Премини към съдържанието

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

Liuboslav Aleksandrov

Имам вирус, който ми изтрива антивирусните

Препоръчан отговор


Здравейте, проблемът ми е такъв, че когато се отворя нещо с свързано (било то сайт, процес и т.н.) с антивирусна програма само се прекратява, изтрива, премахва...Видях потребител, който е имал същия проблем, но разбрах, че се работи индивидуално по проблема. Моят проблем е абсолютно същият като във тази тема.

http://www.kaldata.com/forums/topic/151861-%D0%B8%D0%BC%D0%B0%D0%BC-%D0%B2%D0%B8%D1%80%D1%83%D1%81%D0%BA%D0%BE%D0%B9%D1%82%D0%BE-%D0%B8%D0%B7%D1%82%D1%80%D0%B8-%D0%B0%D0%BD%D1%82%D0%B8%D0%B2%D0%B8%D1%80%D1%83%D1%81%D0%BD%D0%B0%D1%82%D0%B0-%D0%BF%D1%80%D0%BE%D0%B3%D1%80%D0%B0%D0%BC%D0%B0/

 

Докладите:

DDS.txt

 

 

DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2 Run by qwerty at 22:53:05 on 2013-08-03 Microsoft Windows XP Professional  5.1.2600.3.1251.359.1033.18.894.106 [GMT 3:00] . AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes ================ . C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSsystem32Ati2evxx.exe C:Program FilesAviraAntiVir Desktopsched.exe C:WINDOWSExplorer.EXE C:Program FilesGoogleUpdate1.3.21.153GoogleCrashHandler.exe C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe C:Program FilesCommon FilesABBYYFineReader11.00LicensingCENetworkLicenseServer.exe C:WINDOWSsystem32ctfmon.exe C:Program FilesJavajre7binjqs.exe C:Program FilesNeroUpdateNASvc.exe C:Documents and SettingsAll UsersApplication DataSkypeToolbarsSkype C2C Servicec2c_service.exe C:DOCUME~1qwertyLOCALS~1Tempwinwqjuvd.exe C:DOCUME~1qwertyLOCALS~1Tempwinksxqtd.exe C:DOCUME~1qwertyLOCALS~1Tempwinscyeo.exe C:Program FilesMozilla Firefoxfirefox.exe C:Program FilesMozilla Firefoxplugin-container.exe C:Program FilesSkypePhoneSkype.exe C:WINDOWSsystem32rundll32.exe C:WINDOWSsystem32sndrec32.exe C:WINDOWSsystem32wbemwmiprvse.exe C:WINDOWSSystem32svchost.exe -k netsvcs C:WINDOWSsystem32svchost.exe -k NetworkService C:WINDOWSsystem32svchost.exe -k LocalService C:WINDOWSsystem32svchost.exe -k LocalService C:WINDOWSsystem32svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:program filescanoneasy-webprint exewpexbho.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:program filesjavajre7binssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:program filesjavajre7binjp2ssv.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:program filescanoneasy-webprint exewpexhlp.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:program filescanoneasy-webprint exewpexhlp.dll EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:program filescanoneasy-webprint exewpexhlp.dll uRun: [CTFMON.EXE] c:windowssystem32ctfmon.exe uRun: [DAEMON Tools Lite] "d:daemon tools liteDTLite.exe" -autorun uRun: [Google Update] "c:documents and settingsqwertylocal settingsapplication datagoogleupdateGoogleUpdate.exe" /c uRun: [northbridge] c:intelnorthbridge.bat uRunOnce: [FlashPlayerUpdate] c:windowssystem32macromedflashFlashUtil32_11_7_700_224_Plugin.exe -update plugin mRun: [DWPersistentQueuedReporting] c:program filescommon filesmicrosoft shareddwDWTRIG20.EXE -a mRun: [ATICCC] "c:program filesati technologiesati.aceCLIStart.exe" mRun: [NeroFilterCheck] c:windowssystem32NeroCheck.exe mRun: [GrooveMonitor] "c:program filesmicrosoft officeoffice12GrooveMonitor.exe" mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe" mRun: [bonus.SSR.FR11] "d:fine readernew folderBonus.ScreenshotReader.exe" /autorun mRun: [CanonSolutionMenu] c:program filescanonsolutionmenuCNSLMAIN.exe /logon mRun: [LogMeIn Hamachi Ui] "D:hamachi-2-ui.exe" --auto-start mRun: [avgnt] "c:program filesaviraantivir desktopavgnt.exe" /min mRun: [FixCamera] c:windowsFixCamera.exe mRun: [tsnp2std] c:windowstsnp2std.exe mRun: [snpstd3] c:windowsvsnpstd3.exe mRun: [tsnpstd3] c:windowstsnpstd3.exe dRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXE StartupFolder: c:docume~1qwertystartm~1programsstartupon-scr~1.lnk - c:windowssystem32osk.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableLUA = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:progra~1micros~4office12EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:program filesmicrosoft officeoffice12ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe TCP: NameServer = 172.16.1.1 TCP: Interfaces{F615EF8F-D91B-41ED-AED3-73B03AE098FD} : DHCPNameServer = 172.16.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:program filesmicrosoft officeoffice12GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:program filescommon filesskypeSkype4COM.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:program filesgooglechromeapplication28.0.1500.95installerchrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:documents and settingsqwertyapplication datamozillafirefoxprofileswahsbg9c.default-1373472550146 FF - plugin: c:documents and settingsqwertyapplication datamozillapluginsnpgoogletalk.dll FF - plugin: c:documents and settingsqwertyapplication datamozillapluginsnpgtpo3dautoplugin.dll FF - plugin: c:documents and settingsqwertyapplication datamozillapluginsnpo1d.dll FF - plugin: c:documents and settingsqwertylocal settingsapplication datagoogleupdate1.3.21.153npGoogleUpdate3.dll FF - plugin: c:progra~1common~1nerobrowse~1npBrowserPlugin.dll FF - plugin: c:program filesadobereader 10.0readerairnppdf32.dll FF - plugin: c:program filesgoogleupdate1.3.21.153npGoogleUpdate3.dll FF - plugin: c:program filesjavajre7binplugin2npjp2.dll FF - plugin: c:program filesmicrosoft silverlight5.1.20513.0npctrlui.dll FF - plugin: c:windowssystem32macromedflashNPSWF32_11_7_700_224.dll FF - plugin: c:windowssystem32npDeployJava1.dll FF - plugin: c:windowssystem32npptools.dll FF - plugin: d:winamp detectnpwachk.dll . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;c:windowssystem32driversavkmgr.sys [2013-7-28 37352] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32driversdtsoftbus01.sys [2013-3-4 242240] R2 ABBYY.Licensing.FineReader.Corporate.11.0;ABBYY FineReader 11 CE Licensing Service;c:program filescommon filesabbyyfinereader11.00licensingceNetworkLicenseServer.exe [2011-12-22 818952] R2 AntiVirSchedulerService;Avira Scheduler;c:program filesaviraantivir desktopsched.exe [2013-7-28 84024] R2 avgntflt;avgntflt;c:windowssystem32driversavgntflt.sys [2013-7-28 84744] R2 NAUpdate;Nero Update;c:program filesneroupdateNASvc.exe [2012-7-13 769432] R2 Skype C2C Service;Skype C2C Service;c:documents and settingsall usersapplication dataskypetoolbarsskype c2c servicec2c_service.exe [2013-1-31 3289208] R3 amsint32;amsint32;??c:windowssystem32driversfknskq.sys --> c:windowssystem32driversfknskq.sys [?] S2 AntiVirService;Avira Real-Time Protection;c:program filesaviraantivir desktopavguard.exe [2013-7-28 108088] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384] S2 gupdate;Услуга на Google Актуализация (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2013-7-28 116648] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:hamachi-2.exe -s --> d:hamachi-2.exe -s [?] S2 SkypeUpdate;Skype Updater;c:program filesskypeupdaterUpdater.exe [2013-2-28 161384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32macromedflashFlashPlayerUpdateService.exe [2013-2-19 256904] S3 gupdatem;Услуга на Google Актуализация (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2013-7-28 116648] S3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversmbamswissarmy.sys [2013-8-3 40776] S3 MozillaMaintenance;Mozilla Maintenance Service;c:program filesmozilla maintenance servicemaintenanceservice.exe [2013-2-18 117144] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:windowsmicrosoft.netframeworkv4.0.30319wpfWPFFontCache_v0400.exe [2013-4-18 754856] S4 AntiVirWebService;Avira Web Protection;c:program filesaviraantivir desktopavwebgrd.exe [2013-7-28 589368] . =============== Created Last 30 ================ . 2013-08-03 06:20:17  --------  d-----w-  c:program filesSHOUTcast 2013-08-03 05:46:41  40776  ----a-w-  c:windowssystem32driversmbamswissarmy.sys 2013-08-03 05:35:04  --------  d-----w-  c:documents and settingsqwertyapplication dataURSoft 2013-08-02 11:32:59  53760  -c--a-w-  c:windowssystem32dllcachevfwwdm32.dll 2013-08-02 11:32:59  53760  ----a-w-  c:windowssystem32vfwwdm32.dll 2013-07-30 19:08:11  913408  ----a-w-  c:windowsvsnpstd3.exe 2013-07-30 19:08:11  348160  ----a-w-  c:windowstsnpstd3.exe 2013-07-30 19:08:10  3968  ----a-w-  c:windowssystem32driversDeNoise.sys 2013-07-30 19:08:10  10423936  ----a-w-  c:windowssystem32driverssnpstd3.sys 2013-07-30 19:08:08  61440  ----a-w-  c:windowssystem32vsnpstd3.dll 2013-07-30 19:08:08  53248  ----a-w-  c:windowssystem32csnpstd3.dll 2013-07-30 19:08:08  53248  ----a-w-  c:windowscsnpstd3.dll 2013-07-30 19:08:08  155648  ----a-w-  c:windowssystem32rsnpstd3.dll 2013-07-30 19:08:07  --------  d-----w-  c:program filescommon filessnpstd3 2013-07-30 18:44:44  423200  ----a-w-  c:windowsWindowsXP-KB822603-x86.exe 2013-07-30 18:44:43  675840  ----a-w-  c:windowsvsnp2std.exe 2013-07-30 18:44:43  331776  ----a-w-  c:windowstsnp2std.exe 2013-07-30 18:44:43  25472  ----a-w-  c:windowssystem32driverssncamd.sys 2013-07-30 18:44:40  12033024  ----a-w-  c:windowssystem32driverssnp2sxp.sys 2013-07-30 18:44:38  77824  ----a-w-  c:windowssystem32csnp2std.dll 2013-07-30 18:44:38  249856  ----a-w-  c:windowssystem32vsnp2std.dll 2013-07-30 18:44:38  151552  ----a-w-  c:windowssystem32rsnp2std.dll 2013-07-30 18:44:38  --------  d-----w-  c:program filescommon filessnp2std 2013-07-30 18:21:01  98304  ----a-w-  c:windowsamcap.exe 2013-07-30 18:21:01  90112  ----a-w-  c:windowsFixCamera.exe 2013-07-30 14:59:20  --------  d-----w-  c:documents and settingsqwertyapplication dataAvira 2013-07-27 21:56:11  84744  ----a-w-  c:windowssystem32driversavgntflt.sys 2013-07-27 21:56:11  37352  ----a-w-  c:windowssystem32driversavkmgr.sys 2013-07-27 21:56:01  --------  d-----w-  c:program filesAvira 2013-07-27 21:56:01  --------  d-----w-  c:documents and settingsall usersapplication dataAvira 2013-07-11 20:00:54  --------  d-----w-  c:documents and settingsqwertyapplication dataMalwarebytes 2013-07-11 20:00:44  --------  d-----w-  c:documents and settingsall usersapplication dataMalwarebytes 2013-07-11 20:00:42  22856  ----a-w-  c:windowssystem32driversmbam.sys 2013-07-11 20:00:42  --------  d-----w-  c:program filesMalwarebytes' Anti-Malware . ==================== Find3M  ==================== . 2013-06-12 05:08:13  71048  ----a-w-  c:windowssystem32FlashPlayerCPLApp.cpl 2013-06-12 05:08:13  692104  ----a-w-  c:windowssystem32FlashPlayerApp.exe 2013-06-07 21:56:06  920064  ----a-w-  c:windowssystem32wininet.dll 2013-06-07 21:56:06  43520  ----a-w-  c:windowssystem32licmgr10.dll 2013-06-07 21:56:05  1469440  ----a-w-  c:windowssystem32inetcpl.cpl 2013-06-07 20:55:44  385024  ----a-w-  c:windowssystem32html.iec 2013-06-04 07:23:02  562688  ----a-w-  c:windowssystem32qedit.dll 2013-06-04 01:40:45  1876736  ----a-w-  c:windowssystem32win32k.sys 2013-05-08 21:28:02  1543680  ----a-w-  c:windowssystem32wmvdecod.dll . ============= FINISH: 22:58:56,27 ===============  

