork.com content-cooperation.com blogdetranssexuel.com jokenqi.ru 125search.com --> Potentially malicious! 127.0.0.1 indobilling.com eqw002.cn c11.statcounter.com ads140.hpg.com.br hollabackvideo.com tecchan.ivwbox.de cogirunner.ru ru03-hits.spylog.com 429861812.3322.org --> Potentially malicious! 127.0.0.1 dfilmcounderw.su rspzdtpxll.com users.marketleverage.com bqtl.in g243gtdsgsdg.vv.cc usamoney.nl.ai ads189.hpg.com.br officebook1.org learn.doubleclick.net --> Potentially malicious! 127.0.0.1 rxbuy-itewvaha.ru dsvseee.nl.ai aloeroyal.com sre13vea.rr.nu microsoftwga.112.2o7.net icentric.us.intellitxt.com 123002915.cn.com help.doubleclick.net ad.realmedia.co.kr --> Potentially malicious! 127.0.0.1 ads.mgnetwork.com mooo.com ad.in.doubleclick.net abc.googlezuju.com assoc-amazon.com nhoimwl.mysecondarydns.com www.click-under.info us.a1.yimg.com ads.webme.com --> Potentially malicious! 127.0.0.1 puertoalmirante.com bank27.mi.ads.mp.mydas.mobi www.doubleclick.com step2me.net static.appwatch.com kjbbc.net ylufida.com lwtcxuzbdrsnpqfb.ru www6.testtradedoubler.com --> Potentially malicious! 127.0.0.1 count915.51yes.com ad.doubleclick.de squirtingsblog.com tag.tlvmedia.com fp.gad-network.com a.doktorhappy.com u017.76.spylog.com www.parse.ly bannermat.com --> Potentially malicious! 127.0.0.1 bx.clickmedia.ro websmeter.com 208.185.87.36.liveadvert.com ads.alwayson-network.com xb8.ru flierstrusting.biz n4052ad.doubleclick.net 157.6.87.194.dynamic.dol.ru adq.nextag.com --> Potentially malicious! 127.0.0.1 maidarm.ru ads.swirve.com hosting-controlpin.tk ad-g.doubleclick.net imgddd.net ck.jp.ap.valuecommerce.com support.semptoshiba.com.br software.xoomcounter.com verfer.com --> Potentially malicious! 127.0.0.1 adboost.de.vu dimpact.co.il javacentricunencumbered.org uybeor.freewww.biz exitexchange.com sexxxstaz.org ad.za.doubleclick.net adprojekt.pl scorpionbkn.xpg.com.br --> Potentially malicious! 127.0.0.1 ad.cn.doubleclick.net zcloumedia.com kerchna.in ad31.paycount.com ad5.speedbit.com 59.6.87.194.dynamic.dol.ru icnhedsafe.com abroad.name top50.co.uk --> Potentially malicious! 127.0.0.1 lustler.com 3ew.ru ad.gmtracker.com count196.51yes.com banner.list.ru toringkerk.co.za usigroupnet.cc biozavr.ru doubleclick.de --> Potentially malicious! 127.0.0.1 www3.smartadserver.com ad10.focalink.com ads27.focalink.com banners251.hpg.com.br www2.doubleclick.com 208.185.87.16.liveadvert.com ads.pixfuture.net count388.51yes.com kepen.ru --> Potentially malicious! 127.0.0.1 zxlngj.eu buyhitscheap.com cashspace.com alnce21.com www2.doubleclick.net thenetnameshop.cn 4.whereinmilan.com img.buchananjenkinshyundai.com count699.51yes.com --> Potentially malicious! 127.0.0.1 ad.ru.doubleclick.net geoloc58.geovisite.com weidenhof.at x9w.ru 0d8d348a9f374540d947c126e712fa23.org containercox.ru tewnrpvxbdjc.info uxosgik.ru marlaktuell.de --> Potentially malicious! 127.0.0.1 ads.detelefoongids.nl m.doubleclick.net advert243.hpg.com.br uskamalchik.ru www.c-on-text.com ad185.hpg.com.br 101.6.87.194.dynamic.dol.ru thinkgeek.112.2o7.net mgmgroupnet.cc --> Potentially malicious! 127.0.0.1 www.doubleclick.net.my ad.120.tbn.ru bfantastic.com hatsvisuals.org xomcui.com ergebruibgebigbei.com 118.6.87.194.dynamic.dol.ru ef9710b691fa9df28214ad21c2019822.org diamonstar.cn --> Potentially malicious! 127.0.0.1 swathespicture.org ads.mariuana.it wbs.tmkvmv.eu ad.se.doubleclick.net count87.51yes.com pillspharmacyrx.ru a.total-media.net lsvdxjpwykxxvryd.ru sillacareer.or.kr --> Potentially malicious! 127.0.0.1 anbfse.ru newnetnameshop.cn ojnrirhnfemxpnhepnlaeyhmfph.biz jquery-framework.com logv7.xiti.com globaltrack.com j-vision.co.kr ad.cz.doubleclick.net rr1.xxxcounter.com --> Potentially malicious! 127.0.0.1 akaelyr.cn goreeotuma.ru gloriousflooring.com clearerstats.com.es azelas.net ad.gr.doubleclick.net secure-unitedonline.cleanprint.net d4e71869070fd9133c2ec4fe6e728e70.org vexuliritynetwork.com --> Potentially malicious! 127.0.0.1 38efe6484281ec752b4426a55d20de1c.info xn--pauone-4q9l.com namessguibulk.net poekdf.ru ad1.trafficx.com wiombejwxrddpkkx.ru u130.01.spylog.com tex.ero-advertising.com dfp.doubleclick.net --> Potentially malicious! 127.0.0.1 count70.51yes.com ad.hk.doubleclick.net ads1.canoe.ca rp.hit.gemius.pl ad157.paycount.com pagubev.ru pilldrugstoregroup.com infolinks.com ioad.info --> Potentially malicious! 127.0.0.1 count584.51yes.com members.swimsuitnetwork.com us5.forward-to-friend1.com sitebrand.geeks.com 156.6.87.194.dynamic.dol.ru blachervers-2.com paypalssl.doubleclick.net stats.surf-town.net scaner-sdee.tk --> Potentially malicious! 127.0.0.1 www.keywordblocks.com xonio.ivwbox.de c5.statcounter.com count716.51yes.com moderndating2012.asia villusoftreit.ru ideet.ru lfstmedia.com freeroom66.com --> Potentially malicious! 127.0.0.1 unixpoint02.xpg.com.br qaxgckzkn.changeip.name ads.tmcs.net fls.doubleclick.net statsl.com dnads.directnic.com 3cw.ru banner.coza.com count978.51yes.com --> Potentially malicious! 127.0.0.1 fxdas.lflinkup.net ecoresearch.hu achmedia.com n479ad.doubleclick.net quickcamsassembled.net keymedia.hu ailway42staging.rr.nu o.zeroredirect.com cornermarketmedia.com --> Potentially malicious! 127.0.0.1 webfrogs.ru u117.45.spylog.com paymonsters.com kondratev.popunder.ru adcloud.net dnsnum11.com c8.statcounter.com u072.93.spylog.com miguelrubio.sites.uol.com.br --> Potentially malicious! 127.0.0.1 ebtmarketing.com wcbsimg.dayport.com surprise-knsmd.tk ads.discovery.com cerzdtolonknkneibekjbavwgqvk.info statcounter.com atc-groop.com criptxvidsyde.co.cc bfupndesgjnzgakkbeytoljcmugjf.com --> Potentially malicious! 127.0.0.1 bannermall.com i1.createsend5.com l.zeroredirect.com glakvpxu.org global-charge.com ylyhjz.in ads131.hpg.com.br 2.gaza-hackers.info doubleclick.de --> Potentially malicious! 127.0.0.1 counter5.sextracker.be hostscounter.com u3239.08.spylog.com nytrgadsden.112.2o7.net c3.statcounter.com vchysb.freewww.biz fad-411.mtl4.targetnet.com downloadtorrent.org.uk.tc count849.51yes.com --> Potentially malicious! 127.0.0.1 106.6.87.194.dynamic.dol.ru stat24.com 08.185.87.1.liveadvert.com maaandhra.com banners31.hpg.com.br x1v.ru jastreb.hr ad.fi.doubleclick.net traffic.gabmage.in --> Potentially malicious! 127.0.0.1 tigerloads.com ads.softure.com ads4homes.com ads227.hpg.com.br agbasky.com mokingbirdgives.org top90.ro bank42.mi.ads.mp.mydas.mobi ad.uk.doubleclick.net --> Potentially malicious! 127.0.0.1 bannerconnect.com ad.doubleclick.net lnkgo.com goldboat.net s.thetvpool.com adserver.click4cash.de count230.51yes.com chinchwaddevasthantrust.org webwatcherdata.com --> Potentially malicious! 127.0.0.1 tablethealthphysicians.net kesenai.org registry.cu.cc list.ru gduobyc.freewww.biz doubleclick.com www.mokono.com ak1.abmr.net visitor.benchmarkemail.com --> Potentially malicious! 127.0.0.1 banners63.hpg.com.br fixavpu.ru afe6882e298064090f884696cb48c3b5.info cakuxeco.tk federetoktyt.net opt-media.com derinobi.com capa01.com www3.doubleclick.net --> Potentially malicious! 127.0.0.1 jkhteqa.com www.doubleclick.net fipscertifiedenables.ru basijkarmandan.danaportal.ir ads112.hpg.com.br spe.atdmt.com alertpay.net.au 78.6.87.194.dynamic.dol.ru delivery6.trafficjunky.net --> Potentially malicious! 127.0.0.1 advert241.hpg.com.br searchportal.information.com modinali.com 08.185.87.49.liveadvert.com si.netmng.com shoponlinefilmsite.cn banners.babylon-x.com ns1.123go.net ad.terra.doubleclick.net --> Potentially malicious! 127.0.0.1 talliedclassit.info 4.luca-volonte.org update.powercare.co.kr elanablimka.github.com xn--szobafests-j7a.eu ad.n2434.doubleclick.net db0.net-filter.com antik-dom.ru createsend5.com --> Potentially malicious! 127.0.0.1 adlantic.nl protaxet.com adf.ero-advertising.com nt002.cn ads.iafrica.com alkarmel.com.jo statcounter.com banners130.hpg.com.br jabbawockeez.us --> Potentially malicious! 127.0.0.1 201.6.87.194.dynamic.dol.ru adnet.asahi.com l1.zedo.com ad114.paycount.com ads228.hpg.com.br wzus.ask.com sgisolution.com.br ad.be.doubleclick.net daeyoolife.com --> Potentially malicious! 127.0.0.1 centanysenrere.com ad.nz.doubleclick.net tcr111.tynt.com torstarcollect.247realmedia.com bigtopleads.cn 18hhhgh3.justdied.com img.dt00.net quintaavenue.com susnoj.cn --> Potentially malicious! 127.0.0.1 9f9473183778647a979b99045b901711.info visit.playerevaluator.com ad.kr.doubleclick.net bank07.mi.ads.mp.mydas.mobi mondayswizardnet.info 69.6.87.194.dynamic.dol.ru 372kzsds7661.com taokakao.com hitcents.com --> Potentially malicious! 127.0.0.1 mmsrierihon.com c6h.at dncdh.ws doubleclick.net e.yieldmanager.net static.ndoverdrive.net www.008.free-counter.co.uk taskiran.net 87.6.87.194.dynamic.dol.ru --> Potentially malicious! 127.0.0.1 fawcztqwomnnjnrtseirkrcp.biz c2.statcounter.com comics.ign.us.intellitxt.com text-link-ads.com top.one.ru msnbc.112.2o7.net 2faa5e9617513ac0df0a8ee150c0864b.info berfry43bgrbf.vv.cc stats.groupninetyfour.com --> Potentially malicious! 127.0.0.1 homeemployed.com ad-x.com ads2.advance.de www.counter6.sextracker.be mappery.com log10.doubleverify.com u96s.info evoloutainary.co.cc ad.ch.doubleclick.net --> Potentially malicious! 127.0.0.1 doubleclick.net newwave.orge.pl apex-ad.com ultimatetrafficpack.com chanchala.cz click-under.info w612.nb.host127-0-0-1.com uneugroup.com ads246.hpg.com.br --> Potentially malicious! 127.0.0.1 u093.76.spylog.com adserv.evo-x.de cash2002.de nabilams.org gpaper118.112.2o7.net mediavisor.doubleclick.net s.clicktale.net u.outbrain.com www.spinbox.net --> Potentially malicious! 127.0.0.1 creatives.doubleclick.net zlnobdqpfnvworzpayylpvolle.ru lrogs.info admarvel.com ads.web.cs.com web2.deja.com adlev.neodatagroup.com count511.51yes.com adserver.zylom.com --> Potentially malicious! 127.0.0.1 verygood2013.ru geoloc62.geovisite.com angelaonfl.ru geotarget.info prestamistape.us banners16.hpg.com.br submenusonlineoriented.info c28.statcounter.com i-clicks.net --> Potentially malicious! 127.0.0.1 ad.hu.doubleclick.net count265.51yes.com stetomoney.org advert53.hpg.com.br banner.trifle.net www.123webmarketing.com af9b7985802bc09fb9e19663.merseine.nu netbiosmediocre.org ads.tripod.lycos.es --> Potentially malicious! 127.0.0.1 penguinplanning.com wielerclinics.nl ompassik.ru bank56.mi.ads.mp.mydas.mobi www.magentanews.com bigdeal777.com ad.ve.doubleclick.net stats0.one.ru sabnorway.com --> Potentially malicious! 127.0.0.1 ads.adultfriendfinder.com demandware.edgesuite.net go.adify.com u053.48.spylog.com gerincmuhely.hu pagead2.googlesyndication.com meethotties.mobi zendekor.com.tr c44.statcounter.com --> Potentially malicious! 127.0.0.1 tvinfo.ivwbox.de doubleclick.com ywh18olly.rr.nu noexcuseentertainment.com takru.com www4.yesadvertising.com ads.technoratimedia.com shopfilmworld.cn ziffdavisglobal.112.2o7.net --> Potentially malicious! 127.0.0.1 www.marketingtips.com ads6.focalink.com ad.nl.doubleclick.net smert-test.ru wt1888.com adplacers.com ad123.hpg.com.br mobilcom.ivwbox.de 08.185.87.151.liveadvert.com --> Potentially malicious! 127.0.0.1 jsbjlsdjlkb234jblkba8899sjkb.com media.adlegend.com azbuka001.pro kreditsikacsre.ru tyryfpix.ru odnklog.net mjhcymist.freewww.biz m.doubleclick.com nfwcleizdgexdcqoblpncuxcqonz.ru --> Potentially malicious! 127.0.0.1 adserv007.adtech.fr henshiwuliao.com adscomplete.info ad.ph.doubleclick.net qokzierihon.com webcreditreport.com logv13.xiti.com adpepper.dk m77s.cn --> Potentially malicious! 127.0.0.1 aboutnorth2012.ru ns2.doubleclick.net security-laboratory.ru ad1.emediate.dk ads134.hpg.com.br gusanito-postal.org count381.51yes.com ap34.pro banner.relcom.ru --> Potentially malicious! 127.0.0.1 ad.ma.doubleclick.net a.coughstuffs.com buenos-varilias.com age-ega.ru in.getclicky.com websitehostingsouthafrica.com count337.51yes.com vijetha.co.in thorpeinstitute.com --> Potentially malicious! 127.0.0.1 ultsearch.com freipres.ivwbox.de 4879cd460080edbe30f5e03a3c6e179d.info a1000000.mayhemavz.pro cnetnews.112.2o7.net counter11.sextracker.com ads.as4x.tmcs.net ad.ro.doubleclick.net b4118165b89a10b5f3da449626e5e9e9.org --> Potentially malicious! 127.0.0.1 sieg-vergaser.de ads190.hpg.com.br anon.doubleclick.speedera.net ad35.paycount.com faststudiodvwalked.ru berdonet2011.dlinkddns.com yoraclick.com snamedb.com jibertytciako.pl --> Potentially malicious! 127.0.0.1 meredithjacobonline.com rx-white.com description2011.ru k.iinfo.cz adimages.go.com ng3.ads.warnerbros.com casinomahjongsikkim.com ad.de.doubleclick.net worgukiw.ru --> Potentially malicious! 127.0.0.1 flexbeta.us.intellitxt.com canwest.112.207.net execulink.112.2o7.net homevisions.com traffichome.de s.vidsmak.com banner1.50megs.com 208.185.87.90.liveadvert.com ad.at.doubleclick.net --> Potentially malicious! 127.0.0.1 ws8.surf-town.net ad.il.doubleclick.net static.fragbite.com armonipiyanodersi.com kottaslama.org directstuff.com affiliate.doubleyourdating.com ad.grafika.cz verygoods2010.ru --> Potentially malicious! 127.0.0.1 unuere.freewww.biz ads.forbes.com ad.tr.doubleclick.net adteractive.com 179.6.87.194.dynamic.dol.ru ads.amarillo.com count551.51yes.com rabbitharky.net vw-freaks.net --> Potentially malicious! 127.0.0.1 208.185.87.146.liveadvert.com tcdykfjrtweypzxbqyrsfidecmln.com thewebs.ru analytics.ero-advertising.com ad.ero.nl xk9.ru itsptp.com banner.grupos.com.br c41.statcounter.com --> Potentially malicious! 127.0.0.1 www.ssangyong.co.il ads.yupimsn.com convertervocal.net track.gawker.com rxbuy-itewhuli.ru cellus-usa.com ad.about.com doubleclick.ne.jp textcube.com --> Potentially malicious! 127.0.0.1 banners.bol.com.br count729.51yes.com advert.hpg.com.br workathometeacher.com ads.cgnetworks.com geoloc12.geovisite.com gpaper112.112.2o7.net ad60.paycount.com ad.th.doubleclick.net --> Potentially malicious! 127.0.0.1 c4.statcounter.com gyneco-saint-andre.fr ad204.paycount.com trackalyzer.com ad4.api.ero-advertising.com textad.net yiiw.in vsii.spinbox.net bomsabor.com.br --> Potentially malicious! 127.0.0.1 usi-groupinc.net aqsf.knxhsn.eu 9843c4f1f195375184625a1525cf83b9.info adbucks.com avigorstats.pro msn.ivwbox.de bannersng.yell.com ad.sk.doubleclick.net 08.185.87.08.liveadvert.com --> Potentially malicious! 127.0.0.1 www.fusespot.com banners.bol.com.br banners234.hpg.com.br smt-enterprises.com bopwyeb.ru ad2.doubleclick.net whpdn.freewww.biz hugo.lenuerry.com oascentral.adage.com --> Potentially malicious! 127.0.0.1 banners.moviegoods.com fineclicks.com xq0.ru bqgqucwoeyswvgcigqknyllbyytiblf.net count.rin.ru count596.51yes.com c14.statcounter.com great-antispy2012.com pzydthkbdjbxkfinhurwcyd.com --> Potentially malicious!

127.0.0.1 www.qdigital.co.il sigeta.org oascentral.villagevoice.com bands-inc.com se.cqcounter.com ads.bmais.net imagec14.247realmedia.com pmraiugdqhyhmqccfacupypmzor.com www.widgetadvertising.biz 127.0.0.1 admex.com dis.criteo.com bazarafcantoscabiz.com utm.trk.popularscreensavers.com lycoscollect.realmedia.com count44.51yes.com burstmedia.com amberandrobertmedia.com ecall09edytu.rr.nu 127.0.0.1 208.185.87.193.liveadvert.com cash4popup.de m1.nedstatbasic.net ad1.ero-advertising.com webnoivos.com 3ddown.com pirate.1000houses.biz perseusgroupllc.cc pub.chez.com 127.0.0.1 zeroclan.net damisystem.com alexandre.peis.free.fr pairpull.ru lerelais.com 39.6.87.194.dynamic.dol.ru palazziogt.ru adsweb.tiscali.de ads.returnpath.net 127.0.0.1 programmpower.ru muchbetter.ru buttonjp.org ads82.hpg.com.br web-counter-online.ru trayscoffeecup.org snhbe.ru testossteron.ru ads8.c.no1.asap-asp.net 127.0.0.1 awakenedwithin.com iv.doubleclick.net www.counter14.sextracker.be gpaper149.112.2o7.net cdn.allegedmedia.com middlemanether.ru esjkedsafe.com rodijo.com.au eloqua.com 127.0.0.1 bf410f0b5dda6f72725a191d7086d05c.org 193.6.87.194.dynamic.dol.ru banners185.hpg.com.br geoloc92.geovisite.com geoloc36.geovisite.com coupons-inc.com adtrade.net ads.v3.com ad.moscowtimes.ru 127.0.0.1 a.vidtruck.com 3322.org i5.createsend5.com icredoname10012.com bank42.clicks.mp.mydas.mobi allforpeople.net gpaper169.112.2o7.net xn--iimizmzik-v9a79h.com datais.com 127.0.0.1 accountsiq.us stat.tudou.com banner.clubdicecasino.com ads.kinxxx.com onlinestoredsnow.info a6q7.com zanox.com serokolservice.com ad.hpg.com.br 127.0.0.1 adbunker.com justwebads.com office.partnerearning.com untesmakina.com wapclub.biz eu-se.euroinnov.eu windowsneratepack.info speed-tube.net linker.eightfoldlogic.com 127.0.0.1 a.fandango.com 208.185.87.40.liveadvert.com zs.ffshrine.org ads.motormedia.nl deryam.biz switch6.castup.net ads244.hpg.com.br ad.nttnavi.co.jp 404.dummywebsitedatabase.com 127.0.0.1 teamltg.com cache.adviva.net seamrippers.org prague-luxury-hotel.com adnedat.ru prosperplug.info reachjunction.com banner.elisa.net telenorstartsiden.112.2o7.net 127.0.0.1 mi-web12.prod.millennialmedia.com vg01.met.vgwort.de rank8.de bioticshypermodular.org topazinsaat.com.tr mokono.com www2.portdetective.com clicknvote.com banners152.hpg.com.br 127.0.0.1 feedoms.org.uk peopleopera.cn smscolony.com shockingrates.com storeoffers.info gpaper193.112.2o7.net hitfarm.com grapeshot.co.uk tourskorea.com 127.0.0.1 count979.51yes.com ads.hideyourarms.com wetifjam.ru gyhhdykust.org ads.iwon.com ads.asiafriendfinder.com ad.keenspace.com galaxien.com theartsgarage.com 127.0.0.1 banners238.hpg.com.br realmedia.com ad00.hpg.com.br www.backtype.com neurodermitistextilien.de cyxwtkcetscuwaevsxczxxkhccu.info lb.trellian.com 208.185.87.123.liveadvert.com inrxyxuwhkjwfeytucauaqpvt.com 127.0.0.1 adreporting.com u005.33.spylog.com onepassnetwork.com svmerosao.sites.uol.com.br clickhelp.net ad207.hpg.com.br media-a.vpptechnologies.com lprshcsmijfovp.com ace.advertising.com 127.0.0.1 tendonsof.com geoloc46.geovisite.com count660.51yes.com ynkicyr.ru iserverupdates.com winmyminiads.com 216.6.87.194.dynamic.dol.ru www.bettingmarket.com gpaper174.112.2o7.net 127.0.0.1 germannewslinks.info adserver.sharewareonline.com count100.51yes.com trafficfile.com spaceyourfilesbig.chickenkiller.com bank44.clicks.mp.mydas.mobi 239.6.87.194.dynamic.dol.ru r32r32fg34g33g43f3.nl.ai mrskincash.com 127.0.0.1 8bec584679a2faabc60bd6aed5a1e175.info mycomputer.superstats.com banner.hyl.no brumund.de xml.fusionxml.com www.qrcodetrackers.com reisprei.ivwbox.de b066421814a96881d6c7c01c0c164107.org indo-production-fixer.com [...]