 

Attach.exe

 

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-09-30.01) . Microsoft Windows XP Professional Boot Device: DeviceHarddiskVolume1 Install Date: 18.2.2013 г. 14:17:32 System Uptime: 03.8.2013 г. 10:49:58 (12 hours ago) . Motherboard: MSI |  | 0A48 Processor: Intel® Pentium® D CPU 3.00GHz |  | 3000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 30 GiB total, 14,452 GiB free. D: is FIXED (NTFS) - 119 GiB total, 105,728 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318} Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard Device ID: ACPIPNP03033&61AAA01&0 Manufacturer: (Standard keyboards) Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard PNP Device ID: ACPIPNP03033&61AAA01&0 Service: i8042prt . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Hamachi Network Interface Device ID: ROOTNET0000 Manufacturer: LogMeIn, Inc. Name: Hamachi Network Interface PNP Device ID: ROOTNET0000 Service: hamachi . ==== System Restore Points =================== . RP135: 12.7.2013 г. 14:00:19 - Software Distribution Service 3.0 RP136: 13.7.2013 г. 14:00:18 - Software Distribution Service 3.0 RP137: 27.7.2013 г. 17:44:44 - Software Distribution Service 3.0 RP138: 28.7.2013 г. 14:00:21 - Software Distribution Service 3.0 RP139: 29.7.2013 г. 14:00:24 - Software Distribution Service 3.0 RP140: 30.7.2013 г. 14:00:20 - Software Distribution Service 3.0 RP141: 30.7.2013 г. 21:20:52 - Installed USB PC Camera RP142: 30.7.2013 г. 21:23:13 - Installed USB PC Camera RP143: 30.7.2013 г. 21:44:37 - Installed USB2.0 PC Camera (SN9C201&202) RP144: 30.7.2013 г. 21:50:15 - Removed USB PC Camera RP145: 30.7.2013 г. 22:08:07 - Installed USB PC Camera RP146: 31.7.2013 г. 14:00:23 - Software Distribution Service 3.0 RP147: 01.8.2013 г. 14:00:17 - Software Distribution Service 3.0 RP148: 02.8.2013 г. 14:00:50 - Software Distribution Service 3.0 RP149: 03.8.2013 г. 08:49:12 - Before uninstalling USB2.0 PC Camera (SN9C201&202) RP150: 03.8.2013 г. 08:50:06 - Before uninstalling USB PC Camera RP151: 03.8.2013 г. 14:00:18 - Software Distribution Service 3.0 . ==== Installed Programs ====================== . Архиватор WinRAR µTorrent ABBYY FineReader 11 Corporate Edition Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.7) ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Display Driver Avira Free Antivirus Bulgarian Keyboards XP by G. Atanasov BulgarianPhonetic XP by G. Atanasov Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX Canon MP Navigator EX 1.0 Canon MP210 series Canon My Printer Canon Utilities Solution Menu CDBurnerXP Cheat Engine 6.3 Choice Guard Counter-Strike 1.6 Professional Edition v2.0 DAEMON Tools Lite EA SPORTS online 2007 FIFA 07 GameRanger Google Chrome Google Talk Plugin Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB954550-v5) Java 7 Update 17 K-Lite Codec Pack 9.7.0 (Full) LogMeIn Hamachi Malwarebytes Anti-Malware, версия 1.75.0.1300 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2833941) Microsoft .NET Framework 1.1 Service Pack 1 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft Help Viewer 1.0 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders  (English) 12 Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server System CLR Types Microsoft Visual Basic 2010 Express - ENU Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Mouse Recorder Pro 2.0.7.4 Mozilla Firefox 22.0 (x86 bg) Mozilla Maintenance Service MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2758694) MSXML 6.0 Parser MultiBit 0.4.21 Nero Audio Pack 1 Nero Blu-ray Player Nero Blu-ray Player Help (CHM) Nero Core Components Nero Kwik Media Nero Kwik Media Help (CHM) Nero Kwik Themes Basic Nero OEM Nero SharedVideoCodecs Nero Update Prerequisite installer Realtek High Definition Audio Driver SafeSaver 1.74 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB2817183) Security Update for Windows Internet Explorer 8 (KB2829530) Security Update for Windows Internet Explorer 8 (KB2838727) Security Update for Windows Internet Explorer 8 (KB2846071) Security Update for Windows Internet Explorer 8 (KB2847204) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB2834904) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219-v2) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135-v2) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2808735) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2820197) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB2829361) Security Update for Windows XP (KB2834886) Security Update for Windows XP (KB2839229) Security Update for Windows XP (KB2845187) Security Update for Windows XP (KB2850851) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) Segoe UI SHOUTcast DNAS Server v2 SHOUTcast Source DSP Plug-in v2 Skype Click to Call Skype™ 6.3 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition Update for Windows XP (KB2345886) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB955759) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB973815) VirtualCamera Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU VobSub v2.23 (Remove Only) WebFldrs XP Winamp Winamp Detector Plug-in Windows Live Call Windows Live Communications Platform Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Rights Management Client Backwards Compatibility SP2 Windows Rights Management Client with Service Pack 2 Your Uninstaller! 7 . ==== Event Viewer Messages From Past Week ======== . 31.7.2013 г. 19:07:23, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 5 time(s). 31.7.2013 г. 14:59:05, error: Service Control Manager [7034]  - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly.  It has done this 1 time(s). 31.7.2013 г. 14:02:28, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109). 31.7.2013 г. 13:06:59, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 4 time(s). 31.7.2013 г. 13:01:46, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 3 time(s). 31.7.2013 г. 13:01:38, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. 31.7.2013 г. 13:01:36, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. 31.7.2013 г. 13:00:10, error: ati2mtag [44044]  - I2c return failed 31.7.2013 г. 13:00:10, error: ati2mtag [44044]  - I2c return failed 31.7.2013 г. 01:07:04, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 5 time(s). 30.7.2013 г. 19:06:49, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 4 time(s). 30.7.2013 г. 17:59:23, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 3 time(s). 30.7.2013 г. 17:59:15, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. 30.7.2013 г. 17:59:08, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. 30.7.2013 г. 17:57:51, error: ati2mtag [44044]  - I2c return failed 30.7.2013 г. 17:57:51, error: ati2mtag [44044]  - I2c return failed 30.7.2013 г. 14:01:32, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109). 30.7.2013 г. 13:06:20, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 5 time(s). 30.7.2013 г. 01:06:21, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 4 time(s). 29.7.2013 г. 22:40:18, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 3 time(s). 29.7.2013 г. 22:40:09, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. 29.7.2013 г. 22:40:01, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. 29.7.2013 г. 22:38:45, error: ati2mtag [44044]  - I2c return failed 29.7.2013 г. 22:38:45, error: ati2mtag [44044]  - I2c return failed 29.7.2013 г. 19:06:22, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 8 time(s). 29.7.2013 г. 14:01:58, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109). 29.7.2013 г. 07:03:39, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 7 time(s). 28.7.2013 г. 23:29:27, error: Service Control Manager [7034]  - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly.  It has done this 1 time(s). 28.7.2013 г. 19:03:44, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 6 time(s). 28.7.2013 г. 14:01:35, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109). 28.7.2013 г. 13:04:12, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 5 time(s). 28.7.2013 г. 00:59:22, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 4 time(s). 28.7.2013 г. 00:59:22, error: Service Control Manager [7022]  - The Avira Real-Time Protection service hung on starting. 28.7.2013 г. 00:59:22, error: Service Control Manager [7001]  - The Avira Web Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error:  After starting, the service hung in a start-pending state. 28.7.2013 г. 00:57:20, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 3 time(s). 28.7.2013 г. 00:57:12, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. 28.7.2013 г. 00:57:03, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. 28.7.2013 г. 00:54:29, error: ati2mtag [44044]  - I2c return failed 28.7.2013 г. 00:54:29, error: ati2mtag [44044]  - I2c return failed 27.7.2013 г. 18:47:42, error: i8042prt [22]  - Could not set the mouse sample rate. 27.7.2013 г. 17:47:32, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109). 27.7.2013 г. 17:46:05, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Avira AntiVir Guard service to connect. 27.7.2013 г. 17:46:05, error: Service Control Manager [7000]  - The Avira AntiVir Guard service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion. 27.7.2013 г. 17:44:23, error: Service Control Manager [7034]  - The Avira AntiVir Guard service terminated unexpectedly.  It has done this 3 time(s). 27.7.2013 г. 17:44:15, error: Service Control Manager [7031]  - The Avira AntiVir Guard service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. 27.7.2013 г. 17:44:07, error: Service Control Manager [7031]  - The Avira AntiVir Guard service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. 27.7.2013 г. 17:42:44, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume. 27.7.2013 г. 17:42:44, error: ati2mtag [44044]  - I2c return failed 27.7.2013 г. 17:42:44, error: ati2mtag [44044]  - I2c return failed 03.8.2013 г. 19:07:14, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 5 time(s). 03.8.2013 г. 14:01:44, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109). 03.8.2013 г. 13:07:46, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 4 time(s). 03.8.2013 г. 10:52:37, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 3 time(s). 03.8.2013 г. 10:52:34, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. 03.8.2013 г. 10:52:33, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. 03.8.2013 г. 10:52:33, error: Service Control Manager [7000]  - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error:  The system cannot find the file specified. 03.8.2013 г. 10:51:17, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume. 03.8.2013 г. 10:51:17, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume. 03.8.2013 г. 10:51:17, error: ati2mtag [44044]  - I2c return failed 03.8.2013 г. 10:51:17, error: ati2mtag [44044]  - I2c return failed 03.8.2013 г. 07:07:24, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 14 time(s). 03.8.2013 г. 01:07:31, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 13 time(s). 02.8.2013 г. 19:07:51, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 12 time(s). 02.8.2013 г. 14:07:25, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109). 02.8.2013 г. 13:08:06, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 11 time(s). 02.8.2013 г. 07:07:33, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 10 time(s). 02.8.2013 г. 01:07:22, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 9 time(s). 01.8.2013 г. 19:07:23, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 8 time(s). 01.8.2013 г. 14:01:45, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109). 01.8.2013 г. 07:07:11, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 7 time(s). 01.8.2013 г. 01:07:32, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 6 time(s). . ==== End Of File ===========================  

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте..!Не мисля така..по логовете се вижда зараза с полиморфен вирус Sality..
 
 
1. Спрете Autorun функцията.
Изтеглете и стартирайте следния файл Публикувано изображение
Стартирайте го и се съгласете с лицензионното споразумение.
Натиснете Next и изчакайте да си свърпи работата.


2. Спрете System Restore функцията.
Щракнете с десен бутон върху My Computer, след това изберете Properties => отидете на System Restore => изберете опцията Turn off System Restore on all drives => натиснете Apply и затворете прозореца
.
Публикувано изображение
 


3. Изтеглете SalityKiller и го запазете на десктопа.
Изключете интернет достъпа и след това сканирайте с него по описания по-надолу начин:

  • [*]Изтеглете
SalityKiller Версия 1.3.6.0 и запазете инструмента на десктопа. [*]Отворете Start => Run в полето въведете CMD => натиснете Enter => след това  с copy/paste копирайте командата и я поставете в черния прозорец на CMD с десен бутон на мишката => paste "%userprofile%desktopsalitykiller.exe" -n -r -x -a -j -k -l c:report.txt [*]Изчакайте проверката да завърши. [*]След като тя приключи, публикувайте съдържанието на лог файла C:report.txt в следващия си пост.

 

4.Направете една проверка с Kaspersky Virus Removal Tool
След като изтеглите инструмента, изключете достъпа до интернет.
След като стартирате инструмента, отидете до Settings (Иконата, която прилича на звездичка) сложете отметка пред My Computer.
 
Публикувано изображение
 
От опциите за почистване изберете Disinfect => но не избирайте delete if disinfection fails.
 
Публикувано изображение
 
Върнете се до Automatic Scan и натиснете Start Scanning.
 
Публикувано изображение
 
Ако по време на сканирането ви попита за дадено действие изберете skip.
След като приключи проверката изберете Report (Иконата която прилича на листче) => Detected Threats изберете SAVE и запазете документа на десктопа.
 
Публикувано изображение
 
Kопирайте съдържанието му в следващия си пост.
Затворете инструмента - това ще до деинсталира автоматично.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Мисля, че проблема се оправи, ето ви логовете, само че размених стъпка 3 и 4, тъй като SalityKillera отначало не искаше да се пусне.

kaspersky.txt

 

Status: Disinfected   (events: 221)