¤¤¤ Reset HOSTS: ¤¤¤ 127.0.0.1 localhost

Finished : << RKreport[0]_H_07222013_182632.txt >> RKreport[0]_S_07222013_165425.txt;RKreport[0]_S_07222013_182603.txt


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Хм..нещо не се е получило това което исках..Сигурен ли сте че маркирахте  Fix Hosts.....?

 
Публикувано изображение 1.Изтеглете програмата AVZ 4.41 и разархивирайте avz4.zip например в папка (c:antivir).

Публикувано изображение 2.Стартирайте програмата и изпълнете:

File => Standard scripts => в отворилия се прозорец маркирайте позиция 7 => Execute selected scripts:
 
Публикувано изображение

Публикувано изображение



Публикувано изображение След завършване на сканирането компютъра ви ще се рестартира..!
Ще се създаде архив KL_syscure.zip в същата папка където е разархивирана програмата.
Моля, прикачете този архив във следващия си пост..!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

да изпълних всичко което бяхте посочили.

ето прикачения архив :

http://file.bg/c247290TDSaW

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Публикувано изображение Изтеглете Malwarebytes' Anti-Malware или от тук (не забравяйте да обновите програмата с нови дефиниции)
* Кликнете два пъти върху mbam-setup.exe, за да инсталирате програмата.
* Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish.
* Ако има намерени обновявания, тя ще ги изтегли и инсталира.
* Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.
* Сканирането ще отнеме малко време, затова моля да бъдете търпеливи.
* Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата
* Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.
* Когато всичко бъде премахнато, в Notepad ще бъде отворен лог.
Копирайте този лог и го публикувайте в следващия си коментар по темата.

  Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org

Database version: v2013.07.22.06

Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 Dzhemal :: DZHEMAL-HP [administrator]

22.7.2013 г. 19:35:03 ч. mbam-log-2013-07-22 (19-35-03).txt

Scan type: Full scan (C:|D:|G:|H:|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 416749 Time elapsed: 1 hour(s), 16 minute(s), 24 second(s)

Memory Processes Detected: 0 (No malicious items detected)

Memory Modules Detected: 0 (No malicious items detected)

Registry Keys Detected: 0 (No malicious items detected)

Registry Values Detected: 0 (No malicious items detected)

Registry Data Items Detected: 0 (No malicious items detected)

Folders Detected: 1 C:ProgramDataIBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully.

Files Detected: 1 C:ProgramDataIBUpdaterServicerepository.xml (PUP.InstallBrain) -> Quarantined and deleted successfully.

(end)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

...и последни проверки..:
 
Публикувано изображениеМоля, изтеглете и стартирайте програмата AdwCleaner(by Xplode):

  • [*]Затворете всички стартирани програми и браузъри [*]Кликнете два пъти върху
adwcleaner.exe за да стартирате инструмента. [*]Този път маркирайте Delete [*]Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта. [*]Моля, да публикувате съдържанието на този лог в отговора си [*]Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s1].txt.

Публикувано изображение
 
Публикувано изображение Моля, изтеглете Junkware Removal Tool (by Thisisu ) и запазете на вашия десктоп.

  • [*]Спрете временно работата на защитните програми. [*]Стартирайте инструмента
JRT.exe [*]Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата. [*]Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши. [*]Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt). [*]Моля копирайте съдържанието на лог файла в следващия си пост.

Публикувано изображение

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

eто съдаржанието от първата:

 

# AdwCleaner v2.306 - Logfile created 07/22/2013 at 21:08:55 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Dzhemal - DZHEMAL-HP # Boot Mode : Normal # Running from : C:UsersDzhemalDesktopadwcleaner.exe # Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:END File Deleted : C:user.js Folder Deleted : C:Program Files (x86)BabylonToolbar Folder Deleted : C:Program Files (x86)BS_Player Folder Deleted : C:Program Files (x86)Common FilesSoftware Update Utility Folder Deleted : C:Program Files (x86)Conduit Folder Deleted : C:Program Files (x86)ConduitEngine Folder Deleted : C:Program Files (x86)file scout Folder Deleted : C:Program Files (x86)MyAshampoo Folder Deleted : C:Program Files (x86)Smiley Bar for Facebook Folder Deleted : C:Program Files (x86)uTorrentBar Folder Deleted : C:Program Files (x86)Winamp Toolbar Folder Deleted : C:ProgramDataBabylon Folder Deleted : C:ProgramDataWinamp Toolbar Folder Deleted : C:UsersDzhemalAppDataLocalConduit Folder Deleted : C:UsersDzhemalAppDataLocalLowBS_Player Folder Deleted : C:UsersDzhemalAppDataLocalLowConduit Folder Deleted : C:UsersDzhemalAppDataLocalLowConduitEngine Folder Deleted : C:UsersDzhemalAppDataLocalLowuTorrentBar Folder Deleted : C:UsersDzhemalAppDataRoamingBabylon Folder Deleted : C:UsersDzhemalAppDataRoamingfile scout Folder Deleted : C:UsersDzhemalAppDataRoamingPerformerSoft Folder Deleted : C:UsersDzhemalAppDataRoamingStatusWinks

***** [Registry] *****

Key Deleted : HKCUSoftwareAppDataLowSoftwareBS_Player Key Deleted : HKCUSoftwareAppDataLowSoftwareConduit Key Deleted : HKCUSoftwareAppDataLowSoftwareconduitEngine Key Deleted : HKCUSoftwareAppDataLowSoftwareConduitSearchScopes Key Deleted : HKCUSoftwareAppDataLowSoftwareMyAshampoo Key Deleted : HKCUSoftwareAppDataLowSoftwareMyAshampootoolbar Key Deleted : HKCUSoftwareAppDataLowSoftwareSmartBar Key Deleted : HKCUSoftwareAppDataLowSoftwareuTorrentBar Key Deleted : HKCUSoftwareAppDataLowToolbar Key Deleted : HKCUSoftwareBabylonToolbar Key Deleted : HKCUSoftwareConduit Key Deleted : HKCUSoftwarefilescout Key Deleted : HKCUSoftwareInstallCore Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{944FEDFD-C4FD-441D-8275-9C651A9FFBDE} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{FC00F469-83F2-480D-8E45-E0BEF0B761F7} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{944FEDFD-C4FD-441D-8275-9C651A9FFBDE} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionUninstallWinamp Toolbar Key Deleted : HKCUSoftwareSoftonic Key Deleted : HKCUSoftwareWinamp Toolbar Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{33BB0A4E-99AF-4226-BDF6-49120163DE86} Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8} Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C} Key Deleted : HKLMSoftwareBabylon Key Deleted : HKLMSoftwareBabylonToolbar Key Deleted : HKLMSoftwareBS_Player Key Deleted : HKLMSOFTWAREClassesAppID{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLMSOFTWAREClassesAppID{18B9B16E-716F-43DF-A6AD-512C7D2EB983} Key Deleted : HKLMSOFTWAREClassesAppID{19975B78-1907-4DD6-A437-4C48120F46A4} Key Deleted : HKLMSOFTWAREClassesAppID{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLMSOFTWAREClassesAppID{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLMSOFTWAREClassesAppID{562B9316-C08A-444A-9482-62080DD851AE} Key Deleted : HKLMSOFTWAREClassesAppID{562B9317-C08A-444A-9482-62080DD851AE} Key Deleted : HKLMSOFTWAREClassesAppID{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLMSOFTWAREClassesAppID{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLMSOFTWAREClassesAppID{B27D9527-3762-4D71-963D-FB7A94FDD678} Key Deleted : HKLMSOFTWAREClassesAppID{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLMSOFTWAREClassesAppID{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLMSOFTWAREClassesAppIDAddonsFramework.DLL Key Deleted : HKLMSOFTWAREClassesAppIDButtonSite.DLL Key Deleted : HKLMSOFTWAREClassesAppIDdnu.EXE Key Deleted : HKLMSOFTWAREClassesAppIDescort.DLL Key Deleted : HKLMSOFTWAREClassesAppIDescortApp.DLL Key Deleted : HKLMSOFTWAREClassesAppIDescortEng.DLL Key Deleted : HKLMSOFTWAREClassesAppIDescorTlbr.DLL Key Deleted : HKLMSOFTWAREClassesAppIDesrv.EXE Key Deleted : HKLMSOFTWAREClassesAppIDPropertySync.EXE Key Deleted : HKLMSOFTWAREClassesAppIDScriptHost.DLL Key Deleted : HKLMSOFTWAREClassesAppIDwinamptbServer.exe Key Deleted : HKLMSOFTWAREClassesb Key Deleted : HKLMSOFTWAREClassesBabylon.dskBnd Key Deleted : HKLMSOFTWAREClassesBabylon.dskBnd.1 Key Deleted : HKLMSOFTWAREClassesbbylnApp.appCore Key Deleted : HKLMSOFTWAREClassesbbylnApp.appCore.1 Key Deleted : HKLMSOFTWAREClassesbbylntlbr.bbylntlbrHlpr Key Deleted : HKLMSOFTWAREClassesbbylntlbr.bbylntlbrHlpr.1 Key Deleted : HKLMSOFTWAREClassesConduit.Engine Key Deleted : HKLMSOFTWAREClassesdnUpdate Key Deleted : HKLMSOFTWAREClassesdnUpdater.DownloadUIBrowser Key Deleted : HKLMSOFTWAREClassesdnUpdater.DownloadUIBrowser.1 Key Deleted : HKLMSOFTWAREClassesdnUpdater.DownloadUpdController Key Deleted : HKLMSOFTWAREClassesdnUpdater.DownloadUpdController.1 Key Deleted : HKLMSOFTWAREClassesescort.escortIEPane Key Deleted : HKLMSOFTWAREClassesescort.escortIEPane.1 Key Deleted : HKLMSOFTWAREClassesescort.escrtBtn.1 Key Deleted : HKLMSOFTWAREClassesesrv.BabylonESrvc Key Deleted : HKLMSOFTWAREClassesesrv.BabylonESrvc.1 Key Deleted : HKLMSOFTWAREClassesProd.cap Key Deleted : HKLMSOFTWAREClassesScriptHost.Tool Key Deleted : HKLMSOFTWAREClassesScriptHost.Tool.1 Key Deleted : HKLMSOFTWAREClassesToolbar.CT1750559 Key Deleted : HKLMSOFTWAREClassesToolbar.CT2475029 Key Deleted : HKLMSOFTWAREClassesToolbar.CT2786678 Key Deleted : HKLMSOFTWAREClassesTypeLib{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLMSOFTWAREClassesTypeLib{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLMSOFTWAREClassesTypeLib{507591C2-2F4E-46A7-92D6-E6CFF82E5F26} Key Deleted : HKLMSOFTWAREClassesTypeLib{538CD77C-BFDD-49B0-9562-77419CAB89D1} Key Deleted : HKLMSOFTWAREClassesTypeLib{6E8BF012-2C85-4834-B10A-1B31AF173D70} Key Deleted : HKLMSOFTWAREClassesTypeLib{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Deleted : HKLMSOFTWAREClassesTypeLib{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLMSOFTWAREClassesWinampTb.AOLTBSearch Key Deleted : HKLMSOFTWAREClassesWinampTb.AOLTBSearch.1 Key Deleted : HKLMSOFTWAREClassesWinampTb.AOLToolBand Key Deleted : HKLMSOFTWAREClassesWinampTb.AOLToolBand.1 Key Deleted : HKLMSOFTWAREClassesWinampTb.Downloader Key Deleted : HKLMSOFTWAREClassesWinampTb.Downloader.1 Key Deleted : HKLMSOFTWAREClassesWinampTb.ToolbarInfo Key Deleted : HKLMSOFTWAREClassesWinampTb.ToolbarInfo.1 Key Deleted : HKLMSOFTWAREClassesWinampTb.ToolbarParams Key Deleted : HKLMSOFTWAREClassesWinampTb.ToolbarParams.1 Key Deleted : HKLMSOFTWAREClassesWinampTbServer.AolToolbarHelper Key Deleted : HKLMSOFTWAREClassesWinampTbServer.AolToolbarHelper.1 Key Deleted : HKLMSoftwareConduit Key Deleted : HKLMSoftwareconduitEngine Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerExtensions{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLMSOFTWAREMicrosoftTracingMyBabylontb_RASAPI32 Key Deleted : HKLMSOFTWAREMicrosoftTracingMyBabylontb_RASMANCS Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{055DD326-956C-4827-9467-A172509E81B3} Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{A97B89CD-B65C-49DD-AF46-2B772C627456} Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{C4760CCD-3316-47EB-B95C-C3C52DAEEA3A} Key Deleted : HKLMSoftwareMyAshampoo Key Deleted : HKLMSoftwareMyAshampootoolbar Key Deleted : HKLMSoftwareuTorrentBar Key Deleted : HKLMSoftwareV9Software Key Deleted : HKLMSoftwareWinamp Toolbar Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{055DD326-956C-4827-9467-A172509E81B3} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{291BCCC1-6890-484A-89D3-318C928DAC1B} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{43969E3F-3E7C-4911-A8F1-79C6CA6AC731} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{57BCA5FA-5DBB-45A2-B558-1755C3F6253B} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{6EF4E91D-DDD5-4478-BCA7-DA04435934C0} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{841FD004-57A2-4B49-BBDB-5897394619DB} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{944FEDFD-C4FD-441D-8275-9C651A9FFBDE} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{A97B89CD-B65C-49DD-AF46-2B772C627456} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{B38D6EDE-390B-4620-8365-29E16459EBDA} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{B8276A94-891D-453C-9FF3-715C042A2575} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{C4760CCD-3316-47EB-B95C-C3C52DAEEA3A} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{E1164984-B567-47BD-A7FF-240C2594404A} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{FC00F469-83F2-480D-8E45-E0BEF0B761F7} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{FE178B09-C8AA-4734-804D-1849BCCA0C29} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{045F91B3-695F-423A-98C7-8DE3C47AA020} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{0F54B66A-21CF-4548-AE59-A6B83EE6676F} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{1348BD1B-C32A-41A7-9BD4-5377AA1AB925} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{43969E3F-3E7C-4911-A8F1-79C6CA6AC731} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{51A971CA-D36E-4D13-A799-2CF0A491D04D} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{706D4A4B-184A-4434-B331-296B07493D2D} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{841FD004-57A2-4B49-BBDB-5897394619DB} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{8BE10F21-185F-4CA0-B789-9921674C3993} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{9E52EB8B-8DD9-4605-AD36-D352BCD482F2} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{A1440EC3-F0FA-407A-B811-DE6668C06D29} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{B173667F-8395-4317-8DD6-45AD1FE00047} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{BFE569F7-646C-4512-969B-9BE3E580D393} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{C1995F88-1C7F-40D7-B0FA-6F107F6308B8} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{C2996524-2187-441F-A398-CD6CB6B3D020} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{C815E3DA-0823-49B0-9270-D1771D58B317} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{E1164984-B567-47BD-A7FF-240C2594404A} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057} Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{27598766-07DA-4D2C-BA3D-94E7BCB76FB1} Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{3EEC087D-DB13-4786-BE94-73B35E52481C} Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{A8C2644D-BF72-4A89-A88C-D85F565F2F46} Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{CEB29294-02C7-44B2-AEEF-3C02FFC2F3B3} Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{D6B7CB41-15B5-466F-AF4B-951DBDD9C331} Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{DDDFD019-5321-4150-9713-B5CD90665C3B} Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerSearchScopes{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerSearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerSearchScopes{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerSearchScopes{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerSearchScopes{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C} Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{944FEDFD-C4FD-441D-8275-9C651A9FFBDE} Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstallBabylonToolbar Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstallBS_Player Toolbar Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstallConduit Engine Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstallconduitEngine Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstallMyAshampoo Toolbar Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstallSmiley Bar for Facebook Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstallSoftwareUpdUtility Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstalluTorrentBar Toolbar Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstallV9Software Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstallWinamp Toolbar Key Deleted : HKLMSOFTWAREClassesCLSID{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLMSOFTWAREClassesCLSID{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLMSOFTWAREClassesInterface{045F91B3-695F-423A-98C7-8DE3C47AA020} Key Deleted : HKLMSOFTWAREClassesInterface{0F54B66A-21CF-4548-AE59-A6B83EE6676F} Key Deleted : HKLMSOFTWAREClassesInterface{1348BD1B-C32A-41A7-9BD4-5377AA1AB925} Key Deleted : HKLMSOFTWAREClassesInterface{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC} Key Deleted : HKLMSOFTWAREClassesInterface{43969E3F-3E7C-4911-A8F1-79C6CA6AC731} Key Deleted : HKLMSOFTWAREClassesInterface{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D} Key Deleted : HKLMSOFTWAREClassesInterface{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Deleted : HKLMSOFTWAREClassesInterface{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Deleted : HKLMSOFTWAREClassesInterface{51A971CA-D36E-4D13-A799-2CF0A491D04D} Key Deleted : HKLMSOFTWAREClassesInterface{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B} Key Deleted : HKLMSOFTWAREClassesInterface{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLMSOFTWAREClassesInterface{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D} Key Deleted : HKLMSOFTWAREClassesInterface{706D4A4B-184A-4434-B331-296B07493D2D} Key Deleted : HKLMSOFTWAREClassesInterface{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5} Key Deleted : HKLMSOFTWAREClassesInterface{841FD004-57A2-4B49-BBDB-5897394619DB} Key Deleted : HKLMSOFTWAREClassesInterface{8BE10F21-185F-4CA0-B789-9921674C3993} Key Deleted : HKLMSOFTWAREClassesInterface{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21} Key Deleted : HKLMSOFTWAREClassesInterface{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Deleted : HKLMSOFTWAREClassesInterface{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8} Key Deleted : HKLMSOFTWAREClassesInterface{9E52EB8B-8DD9-4605-AD36-D352BCD482F2} Key Deleted : HKLMSOFTWAREClassesInterface{A1440EC3-F0FA-407A-B811-DE6668C06D29} Key Deleted : HKLMSOFTWAREClassesInterface{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Deleted : HKLMSOFTWAREClassesInterface{B173667F-8395-4317-8DD6-45AD1FE00047} Key Deleted : HKLMSOFTWAREClassesInterface{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Deleted : HKLMSOFTWAREClassesInterface{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC} Key Deleted : HKLMSOFTWAREClassesInterface{BFE569F7-646C-4512-969B-9BE3E580D393} Key Deleted : HKLMSOFTWAREClassesInterface{C1995F88-1C7F-40D7-B0FA-6F107F6308B8} Key Deleted : HKLMSOFTWAREClassesInterface{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Deleted : HKLMSOFTWAREClassesInterface{C2996524-2187-441F-A398-CD6CB6B3D020} Key Deleted : HKLMSOFTWAREClassesInterface{C815E3DA-0823-49B0-9270-D1771D58B317} Key Deleted : HKLMSOFTWAREClassesInterface{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14} Key Deleted : HKLMSOFTWAREClassesInterface{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Deleted : HKLMSOFTWAREClassesInterface{E1164984-B567-47BD-A7FF-240C2594404A} Key Deleted : HKLMSOFTWAREClassesInterface{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F} Key Deleted : HKLMSOFTWAREClassesInterface{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Deleted : HKLMSOFTWAREClassesInterface{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLMSOFTWAREClassesInterface{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Deleted : HKLMSOFTWAREClassesInterface{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057} Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Value Deleted : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}] Value Deleted : HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}] Value Deleted : HKCUSoftwareMozillaFirefoxExtensions [statuswinks@StatusWinks] Value Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerURLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}] Value Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerURLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}] Value Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerURLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerURLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}] Value Deleted : HKLMSOFTWAREMozillaFirefoxExtensions [statuswinks@StatusWinks] Value Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] Value Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}] Value Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] Value Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]

***** [internet Browsers] *****

- Internet Explorer v10.0.9200.16635

*************************

AdwCleaner[s1].txt - [27691 octets] - [22/07/2013 21:08:55]

########## EOF - C:AdwCleaner[s1].txt - [27752 octets] ##########

Ето и 2-рия лог :

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.2.0 (07.21.2013:1) OS: Windows 7 Home Premium x64 Ran by Dzhemal on Ї®­ 22.07.2013 Ј. at 21:29:00,23 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{494AA071-15E8-4F7D-8B60-F178E86123EF} Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{597b1823-7ff0-4cd3-8095-9d8cba514992} Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{903E9084-8050-4C90-870A-226613C1C2F5} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerSearchScopes{597b1823-7ff0-4cd3-8095-9d8cba514992} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerSearchScopes{903E9084-8050-4C90-870A-226613C1C2F5}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Empty Folder] C:UsersDzhemalappdatalocal{112DEDAE-AACB-4217-88A6-2F53DF270033} Successfully deleted: [Empty Folder] C:UsersDzhemalappdatalocal{49F79A1A-F707-45FB-9F04-B5149FB8C73E} Successfully deleted: [Empty Folder] C:UsersDzhemalappdatalocal{4E188446-8975-4AEE-BF0F-99359E63F83B} Successfully deleted: [Empty Folder] C:UsersDzhemalappdatalocal{7112ED04-E42F-4476-B1BC-493EC219E104} Successfully deleted: [Empty Folder] C:UsersDzhemalappdatalocal{C0DBBED7-D31C-49E7-A66E-ECA7D75D555F} Successfully deleted: [Empty Folder] C:UsersDzhemalappdatalocal{C1080434-84E8-4382-99C9-441D4EE74AF9} Successfully deleted: [Empty Folder] C:UsersDzhemalappdatalocal{D6A97776-4525-4561-BCBD-082048FB87E4} Successfully deleted: [Empty Folder] C:UsersDzhemalappdatalocal{DF07B432-CF3F-45CD-A22F-A94417196611} Successfully deleted: [Empty Folder] C:UsersDzhemalappdatalocal{EBDDC513-4459-478F-A088-727459BDECDB}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Ї®­ 22.07.2013 Ј. at 21:37:46,64 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

И как е положението със системата ви....наблюдавате ли първоначалните проблеми..?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

в мометна нямам проблем с абв-то влизам си без проблем, и другите банери не ми се отварят, но лаптопа някак си зарежда мн бавно. Трябва ли да го рестарт???