04.8.2013 г. 12:29:19 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyApplication Datajxpiinstall.exe High
04.8.2013 г. 12:03:53 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyDesktopMinecraftSP.exe High
04.8.2013 г. 12:04:16 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyDesktopRootKit.exe High
04.8.2013 г. 12:04:18 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyDesktopSimilarBundleGenericDl.exe High
04.8.2013 г. 12:04:27 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyDesktopWinsockxpFix.exe High
04.8.2013 г. 12:05:16 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyDesktopyusetup7.exe High
04.8.2013 г. 12:08:23 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp00B105FE_RarMinecraftSP.exe High
04.8.2013 г. 12:30:41 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp00B1062D_RarMinecraftSP.exe High
04.8.2013 г. 12:10:34 Disinfected virus Virus.Win32.Sality.gen d:hxeg.pif High
04.8.2013 г. 12:10:49 Disinfected virus Virus.Win32.Sality.gen c:Program FilesATI TechnologiesATI.ACECLIStart.exe High
04.8.2013 г. 12:11:01 Disinfected virus Virus.Win32.Sality.gen c:WINDOWSsystem32NeroCheck.exe High
04.8.2013 г. 12:11:17 Disinfected virus Virus.Win32.Sality.gen d:Fine ReaderNew FolderBonus.ScreenshotReader.exe High
04.8.2013 г. 12:11:29 Disinfected virus Virus.Win32.Sality.gen c:Program FilesCanonSolutionMenuCNSLMAIN.EXE High
04.8.2013 г. 12:11:40 Disinfected virus Virus.Win32.Sality.gen c:WINDOWSFixCamera.exe High
04.8.2013 г. 12:11:52 Disinfected virus Virus.Win32.Sality.gen c:WINDOWStsnp2std.exe High
04.8.2013 г. 12:12:04 Disinfected virus Virus.Win32.Sality.gen c:WINDOWSvsnpstd3.exe High
04.8.2013 г. 12:12:16 Disinfected virus Virus.Win32.Sality.gen c:WINDOWStsnpstd3.exe High
04.8.2013 г. 12:12:31 Disinfected virus Virus.Win32.Sality.gen d:DAEMON Tools LiteDTLite.exe High
04.8.2013 г. 12:12:44 Disinfected virus Virus.Win32.Sality.gen c:Intelstart.exe High
04.8.2013 г. 12:13:44 Disinfected virus Virus.Win32.Sality.gen d:uTorrent.exe High
04.8.2013 г. 12:14:04 Disinfected virus Virus.Win32.Sality.gen c:Documents and SettingsqwertyApplication DataGameRangerGameRangerGameRanger.exe High
04.8.2013 г. 12:14:17 Disinfected virus Virus.Win32.Sality.gen d:FIFA 07 - RELOADEDfifa07.exe High
04.8.2013 г. 12:15:56 Disinfected virus Virus.Win32.Sality.gen c:Program FilesAheadNero BackItUpBackItUp.exe High
04.8.2013 г. 12:16:16 Disinfected virus Virus.Win32.Sality.gen d:Fine ReaderNew FolderFineReader.exe High
04.8.2013 г. 12:16:34 Disinfected virus Virus.Win32.Sality.gen c:Program FilesAheadImageDriveImageDrive.exe High
04.8.2013 г. 12:16:52 Disinfected virus Virus.Win32.Sality.gen c:Program FilesMalwarebytes' Anti-Malwarembam.exe High
04.8.2013 г. 12:17:28 Disinfected virus Virus.Win32.Sality.gen c:Program FilesCanonMP Navigator EX 1.0mpnex10.exe High
04.8.2013 г. 12:17:44 Disinfected virus Virus.Win32.Sality.gen c:Program FilesAheadCoverDesignerCoverDes.exe High
04.8.2013 г. 12:17:59 Disinfected virus Virus.Win32.Sality.gen c:Program FilesAheadNero StartSmartNeroStartSmart.exe High
04.8.2013 г. 12:18:13 Disinfected virus Virus.Win32.Sality.gen d:VirtualCameraVCamera.exe High
04.8.2013 г. 12:18:27 Disinfected virus Virus.Win32.Sality.gen c:Program FilesAheadWMPBurnWMPBurn.exe High
04.8.2013 г. 12:18:54 Disinfected virus Virus.Win32.Sality.gen d:Printer FilesCNEZMAIN.EXE High
04.8.2013 г. 12:19:07 Disinfected virus Virus.Win32.Sality.gen c:Program FilesATI TechnologiesATI.ACEthunk.exe High
04.8.2013 г. 12:19:28 Disinfected virus Virus.Win32.Sality.gen d:Your Uninstaller! 7urmain.exe High
04.8.2013 г. 12:30:52 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp00D510BD_Rar200804141307_USB PC Camera_v5.18.1207.000.exe High
04.8.2013 г. 12:31:11 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp00D516B8_Rar200804141307_USB PC Camera_v5.18.1207.000.exe High
04.8.2013 г. 12:31:23 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp00D51F92_Rar200804141307_USB PC Camera_v5.18.1207.000.exe High
04.8.2013 г. 12:31:36 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp00E5AE08_Rar200804141307_USB PC Camera_v5.18.1207.000.exe High
04.8.2013 г. 12:31:46 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp00E5AF60_Rar200804141307_USB PC Camera_v5.18.1207.000.exe High
04.8.2013 г. 12:31:57 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp00E5AF9F_Rar200804141307_USB PC Camera_v5.18.1207.000.exe High
04.8.2013 г. 12:32:12 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0167E0B9_Raruninstall.exe High
04.8.2013 г. 12:32:09 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0167E193_RarAu_.exe High
04.8.2013 г. 12:32:12 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0169900F_Raruninstall.exe High
04.8.2013 г. 12:32:17 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0713CD3A_RarMinecraftSP.exe High
04.8.2013 г. 12:32:25 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp016990F9_RarAu_.exe High
04.8.2013 г. 12:32:25 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp028B8A8E_Rarhelper.exe High
04.8.2013 г. 12:32:25 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp028B8AAD_Rarmaintenanceservice_installer.exe High
04.8.2013 г. 12:32:33 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0713CD4A_RarMinecraftSP.exe High
04.8.2013 г. 12:32:49 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp028B8E76_Rarhelper.exe High
04.8.2013 г. 12:32:37 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp05053761_Raruninstall.exe High
04.8.2013 г. 12:32:38 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0505385B_RarAu_.exe High
04.8.2013 г. 12:32:47 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp07143CBD_RarMinecraftSP.exe High
04.8.2013 г. 12:32:50 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp05061907_Raruninstall.exe High
04.8.2013 г. 12:32:51 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp05061A5E_RarAu_.exe High
04.8.2013 г. 12:33:04 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp07143E63_RarMinecraftSP.exe High
04.8.2013 г. 12:32:58 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp050627EB_Raruninstall.exe High
04.8.2013 г. 12:32:58 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp050628A7_RarAu_.exe High
04.8.2013 г. 12:33:12 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp08626701_RarMinecraftSP.exe High
04.8.2013 г. 12:33:19 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0862675E_RarMinecraftSP.exe High
04.8.2013 г. 12:33:27 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0863CAD6_RarMinecraftSP.exe High
04.8.2013 г. 12:33:39 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0E8E25EB_Rarsetup.exe High
04.8.2013 г. 12:33:45 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0E8E25FB_Rarsetup.exe High
04.8.2013 г. 12:33:44 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp092BC0D7_Rarhelper.exe High
04.8.2013 г. 12:33:51 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0E8E2D00_Rar_is429.exe High
04.8.2013 г. 12:33:55 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0E8E2D0F_Rar_is429.exe High
04.8.2013 г. 12:33:55 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0E8EF6C8_Rarsetup.exe High
04.8.2013 г. 12:34:01 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0E8EF6E7_Rarsetup.exe High
04.8.2013 г. 12:34:07 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0E8EFE0B_Rar_is42A.exe High
04.8.2013 г. 12:34:07 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0E8EFE1B_Rar_is42A.exe High
04.8.2013 г. 12:34:13 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0E8EFE2B_Rar_is42A.exe High
04.8.2013 г. 12:35:35 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp7zS4B0.tmp51bd882b85041.exe High
04.8.2013 г. 12:35:35 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTempjrteruntERUNT.EXE High
04.8.2013 г. 12:35:40 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTempMth9BA.tmp~inst.exe High
04.8.2013 г. 12:36:00 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemporary Internet FilesContent.IE59SZH2FK0emusic_qualifier[1].exe High
04.8.2013 г. 12:36:27 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemporary Internet FilesContent.IE59ZGJYWHXsearch_defender_166[1].exe High
04.8.2013 г. 12:36:25 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemporary Internet FilesContent.IE5E8OE9060ezdownloader[1].exe High
04.8.2013 г. 12:36:36 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyMy DocumentsDownloadsadwcleaner.exe High
04.8.2013 г. 12:36:43 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyMy DocumentsDownloadsdds.exe High
04.8.2013 г. 12:36:56 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyMy DocumentsDownloadsmbam-setup-1.75.0.1300.exe High
04.8.2013 г. 12:37:07 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyMy DocumentsDownloadsMinecraft.exe High
04.8.2013 г. 12:37:17 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyMy DocumentsDownloadsnamebench-1.3.1-Windows.exe High
04.8.2013 г. 12:37:34 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyMy DocumentsDownloadsOTL.exe High
04.8.2013 г. 12:37:55 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyMy DocumentsDownloadssambc_lite-fb.exe High
04.8.2013 г. 12:38:17 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyMy DocumentsDownloadssc_serv2_win32_07_31_2011(1).exe High
04.8.2013 г. 12:38:25 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyMy DocumentsDownloadssc_serv2_win32_07_31_2011.exe High
04.8.2013 г. 12:38:51 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyMy DocumentsDownloadsshoutcast-dsp-2-1-3-windows.exe High
04.8.2013 г. 12:38:58 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyMy DocumentsDownloadsshoutcast-dsp-2-3-2-windows.exe High
04.8.2013 г. 12:40:35 Disinfected virus Virus.Win32.Sality.gen C:Program FilesAdobeReader 10.0Readerreader_sl.exe High
04.8.2013 г. 12:40:24 Disinfected virus Virus.Win32.Sality.gen C:Program FilesAheadNeroNeroCmd.exe High
04.8.2013 г. 12:40:29 Disinfected virus Virus.Win32.Sality.gen C:Program FilesAheadNeroUninstallUNNero.exe High
04.8.2013 г. 12:40:41 Disinfected virus Virus.Win32.Sality.gen C:Program FilesAheadNero BackItUpNBJ.exe High
04.8.2013 г. 12:40:40 Disinfected virus Virus.Win32.Sality.gen C:Program FilesAheadNero BackItUpNBR.exe High
04.8.2013 г. 12:40:50 Disinfected virus Virus.Win32.Sality.gen C:Program FilesAheadNero SoundTraxSoundTrax.exe High
04.8.2013 г. 12:40:54 Disinfected virus Virus.Win32.Sality.gen C:Program FilesAheadNero ToolkitCDSpeed.exe High
04.8.2013 г. 12:40:59 Disinfected virus Virus.Win32.Sality.gen C:Program FilesAheadNero ToolkitDriveSpeed.exe High
04.8.2013 г. 12:41:04 Disinfected virus Virus.Win32.Sality.gen C:Program FilesAheadNero Wave EditorDXEnum.exe High
04.8.2013 г. 12:41:09 Disinfected virus Virus.Win32.Sality.gen C:Program FilesAheadNero ToolkitInfoTool.exe High
04.8.2013 г. 12:41:13 Disinfected virus Virus.Win32.Sality.gen C:Program FilesAheadNero Wave EditorWaveEdit.exe High
04.8.2013 г. 12:41:17 Disinfected virus Virus.Win32.Sality.gen C:Program FilesATI TechnologiesATI.ACEatishlx.exe High
04.8.2013 г. 12:41:45 Disinfected virus Virus.Win32.Sality.gen C:Program FilesATI TechnologiesATI.ACEPreview.exe High
04.8.2013 г. 12:41:33 Disinfected virus Virus.Win32.Sality.gen C:Program FilesATI TechnologiesATI.ACEDXStress.exe High
04.8.2013 г. 12:42:08 Disinfected virus Virus.Win32.Sality.gen C:Program FilesATI TechnologiesATI.ACEMMACEPrev.exe High
04.8.2013 г. 12:41:47 Disinfected virus Virus.Win32.Sality.gen C:Program FilesATI TechnologiesATI.ACEPreview_FS.exe High
04.8.2013 г. 12:43:47 Disinfected virus Virus.Win32.Sality.gen C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe High
04.8.2013 г. 12:43:58 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCanonEasy-WebPrint EXMaint.exe High
04.8.2013 г. 12:43:58 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCanonMP Navigator EX 1.0MPNScan.exe High
04.8.2013 г. 12:44:06 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCanonMP Navigator EX 1.0mpncopy.exe High
04.8.2013 г. 12:44:07 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCanonBJIJPrinterCanon MP210 seriescnmvs.exe High
04.8.2013 г. 12:44:22 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCanonSolutionMenuuninst.exe High
04.8.2013 г. 12:44:31 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCheat Engine 6.3unins000.exe High
04.8.2013 г. 12:44:41 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCommon FilesInstallShieldDriver9Intel 32IDriver.exe High
04.8.2013 г. 12:44:34 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCommon FilesInstallShieldDriver9Intel 32IDriver2.exe High
04.8.2013 г. 12:44:49 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCommon FilesInstallShieldengine6Intel 32IKernel.exe High
04.8.2013 г. 12:44:56 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCommon FilesMicrosoft SharedOFFICE12ACECNFLT.EXE High
04.8.2013 г. 12:45:05 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLLoginProxy.exe High
04.8.2013 г. 12:45:12 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCommon Filessnp2stdtsnp2std.exe High
04.8.2013 г. 12:45:06 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCommon Filessnp2stdvsnp2std.exe High
04.8.2013 г. 12:45:23 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCommon Filessnpstd3tsnpstd3.exe High
04.8.2013 г. 12:45:15 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCommon Filessnpstd3vsnpstd3.exe High
04.8.2013 г. 12:45:43 Disinfected virus Virus.Win32.Sality.gen C:Program FilesGoogleUpdateDownload{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}28.0.1500.9528.0.1500.95_28.0.1500.72_chrome_updater.exe High
04.8.2013 г. 12:45:54 Disinfected virus Virus.Win32.Sality.gen C:Program FilesInstallShield Installation Information{1735AD57-FD6E-4EB5-A276-56C2574D6412}setup.exe High
04.8.2013 г. 12:46:04 Disinfected virus Virus.Win32.Sality.gen C:Program FilesInstallShield Installation Information{43801800-CFEE-11D2-A41B-006097B55AD3}Setup.exe High
04.8.2013 г. 12:46:24 Disinfected virus Virus.Win32.Sality.gen C:Program FilesInstallShield Installation Information{9B94BE6F-7CA3-4C40-A266-62667FF746CC}Setup.exe High
04.8.2013 г. 12:46:24 Disinfected virus Virus.Win32.Sality.gen C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}setup.exe High
04.8.2013 г. 12:46:55 Disinfected virus Virus.Win32.Sality.gen C:Program FilesMalwarebytes' Anti-Malwareunins000.exe High
04.8.2013 г. 12:47:23 Disinfected virus Virus.Win32.Sality.gen C:Program FilesMicrosoft OfficeOffice12DRAT.EXE High
04.8.2013 г. 12:47:22 Disinfected virus Virus.Win32.Sality.gen C:Program FilesMicrosoft OfficeOffice12GrooveClean.exe High
04.8.2013 г. 12:47:36 Disinfected virus Virus.Win32.Sality.gen C:Program FilesMicrosoft OfficeOffice12GrooveMigrator.exe High
04.8.2013 г. 12:47:31 Disinfected virus Virus.Win32.Sality.gen C:Program FilesMicrosoft OfficeOffice12GrooveStdURLLauncher.exe High
04.8.2013 г. 12:48:36 Disinfected virus Virus.Win32.Sality.gen C:Program FilesMicrosoft SDKsWindowsv7.0Abinmt.exe High
04.8.2013 г. 12:48:34 Disinfected virus Virus.Win32.Sality.gen C:Program FilesMicrosoft SDKsWindowsv7.0ABootstrapperPackagesVBPowerPacksenVisualBasicPowerPacksSetup.exe High
04.8.2013 г. 12:49:01 Disinfected virus Virus.Win32.Sality.gen C:Program FilesMozilla Firefoxwebapp-uninstaller.exe High
04.8.2013 г. 12:49:24 Disinfected virus Virus.Win32.Sality.gen C:Program FilesMozilla Firefoxmaintenanceservice_installer.exe High
04.8.2013 г. 12:49:19 Disinfected virus Virus.Win32.Sality.gen C:Program FilesMozilla Firefoxuninstallhelper.exe High
04.8.2013 г. 12:49:10 Disinfected virus Virus.Win32.Sality.gen C:Program FilesMozilla Maintenance ServiceUninstall.exe High
04.8.2013 г. 12:50:02 Disinfected virus Virus.Win32.Sality.gen C:Program FilesRealtekInstallShieldChCfg.exe High
04.8.2013 г. 12:49:53 Disinfected virus Virus.Win32.Sality.gen C:Program FilesRealtekInstallShieldRtlUpd.exe High
04.8.2013 г. 12:50:16 Disinfected virus Virus.Win32.Sality.gen C:Program FilesSafeSaveruninstall.exe High
04.8.2013 г. 12:50:33 Disinfected virus Virus.Win32.Sality.gen C:Program FilesSHOUTcastuninstall_shoutcast-dnas-v2.exe High
04.8.2013 г. 12:50:39 Disinfected virus Virus.Win32.Sality.gen C:Program FilesSHOUTcastsc_serv.exe High
04.8.2013 г. 12:50:38 Disinfected virus Virus.Win32.Sality.gen C:Program FilesWindows LiveMessengermsvs.exe High
04.8.2013 г. 12:51:00 Disinfected virus Virus.Win32.Sality.gen C:SWSetupSP33461ChCfg.exe High
04.8.2013 г. 12:50:53 Disinfected virus Virus.Win32.Sality.gen C:SWSetupSP33461RtlUpd.exe High
04.8.2013 г. 12:51:18 Disinfected virus Virus.Win32.Sality.gen C:SWSetupSP33461SetCDfmt.exe High
04.8.2013 г. 12:51:01 Disinfected virus Virus.Win32.Sality.gen C:SWSetupSP33461Setup.exe High
04.8.2013 г. 12:51:31 Disinfected virus Virus.Win32.Sality.gen C:SWSetupSP33461WDMRtlUpd.exe High
04.8.2013 г. 12:51:12 Disinfected virus Virus.Win32.Sality.gen C:SWSetupSP34019setup.exe High
04.8.2013 г. 12:51:19 Disinfected virus Virus.Win32.Sality.gen C:SWSetupSP34556AtiCimUn.exe High
04.8.2013 г. 12:51:47 Disinfected virus Virus.Win32.Sality.gen C:SWSetupSP34556CheckVer.exe High
04.8.2013 г. 12:51:29 Disinfected virus Virus.Win32.Sality.gen C:SWSetupSP34556issetup.exe High
04.8.2013 г. 12:51:36 Disinfected virus Virus.Win32.Sality.gen C:SWSetupSP34556Setup.exe High
04.8.2013 г. 12:51:56 Disinfected virus Virus.Win32.Sality.gen C:SWSetupSP34556ACEsetup.exe High
04.8.2013 г. 12:51:46 Disinfected virus Virus.Win32.Sality.gen C:SWSetupSP34556DriverSetup.exe High
04.8.2013 г. 12:52:09 Disinfected virus Virus.Win32.Sality.gen C:SWSetupsp40751BIOSTools.exe High
04.8.2013 г. 12:52:07 Disinfected virus Virus.Win32.Sality.gen C:WINDOWSWindowsXP-KB822603-x86.exe High
04.8.2013 г. 12:56:31 Disinfected virus Virus.Win32.Sality.gen C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_regiis.exe High
04.8.2013 г. 12:58:39 Disinfected virus Virus.Win32.Sality.gen C:WINDOWSsystem32rspndr.exe High
04.8.2013 г. 12:58:50 Disinfected virus Virus.Win32.Sality.gen C:WINDOWSsystem32spupdsvc.exe High
04.8.2013 г. 13:01:28 Disinfected virus Virus.Win32.Sality.gen D:Counter-Strike 1.6 Professional Edition v2.0hl.exe High
04.8.2013 г. 13:01:27 Disinfected virus Virus.Win32.Sality.gen D:Counter-Strike 1.6 Professional Edition v2.0hlds.exe High
04.8.2013 г. 13:01:36 Disinfected virus Virus.Win32.Sality.gen D:Counter-Strike 1.6 Professional Edition v2.0hltv.exe High
04.8.2013 г. 13:02:24 Disinfected virus Virus.Win32.Sality.gen D:Counter-Strike 1.6 Professional Edition v2.0platformsteamcachedsteambackup.exe High
04.8.2013 г. 13:02:58 Disinfected virus Virus.Win32.Sality.gen D:DAEMON Tools LiteDTHelper.exe High
04.8.2013 г. 13:03:06 Disinfected virus Virus.Win32.Sality.gen D:DAEMON Tools LiteDTShellHlp.exe High
04.8.2013 г. 13:03:32 Disinfected virus Virus.Win32.Sality.gen D:DAEMON Tools Liteuninst.exe High
04.8.2013 г. 13:03:17 Disinfected virus Virus.Win32.Sality.gen D:FIFA 07 - RELOADEDATLJabber.exe High
04.8.2013 г. 13:03:25 Disinfected virus Virus.Win32.Sality.gen D:FIFA 07 - RELOADEDEASOUNInstaller.exe High
04.8.2013 г. 13:03:33 Disinfected virus Virus.Win32.Sality.gen D:FIFA 07 - RELOADEDeauninstall.exe High
04.8.2013 г. 13:07:16 Disinfected virus Virus.Win32.Sality.gen D:FIFA 07 - RELOADEDSportsWrapper.exe High
04.8.2013 г. 13:07:59 Disinfected virus Virus.Win32.Sality.gen D:FIFA 07 - RELOADEDSupportFIFA 07_uninst.exe High
04.8.2013 г. 13:07:59 Disinfected virus Virus.Win32.Sality.gen D:FIFA 07 - RELOADEDSupportFIFA 07_code.exe High
04.8.2013 г. 13:08:17 Disinfected virus Virus.Win32.Sality.gen D:FIFA 07 - RELOADEDSupportEReg.exe High
04.8.2013 г. 13:08:35 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderAbbyySTI.exe High
04.8.2013 г. 13:08:43 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderAdminSetup.exe High
04.8.2013 г. 13:08:44 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderAInfo.exe High
04.8.2013 г. 13:08:52 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderAutoRun.exe High
04.8.2013 г. 13:09:02 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderBusinessCardReader.exe High
04.8.2013 г. 13:09:05 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderFineExec.exe High
04.8.2013 г. 13:09:01 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderFineCmd.exe High
04.8.2013 г. 13:09:17 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderHotFolder.exe High
04.8.2013 г. 13:09:23 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew Folderinstmsiw.exe High
04.8.2013 г. 13:09:28 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderRegistrator.exe High
04.8.2013 г. 13:09:26 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderScanTwain.exe High
04.8.2013 г. 13:09:37 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderScanWia.exe High
04.8.2013 г. 13:09:35 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderSetup.exe High
04.8.2013 г. 13:09:44 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderTrigrammsInstaller.exe High
04.8.2013 г. 13:09:43 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderABBYY FineReader 11AbbyySTI.exe High
04.8.2013 г. 13:09:51 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderABBYY FineReader 11AInfo.exe High
04.8.2013 г. 13:09:51 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderABBYY FineReader 11Bonus.ScreenshotReader.exe High
04.8.2013 г. 13:10:00 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderABBYY FineReader 11BusinessCardReader.exe High
04.8.2013 г. 13:10:01 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderABBYY FineReader 11FineExec.exe High
04.8.2013 г. 13:10:08 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderABBYY FineReader 11FineCmd.exe High
04.8.2013 г. 13:10:19 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderABBYY FineReader 11FineReader.exe High
04.8.2013 г. 13:10:12 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderABBYY FineReader 11HotFolder.exe High
04.8.2013 г. 13:10:23 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderABBYY FineReader 11Registrator.exe High
04.8.2013 г. 13:10:21 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderABBYY FineReader 11ScanTwain.exe High
04.8.2013 г. 13:10:30 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderABBYY FineReader 11ScanWia.exe High
04.8.2013 г. 13:10:35 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderABBYY FineReader 11TrigrammsInstaller.exe High
04.8.2013 г. 13:10:43 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderCommonABBYYFineReader11.00LicensingCENetworkLicenseServer.exe High
04.8.2013 г. 13:10:46 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderLicense ServerSetup.exe High
04.8.2013 г. 13:10:57 Disinfected virus Virus.Win32.Sality.gen D:Microsoft Office 2007 Complete Version Incl CD_KeyLauncher.exe High
04.8.2013 г. 13:11:02 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderLicense ServerABBYY FineReader 11 License ServerAInfo.exe High
04.8.2013 г. 13:11:03 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderLicense ServerABBYY FineReader 11 License ServerLicenseManager.exe High
04.8.2013 г. 13:10:58 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderLicense ServerCommonABBYYFineReader11.00LicensingCENetworkLicenseServer.exe High
04.8.2013 г. 13:11:11 Disinfected virus Virus.Win32.Sality.gen D:Hamachihamachi-2-ui.exe High
04.8.2013 г. 13:11:17 Disinfected virus Virus.Win32.Sality.gen D:Hamachihamachi-2.exe High
04.8.2013 г. 13:13:48 Disinfected virus Virus.Win32.Sality.gen D:Printer FilesCNELMAIN.EXE High
04.8.2013 г. 13:13:56 Disinfected virus Virus.Win32.Sality.gen D:Mouse Recorder Pro 2unins000.exe High
04.8.2013 г. 13:14:00 Disinfected virus Virus.Win32.Sality.gen D:Printer Filesuninst.exe High
04.8.2013 г. 13:14:24 Disinfected virus Virus.Win32.Sality.gen D:VirtualCamerauninst.exe High
04.8.2013 г. 13:14:26 Disinfected virus Virus.Win32.Sality.gen D:VirtualCameradrivervcsetup.exe High
04.8.2013 г. 13:14:32 Disinfected virus Virus.Win32.Sality.gen D:Winampuninstall_shoutcast-source-dsp-v2.exe High
04.8.2013 г. 13:14:43 Disinfected virus Virus.Win32.Sality.gen D:WinampUninstWA.exe High
04.8.2013 г. 13:14:33 Disinfected virus Virus.Win32.Sality.gen D:Winampwinampa.exe High
04.8.2013 г. 13:14:56 Disinfected virus Virus.Win32.Sality.gen D:WinampSHOUTcastuninstall_shoutcast-dnas-v2.exe High
04.8.2013 г. 13:14:53 Disinfected virus Virus.Win32.Sality.gen D:WinampSHOUTcastsc_serv.exe High
04.8.2013 г. 13:19:24 Disinfected virus Virus.Win32.Sality.gen D:Your Uninstaller! 7fos.exe High
04.8.2013 г. 13:19:17 Disinfected virus Virus.Win32.Sality.gen D:Winamp DetectUninstWaDetect.exe High
04.8.2013 г. 13:19:17 Disinfected virus Virus.Win32.Sality.gen D:Your Uninstaller! 7autoupdater.exe High
04.8.2013 г. 13:19:24 Disinfected virus Virus.Win32.Sality.gen D:Your Uninstaller! 7inimerge.exe High
04.8.2013 г. 13:19:31 Disinfected virus Virus.Win32.Sality.gen D:Your Uninstaller! 7unins000.exe High
Status: Absent   (events: 14)
04.8.2013 г. 14:20:53 Not found virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyApplication DataGameRangerGameRangerGameRanger.exe High
04.8.2013 г. 14:20:53 Not found Trojan program Backdoor.PHP.C99Shell.h C:Documents and SettingsqwertyDesktopc99_PSych0.php High
04.8.2013 г. 14:20:53 Not found Trojan program Backdoor.ASP.Ace.so C:Documents and SettingsqwertyDesktopUmer.asp.txt High
04.8.2013 г. 14:20:53 Not found Trojan program Trojan-Proxy.Win32.Agent.gml C:Documents and SettingsqwertyLocal SettingsTempnafycs.exe High
04.8.2013 г. 14:20:53 Not found Trojan program Trojan-PSW.Win32.Agent.aeuw C:Documents and SettingsqwertyLocal SettingsTempwinagfk.exe//UPX High
04.8.2013 г. 14:20:53 Not found Trojan program Trojan.Win32.Agent.hwqm C:Documents and SettingsqwertyLocal SettingsTempwinfgwh.exe High
04.8.2013 г. 14:20:53 Not found Trojan program Trojan-Proxy.Win32.Agent.gml c:documents and settingsqwertylocal settingstempnafycs.exe High
04.8.2013 г. 14:20:53 Not found Trojan program Trojan.Win32.Agent.hwqm c:documents and settingsqwertylocal settingstempwinfgwh.exe High
04.8.2013 г. 14:20:53 Not found Trojan program Trojan-PSW.Win32.Agent.aeuw c:documents and settingsqwertylocal settingstempwinagfk.exe//UPX High
04.8.2013 г. 14:20:53 Not found Trojan program Trojan-PSW.Win32.Agent.aeuw c:Documents and SettingsqwertyLocal SettingsTempwinagfk.exe//UPX High
04.8.2013 г. 14:20:53 Not found Trojan program Trojan.Win32.Agent.hwqm c:Documents and SettingsqwertyLocal SettingsTempwinfgwh.exe High
04.8.2013 г. 14:20:53 Not found Trojan program Trojan-Proxy.Win32.Agent.gml c:Documents and SettingsqwertyLocal SettingsTempnafycs.exe High
04.8.2013 г. 14:20:53 Not found Trojan program Backdoor.PHP.C99Shell.h c:Documents and SettingsqwertyDesktopc99_PSych0.php High
04.8.2013 г. 14:20:53 Not found Trojan program Backdoor.ASP.Ace.so c:Documents and SettingsqwertyDesktopUmer.asp.txt High
Status: Deleted   (events: 10)
04.8.2013 г. 14:13:35 Deleted adware not-a-virus:AdWare.Win32.MegaSearch.am C:Documents and SettingsqwertyDesktopСтари данни Firefox-1extensionsmfmpzzh@s-piu.orgcontentbg.js Medium
04.8.2013 г. 14:13:38 Deleted adware not-a-virus:AdWare.Win32.MegaSearch.am C:Documents and SettingsqwertyDesktopСтари данни Firefox-1extensionsqorrrsl@rwpm-.orgcontentbg.js Medium
04.8.2013 г. 14:31:22 Deleted virus HEUR:HackTool.MSIL.Flooder.gen C:Documents and SettingsqwertyLocal SettingsTempsms.iso//sms bomber.exe High
04.8.2013 г. 14:29:14 Deleted Trojan program Trojan.Win32.AutoRun.gen d:autorun.inf High
04.8.2013 г. 12:23:53 Deleted virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyApplication Datajxpiinstall.exe High
04.8.2013 г. 14:13:40 Deleted adware not-a-virus:AdWare.Win32.MegaSearch.am C:Documents and SettingsqwertyLocal SettingsTemp7zS4B0.tmpla_ihy@lsl-iiey.netcontentbg.js Medium
04.8.2013 г. 14:16:07 Deleted Trojan program Backdoor.ASP.Ace.so C:RECYCLERS-1-5-21-839522115-507921405-1417001333-1004Dc66.txt High
04.8.2013 г. 14:15:44 Deleted Trojan program Backdoor.PHP.C99Shell.h C:RECYCLERS-1-5-21-839522115-507921405-1417001333-1004Dc64.php High
04.8.2013 г. 14:29:14 Deleted Trojan program Trojan.Win32.AutoRun.gen D:autorun.inf High
04.8.2013 г. 14:31:22 Deleted virus HEUR:HackTool.MSIL.Flooder.gen C:Documents and SettingsqwertyLocal SettingsTempsms.iso High
Status: Quarantined   (events: 1)
04.8.2013 г. 13:03:52 Quarantined virus HEUR:Virus.Win32.Generic D:hxeg.pif High
 