Така след рестарт, системата се държи стабилно , зарежда си добре и проблемите мисля, че вече ги няма :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Прекрасно..! :)
 
Публикувано изображение Изтеглете Security Check (автор: screen317) от тук или от тук и го запишете на десктопа.

  • [*]Кликнете два пъти върху
SecurityCheck.exe и следвайте инструкциите. [*]Когато програмата завърши работата си, ще се отвори един текстов документ: checkup.txt. [*]Копирайте съдържанието на checkup.txt с Копирай (Copy) и с Постави (Paste) го поставете в следващия си коментар.

След това стартирайте PatchMyPC и инсталирайте всички ъпдейти, които инструмента предложи.
 
 
Публикувано изображение Изтеглете Delfix.exe и го стартирайте. Сложете отметка пред Remove disinfection tools => натиснете бутона Run Инструмента ще се самоизтрие след като приключи своята задача!
 

Публикувано изображение Изтрийте всичко друго което е останало след процедурите (използвано в лечението).Препоръчвам програмата Malwarebytes' Anti-Malware да остане на вашия компютър и периодично да сканирате системата си с нея (поне един -два пъти в седмицата),като не забравяйте да обновите дефинициите и преди всяко сканиране..!

 

Това е от мен..Пожелавам ви лека вечер и безопасен интернет..!:)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

от security check log-a излезна само това :

 UNSUPPORTED OPERATING SYSTEM! ABORTED!  

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

 

Това е от мен..Пожелавам ви лека вечер и безопасен интернет..! :)

 

Ейй голем си брат :):) Много благодаря, жив и здрав и всичко хубаво да ти се случва.

Лека вечер и от мен :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от Rada Beliata
      Здравейте, 
      Все още не съм успяла да си купя нов комп. С мъж-о ползваме неговия, преди няколко дена като пътувахме и ползвахме различен доставчик чрез телефон за връзка с мобилен  интернет изведнъж при отваряне на ИЕ (IE) вместо гугъл се появи Vivakom . Не можах по никакъв начин да го махна. Сега пи всеки опит да отворя Интернет Експлоер ми се появява страница на Виваком( не ползваме този доставчик на услуги нито като телефони , нито като домашен Интернет) . Нямам и идея от къде се настани и защо не успявам да го махна. Изтеглих  instrumenta Malwаrebytes , нищо не показа, после изтеглих и AdwCleaner , но и след тези ми действия това нахално "нещо" стои . Явно аз не съм в час какво трябва да направя. Моля за помощта ви и предварително благодаря!
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.09.2018
      Ran by User (administrator) on USER-PC (28-09-2018 22:57:32)
      Running from C:\Users\User\Downloads
      Loaded Profiles: User (Available Profiles: User)
      Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
      Internet Explorer Version 11 (Default browser: IE)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
      (AMD) C:\Windows\System32\atiesrxx.exe
      (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
      (AMD) C:\Windows\System32\atieclxx.exe
      (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
      (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
      (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
      (VoipConnect) C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe
      (Viber Media S.à r.l.) C:\Users\User\AppData\Local\Viber\Viber.exe
      () C:\ProgramData\MobileBrServ\mbbService.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (© 2015 Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      (Intel Corporation) C:\Windows\System32\igfxEM.exe
      (Intel Corporation) C:\Windows\System32\igfxHK.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
      (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
      (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
      (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
      (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
      (Microsoft Corporation) C:\Windows\System32\mspaint.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
      HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-12-05] (IDT, Inc.)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2795248 2013-10-25] (Synaptics Incorporated)
      HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
      HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
      HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
      HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
      HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-05-18] (Advanced Micro Devices, Inc.)
      HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company)
      HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832 2013-11-01] (IVT Corporation)
      Winlogon\Notify\igfxcui: igfxdev.dll [X]
      HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\...\Run: [*LABAL*] => [X]
      HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\...\Run: [VoipConnect] => C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe [36547168 2016-05-14] (VoipConnect)
      HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\...\Run: [Viber] => C:\Users\User\AppData\Local\Viber\Viber.exe [35790408 2018-09-17] (Viber Media S.à r.l.)
      HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\...\Run: [BingSvc] => C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
      HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [50100160 2018-03-02] (Skype Technologies S.A.)
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{4F635613-A958-44D2-ABE6-D3CC1A3DABC3}: [DhcpNameServer] 192.168.8.1 192.168.8.1
      Tcpip\..\Interfaces\{7019DF92-BFEA-4C0F-A4AA-C467798353EB}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
      HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      DPF: HKLM-x32 {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://online.bulbank.bg/capicom.cab
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
      FireFox:
      ========
      FF DefaultProfile: aewkzmml.default
      FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\aewkzmml.default [2018-03-10]
      FF NetworkProxy: Mozilla\Firefox\Profiles\aewkzmml.default -> autoconfig_url", "hxxp://aiidatapro.net/proxy2.js"
      FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] [Legacy]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-14] ()
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-14] ()
      FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
      Chrome: 
      =======
      CHR DefaultProfile: Default
      CHR HomePage: Default -> msn.com
      CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
      CHR DefaultSearchKeyword: Default -> bing.com
      CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
      CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2018-09-28]
      CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
      CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
      CHR Extension: (Skype Calling) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-09-06]
      CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
      CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
      CHR Extension: (Bing) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2018-09-28]
      CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
      CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-09-19]
      CHR Extension: (Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-03]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
      CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
      CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-19]
      CHR HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
      R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
      R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1706744 2013-11-01] (IVT Corporation)
      R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-11-01] (IVT Corporation)
      R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
      R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
      S2 JWC; C:\Jeppesen\JWC\JWC.exe [658016 2014-10-06] (Jeppesen)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
      R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242256 2014-08-20] ()
      R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
      R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
      R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2013-12-05] (IDT, Inc.) [File not signed]
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [35936 2013-04-10] (Advanced Micro Devices, Inc.)
      S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [33968 2012-12-19] (IVT Corporation)
      S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [33968 2012-12-19] (IVT Corporation)
      R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
      R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)
      R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
      R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-25] (Disc Soft Ltd)
      R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)
      R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [200232 2018-09-27] (Malwarebytes)
      R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [118584 2018-09-28] (Malwarebytes)
      R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [58400 2018-09-28] (Malwarebytes)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260384 2018-09-28] (Malwarebytes)
      R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [100664 2018-09-28] (Malwarebytes)
      R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
      R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
      R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.)
      R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
      R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
      S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [444632 2013-09-26] (Realsil Semiconductor Corporation)
      R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-25] (Synaptics Incorporated)
      S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
      S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
      S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
      S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
      S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
      S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
      S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
      S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
      S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-09-28 22:57 - 2018-09-28 22:59 - 000019536 _____ C:\Users\User\Downloads\FRST.txt
      2018-09-28 22:57 - 2018-09-28 22:57 - 000000000 ____D C:\FRST
      2018-09-28 22:56 - 2018-09-28 22:56 - 002414080 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
      2018-09-28 22:38 - 2018-09-28 22:38 - 000118584 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
      2018-09-28 22:38 - 2018-09-28 22:38 - 000100664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
      2018-09-28 22:38 - 2018-09-28 22:38 - 000058400 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2018-09-28 22:35 - 2018-09-28 22:35 - 000260384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2018-09-28 22:27 - 2018-09-28 22:29 - 000000000 ____D C:\AdwCleaner
      2018-09-28 22:27 - 2018-09-28 22:27 - 007592144 _____ (Malwarebytes) C:\Users\User\Downloads\adwcleaner_7.2.4.0.exe
      2018-09-27 23:44 - 2018-09-27 23:44 - 000200232 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2018-09-27 23:44 - 2018-09-27 23:44 - 000000000 ____D C:\Users\User\AppData\Local\mbamtray
      2018-09-27 23:44 - 2018-09-27 23:44 - 000000000 ____D C:\Users\User\AppData\Local\mbam
      2018-09-27 23:43 - 2018-09-27 23:43 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2018-09-27 23:43 - 2018-09-27 23:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2018-09-27 23:43 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
      2018-09-27 23:42 - 2018-09-27 23:43 - 080334792 _____ (Malwarebytes ) C:\Users\User\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.463-1.0.6985.exe
      2018-09-27 17:21 - 2018-09-27 17:21 - 000515494 _____ C:\Users\User\Downloads\20180621_BEG_Vacation Regulation for BEG FCM & CCM.pdf
      2018-09-27 11:00 - 2018-09-27 11:01 - 000656891 _____ C:\Users\User\Documents\viewtickets.pdf
      2018-09-26 13:36 - 2018-09-26 13:37 - 000000000 ____D C:\Users\User\AppData\Local\Viber
      2018-09-16 10:51 - 2018-09-16 10:51 - 000022032 _____ C:\Users\User\Desktop\molba-za-napuskane-na-rabota-na-osnovanie-chl325-t1-ot-kt.pdf
      2018-09-14 22:21 - 2018-09-14 22:21 - 000018446 _____ C:\Users\User\Downloads\Новата такса + нов фонд ремонт.xlsx
      2018-09-14 22:19 - 2018-09-14 22:19 - 000018453 _____ C:\Users\User\Downloads\Новата такса.xlsx
      2018-09-12 18:35 - 2018-08-31 18:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
      2018-09-12 18:35 - 2018-08-31 18:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
      2018-09-12 18:35 - 2018-08-30 04:47 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
      2018-09-12 18:35 - 2018-08-30 04:10 - 001424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
      2018-09-12 18:35 - 2018-08-28 08:50 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
      2018-09-12 18:35 - 2018-08-24 22:47 - 000398424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2018-09-12 18:35 - 2018-08-24 21:47 - 000350296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
      2018-09-12 18:35 - 2018-08-24 02:05 - 025736704 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2018-09-12 18:35 - 2018-08-24 01:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2018-09-12 18:35 - 2018-08-24 01:56 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2018-09-12 18:35 - 2018-08-24 01:45 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2018-09-12 18:35 - 2018-08-24 01:44 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2018-09-12 18:35 - 2018-08-24 01:43 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2018-09-12 18:35 - 2018-08-24 01:43 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2018-09-12 18:35 - 2018-08-24 01:43 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2018-09-12 18:35 - 2018-08-24 01:43 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2018-09-12 18:35 - 2018-08-24 01:37 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2018-09-12 18:35 - 2018-08-24 01:36 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2018-09-12 18:35 - 2018-08-24 01:34 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2018-09-12 18:35 - 2018-08-24 01:34 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2018-09-12 18:35 - 2018-08-24 01:33 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2018-09-12 18:35 - 2018-08-24 01:33 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2018-09-12 18:35 - 2018-08-24 01:33 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2018-09-12 18:35 - 2018-08-24 01:33 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2018-09-12 18:35 - 2018-08-24 01:27 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2018-09-12 18:35 - 2018-08-24 01:24 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2018-09-12 18:35 - 2018-08-24 01:19 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2018-09-12 18:35 - 2018-08-24 01:18 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2018-09-12 18:35 - 2018-08-24 01:17 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2018-09-12 18:35 - 2018-08-24 01:15 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2018-09-12 18:35 - 2018-08-24 01:15 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2018-09-12 18:35 - 2018-08-24 01:13 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2018-09-12 18:35 - 2018-08-24 01:12 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2018-09-12 18:35 - 2018-08-24 01:03 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2018-09-12 18:35 - 2018-08-24 01:01 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2018-09-12 18:35 - 2018-08-24 01:01 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2018-09-12 18:35 - 2018-08-24 01:00 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2018-09-12 18:35 - 2018-08-24 00:59 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2018-09-12 18:35 - 2018-08-24 00:59 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2018-09-12 18:35 - 2018-08-24 00:52 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2018-09-12 18:35 - 2018-08-24 00:40 - 001555456 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2018-09-12 18:35 - 2018-08-24 00:28 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2018-09-12 18:35 - 2018-08-24 00:27 - 020279296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
      2018-09-12 18:35 - 2018-08-24 00:25 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
      2018-09-12 18:35 - 2018-08-24 00:15 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
      2018-09-12 18:35 - 2018-08-24 00:14 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
      2018-09-12 18:35 - 2018-08-24 00:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
      2018-09-12 18:35 - 2018-08-24 00:14 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
      2018-09-12 18:35 - 2018-08-24 00:13 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
      2018-09-12 18:35 - 2018-08-24 00:12 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
      2018-09-12 18:35 - 2018-08-24 00:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
      2018-09-12 18:35 - 2018-08-24 00:09 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
      2018-09-12 18:35 - 2018-08-24 00:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
      2018-09-12 18:35 - 2018-08-24 00:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
      2018-09-12 18:35 - 2018-08-24 00:06 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
      2018-09-12 18:35 - 2018-08-24 00:06 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
      2018-09-12 18:35 - 2018-08-24 00:00 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
      2018-09-12 18:35 - 2018-08-23 23:56 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
      2018-09-12 18:35 - 2018-08-23 23:56 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
      2018-09-12 18:35 - 2018-08-23 23:55 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
      2018-09-12 18:35 - 2018-08-23 23:54 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
      2018-09-12 18:35 - 2018-08-23 23:53 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
      2018-09-12 18:35 - 2018-08-23 23:52 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
      2018-09-12 18:35 - 2018-08-23 23:51 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
      2018-09-12 18:35 - 2018-08-23 23:51 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
      2018-09-12 18:35 - 2018-08-23 23:48 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
      2018-09-12 18:35 - 2018-08-23 23:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
      2018-09-12 18:35 - 2018-08-23 23:44 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
      2018-09-12 18:35 - 2018-08-23 23:44 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
      2018-09-12 18:35 - 2018-08-23 23:44 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
      2018-09-12 18:35 - 2018-08-23 23:30 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
      2018-09-12 18:35 - 2018-08-23 23:27 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
      2018-09-12 18:35 - 2018-08-23 23:24 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 001888768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
      2018-09-12 18:35 - 2018-08-13 18:53 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
      2018-09-12 18:35 - 2018-08-13 18:53 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
      2018-09-12 18:35 - 2018-08-13 18:41 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 001241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
      2018-09-12 18:35 - 2018-08-12 23:32 - 000378464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
      2018-09-12 18:35 - 2018-08-12 23:31 - 001894496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
      2018-09-12 18:35 - 2018-08-12 23:31 - 000289376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
      2018-09-12 18:35 - 2018-08-12 23:28 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
      2018-09-12 18:35 - 2018-08-12 23:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
      2018-09-12 18:35 - 2018-08-10 18:59 - 005552816 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2018-09-12 18:35 - 2018-08-10 18:59 - 000154800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
      2018-09-12 18:35 - 2018-08-10 18:58 - 000385120 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
      2018-09-12 18:35 - 2018-08-10 18:58 - 000263776 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
      2018-09-12 18:35 - 2018-08-10 18:58 - 000096864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
      2018-09-12 18:35 - 2018-08-10 18:57 - 000708272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
      2018-09-12 18:35 - 2018-08-10 18:57 - 000631624 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
      2018-09-12 18:35 - 2018-08-10 18:56 - 001664296 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
      2018-09-12 18:35 - 2018-08-10 18:45 - 000309424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
      2018-09-12 18:35 - 2018-08-10 18:44 - 003961440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
      2018-09-12 18:35 - 2018-08-10 18:42 - 001315512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
      2018-09-12 18:35 - 2018-08-10 18:39 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
      2018-09-12 18:35 - 2018-08-10 18:27 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
      2018-09-12 18:35 - 2018-08-10 18:22 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
      2018-09-12 18:35 - 2018-08-10 18:22 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
      2018-09-12 18:35 - 2018-08-10 18:22 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
      2018-09-12 18:35 - 2018-08-10 18:21 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
      2018-09-12 18:35 - 2018-08-10 18:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
      2018-09-12 18:35 - 2018-08-10 18:17 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
      2018-09-12 18:35 - 2018-08-10 18:17 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
      2018-09-12 18:35 - 2018-08-10 18:17 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
      2018-09-12 18:35 - 2018-08-10 18:15 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
      2018-09-12 18:35 - 2018-08-10 18:13 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
      2018-09-12 18:35 - 2018-08-10 18:13 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
      2018-09-12 18:35 - 2018-08-10 18:13 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
      2018-09-12 18:35 - 2018-08-10 18:13 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
      2018-09-12 18:35 - 2018-08-10 18:12 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
      2018-09-12 18:35 - 2018-08-10 18:12 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
      2018-09-12 18:35 - 2018-08-10 18:12 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
      2018-09-12 18:35 - 2018-08-10 18:12 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
      2018-09-12 18:35 - 2018-08-10 18:12 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
      2018-09-12 18:35 - 2018-08-10 18:12 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
      2018-09-12 18:35 - 2018-08-10 18:10 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
      2018-09-12 18:35 - 2018-08-10 18:10 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
      2018-09-12 18:35 - 2018-08-10 18:10 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
      2018-09-12 18:35 - 2018-08-10 18:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
      2018-09-12 18:35 - 2018-08-10 18:09 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
      2018-09-12 18:35 - 2018-08-10 18:09 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
      2018-09-12 18:35 - 2018-07-29 18:55 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
      2018-09-12 18:35 - 2018-07-18 18:18 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
      2018-09-12 18:35 - 2018-06-27 16:20 - 000419648 _____ C:\Windows\SysWOW64\locale.nls
      2018-09-12 18:35 - 2018-06-27 16:19 - 000419648 _____ C:\Windows\system32\locale.nls
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-09-28 22:44 - 2009-07-14 07:45 - 000031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-09-28 22:44 - 2009-07-14 07:45 - 000031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-09-28 22:35 - 2016-08-05 16:18 - 000003620 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
      2018-09-28 22:34 - 2013-11-20 10:44 - 000001077 _____ C:\Windows\SysWOW64\bscs.ini
      2018-09-28 22:32 - 2016-08-05 16:18 - 000000061 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI
      2018-09-28 22:31 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-09-28 13:43 - 2016-08-05 16:20 - 000000713 _____ C:\Windows\SysWOW64\REMOTEDEVICE.INI
      2018-09-28 12:07 - 2009-07-14 08:13 - 000783606 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-09-28 12:07 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
      2018-09-27 23:43 - 2014-12-09 01:10 - 000000000 ____D C:\ProgramData\Malwarebytes
      2018-09-27 23:33 - 2017-06-11 18:30 - 000000000 ____D C:\Users\User\Documents\ViberDownloads
      2018-09-27 10:07 - 2017-06-11 18:28 - 000000000 ____D C:\Users\User\AppData\Roaming\ViberPC
      2018-09-26 17:00 - 2016-08-05 16:22 - 000000680 _____ C:\Windows\SysWOW64\SHORTCUT.INI
      2018-09-26 13:44 - 2014-12-30 12:03 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
      2018-09-26 13:42 - 2017-03-06 15:12 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2018-09-19 18:08 - 2014-12-09 00:49 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-09-19 18:08 - 2014-12-09 00:49 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-09-16 10:47 - 2016-10-20 11:15 - 000000000 ____D C:\Program Files (x86)\TeamViewer
      2018-09-14 20:15 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\rescache
      2018-09-14 18:44 - 2018-03-13 14:57 - 000004458 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
      2018-09-14 18:44 - 2014-08-21 19:10 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2018-09-14 18:44 - 2014-08-21 19:10 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2018-09-14 18:44 - 2014-08-21 19:10 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2018-09-14 18:44 - 2014-08-21 19:10 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2018-09-14 18:44 - 2014-08-21 19:10 - 000000000 ____D C:\Windows\system32\Macromed
      2018-09-14 17:41 - 2014-08-18 17:35 - 000110008 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
      2018-09-14 17:38 - 2009-07-14 07:45 - 000410984 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-09-12 23:27 - 2014-08-18 19:28 - 000000000 ____D C:\Windows\system32\MRT
      2018-09-12 23:23 - 2014-08-18 19:28 - 139184408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
      2018-09-12 23:20 - 2014-08-18 17:35 - 000767916 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
      2018-09-01 11:30 - 2018-03-31 21:36 - 000000000 ____D C:\Users\User\Desktop\Flying Book R.I
      ==================== Files in the root of some directories =======
      2016-05-14 21:19 - 2016-05-14 21:19 - 000000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
      2017-07-13 23:04 - 2017-07-13 23:04 - 000000000 _____ () C:\Users\User\AppData\Local\{08496EBD-3675-4FFD-9190-C60ED46C2602}
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-09-26 14:18
      ==================== End of FRST.txt ============================
       
      Addition.txt

    • от rvp
      здравейте,
       
      Проблема е че след рестарт или изключване процесът отива на 100% и трябва да го спирам ръчно. ето логовете:
       
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.09.2018 03
      Ran by kpacko (administrator) on KPACKO-MOBILEPC (07-09-2018 10:02:30)
      Running from C:\Users\kpacko\Desktop
      Loaded Profiles: kpacko (Available Profiles: kpacko)
      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (Microsoft Corporation) C:\Windows\System32\wlanext.exe
      (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
      (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
      (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
      () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
      (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
      (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
      (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
      () C:\Users\kpacko\AppData\Roaming\WinRAR\Precomp\precomp.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
      HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
      HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] ()
      HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-07-06] (Apple Inc.)
      HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
      HKU\S-1-5-21-2772379611-2548023608-3356451699-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
      IFEO\LogTransport2.exe: [Debugger] 0
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows.vbs [2018-02-26] ()
      GroupPolicy: Restriction ? <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{EDC66EE9-FC63-456B-9263-6FA1362BFECA}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{F056F4A9-7DE8-4608-90FE-D6F4B68785AC}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-2772379611-2548023608-3356451699-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:NewsFeed
      FireFox:
      ========
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
      Chrome: 
      =======
      CHR NewTab: Default ->  Active:"chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
      CHR Session Restore: Default -> is enabled.
      CHR Profile: C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default [2018-09-07]
      CHR Extension: (Презентации) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
      CHR Extension: (Документи) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
      CHR Extension: (Google Диск) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-15]
      CHR Extension: (Auto Copy) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bijpdibkloghppkbmhcklkogpjaenfkg [2018-01-11]
      CHR Extension: (YouTube) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-15]
      CHR Extension: (Forecastfox (fix version)) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\boljdehmejbffnfiiicckjhafabdepnd [2018-08-05]
      CHR Extension: (uBlock Origin) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-08-27]
      CHR Extension: (Таблици) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
      CHR Extension: (Google Документи офлайн) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
      CHR Extension: (Speed Dial 2 Нов раздел) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2018-03-28]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
      CHR Extension: (Gmail) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-15]
      CHR Extension: (Chrome Media Router) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-07]
      CHR Profile: C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\System Profile [2018-04-26]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
      R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc.)
      S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-04-04] ()
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-08-13] (TeamViewer GmbH)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-07-17] (Microsoft Corporation)
      R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-04-04] (Intel® Corporation)
      R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
      R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 CisUtMonitor; C:\Windows\System32\DRIVERS\CisUtMonitor.sys [54192 2017-07-04] (CrystalIdea Software)
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2017-09-16] (DT Soft Ltd)
      R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-12-11] (Intel Corporation)
      R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [59240 2018-03-16] (NVIDIA Corporation)
      U4 AdobeARMservice; no ImagePath
      U3 SwitchBoard; no ImagePath
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-09-07 10:02 - 2018-09-07 10:03 - 000009284 _____ C:\Users\kpacko\Desktop\FRST.txt
      2018-09-07 10:02 - 2018-09-07 10:02 - 000000000 ____D C:\FRST
      2018-09-07 10:01 - 2018-09-07 10:01 - 002413056 _____ (Farbar) C:\Users\kpacko\Desktop\FRST64.exe
      2018-09-06 22:25 - 2018-09-06 13:48 - 000083968 _____ C:\Users\kpacko\Desktop\Working_Schedule_01-10_Sep_Update_4.xls
      2018-09-04 00:43 - 2018-08-03 18:55 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
      2018-09-04 00:43 - 2018-08-02 06:18 - 000096864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
      2018-09-04 00:43 - 2018-08-02 06:07 - 000263776 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
      2018-09-04 00:43 - 2018-08-02 06:02 - 001665320 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
      2018-09-04 00:43 - 2018-08-02 05:58 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
      2018-09-04 00:43 - 2018-08-02 05:58 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
      2018-09-04 00:43 - 2018-08-02 05:58 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
      2018-09-04 00:43 - 2018-08-02 05:58 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
      2018-09-04 00:43 - 2018-08-02 05:58 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
      2018-09-04 00:43 - 2018-08-02 05:58 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
      2018-09-04 00:43 - 2018-08-02 05:45 - 003959984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
      2018-09-04 00:43 - 2018-08-02 05:43 - 001315512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
      2018-09-04 00:43 - 2018-08-02 05:42 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
      2018-09-04 00:43 - 2018-08-02 05:42 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
      2018-09-04 00:43 - 2018-08-02 05:42 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
      2018-09-04 00:43 - 2018-08-02 05:42 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
      2018-09-04 00:43 - 2018-08-02 05:42 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
      2018-09-04 00:43 - 2018-08-02 05:42 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:26 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
      2018-09-04 00:43 - 2018-08-02 05:26 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
      2018-09-04 00:43 - 2018-08-02 05:26 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
      2018-09-04 00:43 - 2018-08-02 05:25 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
      2018-09-04 00:43 - 2018-08-02 05:22 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
      2018-09-04 00:43 - 2018-08-02 05:21 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
      2018-09-04 00:43 - 2018-08-02 05:21 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
      2018-09-04 00:43 - 2018-08-02 05:17 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
      2018-09-04 00:43 - 2018-08-02 05:17 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
      2018-09-04 00:43 - 2018-08-02 05:17 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
      2018-09-04 00:43 - 2018-08-02 05:16 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
      2018-09-04 00:43 - 2018-08-02 05:16 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
      2018-09-04 00:43 - 2018-08-02 05:16 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
      2018-09-04 00:43 - 2018-08-02 05:16 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
      2018-09-04 00:43 - 2018-08-02 05:16 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
      2018-09-04 00:43 - 2018-08-02 05:16 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
      2018-09-04 00:43 - 2018-08-02 05:16 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
      2018-09-04 00:43 - 2018-08-02 05:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
      2018-09-04 00:43 - 2018-08-02 05:11 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
      2018-09-04 00:43 - 2018-08-02 05:11 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
      2018-09-04 00:43 - 2018-08-02 05:11 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
      2018-09-04 00:43 - 2018-08-02 05:10 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
      2018-09-04 00:43 - 2018-08-02 05:10 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
      2018-09-04 00:43 - 2018-07-20 02:53 - 000396936 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2018-09-04 00:43 - 2018-07-20 01:58 - 000350272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
      2018-09-04 00:43 - 2018-07-19 07:48 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2018-09-04 00:43 - 2018-07-19 07:47 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2018-09-04 00:43 - 2018-07-19 07:35 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2018-09-04 00:43 - 2018-07-19 07:34 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2018-09-04 00:43 - 2018-07-19 07:33 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2018-09-04 00:43 - 2018-07-19 07:33 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2018-09-04 00:43 - 2018-07-19 07:33 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2018-09-04 00:43 - 2018-07-19 07:32 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2018-09-04 00:43 - 2018-07-19 07:30 - 005778432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2018-09-04 00:43 - 2018-07-19 07:26 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2018-09-04 00:43 - 2018-07-19 07:25 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2018-09-04 00:43 - 2018-07-19 07:23 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2018-09-04 00:43 - 2018-07-19 07:22 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
      2018-09-04 00:43 - 2018-07-19 07:22 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2018-09-04 00:43 - 2018-07-19 07:22 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2018-09-04 00:43 - 2018-07-19 07:22 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2018-09-04 00:43 - 2018-07-19 07:21 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2018-09-04 00:43 - 2018-07-19 07:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
      2018-09-04 00:43 - 2018-07-19 07:14 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2018-09-04 00:43 - 2018-07-19 07:11 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2018-09-04 00:43 - 2018-07-19 07:05 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
      2018-09-04 00:43 - 2018-07-19 07:05 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2018-09-04 00:43 - 2018-07-19 07:04 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
      2018-09-04 00:43 - 2018-07-19 07:04 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2018-09-04 00:43 - 2018-07-19 07:04 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
      2018-09-04 00:43 - 2018-07-19 07:03 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2018-09-04 00:43 - 2018-07-19 07:03 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
      2018-09-04 00:43 - 2018-07-19 07:01 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
      2018-09-04 00:43 - 2018-07-19 07:00 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2018-09-04 00:43 - 2018-07-19 07:00 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2018-09-04 00:43 - 2018-07-19 06:58 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2018-09-04 00:43 - 2018-07-19 06:58 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
      2018-09-04 00:43 - 2018-07-19 06:57 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
      2018-09-04 00:43 - 2018-07-19 06:56 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
      2018-09-04 00:43 - 2018-07-19 06:56 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2018-09-04 00:43 - 2018-07-19 06:55 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
      2018-09-04 00:43 - 2018-07-19 06:55 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
      2018-09-04 00:43 - 2018-07-19 06:54 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
      2018-09-04 00:43 - 2018-07-19 06:47 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2018-09-04 00:43 - 2018-07-19 06:46 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2018-09-04 00:43 - 2018-07-19 06:46 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
      2018-09-04 00:43 - 2018-07-19 06:45 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2018-09-04 00:43 - 2018-07-19 06:45 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2018-09-04 00:43 - 2018-07-19 06:43 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2018-09-04 00:43 - 2018-07-19 06:43 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2018-09-04 00:43 - 2018-07-19 06:42 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
      2018-09-04 00:43 - 2018-07-19 06:41 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
      2018-09-04 00:43 - 2018-07-19 06:41 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
      2018-09-04 00:43 - 2018-07-19 06:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
      2018-09-04 00:43 - 2018-07-19 06:38 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
      2018-09-04 00:43 - 2018-07-19 06:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
      2018-09-04 00:43 - 2018-07-19 06:35 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
      2018-09-04 00:43 - 2018-07-19 06:32 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
      2018-09-04 00:43 - 2018-07-19 06:31 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2018-09-04 00:43 - 2018-07-19 06:30 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
      2018-09-04 00:43 - 2018-07-19 06:28 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
      2018-09-04 00:43 - 2018-07-19 06:28 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
      2018-09-04 00:43 - 2018-07-19 06:28 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
      2018-09-04 00:43 - 2018-07-19 06:27 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
      2018-09-04 00:43 - 2018-07-19 06:20 - 001554944 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2018-09-04 00:43 - 2018-07-19 06:09 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
      2018-09-04 00:43 - 2018-07-19 06:09 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2018-09-04 00:43 - 2018-07-19 06:06 - 001329152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
      2018-09-04 00:43 - 2018-07-19 06:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
      2018-09-04 00:43 - 2018-07-13 22:19 - 001894080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
      2018-09-04 00:43 - 2018-07-13 22:19 - 000377024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
      2018-09-04 00:43 - 2018-07-13 22:19 - 000287936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
      2018-09-04 00:43 - 2018-07-08 19:08 - 000383680 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
      2018-09-04 00:43 - 2018-07-08 19:02 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
      2018-09-04 00:43 - 2018-07-08 19:01 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
      2018-09-04 00:43 - 2018-07-08 18:47 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
      2018-09-04 00:43 - 2018-07-08 18:42 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
      2018-09-04 00:43 - 2018-07-06 19:09 - 000947904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
      2018-09-04 00:43 - 2018-07-06 19:03 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
      2018-09-04 00:43 - 2018-07-06 18:48 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
      2018-09-04 00:43 - 2018-06-29 18:55 - 000695808 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll
      2018-09-04 00:43 - 2018-06-29 18:55 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
      2018-09-04 00:43 - 2018-06-29 18:55 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
      2018-09-04 00:43 - 2018-06-29 18:40 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscdll.dll
      2018-09-04 00:43 - 2018-06-29 18:14 - 000516096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
      2018-09-04 00:43 - 2018-06-29 18:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscapi.dll
      2018-09-04 00:43 - 2018-06-27 19:01 - 000114368 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
      2018-09-04 00:43 - 2018-06-27 18:55 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
      2018-09-04 00:43 - 2018-06-27 18:55 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
      2018-09-04 00:43 - 2018-06-27 18:54 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
      2018-09-04 00:43 - 2018-06-27 18:54 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
      2018-09-04 00:43 - 2018-06-27 18:43 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
      2018-09-04 00:43 - 2018-06-27 18:42 - 002366464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
      2018-09-04 00:43 - 2018-06-27 18:42 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
      2018-09-04 00:43 - 2018-06-27 18:41 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
      2018-09-04 00:43 - 2018-06-27 18:21 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
      2018-09-04 00:43 - 2018-06-27 18:16 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
      2018-09-04 00:43 - 2018-06-16 08:11 - 000467856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
      2018-09-04 00:43 - 2018-06-13 19:20 - 014185984 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
      2018-09-04 00:43 - 2018-06-13 19:19 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
      2018-09-04 00:43 - 2018-06-13 18:55 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
      2018-09-04 00:43 - 2018-06-13 18:54 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
      2018-09-04 00:43 - 2018-06-08 19:21 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
      2018-09-04 00:43 - 2018-06-08 19:20 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
      2018-09-04 00:43 - 2018-06-08 19:19 - 000357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
      2018-09-04 00:43 - 2018-06-08 19:19 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
      2018-09-04 00:43 - 2018-06-08 19:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
      2018-09-04 00:43 - 2018-06-08 18:55 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
      2018-09-04 00:43 - 2018-06-08 18:55 - 000330240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
      2018-09-04 00:43 - 2018-06-08 18:54 - 000269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
      2018-09-04 00:43 - 2018-06-08 18:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
      2018-09-04 00:43 - 2018-06-07 19:19 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
      2018-09-04 00:43 - 2018-06-07 18:57 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
      2018-09-04 00:43 - 2018-06-07 18:49 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
      2018-09-04 00:43 - 2018-06-07 18:34 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
      2018-09-04 00:43 - 2018-05-15 06:44 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
      2018-09-04 00:43 - 2018-05-15 06:24 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
      2018-09-04 00:43 - 2018-05-15 06:23 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
      2018-09-04 00:43 - 2018-05-15 06:13 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
      2018-09-04 00:43 - 2018-05-15 06:13 - 000782848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
      2018-09-04 00:43 - 2018-05-15 06:13 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
      2018-09-04 00:43 - 2018-05-15 06:01 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
      2018-09-04 00:43 - 2018-05-15 06:01 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
      2018-09-04 00:43 - 2018-05-12 05:07 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
      2018-09-04 00:43 - 2018-05-12 05:07 - 000033152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
      2018-09-04 00:43 - 2018-05-12 05:07 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
      2018-09-04 00:43 - 2018-05-12 00:19 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
      2018-09-04 00:43 - 2018-05-11 03:40 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
      2018-09-04 00:43 - 2018-05-11 03:40 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000998912 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000918296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000065880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000021848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000019288 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000018776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000015192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000013152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
      2018-09-04 00:43 - 2018-04-25 19:02 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
      2018-09-04 00:43 - 2018-04-25 18:18 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
      2018-09-04 00:43 - 2018-04-23 02:40 - 000582144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
      2018-09-04 00:43 - 2018-04-18 19:03 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
      2018-09-04 00:43 - 2018-04-18 19:03 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\hhsetup.dll
      2018-09-04 00:43 - 2018-04-18 18:51 - 000523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
      2018-09-04 00:43 - 2018-04-18 18:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhsetup.dll
      2018-09-04 00:43 - 2018-04-18 18:41 - 000016896 _____ (Microsoft Corporation) C:\Windows\hh.exe
      2018-09-04 00:43 - 2018-04-18 18:35 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hh.exe
      2018-09-04 00:43 - 2018-04-11 19:38 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
      2018-09-04 00:43 - 2018-04-11 19:36 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
      2018-09-04 00:43 - 2018-04-10 19:36 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
      2018-09-04 00:43 - 2018-04-10 19:36 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
      2018-09-04 00:43 - 2018-04-10 19:34 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
      2018-09-04 00:43 - 2018-04-10 19:33 - 001241600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
      2018-09-04 00:43 - 2018-04-10 19:32 - 000487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
      2018-09-04 00:43 - 2018-04-10 19:00 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
      2018-09-04 00:43 - 2018-04-10 18:48 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
      2018-09-04 00:43 - 2018-04-10 18:47 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
      2018-09-04 00:43 - 2018-04-10 18:47 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
      2018-09-04 00:43 - 2018-04-07 19:41 - 000371392 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
      2018-09-04 00:43 - 2018-03-14 20:16 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
      2018-09-04 00:43 - 2018-03-14 20:12 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
      2018-09-04 00:43 - 2018-03-14 20:12 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
      2018-09-04 00:43 - 2018-03-14 20:12 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
      2018-09-04 00:43 - 2018-03-14 20:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
      2018-09-04 00:43 - 2018-03-14 19:57 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
      2018-09-04 00:43 - 2018-03-14 19:57 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
      2018-09-04 00:43 - 2018-03-14 19:57 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
      2018-09-04 00:43 - 2018-03-14 19:57 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
      2018-09-04 00:43 - 2018-03-14 19:53 - 002651648 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
      2018-09-04 00:43 - 2018-03-14 19:53 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
      2018-09-04 00:43 - 2018-03-14 19:52 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
      2018-09-04 00:43 - 2018-03-14 19:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
      2018-09-04 00:43 - 2018-03-14 19:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
      2018-09-04 00:43 - 2018-03-14 19:52 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
      2018-09-04 00:43 - 2018-03-14 19:52 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
      2018-09-04 00:43 - 2018-03-06 21:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
      2018-09-04 00:43 - 2018-03-06 21:07 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
      2018-09-04 00:43 - 2018-02-22 06:28 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
      2018-09-04 00:43 - 2018-02-22 06:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
      2018-09-04 00:43 - 2018-02-10 21:35 - 000367296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000334528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000185024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000122560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
      2018-09-04 00:43 - 2018-02-10 21:35 - 000068288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000064192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
      2018-09-04 00:43 - 2018-02-10 21:35 - 000063168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000060608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000036032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000031936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000020160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000015040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000012096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
      2018-09-04 00:43 - 2018-02-10 21:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
      2018-09-04 00:43 - 2018-02-10 21:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\racpldlg.dll
      2018-09-04 00:43 - 2018-02-10 21:11 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
      2018-09-04 00:43 - 2018-02-10 20:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
      2018-09-04 00:43 - 2018-02-10 20:25 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
      2018-09-04 00:43 - 2018-02-10 20:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
      2018-09-04 00:43 - 2018-02-10 20:25 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
      2018-09-04 00:43 - 2018-01-12 19:40 - 000407040 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
      2018-09-04 00:43 - 2018-01-12 19:27 - 004834816 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
      2018-09-04 00:43 - 2018-01-12 19:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
      2018-09-04 00:43 - 2018-01-12 19:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
      2018-09-04 00:43 - 2018-01-11 19:41 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
      2018-09-04 00:43 - 2018-01-11 19:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
      2018-09-04 00:43 - 2018-01-01 05:21 - 000288488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
      2018-09-04 00:43 - 2018-01-01 05:21 - 000213736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
      2018-09-04 00:43 - 2018-01-01 05:18 - 001741312 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 001361408 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000961024 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000439296 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000366592 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
      2018-09-04 00:43 - 2018-01-01 05:18 - 000264704 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistHttpTrans.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapPeerProxy.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapAuthProxy.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
      2018-09-04 00:43 - 2018-01-01 05:04 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
      2018-09-04 00:43 - 2018-01-01 05:00 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
      2018-09-04 00:43 - 2018-01-01 05:00 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDist.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
      2018-09-04 00:43 - 2018-01-01 04:59 - 000309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
      2018-09-04 00:43 - 2018-01-01 04:55 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
      2018-09-04 00:43 - 2018-01-01 04:55 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
      2018-09-04 00:43 - 2018-01-01 04:55 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
      2018-09-04 00:43 - 2018-01-01 04:55 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
      2018-09-04 00:43 - 2018-01-01 04:55 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
      2018-09-04 00:43 - 2018-01-01 04:50 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
      2018-09-04 00:43 - 2018-01-01 04:47 - 000244224 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe
      2018-09-04 00:43 - 2018-01-01 04:46 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\vmictimeprovider.dll
      2018-09-04 00:43 - 2018-01-01 04:43 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
      2018-09-04 00:43 - 2018-01-01 04:43 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
      2018-09-04 00:43 - 2018-01-01 04:43 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
      2018-09-04 00:43 - 2018-01-01 04:43 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapPeerProxy.dll
      2018-09-04 00:43 - 2018-01-01 04:43 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapAuthProxy.dll
      2018-09-04 00:43 - 2018-01-01 04:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshqos.dll
      2018-09-04 00:43 - 2018-01-01 04:41 - 000754176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
      2018-09-04 00:43 - 2017-12-05 20:36 - 000625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
      2018-09-04 00:43 - 2017-12-05 20:36 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
      2018-09-04 00:43 - 2017-12-05 20:36 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
      2018-09-04 00:43 - 2017-12-05 20:36 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
      2018-09-04 00:43 - 2017-12-05 20:36 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
      2018-09-04 00:43 - 2017-12-05 20:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
      2018-09-04 00:43 - 2017-12-05 20:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
      2018-09-04 00:43 - 2017-12-05 20:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
      2018-09-04 00:43 - 2017-12-05 20:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
      2018-09-04 00:43 - 2017-12-05 20:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
      2018-09-04 00:43 - 2017-12-05 20:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
      2018-09-04 00:43 - 2017-12-05 19:04 - 000404992 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
      2018-09-04 00:43 - 2017-12-05 18:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
      2018-09-04 00:42 - 2018-08-03 18:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
      2018-09-04 00:42 - 2018-08-02 06:20 - 000708272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
      2018-09-04 00:42 - 2018-08-02 06:06 - 000156256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
      2018-09-04 00:42 - 2018-08-02 06:05 - 005553760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2018-09-04 00:42 - 2018-08-02 06:00 - 000633080 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
      2018-09-04 00:42 - 2018-08-02 05:59 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
      2018-09-04 00:42 - 2018-08-02 05:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
      2018-09-04 00:42 - 2018-08-02 05:59 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
      2018-09-04 00:42 - 2018-08-02 05:58 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
      2018-09-04 00:42 - 2018-08-02 05:58 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
      2018-09-04 00:42 - 2018-08-02 05:57 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
      2018-09-04 00:42 - 2018-08-02 05:57 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
      2018-09-04 00:42 - 2018-08-02 05:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
      2018-09-04 00:42 - 2018-08-02 05:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
      2018-09-04 00:42 - 2018-08-02 05:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
      2018-09-04 00:42 - 2018-08-02 05:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
      2018-09-04 00:42 - 2018-07-19 09:15 - 025745408 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2018-09-04 00:42 - 2018-07-19 07:04 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
      2018-09-04 00:42 - 2018-07-08 19:02 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
      2018-09-04 00:42 - 2018-07-08 19:02 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
      2018-09-04 00:42 - 2018-07-08 19:01 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
      2018-09-04 00:42 - 2018-07-08 18:42 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
      2018-09-04 00:42 - 2018-07-08 18:41 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
      2018-09-04 00:42 - 2018-07-08 18:41 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
      2018-09-04 00:42 - 2018-07-08 18:13 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
      2018-09-04 00:42 - 2018-07-07 18:24 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
      2018-09-04 00:42 - 2018-07-06 19:03 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
      2018-09-04 00:42 - 2018-07-06 18:48 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
      2018-09-04 00:42 - 2018-06-29 18:55 - 000137728 _____ (Microsoft Corporation) C:\Windows\system32\CscMig.dll
      2018-09-04 00:42 - 2018-06-27 18:55 - 003246592 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
      2018-09-04 00:42 - 2018-06-27 18:55 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
      2018-09-04 00:42 - 2018-06-27 18:42 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
      2018-09-04 00:42 - 2018-06-21 06:33 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
      2018-09-04 00:42 - 2018-06-21 06:09 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
      2018-09-04 00:42 - 2018-06-16 08:24 - 000459632 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
      2018-09-04 00:42 - 2018-06-16 08:11 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
      2018-09-04 00:42 - 2018-06-13 19:23 - 000140992 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
      2018-09-04 00:42 - 2018-06-13 19:18 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
      2018-09-04 00:42 - 2018-06-08 19:20 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
      2018-09-04 00:42 - 2018-06-08 19:20 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
      2018-09-04 00:42 - 2018-06-08 18:55 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
      2018-09-04 00:42 - 2018-06-08 18:44 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
      2018-09-04 00:42 - 2018-06-08 18:28 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
      2018-09-04 00:42 - 2018-06-08 16:05 - 002860032 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
      2018-09-04 00:42 - 2018-06-08 16:05 - 001602048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
      2018-09-04 00:42 - 2018-06-08 16:05 - 000783872 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
      2018-09-04 00:42 - 2018-06-08 16:05 - 000612352 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
      2018-09-04 00:42 - 2018-06-08 16:05 - 000470016 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
      2018-09-04 00:42 - 2018-06-08 16:05 - 000443392 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
      2018-09-04 00:42 - 2018-06-08 16:05 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
      2018-09-04 00:42 - 2018-06-08 16:05 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
      2018-09-04 00:42 - 2018-06-07 19:20 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
      2018-09-04 00:42 - 2018-06-07 19:19 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
      2018-09-04 00:42 - 2018-06-07 19:19 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
      2018-09-04 00:42 - 2018-05-15 07:16 - 001681088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
      2018-09-04 00:42 - 2018-05-15 06:44 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
      2018-09-04 00:42 - 2018-05-15 06:44 - 001159680 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
      2018-09-04 00:42 - 2018-05-15 06:44 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
      2018-09-04 00:42 - 2018-05-15 06:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
      2018-09-04 00:42 - 2018-05-12 00:19 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
      2018-09-04 00:42 - 2018-05-02 18:32 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
      2018-09-04 00:42 - 2018-05-02 18:32 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
      2018-09-04 00:42 - 2018-05-02 18:32 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
      2018-09-04 00:42 - 2018-05-02 18:32 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
      2018-09-04 00:42 - 2018-05-02 18:32 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
      2018-09-04 00:42 - 2018-05-02 18:32 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
      2018-09-04 00:42 - 2018-05-02 18:32 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
      2018-09-04 00:42 - 2018-04-23 03:00 - 000876032 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
      2018-09-04 00:42 - 2018-04-11 19:38 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
      2018-09-04 00:42 - 2018-04-11 19:36 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
      2018-09-04 00:42 - 2018-04-10 19:35 - 001735168 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
      2018-09-04 00:42 - 2018-03-10 20:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
      2018-09-04 00:42 - 2018-03-06 21:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
      2018-09-04 00:42 - 2018-03-06 21:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
      2018-09-04 00:42 - 2018-03-06 21:10 - 000170176 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
      2018-09-04 00:42 - 2018-03-06 21:07 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
      2018-09-04 00:42 - 2018-02-10 21:35 - 000023744 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
      2018-09-04 00:42 - 2018-02-10 21:11 - 003665920 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
      2018-09-04 00:42 - 2018-02-10 21:11 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
      2018-09-04 00:42 - 2018-02-10 20:36 - 000108032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msra.exe
      2018-09-04 00:42 - 2018-02-10 20:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdchange.exe
      2018-09-04 00:42 - 2018-02-10 20:26 - 000653312 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
      2018-09-04 00:42 - 2018-02-10 20:26 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
      2018-09-04 00:42 - 2018-01-01 05:18 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000863232 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
      2018-09-04 00:42 - 2018-01-01 05:18 - 000705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
      2018-09-04 00:42 - 2018-01-01 05:18 - 000303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
      2018-09-04 00:42 - 2018-01-01 05:18 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\vmicres.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
      2018-09-04 00:42 - 2018-01-01 05:18 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
      2018-09-04 00:42 - 2018-01-01 05:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
      2018-09-04 00:42 - 2018-01-01 05:00 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
      2018-09-04 00:42 - 2018-01-01 05:00 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
      2018-09-04 00:42 - 2018-01-01 05:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\traffic.dll
      2018-09-04 00:42 - 2018-01-01 05:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
      2018-09-04 00:42 - 2018-01-01 04:46 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\IcCoinstall.dll
      2018-09-04 00:42 - 2018-01-01 04:43 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
      2018-09-04 00:42 - 2017-12-05 20:36 - 001484288 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
      2018-09-04 00:42 - 2017-12-05 20:36 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
      2018-09-04 00:42 - 2017-12-05 20:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
      2018-08-13 10:45 - 2018-08-13 10:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
      2018-08-13 10:45 - 2018-08-13 10:45 - 000000000 ____D C:\Program Files\qBittorrent
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-09-07 10:02 - 2017-09-16 15:50 - 000000000 ____D C:\Users\kpacko\AppData\Roaming\qBittorrent
      2018-09-07 07:53 - 2009-07-14 07:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-09-07 07:53 - 2009-07-14 07:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-09-07 07:51 - 2009-07-14 08:13 - 000772130 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-09-07 07:51 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
      2018-09-07 07:49 - 2017-09-15 22:54 - 000002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-09-07 07:45 - 2017-09-16 17:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer
      2018-09-07 07:45 - 2017-09-15 18:18 - 000000000 ____D C:\ProgramData\NVIDIA
      2018-09-07 07:45 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-09-07 00:19 - 2017-10-22 09:50 - 000000000 ____D C:\Users\kpacko\AppData\Local\CrashDumps
      2018-09-06 23:59 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\rescache
      2018-09-04 22:42 - 2017-09-17 23:54 - 000000000 ____D C:\Users\kpacko\AppData\Roaming\FileZilla
      2018-09-04 00:58 - 2009-07-14 07:45 - 000295648 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-09-04 00:56 - 2017-09-16 19:15 - 000000000 ____D C:\Windows\system32\appraiser
      2018-09-04 00:56 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\PolicyDefinitions
      2018-09-04 00:51 - 2017-07-17 23:37 - 000756356 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
      2018-09-02 00:28 - 2017-10-02 14:41 - 000000000 ____D C:\Users\kpacko\AppData\Roaming\ViberPC
      2018-09-02 00:27 - 2018-07-02 00:59 - 000000000 ____D C:\Users\kpacko\AppData\Local\Viber
      2018-09-02 00:26 - 2017-10-02 14:41 - 000000000 ____D C:\Users\kpacko\Documents\ViberDownloads
      2018-08-19 17:49 - 2017-11-02 01:00 - 000001018 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
      2018-08-08 00:53 - 2017-10-02 09:30 - 000000000 ____D C:\Users\kpacko\AppData\Local\ElevatedDiagnostics
      2018-08-08 00:53 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\NDF
      ==================== Files in the root of some directories =======
      2018-05-04 13:56 - 2018-05-01 20:53 - 001527138 _____ () C:\Users\kpacko\AppData\Roaming\ccseetup542pro.exe
      2018-05-04 13:56 - 2018-04-30 15:50 - 015816144 ____R (Piriform Ltd) C:\Users\kpacko\AppData\Roaming\ccsetup542pro.exe
      2018-05-04 13:56 - 2018-03-12 20:36 - 001371485 _____ () C:\Users\kpacko\AppData\Roaming\ccsetup542proo.exe
      2018-05-04 13:56 - 2018-03-12 20:34 - 000211375 _____ () C:\Users\kpacko\AppData\Roaming\ccsetup542prro.exe
      2017-11-30 16:35 - 2018-02-22 12:29 - 000007603 _____ () C:\Users\kpacko\AppData\Local\Resmon.ResmonCfg
      Some files in TEMP:
      ====================
      2018-04-30 12:09 - 2018-04-30 12:09 - 011491456 _____ (Raxco Software, Inc.                                        ) C:\Users\kpacko\AppData\Local\Temp\PD140p_x64.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-09-06 23:52
      ==================== End of FRST.txt ============================
      Addition.txt
    • от мирослав24
      Здравейте,сблъсках се със следния проблем-неизвестно лице или лица правят опити за проникване в мои акаунти в електронни  пощи и  сайтове където съм се регистрирал.Получих писмо от единия сайт че е правен опит за вписване с моето потребителско име,но с грешна парола,и аналогично съобщение от е-майл провайдър.Ползвам десктоп компютър и лаптоп и не знам дали някое от устройствата не е със зловреден софтуер.Видимо нямам проблеми с машините,освен че и на двата компютъра като исках да си сменя паролата на един сайт,ми излезе прозорец с искане да си напиша електронната поща с който съм регистриран в сайта и като я написах след това ми излезе втори прозорец с подкана да напиша и паролата си за съответната поща.Нищо не смених в крайна сметка докато не установя къде е проблема.Изпращам резултатите от сканиране с FRST на настолния компютър :
       