report.txt

 

14:40:33:937 0692 scanning threads ...

14:40:48:703 0692
14:40:48:703 0692 scanning processes ...
14:40:48:734 0692
14:40:48:734 0692 removing autorun.inf files ...
14:40:48:921 0692
14:40:48:921 0692 Restoring show hidden and system files
14:40:48:921 2096
Monitoring thread started
14:40:48:921 0692
14:40:48:921 0692 Disabling autorun on all drive types
14:40:48:921 0692
14:40:48:937 0692 restoring SafeBoot registry node
14:40:48:937 0692 Restoring safe/network boot registry branches for windows XP
14:40:49:140 0692
14:40:49:140 0692 fixing registry ...
14:40:49:140 0692 SalityRegCure: Restoring general registry keys
14:40:49:140 0692 SalityRegCure: Fixing system.ini
14:40:49:140 0692
14:40:49:140 0692 scanning drives ...
14:40:49:140 0692 scanning C: ...
15:08:04:750 0692 scanning D: ...
15:14:37:609 0692
15:14:37:609 2096
Monitoring thread stopped
15:14:37:640 0692
completed
15:14:37:640 0692 Infected files: 0
15:14:37:640 0692 Infected processes: 0
15:14:37:640 0692 Infected threads: 0
15:14:37:640 0692 Cured files: 0
15:14:37:656 0692 Will be cured on reboot: 0
15:14:37:656 0692 Executed registry scripts: 6
 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Aaaa ..не сме приключили..:
 
Публикувано изображение Изтеглете ComboFix Публикувано изображение от тук и го запазете на десктопа си
Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.
Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs
Стартирайте Combo-Fix.com Публикувано изображение и следвайте инструкциите.
Бележка: ComboFix ще се стартира без инсталирана Recovery Console.
Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repai режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.

  • [*]Следвайте инструкциите, за да позволите на
ComboFix да изтегли и инсталира Microsoft Windows Recovery Console.В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.
 
Публикувано изображение
 
След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:
 
Публикувано изображение
Изберете Yes, за да продължи сканирането за зловреден софтуер.
Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:ComboFix.txt в следващия Ви коментар в тази тема.
Бележка:

  • [*]Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа. [*]ComboFix ще нулира всички настройки на
Microsoft Internet Explorer, включително да направи IE браузър по подразбиране. [*]ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразява чрез autorun. Ако това е проблем за вас - моля, уведомете ме. [*]ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си. [*]В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:BUG.txt в следващия Ви коментар в тази тема.

Публикувано изображение Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

 