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.08.2018
      Ran by User1 (administrator) on PC1 (30-08-2018 15:49:50)
      Running from C:\Documents and Settings\User1\Desktop
      Loaded Profiles: User1 (Available Profiles: User1 & User2 & Administrator)
      Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
      Internet Explorer Version 8 (Default browser: IE)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
      (Comodo) C:\Program Files\Comodo\Dragon\dragon_updater.exe
      () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe
      () C:\WINDOWS\tsnpstd3.exe
      () C:\WINDOWS\vsnpstd3.exe
      () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe
      (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
      (BitTorrent, Inc.) C:\Program Files\uTorrent\uTorrent.exe
      (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
      (MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
      (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
      (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
      (Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [tsnpstd3] => C:\WINDOWS\tsnpstd3.exe [262144 2006-06-19] ()
      HKLM\...\Run: [snpstd3] => C:\WINDOWS\vsnpstd3.exe [827392 2006-09-19] ()
      HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe [8063200 2016-07-18] ()
      HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
      HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
      HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [Messenger (Yahoo!)] => "F:\SKYPE_~1\yahoo\Messenger\YahooMessenger.exe" -quiet
      HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [395640 2011-05-02] (BitTorrent, Inc.)
      HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-20] (Piriform Ltd)
      HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [Google Update] => C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-12-02] (Google Inc.)
      HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
      HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
      HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [1447936 2018-07-27] (Adobe Systems Incorporated)
      Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2018-03-28]
      ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
      Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk [2018-08-30]
      ShortcutTarget: VPN Client.lnk -> C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\..\Interfaces\{0227FD86-8C54-4C88-8029-3F44137A8ADF}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{1524681E-CD57-4084-9846-709C0A2CC0ED}: [NameServer] 192.168.100.40,192.168.100.140
      Internet Explorer:
      ==================
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKU\S-1-5-21-220523388-412668190-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_152\bin\ssv.dll [2017-12-08] (Oracle Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_152\bin\jp2ssv.dll [2017-12-08] (Oracle Corporation)
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
      FireFox:
      ========
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-12-08] ()
      FF Plugin: @java.com/DTPlugin,version=11.152.2 -> C:\Program Files\Java\jre1.8.0_152\bin\dtplugin\npDeployJava1.dll [2017-12-08] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.152.2 -> C:\Program Files\Java\jre1.8.0_152\bin\plugin2\npjp2.dll [2017-12-08] (Oracle Corporation)
      FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
      FF Plugin HKU\S-1-5-21-220523388-412668190-1417001333-1003: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\User1\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
      FF Plugin HKU\S-1-5-21-220523388-412668190-1417001333-1003: @talk.google.com/O1DPlugin -> C:\Documents and Settings\User1\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
      FF Plugin HKU\S-1-5-21-220523388-412668190-1417001333-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-02] (Google Inc.)
      FF Plugin HKU\S-1-5-21-220523388-412668190-1417001333-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-02] (Google Inc.)
      FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\User1\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
      FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\User1\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-07-27] (Adobe Systems Incorporated) [File not signed]
      S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
      R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.)
      R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
      R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
      R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2060848 2016-02-05] (Comodo)
      R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
      R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
      S3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
      R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
      R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [602112 2007-06-04] (Hewlett-Packard Co.) [File not signed]
      S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170912 2013-01-12] (Oracle Corporation)
      R2 LanmanServer; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
      R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
      R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe [664040 2016-07-18] ()
      S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [95744 2008-05-19] (Microsoft Corporation) [File not signed]
      S3 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
      R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
      R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
      R3 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
      R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
      R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
      S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [File not signed]
      R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
      R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
      S3 Wmi; C:\WINDOWS\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation) [File not signed]
      S2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
      R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-06-18] (Advanced Micro Devices)
      S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
      R3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
      R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2010-03-23] (Cisco Systems, Inc.) [File not signed]
      R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
      R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.129.0\gzflt.sys [175008 2016-04-28] (BitDefender LLC)
      R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-01-19] (HP)
      R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-01-19] (HP)
      R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-19] (HP)
      R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
      R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RtkHDAud.sys [4368896 2006-08-15] (Realtek Semiconductor Corp.) [File not signed]
      R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
      R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
      R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
      R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
      S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
      R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
      R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed]
      R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [57856 2006-07-11] (NVIDIA Corporation)
      R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [20480 2006-07-11] (NVIDIA Corporation)
      R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
      S3 SNPSTD3; C:\WINDOWS\System32\DRIVERS\snpstd3.sys [10252544 2007-03-27] (Sonix Co. Ltd.)
      R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
      R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
      S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [428832 2016-04-28] (BitDefender S.R.L.)
      S3 usbaudio; C:\WINDOWS\System32\drivers\usbaudio.sys [60160 2013-07-17] (Microsoft Corporation) [File not signed]
      R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-09] (Microsoft Corporation) [File not signed]
      R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed]
      S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-03] (Microsoft Corporation) [File not signed]
      R3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
      S3 catchme; \??\C:\DOCUME~1\User1\LOCALS~1\Temp\catchme.sys [X]
      S4 IntelIde; no ImagePath
      S2 StarOpen; no ImagePath
      S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam32.sys [X]
      S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard32.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-30 15:49 - 2018-08-30 15:50 - 000014109 _____ C:\Documents and Settings\User1\Desktop\FRST.txt
      2018-08-30 15:15 - 2018-08-30 15:15 - 001773568 _____ (Farbar) C:\Documents and Settings\User1\Desktop\FRST.exe
      2018-08-10 12:36 - 2018-08-10 12:40 - 000000000 ____D C:\Documents and Settings\User2\Desktop\куче Анжело 0887999938
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-30 15:50 - 2015-07-18 13:46 - 000000000 ____D C:\Documents and Settings\User1\Local Settings\temp
      2018-08-30 15:49 - 2018-03-26 11:31 - 000000000 ____D C:\FRST
      2018-08-30 15:48 - 2011-05-02 12:46 - 000000000 ____D C:\Documents and Settings\User1\Application Data\uTorrent
      2018-08-30 15:31 - 2011-05-02 12:44 - 000000000 ____D C:\Program Files\Opera
      2018-08-30 14:58 - 2016-02-20 13:25 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MCShield
      2018-08-30 14:58 - 2015-06-22 14:14 - 000000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
      2018-08-30 14:58 - 2015-06-22 14:14 - 000000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
      2018-08-30 14:58 - 2011-05-02 10:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2018-08-30 14:57 - 2018-03-27 15:50 - 000032638 _____ C:\WINDOWS\SchedLgU.Txt
      2018-08-30 14:57 - 2011-05-02 12:10 - 000000178 ___SH C:\Documents and Settings\User1\ntuser.ini
      2018-08-30 14:57 - 2011-05-02 12:10 - 000000000 ____D C:\Documents and Settings\User1
      2018-08-30 14:55 - 2013-03-08 15:11 - 000001078 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-412668190-1417001333-1003UA.job
      2018-08-30 14:47 - 2015-04-26 09:48 - 000000000 ____D C:\Documents and Settings\User2\Application Data\Skype
      2018-08-30 14:47 - 2011-05-02 13:28 - 000000000 ____D C:\Documents and Settings\User2\Local Settings\Temp
      2018-08-30 12:55 - 2013-03-08 15:11 - 000001026 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-412668190-1417001333-1003Core.job
      2018-08-30 07:50 - 2001-08-23 12:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
      2018-08-25 12:48 - 2017-01-16 13:16 - 000000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
      2018-08-25 12:48 - 2011-05-02 10:10 - 000000000 ____D C:\WINDOWS\system32\Macromed
      2018-08-09 12:25 - 2011-05-16 16:38 - 000000000 ____D C:\Program Files\Recuva
      2018-08-02 14:29 - 2013-12-09 13:51 - 000000000 ____D C:\Documents and Settings\User2\Desktop\образци PDF
      ==================== Files in the root of some directories =======
      2011-05-02 13:33 - 2014-09-24 16:20 - 000014848 _____ () C:\Documents and Settings\User1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2014-01-01 13:07 - 2014-01-01 13:07 - 000000036 _____ () C:\Documents and Settings\User1\Local Settings\Application Data\housecall.guid.cache
      2011-05-15 13:35 - 2011-05-15 13:35 - 000000056 _____ () C:\Documents and Settings\All Users\Application Data\ezsidmv.dat
      2017-09-02 12:57 - 2018-04-11 15:32 - 000021736 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => MD5 is legit
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => MD5 is legit
      C:\WINDOWS\system32\dnsapi.dll => MD5 is legit
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
      ==================== End of FRST.txt ============================
      Addition.txt
    • от d1cho
      Привет преди два дни ми изпищя windows defender-a и антивируснта програма,пише, че гадината е Trojan:Win32/Killav.DR. Компютрите са в мрежа, единя е с vista business 64 bit, a другия с windows 10 32bit. Този с vistata не ми да ва да включа защитната стена и да инсталриам антивирусна. Мъчих компютъра с windows 10 с различни антивирусни понеже ми позволява да инсталриам,но само ги слага под карантина,а мен ме е страх да ги трия понеже имаме софтуер за работа и ме тревожи да не би да повредя нещо и да замине информацията.
      Моля за съдействие, понеже е почти невъзможно да се работи на компютрите.
      Ето тоша ми е от лог файла на компѝтъра с вистата FRST.txt
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
      Ran by DBPROTOOLS (administrator) on DBPROTOOLS-PC (17-08-2018 10:17:44)
      Running from C:\Users\DBPROTOOLS\Desktop
      Loaded Profiles: DBPROTOOLS (Available Profiles: DBPROTOOLS)
      Platform: Windows Vista (TM) Business Service Pack 2 (X64) Language: English (United States)
      Internet Explorer Version 7 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      () C:\Windows\zqmeyojeujuakpbxqoc.exe
      (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
      () C:\Users\DBPROTOOLS\AppData\Local\Temp\zeoucgp.exe
      () C:\Users\DBPROTOOLS\AppData\Local\Temp\zeoucgp.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
      (Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
      HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-23] (Brother Industries, Ltd.)
      HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.)
      HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.)
      HKLM-x32\...\Run: [mqzelo] => C:\Windows\fuoewkdwkxgksvfzq.exe [503808 2018-08-17] ()
      HKLM-x32\...\Run: [qapanwkyhpts] => C:\Users\DBPROTOOLS\AppData\Local\Temp\fuoewkdwkxgksvfzq.exe [503808 2018-08-16] () <==== ATTENTION
      HKLM-x32\...\RunOnce: [zeoucgp] => mebupgcypfryjpcztshe.exe .
      HKLM-x32\...\RunOnce: [tcqamuhucjm] => C:\Users\DBPROTOOLS\AppData\Local\Temp\zqmeyojeujuakpbxqoc.exe . [503808 2018-08-16] () <==== ATTENTION
      HKLM\...\Policies\Explorer\Run: [oufmvaku] => C:\Windows\zqmeyojeujuakpbxqoc.exe [503808 2018-08-16] ()
      HKLM\...\Policies\Explorer\Run: [bemqw] => C:\Users\DBPROTOOLS\AppData\Local\Temp\fuoewkdwkxgksvfzq.exe [503808 2018-08-16] ()
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\Run: [fmygqwhsy] => C:\Windows\oezqjysmbpzenrcxpm.exe [503808 2018-08-17] ()
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\Run: [mqzelo] => C:\Users\DBPROTOOLS\AppData\Local\Temp\ymfulyqivhpszbkd.exe [503808 2018-08-16] () <==== ATTENTION
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\RunOnce: [ygtcnugszf] => fuoewkdwkxgksvfzq.exe .
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\RunOnce: [zeoucgp] => C:\Users\DBPROTOOLS\AppData\Local\Temp\oezqjysmbpzenrcxpm.exe . [503808 2018-08-16] () <==== ATTENTION
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\Policies\system: [DisableRegistryTools] 1
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\MountPoints2: {175dbd82-9a45-11e8-861a-0019990d7d87} - E:\tyquftktfbz.bat
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\MountPoints2: {1b56a57f-9a44-11e8-a149-8748c642f7d2} - E:\setup.exe
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
      Tcpip\..\Interfaces\{16F65250-913D-4F56-B2DA-49AF5C765191}: [DhcpNameServer] 192.168.0.1 192.168.0.1
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
      SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      SearchScopes: HKU\S-1-5-21-3181692578-1277306937-1901717452-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-04-11] (Microsoft Corporation)
      Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-04-11] (Microsoft Corporation)
      Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-04-11] (Microsoft Corporation)
      Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-04-11] (Microsoft Corporation)
      FireFox:
      ========
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-06] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-06] (Google Inc.)
      Chrome: 
      =======
      CHR Profile: C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default [2018-08-17]
      CHR Extension: (Slides) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-07]
      CHR Extension: (Docs) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-07]
      CHR Extension: (Google Drive) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-07]
      CHR Extension: (YouTube) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-07]
      CHR Extension: (Sheets) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-07]
      CHR Extension: (Google Docs Offline) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-07]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-07]
      CHR Extension: (Gmail) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-07]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-08-13] (TeamViewer GmbH)
      S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
      S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
      S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-17 10:17 - 2018-08-17 10:18 - 000008964 _____ C:\Users\DBPROTOOLS\Desktop\FRST.txt
      2018-08-17 10:16 - 2018-08-17 10:17 - 000000000 ____D C:\FRST
      2018-08-17 10:15 - 2018-08-17 10:15 - 002412544 _____ (Farbar) C:\Users\DBPROTOOLS\Desktop\FRST64.exe
      2018-08-17 09:35 - 2018-08-17 09:36 - 046625016 _____ (Microsoft Corporation) C:\Users\DBPROTOOLS\Downloads\Windows-KB890830-x64-V5.63.exe
      2018-08-16 12:03 - 2018-08-16 12:03 - 000000000 ____D C:\ProgramData\AVG
      2018-08-16 12:02 - 2018-08-16 11:36 - 007460520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\DBPROTOOLS\Desktop\avg_antivirus_free_setup.exe
      2018-08-15 16:13 - 2018-08-15 16:33 - 000038147 _____ C:\Users\DBPROTOOLS\Documents\ПРОТОКОЛ КОНСИГНАЦИЯ.odt
      2018-08-15 10:04 - 2018-08-17 10:18 - 000000272 ____H C:\Windows\SysWOW64\dacaawxyupgsitlnmqkmj.vgd
      2018-08-15 10:04 - 2018-08-17 10:18 - 000000272 ____H C:\Windows\dacaawxyupgsitlnmqkmj.vgd
      2018-08-15 10:04 - 2018-08-17 10:18 - 000000272 ____H C:\Program Files (x86)\dacaawxyupgsitlnmqkmj.vgd
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\ymfulyqivhpszbkd.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\smlgdwusldranvkjfgxwqy.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\oezqjysmbpzenrcxpm.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\mebupgcypfryjpcztshe.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\fuoewkdwkxgksvfzq.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\busmiaxumdqykrfdyyomf.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\zqmeyojeujuakpbxqoc.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\zqmeyojeujuakpbxqoc.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\ymfulyqivhpszbkd.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\smlgdwusldranvkjfgxwqy.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\oezqjysmbpzenrcxpm.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\mebupgcypfryjpcztshe.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\fuoewkdwkxgksvfzq.exe
      2018-08-15 10:03 - 2018-08-15 10:03 - 000503808 __RSH C:\Windows\SysWOW64\busmiaxumdqykrfdyyomf.exe
      2018-08-08 19:55 - 2018-08-08 19:55 - 000000586 _____ C:\Users\DBPROTOOLS\Desktop\control8.lnk
      2018-08-08 19:53 - 2018-08-08 19:54 - 000000586 _____ C:\Users\DBPROTOOLS\Desktop\control7.lnk
      2018-08-08 10:50 - 2018-08-08 10:51 - 000000000 ___HD C:\Program Files (x86)\Temp
      2018-08-08 10:49 - 2018-08-08 10:49 - 020227746 _____ C:\Users\DBPROTOOLS\Downloads\FTS_RealtekHDAudio_6015911_1039707.zip
      2018-08-08 10:36 - 2018-08-08 10:36 - 000529696 _____ (Fujitsu) C:\Users\DBPROTOOLS\Downloads\AutoDetect_CR.exe
      2018-08-08 10:19 - 2018-08-08 10:19 - 000870768 _____ (PDFLogic Corporation ) C:\Users\DBPROTOOLS\Downloads\pdfvista.exe
      2018-08-08 10:14 - 2018-08-08 10:14 - 000127389 _____ C:\Users\DBPROTOOLS\Downloads\received_1656658347796650.jpeg
      2018-08-08 09:51 - 2018-08-08 09:51 - 000131068 _____ C:\Users\DBPROTOOLS\Downloads\ACFrOgD5qMx8urBDsFoSA7F_JPxuDeiEhFOgmeQLIU44kuc2fxOLoZfY-xq9ebf1sM-mw4X0coR12Y2kOz69foLufsDyMtHGIiFwi_Ya2E4BRTKHCOlw-VxJoiTp7S8=
      2018-08-08 09:41 - 2018-08-08 09:41 - 000949332 _____ (Vivid Document Imaging Technologies ) C:\Users\DBPROTOOLS\Downloads\PDFViewerSetup (1).exe
      2018-08-08 09:40 - 2018-08-16 12:03 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Roaming\YcanPDF
      2018-08-08 09:39 - 2018-08-08 09:39 - 003451040 _____ (PDFZilla, Inc. ) C:\Users\DBPROTOOLS\Downloads\freepdfreader.exe
      2018-08-07 17:15 - 2018-08-07 17:15 - 000008192 ___RS C:\BOOTSECT.BAK
      2018-08-07 17:15 - 2018-08-07 16:22 - 000000000 ____D C:\Windows\Panther
      2018-08-07 17:15 - 2009-04-11 19:22 - 000333257 __RSH C:\bootmgr
      2018-08-07 16:21 - 2018-08-07 16:21 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_00_00.Wdf
      2018-08-07 16:18 - 2018-08-07 16:18 - 000000000 ____D C:\Windows\CSC
      2018-08-07 12:34 - 2018-08-07 12:34 - 000044749 _____ C:\Users\DBPROTOOLS\Downloads\logo_db_protools.pdf
      2018-08-07 12:29 - 2018-08-07 12:29 - 001207800 _____ (Adobe Systems Incorporated) C:\Users\DBPROTOOLS\Downloads\readerdc_en_ha_install.exe
      2018-08-07 12:27 - 2018-08-07 12:27 - 000949332 _____ (Vivid Document Imaging Technologies ) C:\Users\DBPROTOOLS\Downloads\PDFViewerSetup.exe
      2018-08-07 12:22 - 2018-08-07 12:22 - 000004088 ____H C:\Users\DBPROTOOLS\AppData\Local\ygtcnugszfhefberbqviqmyucpyjqcov.dab
      2018-08-07 12:20 - 2018-08-17 10:18 - 000000272 ____H C:\Users\DBPROTOOLS\AppData\Local\dacaawxyupgsitlnmqkmj.vgd
      2018-08-07 12:19 - 2018-08-07 12:19 - 000000000 ____D C:\Users\DBPROTOOLS\Desktop\Оферти Доставчици
      2018-08-07 12:16 - 2018-08-07 12:16 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Roaming\ControlCenter4
      2018-08-07 12:13 - 2018-08-07 12:13 - 000001975 _____ C:\Users\Public\Desktop\Brother Creative Center.lnk
      2018-08-07 12:13 - 2018-08-07 12:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\ProgramData\ControlCenter4
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\Program Files (x86)\ControlCenter4
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\Program Files (x86)\BrownyInd
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\Program Files (x86)\Browny02
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\Brother
      2018-08-07 12:11 - 2012-12-14 04:31 - 000180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
      2018-08-07 12:11 - 2012-12-14 04:31 - 000113744 _____ (Brother Industries Ltd) C:\Windows\SysWOW64\BRRBTOOL.EXE
      2018-08-07 12:11 - 2012-12-14 04:31 - 000077824 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BRLMW03A.DLL
      2018-08-07 12:11 - 2012-12-14 04:31 - 000045056 _____ C:\Windows\SysWOW64\BRTCPCON.DLL
      2018-08-07 12:11 - 2012-12-14 04:31 - 000025299 _____ (Brother Industries, Ltd) C:\Windows\SysWOW64\BRLM03A.DLL
      2018-08-07 12:11 - 2012-12-14 04:31 - 000000114 _____ C:\Windows\SysWOW64\BRLMW03A.INI
      2018-08-07 12:11 - 2012-12-14 04:29 - 000000050 _____ C:\Windows\system32\BRADM12A.DAT
      2018-08-07 12:11 - 2012-12-13 19:00 - 000226816 _____ (Brother Industries, Ltd.) C:\Windows\system32\BRCOM12A.DLL
      2018-08-07 12:11 - 2012-10-19 15:07 - 001441792 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrWi212c.dll
      2018-08-07 12:11 - 2012-10-19 15:03 - 000054272 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrUsi12c.dll
      2018-08-07 12:11 - 2012-07-06 13:56 - 000012800 _____ (Brother Industries Ltd.) C:\Windows\system32\BrCiImg.dll
      2018-08-07 12:11 - 2011-09-08 12:36 - 000279040 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrJDec.dll
      2018-08-07 12:10 - 2018-08-07 12:11 - 000000000 ____D C:\Program Files (x86)\Brother
      2018-08-07 12:10 - 2018-08-07 12:10 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
      2018-08-07 12:10 - 2012-11-02 18:15 - 000245760 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
      2018-08-07 12:10 - 2012-02-02 11:21 - 000002560 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
      2018-08-07 12:10 - 2010-03-15 19:45 - 000073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
      2018-08-07 12:10 - 2007-12-13 22:16 - 000005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
      2018-08-07 12:09 - 2018-08-07 12:13 - 000000000 ____D C:\ProgramData\Brother
      2018-08-07 12:09 - 2018-08-07 12:09 - 000000000 ____D C:\Users\DBPROTOOLS\Downloads\install
      2018-08-07 12:08 - 2018-08-07 12:08 - 141297272 _____ (A.I.SOFT,INC.) C:\Users\DBPROTOOLS\Downloads\DCP-1510-inst-A1-eeu.EXE
      2018-08-07 10:22 - 2018-08-07 10:22 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Roaming\OpenOffice
      2018-08-07 10:12 - 2018-08-07 10:12 - 000000985 _____ C:\Users\Public\Desktop\OpenOffice 4.1.5.lnk
      2018-08-07 10:12 - 2018-08-07 10:12 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.5
      2018-08-07 10:12 - 2018-08-07 10:12 - 000000000 ____D C:\Program Files (x86)\OpenOffice 4
      2018-08-07 09:45 - 2018-08-07 09:46 - 000456080 _____ C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistMSI22E4.txt
      2018-08-07 09:45 - 2018-08-07 09:46 - 000011632 _____ C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistUI22E4.txt
      2018-08-07 09:44 - 2018-08-07 09:45 - 000452836 _____ C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistMSI223D.txt
      2018-08-07 09:44 - 2018-08-07 09:45 - 000011616 _____ C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistUI223D.txt
      2018-08-07 09:44 - 2018-08-07 09:44 - 000000000 ____D C:\Users\DBPROTOOLS\Desktop\OpenOffice 4.1.5 (bg) Installation Files
      2018-08-07 09:40 - 2018-08-07 09:40 - 013057882 _____ C:\Users\DBPROTOOLS\Downloads\Apache_OpenOffice_4.1.5_Win_x86_langpack_bg.exe
      2018-08-07 09:40 - 2018-08-07 09:40 - 000000000 ____D C:\Users\DBPROTOOLS\Desktop\OpenOffice 4.1.5 Language Pack (Bulgarian) Installation Files
      2018-08-07 09:39 - 2018-08-07 09:40 - 129515834 _____ C:\Users\DBPROTOOLS\Downloads\Apache_OpenOffice_4.1.5_Win_x86_install_bg.exe
      2018-08-07 09:34 - 2018-08-07 09:34 - 000000000 ____D C:\Users\DBPROTOOLS\Desktop\Нова папка
      2018-08-07 09:34 - 2013-06-28 14:49 - 001732096 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athurx.sys
      2018-08-07 09:31 - 2018-08-07 09:32 - 245571584 _____ C:\Users\DBPROTOOLS\Downloads\LibreOffice_5.4.7_Win_x64.msi
      2018-08-07 07:22 - 2018-08-08 09:45 - 000054608 _____ C:\Users\DBPROTOOLS\AppData\Local\GDIPFONTCACHEV1.DAT
      2018-08-07 07:22 - 2018-08-07 07:22 - 000000979 _____ C:\Users\DBPROTOOLS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      2018-08-07 07:22 - 2018-08-07 07:22 - 000000974 _____ C:\Users\DBPROTOOLS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
      2018-08-07 07:22 - 2018-08-07 07:22 - 000000949 _____ C:\Users\DBPROTOOLS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
      2018-08-07 07:21 - 2018-08-16 17:01 - 000000732 _____ C:\Users\DBPROTOOLS\AppData\Local\d3d9caps64.dat
      2018-08-07 07:21 - 2018-08-10 15:00 - 000000000 ____D C:\Users\DBPROTOOLS
      2018-08-07 07:21 - 2018-08-07 12:20 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\VirtualStore
      2018-08-07 07:21 - 2018-08-07 07:22 - 000000915 _____ C:\Users\DBPROTOOLS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
      2018-08-07 07:21 - 2018-08-07 07:21 - 000000020 ___SH C:\Users\DBPROTOOLS\ntuser.ini
      2018-08-07 00:53 - 2018-08-16 17:02 - 000000680 _____ C:\Users\DBPROTOOLS\AppData\Local\d3d9caps.dat
      2018-08-07 00:52 - 2018-08-16 17:01 - 000000000 ____D C:\Program Files (x86)\TeamViewer
      2018-08-07 00:52 - 2018-08-15 06:17 - 000000882 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
      2018-08-07 00:52 - 2018-08-15 06:17 - 000000870 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
      2018-08-07 00:52 - 2018-08-07 00:52 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Roaming\TeamViewer
      2018-08-07 00:51 - 2018-08-07 00:51 - 020688888 _____ (TeamViewer GmbH) C:\Users\DBPROTOOLS\Downloads\TeamViewer_Setup.exe
      2018-08-07 00:47 - 2018-08-07 00:47 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-08-07 00:47 - 2018-08-07 00:47 - 000002025 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-08-07 00:47 - 2018-08-07 00:47 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\Google
      2018-08-07 00:47 - 2018-08-07 00:47 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\Deployment
      2018-08-07 00:47 - 2018-08-07 00:47 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\Apps\2.0
      2018-08-07 00:47 - 2018-08-07 00:47 - 000000000 ____D C:\Program Files (x86)\Google
      2018-08-07 00:47 - 2018-08-06 16:30 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
      2018-08-07 00:47 - 2018-08-06 16:30 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
      2018-08-06 19:35 - 2018-08-06 19:35 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\TeamViewer
      2018-08-06 16:30 - 2018-08-06 16:30 - 000000693 _____ C:\Users\DBPROTOOLS\Desktop\Downloads - Shortcut.lnk
      2018-08-06 16:29 - 2018-08-06 16:29 - 000000000 ____D C:\Program Files (x86)\GUM4368.tmp
      2018-08-06 14:37 - 2018-08-06 14:38 - 274317312 _____ C:\Users\DBPROTOOLS\Downloads\LibreOffice_6.0.6_Win_x64.msi
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-17 09:01 - 2006-11-02 18:20 - 000005024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
      2018-08-17 09:01 - 2006-11-02 18:20 - 000005024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
      2018-08-16 17:08 - 2006-11-02 16:33 - 000000000 ____D C:\Windows\inf
      2018-08-16 17:08 - 2006-11-02 15:46 - 000690960 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-08-16 17:01 - 2006-11-02 18:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-08-16 14:51 - 2006-11-02 18:38 - 000011762 _____ C:\Windows\Tasks\SCHEDLGU.TXT
      2018-08-08 09:44 - 2006-11-02 18:20 - 000256016 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-08-07 17:15 - 2006-11-02 18:05 - 000262144 _____ C:\Windows\system32\config\BCD-Template
      2018-08-07 09:44 - 2006-11-02 16:33 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
      2018-08-07 09:43 - 2006-11-02 16:34 - 000000000 ____D C:\Windows\system32\NDF
      2018-08-07 07:21 - 2006-11-02 16:33 - 000000000 ____D C:\Windows\rescache
      ==================== Files in the root of some directories =======
      2018-08-15 10:04 - 2018-08-17 10:18 - 000000272 ____H () C:\Program Files (x86)\dacaawxyupgsitlnmqkmj.vgd
      2018-08-07 00:53 - 2018-08-16 17:02 - 000000680 _____ () C:\Users\DBPROTOOLS\AppData\Local\d3d9caps.dat
      2018-08-07 07:21 - 2018-08-16 17:01 - 000000732 _____ () C:\Users\DBPROTOOLS\AppData\Local\d3d9caps64.dat
      2018-08-07 12:20 - 2018-08-17 10:18 - 000000272 ____H () C:\Users\DBPROTOOLS\AppData\Local\dacaawxyupgsitlnmqkmj.vgd
      2018-08-07 09:44 - 2018-08-07 09:45 - 000452836 _____ () C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistMSI223D.txt
      2018-08-07 09:45 - 2018-08-07 09:46 - 000456080 _____ () C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistMSI22E4.txt
      2018-08-07 09:44 - 2018-08-07 09:45 - 000011616 _____ () C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistUI223D.txt
      2018-08-07 09:45 - 2018-08-07 09:46 - 000011632 _____ () C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistUI22E4.txt
      2018-08-07 12:22 - 2018-08-07 12:22 - 000004088 ____H () C:\Users\DBPROTOOLS\AppData\Local\ygtcnugszfhefberbqviqmyucpyjqcov.dab
      Files to move or delete:
      ====================
      C:\Users\DBPROTOOLS\AppData\Local\Temp\fuoewkdwkxgksvfzq.exe
      C:\Users\DBPROTOOLS\AppData\Local\Temp\zqmeyojeujuakpbxqoc.exe .
      C:\Users\DBPROTOOLS\AppData\Local\Temp\ymfulyqivhpszbkd.exe
      C:\Users\DBPROTOOLS\AppData\Local\Temp\oezqjysmbpzenrcxpm.exe .