ComboFix 13-08-04.01 - qwerty 08.2013 г.  23:01:27.1.2 - x86 Microsoft Windows XP Professional  5.1.2600.3.1251.359.1033.18.894.68 [GMT 3:00] Running from: c:documents and settingsqwertyMy DocumentsDownloadsComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:autorun.inf c:documents and settingsAll UsersApplication DataTEMP c:documents and settingsqwertyApplication Datajxpiinstall.exe c:windowssystem32SET12.tmp c:windowssystem32SET13.tmp c:windowsXSxS . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------Legacy_AMSINT32 -------Service_amsint32 . . ((((((((((((((((((((((((( Files Created from 2013-07-04 to 2013-08-04  ))))))))))))))))))))))))))))))) . . 2013-08-04 18:02 . 2013-08-04 18:35  --------  d-----w-  c:program filesSHOUTcast 2013-08-04 16:32 . 2013-08-04 16:32  --------  d-----w-  c:program filesShoutCastGUI 2013-08-04 15:56 . 2013-08-04 16:17  --------  d-----w-  c:documents and settingsqwertyApplication DataWinamp 2013-08-04 15:52 . 2013-08-04 15:57  --------  d-----w-  c:documents and settingsAll UsersApplication Datafirebird 2013-08-04 15:52 . 2013-08-04 15:52  --------  d-----w-  c:documents and settingsqwertyLocal SettingsApplication DataSpacialAudio 2013-08-04 15:48 . 2013-03-19 08:02  552960  ----a-w-  c:windowssystem32GDS32.DLL 2013-08-04 15:47 . 2013-08-04 15:47  --------  d-----w-  c:program filesFirebird 2013-08-04 12:42 . 2013-08-04 12:42  --------  d-----w-  c:program filesCommon FilesJava 2013-08-04 12:41 . 2013-08-04 12:41  144896  ----a-w-  c:windowssystem32javacpl.cpl 2013-08-04 12:41 . 2013-08-04 12:41  94632  ----a-w-  c:windowssystem32WindowsAccessBridge.dll 2013-08-04 12:41 . 2013-08-04 12:41  --------  d-----w-  c:program filesJava 2013-08-04 12:33 . 2013-08-04 12:33  --------  d-----w-  c:documents and settingsqwertyApplication DataRoboForm 2013-08-04 12:31 . 2013-08-04 12:31  --------  d-----w-  c:documents and settingsAll UsersApplication DataRoboForm 2013-08-04 12:29 . 2013-08-04 12:29  --------  d-----w-  c:program filesSiber Systems 2013-08-04 12:27 . 2013-08-04 12:27  369584  ----a-w-  c:windowssystem32driversaswSP.sys 2013-08-04 12:27 . 2013-05-09 08:59  29816  ----a-w-  c:windowssystem32driversaswFsBlk.sys 2013-08-04 12:27 . 2013-05-09 08:59  49760  ----a-w-  c:windowssystem32driversaswRdr.sys 2013-08-04 12:27 . 2013-08-04 12:27  770344  ----a-w-  c:windowssystem32driversaswSnx.sys 2013-08-04 12:27 . 2013-05-09 08:59  56080  ----a-w-  c:windowssystem32driversaswTdi.sys 2013-08-04 12:27 . 2013-08-04 12:27  175176  ----a-w-  c:windowssystem32driversaswVmm.sys 2013-08-04 12:27 . 2013-05-09 08:59  49376  ----a-w-  c:windowssystem32driversaswRvrt.sys 2013-08-04 12:27 . 2013-05-09 08:59  66336  ----a-w-  c:windowssystem32driversaswMonFlt.sys 2013-08-04 12:27 . 2013-05-09 08:58  229648  ----a-w-  c:windowssystem32aswBoot.exe 2013-08-04 12:24 . 2013-05-09 08:58  41664  ----a-w-  c:windowsavastSS.scr 2013-08-04 12:23 . 2013-08-04 12:23  --------  d-----w-  c:program filesAVAST Software 2013-08-04 12:23 . 2013-08-04 12:23  --------  d-----w-  c:documents and settingsAll UsersApplication DataAVAST Software 2013-08-04 11:27 . 2013-08-04 11:27  --------  d-----w-  c:windowsLastGood.Tmp 2013-08-04 09:29 . 2013-08-04 09:29  --------  d--h--w-  c:windowsPIF 2013-08-03 05:46 . 2013-08-03 05:46  40776  ----a-w-  c:windowssystem32driversmbamswissarmy.sys 2013-08-03 05:35 . 2013-08-03 05:35  --------  d-----w-  c:documents and settingsqwertyApplication DataURSoft 2013-08-02 11:32 . 2008-04-14 02:42  53760  -c--a-w-  c:windowssystem32dllcachevfwwdm32.dll 2013-08-02 11:32 . 2008-04-14 02:42  53760  ----a-w-  c:windowssystem32vfwwdm32.dll 2013-08-01 06:29 . 2013-08-01 06:29  --------  d-----w-  c:program filesGabest 2013-07-30 19:08 . 2013-08-04 09:22  270336  ----a-w-  c:windowstsnpstd3.exe 2013-07-30 19:08 . 2013-08-04 09:21  835584  ----a-w-  c:windowsvsnpstd3.exe 2013-07-30 19:08 . 2008-04-14 09:59  10423936  ----a-w-  c:windowssystem32driverssnpstd3.sys 2013-07-30 19:08 . 2008-02-21 14:15  3968  ----a-w-  c:windowssystem32driversDeNoise.sys 2013-07-30 19:08 . 2008-04-09 11:30  61440  ----a-w-  c:windowssystem32vsnpstd3.dll 2013-07-30 19:08 . 2007-07-23 15:04  155648  ----a-w-  c:windowssystem32rsnpstd3.dll 2013-07-30 19:08 . 2005-11-23 10:55  53248  ----a-w-  c:windowssystem32csnpstd3.dll 2013-07-30 19:08 . 2005-11-23 10:55  53248  ----a-w-  c:windowscsnpstd3.dll 2013-07-30 19:08 . 2013-07-30 19:08  --------  d-----w-  c:program filesCommon Filessnpstd3 2013-07-30 19:07 . 2013-07-30 19:07  --------  d-----w-  c:documents and settingsqwertyApplication DataInstallShield 2013-07-30 18:44 . 2013-08-04 09:52  349472  ----a-w-  c:windowsWindowsXP-KB822603-x86.exe 2013-07-30 18:44 . 2013-08-04 09:21  258048  ----a-w-  c:windowstsnp2std.exe 2013-07-30 18:44 . 2007-01-25 15:48  25472  ----a-w-  c:windowssystem32driverssncamd.sys 2013-07-30 18:44 . 2006-09-15 10:21  675840  ----a-w-  c:windowsvsnp2std.exe 2013-07-30 18:44 . 2007-03-30 11:41  12033024  ----a-w-  c:windowssystem32driverssnp2sxp.sys 2013-07-30 18:44 . 2013-07-30 18:44  --------  d-----w-  c:program filesCommon Filessnp2std 2013-07-30 18:44 . 2007-03-29 13:04  249856  ----a-w-  c:windowssystem32vsnp2std.dll 2013-07-30 18:44 . 2006-11-16 12:57  77824  ----a-w-  c:windowssystem32csnp2std.dll 2013-07-30 18:44 . 2006-10-12 14:21  151552  ----a-w-  c:windowssystem32rsnp2std.dll 2013-07-30 18:21 . 2013-08-04 09:21  20480  ----a-w-  c:windowsFixCamera.exe 2013-07-30 18:21 . 2007-09-06 13:56  98304  ----a-w-  c:windowsamcap.exe 2013-07-27 22:06 . 2013-07-27 22:59  --------  d-----w-  c:program filesGoogle 2013-07-27 21:56 . 2013-08-04 12:45  --------  d-----w-  c:documents and settingsAll UsersApplication DataAvira 2013-07-11 20:00 . 2013-07-11 20:00  --------  d-----w-  c:documents and settingsqwertyApplication DataMalwarebytes 2013-07-11 20:00 . 2013-07-11 20:00  --------  d-----w-  c:documents and settingsAll UsersApplication DataMalwarebytes 2013-07-11 20:00 . 2013-08-04 09:22  --------  d-----w-  c:program filesMalwarebytes' Anti-Malware 2013-07-11 20:00 . 2013-04-04 11:50  22856  ----a-w-  c:windowssystem32driversmbam.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-04 12:41 . 2013-03-06 15:30  867240  ----a-w-  c:windowssystem32npDeployJava1.dll 2013-08-04 12:41 . 2013-03-06 15:30  789416  ----a-w-  c:windowssystem32deployJava1.dll 2013-08-04 09:58 . 2013-02-18 12:00  26144  ----a-w-  c:windowssystem32spupdsvc.exe 2013-08-04 09:58 . 2008-05-29 10:04  10752  ----a-w-  c:windowssystem32rspndr.exe 2013-08-04 09:21 . 2013-03-05 12:40  155648  ----a-w-  c:windowssystem32NeroCheck.exe 2013-06-30 11:06 . 2013-06-28 08:42  205984  ----a-w-  c:documents and settingsAll UsersApplication DataMicrosoftVBExpress10.01033ResourceCache.dll 2013-06-12 05:08 . 2013-02-19 09:45  71048  ----a-w-  c:windowssystem32FlashPlayerCPLApp.cpl 2013-06-12 05:08 . 2013-02-19 09:45  692104  ----a-w-  c:windowssystem32FlashPlayerApp.exe 2013-06-07 21:56 . 2009-03-08 03:34  920064  ----a-w-  c:windowssystem32wininet.dll 2013-06-07 21:56 . 2009-03-08 03:34  43520  ----a-w-  c:windowssystem32licmgr10.dll 2013-06-07 21:56 . 2009-03-08 03:34  1469440  ----a-w-  c:windowssystem32inetcpl.cpl 2013-06-07 20:55 . 2009-03-08 03:35  385024  ----a-w-  c:windowssystem32html.iec 2013-06-04 07:23 . 2008-04-14 12:00  562688  ----a-w-  c:windowssystem32qedit.dll 2013-06-04 01:40 . 2009-02-09 11:08  1876736  ----a-w-  c:windowssystem32win32k.sys 2013-05-08 21:28 . 2008-06-17 08:38  1543680  ----a-w-  c:windowssystem32wmvdecod.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOTCLSID{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58  121968  ----a-w-  c:program filesAVAST SoftwareAvastashShell.dll . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "DAEMON Tools Lite"="d:daemon tools liteDTLite.exe" [2013-08-04 3674320] "northbridge"="c:intelnorthbridge.bat" [2013-06-04 50] "RoboForm"="c:program filesSiber SystemsAI RoboFormRoboTaskBarIcon.exe" [2013-08-04 96056] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "DWPersistentQueuedReporting"="c:program filesCommon FilesMicrosoft SharedDWDWTRIG20.EXE" [2011-07-27 434080] "ATICCC"="c:program filesATI TechnologiesATI.ACECLIStart.exe" [2013-08-04 90112] "NeroFilterCheck"="c:windowssystem32NeroCheck.exe" [2013-08-04 155648] "GrooveMonitor"="c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe" [2009-02-26 30040] "Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2013-05-10 958576] "Bonus.SSR.FR11"="d:fine readerNew FolderBonus.ScreenshotReader.exe" [2013-08-04 933640] "CanonSolutionMenu"="c:program filesCanonSolutionMenuCNSLMAIN.exe" [2013-08-04 767312] "FixCamera"="c:windowsFixCamera.exe" [2013-08-04 20480] "tsnp2std"="c:windowstsnp2std.exe" [2013-08-04 258048] "snpstd3"="c:windowsvsnpstd3.exe" [2013-08-04 835584] "tsnpstd3"="c:windowstsnpstd3.exe" [2013-08-04 270336] "avast"="c:program filesAVAST SoftwareAvastavastUI.exe" [2013-05-09 4858968] "SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2013-03-12 253816] . [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun] "CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 15360] . c:documents and settingsqwertyStart MenuProgramsStartup On-Screen Keyboard.lnk - c:windowssystem32osk.exe [2008-6-13 215552] . [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem] "EnableLUA"= 0 (0x0) . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices] "Hamachi2Svc"=2 (0x2) . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList] "%windir%Network Diagnosticxpnetdiag.exe"= "c:Program FilesWindows LiveMessengerwlcsdk.exe"= "c:Program FilesWindows LiveMessengermsnmsgr.exe"= "%windir%system32sessmgr.exe"= "d:uTorrent.exe"= "c:Program FilesNeroNero Blu-ray PlayerBlu-rayPlayer.exe"= "c:Program FilesNeroKMKwikMedia.exe"= "c:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE"= "c:Program FilesMicrosoft OfficeOffice12GROOVE.EXE"= "c:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE"= "c:Program FilesJavajre7binjavaw.exe"= "c:WINDOWSsystem32java.exe"= "c:WINDOWSsystem32javaw.exe"= "c:Documents and SettingsqwertyApplication DataGameRangerGameRangerGameRanger.exe"= "d:FIFA 07 - RELOADEDfifa07.exe"= "c:Documents and SettingsqwertyLocal SettingsApplication DataGoogleGoogle Talk Plugingoogletalkplugin.exe"= "c:Program FilesSkypePhoneSkype.exe"= "c:Program FilesATI TechnologiesATI.ACECLIStart.exe"= "c:WINDOWSsystem32wuauclt.exe"= "c:Program FilesATI TechnologiesATI.ACECLI.EXE"= "c:WINDOWSsystem32taskmgr.exe"= "c:Program FilesMozilla Firefoxfirefox.exe"= "c:Intelintel.exe"= "c:WINDOWSFixCamera.exe"= "c:Documents and SettingsqwertyDesktopWinsockxpFix.exe"= "c:WINDOWStsnp2std.exe"= "c:Program FilesGoogleChromeApplicationchrome.exe"= "c:Program FilesMozilla Firefoxplugin-container.exe"= "c:Program FilesAdobeReader 10.0ReaderReader_sl.exe"= "c:WINDOWSvsnpstd3.exe"= . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList] "25565:TCP"= 25565:TCP:Minecraft "8000:TCP"= 8000:TCP:Радио "8001:TCP"= 8001:TCP:Радио "8000:UDP"= 8000:UDP:Радио "8001:UDP"= 8001:UDP:Радио . R0 aswRvrt;aswRvrt;c:windowssystem32driversaswRvrt.sys [04.8.2013 г. 15:27 49376] R0 aswVmm;aswVmm;c:windowssystem32driversaswVmm.sys [04.8.2013 г. 15:27 175176] R1 aswSnx;aswSnx;c:windowssystem32driversaswSnx.sys [04.8.2013 г. 15:27 770344] R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [04.8.2013 г. 15:27 369584] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32driversdtsoftbus01.sys [04.3.2013 г. 22:36 242240] R2 ABBYY.Licensing.FineReader.Corporate.11.0;ABBYY FineReader 11 CE Licensing Service;c:program filesCommon FilesABBYYFineReader11.00LicensingCENetworkLicenseServer.exe [22.12.2011 г. 19:11 818952] R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [04.8.2013 г. 15:27 29816] R2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys [04.8.2013 г. 15:27 66336] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:program filesFirebirdFirebird_2_5binfbguard.exe [04.8.2013 г. 18:47 98304] R2 NAUpdate;Nero Update;c:program filesNeroUpdateNASvc.exe [13.7.2012 г. 17:27 769432] R2 Skype C2C Service;Skype C2C Service;c:documents and settingsAll UsersApplication DataSkypeToolbarsSkype C2C Servicec2c_service.exe [31.1.2013 г. 10:38 3289208] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:program filesFirebirdFirebird_2_5binfbserver.exe [04.8.2013 г. 18:47 3784704] S2 gupdate;Услуга на Google Актуализация (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [28.7.2013 г. 01:06 116648] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:hamachi-2.exe -s --> d:hamachi-2.exe -s [?] S2 SkypeUpdate;Skype Updater;c:program filesSkypeUpdaterUpdater.exe [28.2.2013 г. 18:45 161384] S3 gupdatem;Услуга на Google Актуализация (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [28.7.2013 г. 01:06 116648] S3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversmbamswissarmy.sys [03.8.2013 г. 08:46 40776] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASWRVRT *NewlyCreated* - ASWSNX *NewlyCreated* - WS2IFSL *Deregistered* - 41789940 . [HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-07-31 23:43  1173456  ----a-w-  c:program filesGoogleChromeApplication28.0.1500.95Installerchrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-08-04 c:windowsTasksAdobe Flash Player Updater.job - c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2013-02-19 05:08] . 2013-08-04 c:windowsTasksavast! Emergency Update.job - c:program filesAVAST SoftwareAvastAvastEmUpdate.exe [2013-08-04 08:58] . 2013-08-03 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2013-07-27 16:48] . 2013-08-04 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2013-07-27 16:48] . 2013-08-03 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-839522115-507921405-1417001333-1004Core.job - c:documents and settingsqwertyLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2013-04-08 12:10] . 2013-08-04 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-839522115-507921405-1417001333-1004UA.job - c:documents and settingsqwertyLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2013-04-08 12:10] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:progra~1MICROS~4Office12EXCEL.EXE/3000 TCP: DhcpNameServer = 172.16.1.1 FF - ProfilePath - c:documents and settingsqwertyApplication DataMozillaFirefoxProfileswahsbg9c.default-1373472550146 FF - ExtSQL: 2013-08-04 15:25; wrc@avast.com; c:program filesAVAST SoftwareAvastWebRepFF FF - ExtSQL: 2013-08-04 15:31; {22119944-ED35-4ab1-910B-E619EA06A115}; c:program filesSiber SystemsAI RoboFormFirefox . - - - - ORPHANS REMOVED - - - - . HKLM-Run-LogMeIn Hamachi Ui - D:hamachi-2-ui.exe c:documents and settingsqwertyStart MenuProgramsStartup_uninst_22855274.lnk - c:documents and settingsqwertyLocal SettingsTemp_uninst_22855274.bat MSConfigStartUp-LogMeIn Hamachi Ui - D:hamachi-2-ui.exe AddRemove-CanonMyPrinter - d:printeruninst.exe AddRemove-Counter-Strike 1.6 Professional Edition v2.0 - d:new folder (3)Counter-Strike 1.6 Professional Edition v2.0Uninstall.exe AddRemove-Easy-PhotoPrint EX - D:uninst.exe AddRemove-{46541929-EDB0-6A3B-9ECE-756E0CAE49F4} - c:docume~1ALLUSE~1APPLIC~1INSTAL~1{7AE2C~1Setup.exe AddRemove-{AB583BA2-DCFA-2C80-4F6E-E3716F4A541F} - c:docume~1ALLUSE~1APPLIC~1INSTAL~1{A9178~1Setup.exe AddRemove-{F3D81B4B-8243-1399-699B-71FF5793B73A} - c:docume~1ALLUSE~1APPLIC~1INSTAL~1{76A09~1Setup.exe AddRemove-Winamp Detect - d:winamp detectUninstWaDetect.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-08-04 23:17 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ...   . scanning hidden autostart entries ... . scanning hidden files ...   . . c:windowsTEMP_avast_unp183608098.tmp 131388 bytes . scan completed successfully hidden files: 1 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WINDOWSsystem32MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:WINDOWSsystem32MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(616) c:windowssystem32Ati2evxx.dll . - - - - - - - > 'explorer.exe'(1524) c:windowssystem32WININET.dll c:windowssystem32msi.dll c:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86MSVCR80.dll c:progra~1WINDOW~4wmpband.dll c:windowssystem32ieframe.dll c:windowssystem32webcheck.dll c:windowssystem32WPDShServiceObj.dll c:windowssystem32PortableDeviceTypes.dll c:windowssystem32PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:windowssystem32Ati2evxx.exe c:program filesAVAST SoftwareAvastAvastSvc.exe c:windowssystem32Ati2evxx.exe c:program filesJavajre7binjqs.exe c:program filesGoogleUpdate1.3.21.153GoogleCrashHandler.exe c:intelintel.exe c:windowssystem32MSSWCHX.EXE c:windowssystem32wscntfy.exe c:program filesATI TechnologiesATI.ACECLI.EXE c:program filesATI TechnologiesATI.ACEcli.exe c:windowssystem32wbemwmiapsrv.exe . ************************************************************************** . Completion time: 2013-08-04  23:22:39 - machine was rebooted ComboFix-quarantined-files.txt  2013-08-04 20:22 . Pre-Run: 17 428 692 992 bytes free Post-Run: 18 910 593 024 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS [operating systems] c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - AC428D7446CA42498A9AF63091C55ACC 8F558EB6672622401DA993E1E865C861  

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте..извинявам се за закъснението..но бях ангажиран..!
 