      Some files in TEMP:
      ====================
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\busmiaxumdqykrfdyyomf.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\fuoewkdwkxgksvfzq.exe
      2018-08-07 12:20 - 2018-08-07 12:20 - 000327680 _____ () C:\Users\DBPROTOOLS\AppData\Local\Temp\gegdhvgwcqz.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\mebupgcypfryjpcztshe.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\oezqjysmbpzenrcxpm.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\smlgdwusldranvkjfgxwqy.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\ymfulyqivhpszbkd.exe
      2018-08-07 12:20 - 2018-08-07 12:20 - 000708608 _____ () C:\Users\DBPROTOOLS\AppData\Local\Temp\zeoucgp.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\zqmeyojeujuakpbxqoc.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-08-17 05:08
      ==================== End of FRST.txt ============================
      Addition.txt
    • от v3cko
      malwarbytes засече троянец и други гадинки
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.08.2018
      Ran by BECKO (administrator) on BECKO-PC (12-08-2018 08:46:39)
      Running from C:\Users\BECKO\Downloads
      Loaded Profiles: BECKO (Available Profiles: BECKO)
      Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Английски (Съединени щати)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
      (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
      (Microsoft Corporation) C:\Windows\System32\rundll32.exe
      (Intel Corporation) C:\Windows\System32\igfxtray.exe
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Intel Corporation) C:\Windows\System32\igfxpers.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
      (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
      (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2018-08-11] (Synaptics Incorporated)
      HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
      HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\...\Run: [Chromium] => "c:\users\becko\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{4447F6FC-1164-470A-9CC4-84A798333B40}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{566E0D37-D76E-44FA-984D-4A40BF15E2B7}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
      StartMenuInternet: IEXPLORE.EXE - iexplore.exe
      FireFox:
      ========
      FF ProfilePath: C:\Users\BECKO\AppData\Roaming\K-Meleon\ignaeef5.default [2018-08-12]
      FF user.js: detected! => C:\Users\BECKO\AppData\Roaming\K-Meleon\ignaeef5.default\user.js [2006-04-06]
      FF Homepage: K-Meleon\ignaeef5.default -> google.bg
      FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2016-01-04] [Legacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-08-11] ()
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-11] (Google Inc.)
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-11] (Google Inc.)
      Chrome: 
      =======
      CHR HomePage: Default -> hxxp://google.bg/
      CHR StartupUrls: Default -> "hxxps://www.google.bg/"
      CHR Profile: C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default [2018-08-12]
      CHR Extension: (Презентации) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-11]
      CHR Extension: (Документи) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-11]
      CHR Extension: (Google Диск) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-11]
      CHR Extension: (YouTube) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-11]
      CHR Extension: (Adblock Plus) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-08-11]
      CHR Extension: (Таблици) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-11]
      CHR Extension: (Google Документи офлайн) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-11]
      CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2018-08-11]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-11]
      CHR Extension: (Gmail) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-11]
      CHR Extension: (Chrome Media Router) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-11]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1680088 2018-08-11] (Broadcom Corporation.)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
      R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [175320 2018-08-11] (Broadcom Corporation.)
      S3 btwampfl; C:\Windows\System32\DRIVERS\btwampfl.sys [144600 2018-08-11] (Broadcom Corporation.)
      R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-06-19] (Malwarebytes)
      S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [38224 2018-08-11] ()
      R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [527344 2018-08-11] (Intel Corporation)
      R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26096 2018-08-11] (Intel Corporation)
      R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [44800 2018-08-11] (Infineon Technologies AG)
      R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2018-08-11] (Windows (R) Codename Longhorn DDK provider)
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [165608 2018-08-11] (Malwarebytes)
      R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [95488 2018-08-12] (Malwarebytes)
      R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [42728 2018-08-12] (Malwarebytes)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-08-12] (Malwarebytes)
      R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [73336 2018-08-12] (Malwarebytes)
      R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7523840 2018-08-11] (Intel Corporation)
      R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [7424 2018-08-11] ()
      R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2018-08-12] (Zemana Ltd.)
      R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2018-08-12] (Zemana Ltd.)
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-12 08:46 - 2018-08-12 08:47 - 000008916 _____ C:\Users\BECKO\Downloads\FRST.txt
      2018-08-12 08:46 - 2018-08-12 08:46 - 000000000 ____D C:\FRST
      2018-08-12 08:44 - 2018-08-12 08:44 - 001773056 _____ (Farbar) C:\Users\BECKO\Downloads\FRST.exe
      2018-08-12 08:08 - 2018-08-12 08:46 - 000032169 _____ C:\Windows\ZAM.krnl.trace
      2018-08-12 08:08 - 2018-08-12 08:46 - 000011705 _____ C:\Windows\ZAM_Guard.krnl.trace
      2018-08-12 08:08 - 2018-08-12 08:08 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
      2018-08-12 08:08 - 2018-08-12 08:08 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
      2018-08-12 08:08 - 2018-08-12 08:08 - 000001892 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
      2018-08-12 08:08 - 2018-08-12 08:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
      2018-08-12 08:08 - 2018-08-12 08:08 - 000000000 ____D C:\Program Files\Zemana AntiMalware
      2018-08-12 08:06 - 2018-08-12 08:06 - 000000000 ____D C:\Users\BECKO\AppData\Local\Zemana
      2018-08-12 08:05 - 2018-08-12 08:05 - 006625600 _____ (Zemana Ltd. ) C:\Users\BECKO\Downloads\Zemana.AntiMalware.Setup.exe
      2018-08-12 07:45 - 2018-08-12 07:45 - 007417040 _____ (Malwarebytes) C:\Users\BECKO\Downloads\adwcleaner_7.2.2.exe
      2018-08-12 07:44 - 2018-08-12 07:45 - 000000000 ____D C:\AdwCleaner
      2018-08-12 07:44 - 2018-08-12 07:44 - 007277776 _____ (Malwarebytes) C:\Users\BECKO\Downloads\adwcleaner_7.1.1.exe
      2018-08-12 07:12 - 2018-08-12 07:12 - 000000000 ____D C:\Users\BECKO\AppData\Local\CrashDumps
      2018-08-12 06:43 - 2018-08-12 08:36 - 000000000 ____D C:\ProgramData\RogueKiller
      2018-08-12 06:43 - 2018-08-12 08:16 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
      2018-08-12 06:42 - 2018-08-12 06:42 - 000001005 _____ C:\Users\Public\Desktop\RogueKiller.lnk
      2018-08-12 06:42 - 2018-08-12 06:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
      2018-08-12 06:42 - 2018-08-12 06:42 - 000000000 ____D C:\Program Files\RogueKiller
      2018-08-12 06:41 - 2018-08-12 06:41 - 036826200 _____ (Adlice Software ) C:\Users\BECKO\Downloads\RogueKiller_setup.exe
      2018-08-12 06:39 - 2018-08-12 06:39 - 000000000 _____ C:\Users\BECKO\Downloads\RogueKiller.exe
      2018-08-12 00:53 - 2018-08-12 00:53 - 000000046 _____ C:\Users\BECKO\AppData\Roaming\WB.CFG
      2018-08-12 00:38 - 2018-08-11 13:48 - 000000000 ____D C:\Windows\Panther
      2018-08-12 00:32 - 2018-08-12 00:32 - 000000000 ____D C:\Windows.old
      2018-08-12 00:20 - 2018-08-12 00:20 - 000000000 ____D C:\Windows\pss
      2018-08-11 22:23 - 2018-08-11 22:23 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
      2018-08-11 22:23 - 2018-08-11 22:23 - 000000000 ____D C:\Program Files\Synaptics
      2018-08-11 22:18 - 2018-08-11 22:18 - 000214312 _____ (Synaptics Incorporated) C:\Windows\system32\SynCtrl.dll
      2018-08-11 22:18 - 2018-08-11 22:18 - 000173352 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
      2018-08-11 22:18 - 2018-08-11 22:18 - 000120104 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo4.dll
      2018-08-11 22:14 - 2018-08-11 22:14 - 000165160 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
      2018-08-11 22:11 - 2018-08-11 22:11 - 001303728 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
      2018-08-11 22:09 - 2018-08-11 22:09 - 000046592 _____ (REDC) C:\Windows\system32\Drivers\risdptsk.sys
      2018-08-11 22:04 - 2018-08-11 22:04 - 000044800 _____ (Infineon Technologies AG) C:\Windows\system32\Drivers\ifxtpm.sys
      2018-08-11 21:57 - 2018-08-11 21:57 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ATSwpWDF_01009.Wdf
      2018-08-11 21:57 - 2018-08-11 21:57 - 000000000 ____D C:\Program Files\AuthenTec
      2018-08-11 21:54 - 2018-08-11 21:54 - 000000000 ____D C:\Intel
      2018-08-11 21:52 - 2018-08-11 21:53 - 000571904 _____ (Intel Corporation) C:\Windows\system32\igdumdx32.dll
      2018-08-11 21:52 - 2018-08-11 21:52 - 000452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
      2018-08-11 21:51 - 2018-08-11 21:52 - 004411392 _____ (Intel Corporation) C:\Windows\system32\igd10umd32.dll
      2018-08-11 21:48 - 2018-08-11 21:51 - 011405312 _____ (Intel Corporation) C:\Windows\system32\ig4icd32.dll
      2018-08-11 21:48 - 2018-08-11 21:48 - 000004096 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
      2018-08-11 21:48 - 2018-08-11 21:48 - 000000268 _____ C:\Windows\system32\GfxUI.exe.config
      2018-08-11 21:47 - 2018-08-11 21:48 - 003157784 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
      2018-08-11 21:47 - 2018-08-11 21:47 - 000189552 _____ C:\Windows\system32\Gfxres.th-TH.resources
      2018-08-11 21:47 - 2018-08-11 21:47 - 000121173 _____ C:\Windows\system32\Gfxres.tr-TR.resources
      2018-08-11 21:47 - 2018-08-11 21:47 - 000120320 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
      2018-08-11 21:47 - 2018-08-11 21:47 - 000104044 _____ C:\Windows\system32\Gfxres.zh-TW.resources
      2018-08-11 21:47 - 2018-08-11 21:47 - 000102883 _____ C:\Windows\system32\Gfxres.zh-CN.resources
      2018-08-11 21:46 - 2018-08-11 21:47 - 000119360 _____ C:\Windows\system32\Gfxres.sv-SE.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000178407 _____ C:\Windows\system32\Gfxres.el-GR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000165395 _____ C:\Windows\system32\Gfxres.ru-RU.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000139909 _____ C:\Windows\system32\Gfxres.ar-SA.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000136401 _____ C:\Windows\system32\Gfxres.ja-JP.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000133746 _____ C:\Windows\system32\Gfxres.he-IL.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000125558 _____ C:\Windows\system32\Gfxres.it-IT.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000123230 _____ C:\Windows\system32\Gfxres.ko-KR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000122927 _____ C:\Windows\system32\Gfxres.es-ES.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000122709 _____ C:\Windows\system32\Gfxres.de-DE.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000120800 _____ C:\Windows\system32\Gfxres.fr-FR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000120366 _____ C:\Windows\system32\Gfxres.pt-BR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000119616 _____ C:\Windows\system32\Gfxres.hu-HU.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000119586 _____ C:\Windows\system32\Gfxres.nl-NL.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000119067 _____ C:\Windows\system32\Gfxres.pt-PT.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118745 _____ C:\Windows\system32\Gfxres.cs-CZ.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118697 _____ C:\Windows\system32\Gfxres.fi-FI.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118409 _____ C:\Windows\system32\Gfxres.pl-PL.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118058 _____ C:\Windows\system32\Gfxres.sk-SK.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000114852 _____ C:\Windows\system32\Gfxres.nb-NO.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000114372 _____ C:\Windows\system32\Gfxres.sl-SI.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000114261 _____ C:\Windows\system32\Gfxres.da-DK.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000110214 _____ C:\Windows\system32\Gfxres.en-US.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000084992 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
      2018-08-11 21:45 - 2018-08-11 21:46 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000084992 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000084480 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000084480 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000082944 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000082944 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
      2018-08-11 21:43 - 2018-08-11 21:45 - 008198936 _____ (Intel(R) Corporation) C:\Windows\system32\TVWSetup.exe
      2018-08-11 21:43 - 2018-08-11 21:43 - 000261632 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
      2018-08-11 21:43 - 2018-08-11 21:43 - 000179480 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
      2018-08-11 21:43 - 2018-08-11 21:43 - 000023552 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
      2018-08-11 21:42 - 2018-08-11 21:43 - 000172824 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000828928 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000268056 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000228864 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000208896 _____ (Intel Corporation) C:\Windows\system32\iglhsip32.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000195584 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000171288 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000147456 _____ (Intel Corporation) C:\Windows\system32\iglhcp32.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000138008 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000130048 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000115200 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
      2018-08-11 21:42 - 2018-08-11 21:42 - 000095232 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000057856 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
      2018-08-11 21:41 - 2018-08-11 21:42 - 001921265 _____ C:\Windows\system32\iglhxa32.cpa
      2018-08-11 21:41 - 2018-08-11 21:41 - 000439308 _____ C:\Windows\system32\igcompkrng500.bin
      2018-08-11 21:41 - 2018-08-11 21:41 - 000092356 _____ C:\Windows\system32\igfcg500m.bin
      2018-08-11 21:41 - 2018-08-11 21:41 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2555.dll
      2018-08-11 21:41 - 2018-08-11 21:41 - 000060254 _____ C:\Windows\system32\iglhxg32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000060226 _____ C:\Windows\system32\iglhxc32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000060015 _____ C:\Windows\system32\iglhxo32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000051628 _____ C:\Windows\system32\iglhxs32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000001090 _____ C:\Windows\system32\iglhxa32.vp
      2018-08-11 21:40 - 2018-08-11 21:41 - 000982240 _____ C:\Windows\system32\igkrng500.bin
      2018-08-11 21:37 - 2018-08-11 21:37 - 000017408 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\KMWDFILTER.sys
      2018-08-11 21:36 - 2018-08-11 21:36 - 000007424 _____ () C:\Windows\system32\Drivers\whfltr2k.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000095488 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000073336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000042728 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2018-08-11 20:30 - 2018-08-11 20:30 - 000165608 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2018-08-11 20:27 - 2018-08-11 20:28 - 000000000 ____D C:\Users\BECKO\Downloads\windows.loader.v2.2.2
      2018-08-11 20:26 - 2018-08-11 20:26 - 001768154 _____ C:\Users\BECKO\Downloads\windows.loader.v2.2.2.zip
      2018-08-11 19:36 - 2018-08-11 19:36 - 078989872 _____ (Malwarebytes ) C:\Users\BECKO\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.6237.exe
      2018-08-11 19:36 - 2018-08-11 19:36 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\ProgramData\Malwarebytes
      2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\Program Files\Malwarebytes
      2018-08-11 19:36 - 2018-06-19 14:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
      2018-08-11 19:15 - 2018-08-11 19:15 - 000038224 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
      2018-08-11 19:14 - 2018-08-11 19:15 - 000000000 ____D C:\ProgramData\HitmanPro
      2018-08-11 18:56 - 2018-08-12 08:13 - 000001134 _____ C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
      2018-08-11 18:54 - 2018-07-20 18:17 - 084469760 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Roaming\rasapi32.dll
      2018-08-11 18:53 - 2018-08-12 06:28 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\41B13405-F6F9-0E07-41F8-1ED9F82C4739
      2018-08-11 18:52 - 2018-08-11 19:54 - 000000000 ____D C:\ProgramData\McAfee
      2018-08-11 18:51 - 2018-08-12 00:31 - 000000000 ____D C:\Windows\system32\yiuxtdsr
      2018-08-11 18:50 - 2018-08-11 19:43 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Sound Volume Control
      2018-08-11 18:47 - 2018-08-11 18:47 - 000000000 ____D C:\Windows\system32\appmgmt
      2018-08-11 18:28 - 2018-08-11 18:28 - 017142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 011220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 004240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 003969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 003914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2018-08-11 18:28 - 2018-08-11 18:28 - 002166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2018-08-11 18:28 - 2018-08-11 18:28 - 001818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
      2018-08-11 18:28 - 2018-08-11 18:28 - 000610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2018-08-11 18:28 - 2018-08-11 18:28 - 000244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2018-08-11 18:28 - 2018-08-11 18:28 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000000000 ____D C:\Users\BECKO\AppData\LocalLow\Temp
      2018-08-11 18:27 - 2018-08-11 18:27 - 001294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
      2018-08-11 18:27 - 2018-08-11 18:27 - 000868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
      2018-08-11 18:27 - 2018-08-11 18:27 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
      2018-08-11 18:27 - 2018-08-11 18:27 - 000240496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
      2018-08-11 18:27 - 2018-08-11 18:27 - 000231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
      2018-08-11 18:27 - 2018-08-11 18:27 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
      2018-08-11 18:27 - 2018-08-11 18:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 003419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 002284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
      2018-08-11 18:23 - 2018-08-11 18:23 - 001505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
      2018-08-11 18:22 - 2018-08-11 18:22 - 031194832 _____ (Microsoft Corporation) C:\Users\BECKO\Downloads\IE11-Windows6.1-x86-bg-bg.exe
      2018-08-11 17:59 - 2018-08-11 18:02 - 009037312 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd32.sys
      2018-08-11 17:57 - 2018-08-11 17:58 - 002760704 _____ (Intel Corporation) C:\Windows\system32\NETwNr32.dll
      2018-08-11 17:57 - 2018-08-11 17:57 - 000684032 _____ (Intel Corporation) C:\Windows\system32\NETwNc32.dll
      2018-08-11 17:55 - 2018-08-11 17:57 - 007523840 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETwNs32.sys
      2018-08-11 17:55 - 2018-08-11 17:55 - 000527344 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
      2018-08-11 17:55 - 2018-08-11 17:55 - 000026096 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys
      2018-08-11 17:54 - 2018-08-11 17:54 - 000232664 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1y6232.sys
      2018-08-11 17:54 - 2018-08-11 17:54 - 000121440 _____ (Intel Corporation) C:\Windows\system32\e1000msg.dll
      2018-08-11 17:54 - 2018-08-11 17:54 - 000081600 _____ (Intel Corporation) C:\Windows\system32\NicInstY.dll
      2018-08-11 17:54 - 2018-08-11 17:54 - 000028792 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll
      2018-08-11 17:54 - 2018-08-11 17:54 - 000003313 _____ C:\Windows\system32\e1y6232.din
      2018-08-11 17:53 - 2018-08-11 17:53 - 000144600 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys
      2018-08-11 17:53 - 2018-08-11 17:53 - 000060120 _____ (Broadcom Corporation.) C:\Windows\system32\btwdi.dll
      2018-08-11 17:52 - 2018-08-11 17:53 - 001680088 _____ (Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe
      2018-08-11 17:52 - 2018-08-11 17:52 - 001640152 _____ (Broadcom Corporation.) C:\Windows\system32\BcmBtRSupport.dll
      2018-08-11 17:52 - 2018-08-11 17:52 - 000175320 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys
      2018-08-11 17:50 - 2018-08-11 17:50 - 000048128 _____ (REDC) C:\Windows\system32\Drivers\rimmptsk.sys
      2018-08-11 17:45 - 2018-08-11 17:45 - 001461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoinstaller01009.dll
      2018-08-11 17:45 - 2018-08-11 17:45 - 000015544 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\CPQBttn.sys
      2018-08-11 17:44 - 2018-08-11 17:44 - 000971752 _____ (AuthenTec, Inc.) C:\Windows\system32\Drivers\ATSwpWDF.sys
      2018-08-11 17:42 - 2018-08-11 17:42 - 000035896 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\Accelerometer.sys
      2018-08-11 17:42 - 2018-08-11 17:42 - 000026168 _____ (Hewlett-Packard Company) C:\Windows\system32\hpservice.exe
      2018-08-11 17:42 - 2018-08-11 17:42 - 000025656 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\hpdskflt.sys
      2018-08-11 17:42 - 2018-08-11 17:42 - 000016952 _____ (Hewlett-Packard Company) C:\Windows\system32\accelerometerdll.DLL
      2018-08-11 17:42 - 2018-08-11 17:42 - 000014392 _____ (Hewlett-Packard Company) C:\Windows\system32\HPMDPCoInst12.dll
      2018-08-11 17:40 - 2018-08-12 07:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
      2018-08-11 17:39 - 2018-08-11 17:39 - 004107032 _____ (Easeware ) C:\Users\BECKO\Downloads\DriverEasy_Setup.exe
      2018-08-11 16:22 - 2018-08-11 16:22 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Adobe
      2018-08-11 16:21 - 2018-08-11 18:15 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
      2018-08-11 16:21 - 2018-08-11 18:15 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
      2018-08-11 16:21 - 2018-08-11 18:15 - 000000000 ____D C:\Windows\system32\Macromed
      2018-08-11 16:21 - 2018-08-11 18:15 - 000000000 ____D C:\Users\BECKO\AppData\Local\Adobe
      2018-08-11 16:21 - 2018-08-11 16:21 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Macromedia
      2018-08-11 16:21 - 2018-08-11 16:21 - 000000000 ____D C:\Users\BECKO\AppData\Local\CEF
      2018-08-11 16:17 - 2018-08-11 17:11 - 000000000 ____D C:\Users\BECKO\AppData\Local\K-Meleon
      2018-08-11 16:17 - 2018-08-11 16:17 - 000001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Meleon.lnk
      2018-08-11 16:17 - 2018-08-11 16:17 - 000001067 _____ C:\Users\Public\Desktop\K-Meleon.lnk
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\Downloads\k-meleon
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Mozilla
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\K-Meleon
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Program Files\K-Meleon
      2018-08-11 16:14 - 2018-08-11 16:14 - 032875887 _____ (kmeleonbrowser.org) C:\Users\BECKO\Downloads\K-Meleon76RC.exe
      2018-08-11 16:04 - 2018-08-11 16:04 - 000000000 ____H C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
      2018-08-11 16:04 - 2018-08-11 16:04 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
      2018-08-11 16:04 - 2012-07-26 06:39 - 000526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
      2018-08-11 16:04 - 2012-07-26 06:39 - 000047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
      2018-08-11 16:04 - 2012-07-26 05:46 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
      2018-08-11 16:04 - 2012-06-02 17:34 - 000000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
      2018-08-11 14:20 - 2018-07-17 01:02 - 000480888 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
      2018-08-11 14:18 - 2018-08-11 14:18 - 000000492 _____ C:\Users\BECKO\Desktop\LFS.lnk
      2018-08-11 14:04 - 2018-08-11 14:04 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-08-11 14:04 - 2018-08-11 14:04 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-08-11 14:04 - 2018-08-11 14:04 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Google
      2018-08-11 14:03 - 2018-08-11 14:18 - 000000000 ____D C:\Users\BECKO\AppData\Local\Google
      2018-08-11 14:03 - 2018-08-11 14:03 - 000000000 ____D C:\Program Files\Google
      2018-08-11 14:02 - 2018-08-11 14:02 - 000057560 _____ C:\Users\BECKO\AppData\Local\GDIPFONTCACHEV1.DAT
      2018-08-11 13:49 - 2018-08-11 13:49 - 000001417 _____ C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      2018-08-11 13:49 - 2014-05-14 19:23 - 001973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
      2018-08-11 13:49 - 2014-05-14 19:23 - 000581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
      2018-08-11 13:49 - 2014-05-14 19:23 - 000054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
      2018-08-11 13:49 - 2014-05-14 19:23 - 000045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
      2018-08-11 13:49 - 2014-05-14 19:23 - 000036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
      2018-08-11 13:49 - 2014-05-14 19:17 - 002425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
      2018-08-11 13:49 - 2014-05-14 19:17 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
      2018-08-11 13:49 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
      2018-08-11 13:49 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
      2018-08-11 13:48 - 2018-08-12 08:13 - 000000000 ____D C:\Users\BECKO
      2018-08-11 13:48 - 2018-08-11 13:48 - 000000020 ___SH C:\Users\BECKO\ntuser.ini
      2018-08-11 13:48 - 2018-08-11 13:48 - 000000000 ____D C:\Users\BECKO\AppData\Local\VirtualStore
      2018-08-11 13:48 - 2010-11-21 03:46 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Media Center Programs
      2018-08-11 13:43 - 2018-08-11 13:43 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
      2018-08-11 13:42 - 2018-08-11 13:42 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
      2018-08-11 13:41 - 2018-08-11 13:41 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-12 07:58 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-08-12 07:58 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-08-12 07:56 - 2010-11-21 00:01 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-08-12 07:56 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
      2018-08-12 07:51 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-08-12 00:38 - 2009-07-14 07:52 - 000028672 _____ C:\Windows\system32\config\BCD-Template
      2018-08-11 21:57 - 2009-07-14 07:52 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
      2018-08-11 21:40 - 2009-07-14 01:09 - 004967424 _____ (Intel Corporation) C:\Windows\system32\igdumd32.dll
      2018-08-11 18:36 - 2009-07-14 07:33 - 000266808 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-08-11 18:34 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\PolicyDefinitions
      2018-08-11 17:30 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\rescache
      2018-08-11 17:24 - 2010-11-21 03:38 - 000000000 ____D C:\Windows\system32\WCN
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\sysprep
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\oobe
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\migwiz
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\servicing
      2018-08-11 17:23 - 2010-11-21 03:46 - 000000000 ____D C:\Program Files\Windows Journal
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Sidebar
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Defender
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\DVD Maker
      2018-08-11 17:23 - 2009-07-14 05:37 - 000000000 ____D C:\Program Files\Common Files\System
      2018-08-11 14:05 - 2017-10-21 15:53 - 000000000 ____D C:\LFS
      2018-08-11 13:48 - 2009-07-14 05:37 - 000000000 __RHD C:\Users\Public\Libraries
      2018-08-11 13:43 - 2009-07-14 07:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
      2018-08-11 13:39 - 2010-11-21 03:46 - 000000000 ____D C:\Windows\CSC
      ==================== Files in the root of some directories =======
      2018-08-11 18:54 - 2018-07-20 18:17 - 084469760 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Roaming\rasapi32.dll
      2018-08-12 00:53 - 2018-08-12 00:53 - 000000046 _____ () C:\Users\BECKO\AppData\Roaming\WB.CFG
      Some files in TEMP:
      ====================
      2018-08-12 06:43 - 2018-08-11 18:28 - 001289096 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Local\Temp\dllnt_dump.dll
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-08-11 13:38
      ==================== End of FRST.txt ============================
      Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02.08.2018
      Ran by BECKO (12-08-2018 08:47:38)
      Running from C:\Users\BECKO\Downloads
      Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2018-08-11 10:48:46)
      Boot Mode: Normal
      ==========================================================

      ==================== Accounts: =============================
      Administrator (S-1-5-21-4192057778-3853912004-1886924142-500 - Administrator - Disabled)
      BECKO (S-1-5-21-4192057778-3853912004-1886924142-1001 - Administrator - Enabled) => C:\Users\BECKO
      Guest (S-1-5-21-4192057778-3853912004-1886924142-501 - Limited - Disabled)
      HomeGroupUser$ (S-1-5-21-4192057778-3853912004-1886924142-1002 - Limited - Enabled)
      ==================== Security Center ========================
      (If an entry is included in the fixlist, it will be removed.)
      AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
      AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
      AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      ==================== Installed Programs ======================
      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
      Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
      Adobe Flash Player 30 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
      Driver Easy 5.6.4 (HKLM\...\DriverEasy_is1) (Version: 5.6.4 - Easeware)
      Google Chrome (HKLM\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
      Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
      K-Meleon 76.0 (x86 en-US) (HKLM\...\K-Meleon 76.0 (x86 en-US)) (Version: 76.0 - kmeleonbrowser.org)
      Malwarebytes, версия 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
      Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
      RogueKiller version 12.12.31.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.31.0 - Adlice Software)
      Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
      Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
      ==================== Custom CLSID (Whitelisted): ==========================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      CustomCLSID: HKU\S-1-5-21-4192057778-3853912004-1886924142-1001_Classes\CLSID\{d33c6260-dafc-4b90-bf39-8ad6a5f19b7d}\localserver32 -> "C:\Program Files\Avira\SoftwareUpdater\AviraSoftwareUpdaterToastNotificationsBridge.exe" -ToastActivated => No File
      ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2018-08-12] ()
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2018-08-11] (Intel Corporation)
      ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2018-08-12] ()
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
      ==================== Scheduled Tasks (Whitelisted) =============
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      Task: {15D51586-5D78-42F1-9AC0-F11850F32BB2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-08-11] (Adobe Systems Incorporated)
      Task: {4311FBF7-FF23-4B96-8A7A-7C848E6879A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-08-11] (Google Inc.)
      Task: {755ADDF9-F707-4126-9FD6-5EE5C09A6ED0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-08-11] (Google Inc.)
      Task: {87310821-94B6-4F2B-B233-805F8167F2AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-11] (Adobe Systems Incorporated)
      Task: {A663C5B5-F8F8-4769-83E9-A86545183E28} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-08-11] (Adobe Systems Incorporated)
      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      ==================== Shortcuts & WMI ========================
      (The entries could be listed to be restored or removed.)

      ==================== Loaded Modules (Whitelisted) ==============
      2018-08-11 19:36 - 2018-07-03 12:59 - 002077904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
      2018-08-11 19:36 - 2018-06-18 13:32 - 002169040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
      2018-08-11 14:04 - 2018-08-08 03:55 - 004076888 _____ () C:\Program Files\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
      2018-08-11 14:04 - 2018-08-08 03:55 - 000096088 _____ () C:\Program Files\Google\Chrome\Application\68.0.3440.106\libegl.dll
      ==================== Alternate Data Streams (Whitelisted) =========
      (If an entry is included in the fixlist, only the ADS will be removed.)
      AlternateDataStreams: C:\Windows\system32\config\systemprofile:.repos [6121592]
      ==================== Safe Mode (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
      ==================== Association (Whitelisted) ===============
      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

      ==================== Internet Explorer trusted/restricted ===============
      (If an entry is included in the fixlist, it will be removed from the registry.)

      ==================== Hosts content: ===============================
      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
      2009-07-14 05:04 - 2009-06-11 00:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

      ==================== Other Areas ============================
      (Currently there is no automatic fix for this section.)
      HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: 192.168.0.1
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.
      ==================== MSCONFIG/TASK MANAGER disabled items ==

      ==================== FirewallRules (Whitelisted) ===============
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      FirewallRules: [{38F020BD-9D8B-47A7-BA58-523640743E70}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
      FirewallRules: [TCP Query User{73CDBD4B-E707-4433-90BB-0CA4D37853D5}D:\lfs\lfs.exe] => (Allow) D:\lfs\lfs.exe
      FirewallRules: [UDP Query User{43AE0B81-FBBA-40D9-9930-B10662946E5D}D:\lfs\lfs.exe] => (Allow) D:\lfs\lfs.exe
      FirewallRules: [{EB2B59E7-24DC-4376-8CA5-5C73EB6B45AC}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
      FirewallRules: [TCP Query User{3CA70832-11D6-43D6-996B-CE4FD0FFCA2F}C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe] => (Allow) C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe
      FirewallRules: [UDP Query User{A8FAE1F8-F48D-463D-9467-C469B6224C66}C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe] => (Allow) C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe
      FirewallRules: [{C20D9306-3310-4603-955A-D8750AB02ABC}] => (Allow) C:\Users\BECKO\AppData\Local\Chromium\Application\chrome.exe
      ==================== Restore Points =========================
      11-08-2018 13:48:58 Windows Update
      11-08-2018 14:19:49 Windows Update
      11-08-2018 16:16:29 Windows Backup
      11-08-2018 16:53:14 Language Pack Installation
      11-08-2018 18:23:09 Програма за инсталиране на модули за Windows
      11-08-2018 18:41:57 Windows Update
      11-08-2018 18:46:40 Removed Avira Software Updater
      11-08-2018 19:18:13 Точка на възстановяване на HitmanPro
      11-08-2018 19:29:58 Точка на възстановяване на HitmanPro
      ==================== Faulty Device Manager Devices =============
      Name: RICOH Bay8Controller
      Description: RICOH Bay8Controller
      Class Guid: 
      Manufacturer: 
      Service: 
      Problem: : The drivers for this device are not installed. (Code 28)
      Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

      ==================== Event log errors: =========================
      Application errors:
      ==================
      Error: (08/12/2018 07:53:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/12/2018 07:48:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/12/2018 07:16:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/12/2018 07:12:39 AM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Име на приложение с грешки: rundll32.exe_rasapi32.dll, версия: 6.1.7600.16385, времево клеймо: 0x4a5bc637
      Име на модул с грешки: rasapi32.dll_unloaded, версия: 0.0.0.0, времево клеймо: 0x5b51fcfc
      Код на изключение: 0xc0000005
      Отместване на грешка: 0x5d2300fb
      ИД на процес на грешка: 0xc58
      Начален час на приложението с грешки: 0x01d431b9f55ad649
      Път на приложението с грешки: C:\Windows\System32\rundll32.exe
      Път на модула с грешки: rasapi32.dll
      ИД на доклад: f345bb24-9de5-11e8-8c5b-002713343a56
      Error: (08/12/2018 12:27:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/11/2018 10:30:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/11/2018 08:31:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/11/2018 07:56:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

      System errors:
      =============
      Error: (08/12/2018 07:50:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: Услуга Software Protection беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 120000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service.
      Error: (08/12/2018 07:50:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга HP Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:50:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: Услуга Windows Media Player Network Sharing Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 30000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service.
      Error: (08/12/2018 07:50:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга Bluetooth Driver Management Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:46:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: Услуга Windows Media Player Network Sharing Service не може да бъде стартирана поради следната грешка: 
      Системата не може да намери указания път.
      Error: (08/12/2018 07:45:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга HP Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:45:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга Bluetooth Driver Management Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:45:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: Услуга Windows Media Player Network Sharing Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 30000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service.

      Windows Defender:
      ===================================
      Date: 2018-08-11 18:49:37.775
      Description: 
      Windows Defender has detected spyware or other potentially unwanted software.
      For more information please see the following:
      http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Prepscram&threatid=226289
      Name:SoftwareBundler:Win32/Prepscram
      ID:226289
      Severity:High
      Category:Software Bundler
      Path Found:file:C:\Program Files\KMSPico 10.2.1 Final\WindowsLoader.exe;process:pid:1664
      Detection Type:Concrete
      Detection Source:Real-Time Protection
      Status:Unknown
      Process Name:
      CodeIntegrity:
      ===================================
      Date: 2018-08-11 18:47:53.133
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:47:33.024
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:46:32.355
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:36:54.706
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:34:39.836
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:29:33.389
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:26:43.817
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:19:33.847
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      ==================== Memory info =========================== 
      Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
      Percentage of memory in use: 57%
      Total physical RAM: 3000.26 MB
      Available physical RAM: 1266.7 MB
      Total Virtual: 7094.55 MB
      Available Virtual: 5571.67 MB
      ==================== Drives ================================
      Drive c: () (Fixed) (Total:100.1 GB) (Free:34 GB) NTFS
      Drive d: () (Fixed) (Total:365.12 GB) (Free:278.48 GB) NTFS
      \\?\Volume{b6af5893-9d52-11e8-b3b1-806e6f6e6963}\ (Резервирана за системата) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
      \\?\Volume{b6af5896-9d52-11e8-b3b1-806e6f6e6963}\ () (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS
      ==================== MBR & Partition Table ==================
      ========================================================
      Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0FD73A73)
      Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=100.1 GB) - (Type=07 NTFS)
      Partition 3: (Not Active) - (Size=365.1 GB) - (Type=07 NTFS)
      Partition 4: (Not Active) - (Size=450 MB) - (Type=27)
      ==================== End of Addition.txt ============================
      това беше открито снощи 
      Malwarebytes
      www.malwarebytes.com
      -Детайли за регистъра-
      Дата на сканиране: 11.08.18 г.
      Час на сканиране: 19:39
      Файл на регистъра: 1355b5a2-9d85-11e8-97c9-002713343a56.json
      Администратор: Да
      -Информация за софтуера-
      Версия: 3.5.1.2522
      Версия на компонентите: 1.0.391
      Актуализирай версията на пакета: 1.0.6301
      Лиценз: Пробен период
      -Системна информация-
      OS: Windows 7 Service Pack 1
      CPU: x86
      Файлова система: NTFS
      Потребител: BECKO-PC\BECKO
      -Резюме на сканирането-
      Тип сканиране: Threat Scan
      Сканирането е стартирано от: Ръчно
      Резултат: Завършено
      Сканирани обекти: 158748
      Открити заплахи: 85
      Заплахи под карантина: 85
      Изтекло време: 3 мин, 55 сек
      -Опции за сканиране-
      Памет: Разрешено
      Стартиране: Разрешено
      Файлова система: Разрешено
      Архиви: Разрешено
      руткитове: Разрешено
      Евристика: Разрешено
      PUP: Открий
      PUM: Открий
      -Детайли за сканирането-
      Процес: 0
      (Не бяха открити зловредни елементи)
      Модул: 0
      (Не бяха открити зловредни елементи)
      Ключ на регистъра: 16
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Chromium tatec, Под карантина, [3754], [483380],1.0.6301
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3754], [483380],1.0.6301
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3754], [483380],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OPERA SCHEDULED AUTOUPDATE 4086469641, Под карантина, [103], [535908],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5A62AD84-CD2D-4C9B-AB06-213D0315B69D}, Под карантина, [103], [535908],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{5A62AD84-CD2D-4C9B-AB06-213D0315B69D}, Под карантина, [103], [535908],1.0.6301
      Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Multitimer_is1, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chromium tatec, Под карантина, [3725], [-1],0.0.0
      PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3725], [-1],0.0.0
      PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3725], [-1],0.0.0
      Adware.FastDataX, HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\SOFTWARE\FastDataX, Под карантина, [3932], [484533],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\campaign9961, Под карантина, [417], [518478],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, Под карантина, [417], [518476],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\Speedycar, Под карантина, [417], [518473],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\TechnologyDesktopnew, Под карантина, [417], [518479],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D2A33A63-8223-EBE3-33A3-9B63E32348E3}, Под карантина, [3725], [542290],1.0.6301
      Стойност на регистъра: 6
      Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Multitimer, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.NotChromeRun, HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GOOGLECHROMEAUTOLAUNCH_A26881468A4EFB18BAF645F9B1FB72E9, Под карантина, [6940], [241243],1.0.6301
      Adware.Tuto4PC.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|QWTD433SW12, Под карантина, [3704], [522751],1.0.6301
      Adware.NeoBar, HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|AwRWNQQxQn, Под карантина, [1236], [431477],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5A62AD84-CD2D-4C9B-AB06-213D0315B69D}|PATH, Под карантина, [103], [535907],1.0.6301
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}|PATH, Под карантина, [3754], [483378],1.0.6301
      Данни на регистъра: 0
      (Не бяха открити зловредни елементи)
      Поток данни: 0
      (Не бяха открити зловредни елементи)
      Папка: 8
      PUP.Optional.BundleInstaller, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\845712, Под карантина, [407], [463480],1.0.6301
      Adware.Tuto4PC, C:\PROGRAM FILES\MULTITIMER, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\5b2ec796-04d1-0, Под карантина, [679], [407181],1.0.6301
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\5b2ec796-56c1-1, Под карантина, [679], [407181],1.0.6301
      Adware.NeoBar, C:\USERS\BECKO\APPDATA\LOCAL\CYPJMERAKY, Под карантина, [1236], [431477],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\USERS\BECKO\APPDATA\LOCAL\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}, Под карантина, [3725], [542290],1.0.6301
      Файл: 55
      PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\5b2ec796-04d1-0\BITAC33.tmp, Под карантина, [3742], [257931],1.0.6301
      PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\5b2ec796-56c1-1\BIT96A0.tmp, Под карантина, [3742], [257931],1.0.6301
      PUP.Optional.BundleInstaller, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\845712\ic-0.9290ec7e4e043.exe, Под карантина, [407], [463480],1.0.6301
      PUP.Optional.BundleInstaller, C:\Users\BECKO\AppData\Local\Temp\845712\ic-0.ab640b600fd5f8.exe, Под карантина, [407], [463480],1.0.6301
      PUP.Optional.WinYahoo.Generic, C:\WINDOWS\SYSTEM32\TASKS\Chromium tatec, Под карантина, [3754], [483380],1.0.6301
      Adware.Agent, C:\WINDOWS\SYSTEM32\TASKS\OPERA SCHEDULED AUTOUPDATE 4086469641, Под карантина, [103], [535908],1.0.6301
      Adware.Agent, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\allradio_4.27_portable.exe, Под карантина, [103], [536191],1.0.6301
      Adware.Tuto4PC, C:\PROGRAM FILES\MULTITIMER\UNINS000.DAT, Под карантина, [2764], [474048],1.0.6301
      Adware.Tuto4PC, C:\Program Files\Multitimer\Multitimer.exe, Под карантина, [2764], [474048],1.0.6301
      Adware.Tuto4PC, C:\Program Files\Multitimer\unins000.exe, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}\fado, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}\hdat1, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}\hdat2, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Chromium tatec, Под карантина, [3725], [-1],0.0.0
      Adware.Tuto4PC.Generic, C:\PROGRAM FILES\YUYFG\5138832.EXE, Под карантина, [3704], [522751],1.0.6301
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      Adware.NeoBar, C:\Users\BECKO\AppData\Local\cypjMERAky\activation.exe, Под карантина, [1236], [431477],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\USERS\BECKO\APPDATA\LOCAL\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HOWTOREMOVE\HOWTOREMOVE.HTML, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\chromium-min.jpg, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\control panel-min-min.JPG, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\down.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\ff menu.JPG, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\ff search engine-min.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\hp-min ff.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\hp-min ie.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\search engine.gif, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\setup pages.gif, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\sp-min.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\start-min.jpg, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\up.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\lilacisa, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\lonadel, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\uninst.exe, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\uninstp.dat, Под карантина, [3725], [542290],1.0.6301
      Ransom.Crysis, C:\USERS\BECKO\APPDATA\ROAMING\MICROSOFT\WINDOWS\REACSRHG\UIFBACFE.EXE, Под карантина, [7210], [551188],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\Sound Volume Control.lnk, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\ROAMING\SOUND VOLUME CONTROL\SNDVOL.EXE, Под карантина, [0], [392686],1.0.6301
      PUP.Optional.BundleInstaller, C:\PROGRAM FILES\KMSPICO 10.2.1 FINAL\REGISTRY_ACTIVATION_2751393056.EXE, Под карантина, [407], [505351],1.0.6301
      Trojan.MalPack, C:\PROGRAM FILES\KMSPICO 10.2.1 FINAL\WINDOWSLOADER.EXE, Под карантина, [4152], [500527],1.0.6301
      Backdoor.Bot, C:\PROGRAM FILES\KMSPICO 10.2.1 FINAL\ACTIVATION.EXE, Под карантина, [806], [419768],1.0.6301
      Adware.Agent, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\IS-AT1Q7.TMP\ZRGVBV.DLL, Под карантина, [103], [539849],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\TEMP2_WINDOWS LOADER 3.1.ZIP\WINDOWS LOADER 3.1.EXE, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\TEMP3_WINDOWS LOADER 3.1.ZIP\WINDOWS LOADER 3.1.EXE, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\TEMP4_WINDOWS LOADER 3.1.ZIP\WINDOWS LOADER 3.1.EXE, Под карантина, [0], [392686],1.0.6301
      Adware.Tuto4PC, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\EYEKAZXXJYM.EXE, Под карантина, [2764], [474076],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\REFSUTIL.EXE, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\BEAD.TMP.EXE, Под карантина, [0], [392686],1.0.6301
      Физически сектор: 0
      (Не бяха открити зловредни елементи)
      WMI: 0
      (Не бяха открити зловредни елементи)

      (end)
  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.