Публикувано изображение Изтеглете Malwarebytes' Anti-Malware или от тук (не забравяйте да обновите програмата с нови дефиниции)
* Кликнете два пъти върху mbam-setup.exe, за да инсталирате програмата.
* Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish.
* Ако има намерени обновявания, тя ще ги изтегли и инсталира.
* Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.
* Сканирането ще отнеме малко време, затова моля да бъдете търпеливи.
* Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата
* Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.
* Когато всичко бъде премахнато, в Notepad ще бъде отворен лог.
Копирайте този лог и го публикувайте в следващия си коментар по темата.
  Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.
 

Публикувано изображение Изтеглете програмата: ESET Online Scanner

  • [*]Стартирайте esetsmartinstaller_enu.exe Публикувано изображение [*]Сложете отметка на
YES, I accept the Terms of Use и изберете Start:

  • [*]Публикувано изображение

  • [*]Скенерът ще започне да изтегля компонентите, които са му необходими:

  • [*]Публикувано изображение

Уверете се, че е премахната отметката от:

  • [*]
Remove found threats

Уверете се че са маркирани следните позиции:

  • [*]
Scan Archives

Кликнете върху Advanced Settings и маркирайте следните опции:

  • [*]
Scan for potentially unwanted applications [*]Scan for potentially unsafe applications [*]Enable Anti-Stealth Technology

Накрая изберете Start
Скенерът ще започне да изтегля последните дефиниции.

  • [*]След, като сканирането завърши изберете
Finish. [*]Отидете в: C:Program FilesESETESET Online Scanner [*]Отворете файла log.txt , копирайте съдържанието му и го поставете в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

MBAM

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 
Версия на базата от данни: v2013.08.09.02
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
qwerty :: PCV [администратор]
 
09.8.2013 г. 10:08:48
MBAM-log-2013-08-09 (13-07-31).txt
 
Тип сканиране: Пълно сканиране (C:|D:|E:|F:|G:|H:|I:|J:|)
Включени опции за сканиране: Памет | Автоматично зареждане | Системен регистър | Файлова система | Евристики/Допълнителни | Евристики/Shuriken | PUP | PUM
Изключени опции за сканиране: P2P
Сканирани обекти: 286770
Изминало време: 1 час(а), 2 минута(и), 58 секунда(и)
 
Открити процеси в паметта: 0
(Не бяха открити зловредни обекти)
 
Открити модули в паметта: 0
(Не бяха открити зловредни обекти)
 
Открити ключове в системния регистър: 0
(Не бяха открити зловредни обекти)
 
Открити стойности в системния регистър: 0
(Не бяха открити зловредни обекти)
 
Открити информационни обекти в системния регистър: 0
(Не бяха открити зловредни обекти)
 
Открити папки: 0
(Не бяха открити зловредни обекти)
 
Открити файлове: 1
C:Documents and SettingsqwertyMy DocumentsDownloadssam broadcaster v 4.2.2.zip (RiskWare.Tool.HCK) -> Не беше предприето действие.
 
(край)
 

 

 

ESET

C:Documents and SettingsAll UsersApplication DataSecTaskManFixCamera.exe.q_Quarantine_2CF5000_q a variant of Win32/KillProc.A application

C:Documents and SettingsAll UsersApplication DataSecTaskManintel.exe.q_Quarantine_149DC04_q a variant of Win32/BitCoinMiner.W application
C:Documents and SettingsqwertyDesktopyusetup7.exe Win32/Toolbar.Zugo application
C:Documents and SettingsqwertyMy DocumentsDownloadsPCMAX_AF_ErrorsFix_Setup.exe a variant of Win32/RegistryNuke application
C:Documents and SettingsqwertyMy DocumentsDownloadsSoftonicDownloader_for_process-scanner.exe Win32/SoftonicDownloader.E application
C:Documents and SettingsqwertyMy DocumentsDownloadsspam.vbs VBS/HackTool.Skype.B trojan
C:Documents and SettingsqwertyMy DocumentsDownloadswinamp565_full_emusic-7plus_all.exe Win32/OpenCandy application
C:Intelintel32.exe a variant of Win32/BitCoinMiner.W application
C:Intelstart.exe a variant of Win32/HiddenStart.B application
C:Program FilesCheat Engine 6.3cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application
C:Program FilesCheat Engine 6.3standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF application
C:Program FilesSafeSaversprotector.dll a variant of Win32/SProtector.A application
C:System Volume Information_restore{49383A7A-558A-4A7A-9EC8-CD0AC878EC6E}RP2A0000109.exe a variant of Win32/BitCoinMiner.W application
C:System Volume Information_restore{49383A7A-558A-4A7A-9EC8-CD0AC878EC6E}RP4A0000112.exe a variant of Win32/KillProc.A application
D:Advanced Fix 2013AdvancedFix.exe a variant of Win32/RegistryNuke application
 

 

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

 

KILLALL::File::C:Documents and SettingsAll UsersApplication DataSecTaskManFixCamera.exe.q_Quarantine_2CF5000_qC:Documents and SettingsAll UsersApplication DataSecTaskManintel.exe.q_Quarantine_149DC04_q C:Intelintel32.exe C:System Volume Information_restore{49383A7A-558A-4A7A-9EC8-CD0AC878EC6E}RP2A0000109.exeC:System Volume Information_restore{49383A7A-558A-4A7A-9EC8-CD0AC878EC6E}RP4A0000112.exe 
След съхранението преместете  CFScript.txt на иконата на ComboFix.exe

Публикувано изображение

Генерирания рапорт копирайте  и го поставете в следващия си коментар...!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Всичко изглежда наред...!Наблюдавате ли първоначалните проблеми....?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Тогава да считам че проблема ви е решен...!
 
Деинсталирайте ComboFix така:

  • [*]Натиснете Start ==> Run ==> въведете командата
Combofix /Uninstall ==> OK

  • [*]Публикувано изображение

  • [*]Моля, следвайте инструкциите, за да деинсталирате ComboFix. Ще получите съобщение, в което се казва ComboFix е деинсталиран успешно.

Публикувано изображение Изтеглете Публикувано изображениеOTCleanIt или от тук,стартирайте и натиснете Публикувано изображение

 
Публикувано изображение Изтеглете Delfix.exe и го стартирайте. Сложете отметка пред Remove disinfection tools => натиснете бутона Run Инструмента ще се самоизтрие след като приключи своята задача!

 
Публикувано изображение Деинсталирайте ESET Online Scaner.

  • [*]
Start => Run, въведете control appwiz.cpl в полето.След това натиснете ENTER. [*]Изберете ESET Online Scanner от списъка с приложения, а след това маркирайте Remove. Aко бъдете подканени рестартирайте компютъра си.

 

Публикувано изображение Изтрийте всичко друго което е останало след процедурите (използвано в лечението).Препоръчвам програмата Malwarebytes' Anti-Malware да остане на вашия компютър и периодично да сканирате системата си с нея (поне един -два пъти в седмицата),като не забравяйте да обновите дефинициите и преди всяко сканиране..!

 

Стартирайте PatchMyPC и инсталирайте всички ъпдейти, които инструмента ви предложи.

 

Маркирам случая като "Решен"..! Пожелавам ви лек ден и безопасен интернет..! :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Преди 3 години имах проблем с полиморфен вирус и тия неща, които сте му написали няма да оправят проблема перманентно. Полиморфните вируси се самокопират по системните папки на всички дялове (System Volume Information и т.н.) и дори да намериш антивирусна, която да го изтрие от един дял, вирусът автоматично се копира обратно от другите дялове. Единственото генерално и бързо решение на проблема е да си качиш важните неща на ДВД дискове (не на преносим хард или флашка, защото вирусът ще отиде и там) и да направиш цялостен формат на хард диска (или хард дисковете, ако са повече от един), като промениш размера на дяловете. Просто форматиране на дяловете без промяна на размера им не помага - знам го от личен опит. След като форматирах и двата дяла и инсталирах ОС въпросната гадина пак се появи. Единственото, което помогна беше да променя размерите. Преди формата дяловете ми бяха с размери съответно 35000 MB и 85000 MB. За да изчезне вирусът ги направих 34999 и 84999 MB. Това ми реши проблема перманентно.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Преди 3 години имах проблем с полиморфен вирус и тия неща, които сте му написали няма да оправят проблема перманентно. Полиморфните вируси се самокопират по системните папки на всички дялове (System Volume Information и т.н.) и дори да намериш антивирусна, която да го изтрие от един дял, вирусът автоматично се копира обратно от другите дялове. Единственото генерално и бързо решение на проблема е да си качиш важните неща на ДВД дискове (не на преносим хард или флашка, защото вирусът ще отиде и там) и да направиш цялостен формат на хард диска (или хард дисковете, ако са повече от един), като промениш размера на дяловете. Просто форматиране на дяловете без промяна на размера им не помага - знам го от личен опит. След като форматирах и двата дяла и инсталирах ОС въпросната гадина пак се появи. Единственото, което помогна беше да променя размерите. Преди формата дяловете ми бяха с размери съответно 35000 MB и 85000 MB. За да изчезне вирусът ги направих 34999 и 84999 MB. Това ми реши проблема перманентно.

Момчетата от HJT Team неведнъж са се справяли успешно с вируси Sality без нужда от преинсталация. Те знаят какви инструменти да използват и в каква последователност, за разлика от вас или от мен, за да изчистят системата без преинсталация. ;)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Подкрепям момчетата от отбора са много добре подготвени, мисля, че заслужават доверие и уважение ;) 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Преди 3 години имах проблем с полиморфен вирус и тия неща, които сте му написали няма да оправят проблема перманентно. Полиморфните вируси се самокопират по системните папки на всички дялове (System Volume Information и т.н.) и дори да намериш антивирусна, която да го изтрие от един дял, вирусът автоматично се копира обратно от другите дялове. Единственото генерално и бързо решение на проблема е да си качиш важните неща на ДВД дискове (не на преносим хард или флашка, защото вирусът ще отиде и там) и да направиш цялостен формат на хард диска (или хард дисковете, ако са повече от един), като промениш размера на дяловете. Просто форматиране на дяловете без промяна на размера им не помага - знам го от личен опит. След като форматирах и двата дяла и инсталирах ОС въпросната гадина пак се появи. Единственото, което помогна беше да променя размерите. Преди формата дяловете ми бяха с размери съответно 35000 MB и 85000 MB. За да изчезне вирусът ги направих 34999 и 84999 MB. Това ми реши проблема перманентно.

 

 

Преди три години нещата изглеждаха съвсем различно.....!Само това ще кажа и ще приключа с дискусията по въпроса..Нека автора на темата да каже има ли проблеми след процедурите..!Лека вечер на всички....!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от Plamen_ruse
      От известно време ми се появи този проблем. Докато браузвам (независимо от браузера) ми се отварят допълнителни прозорци с реклами. Нямам усещане, че компютъра работи по-бавно от преди. 
       
       
      can result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.01.2019 01
      Ran by User (administrator) on DESKTOP-9A6KV1O (10-01-2019 21:03:43)
      Running from D:\Downloads
      Loaded Profiles: User (Available Profiles: User)
      Platform: Windows 10 Pro Version 1803 17134.523 (X64) Language: Български (България)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
      (AMD) C:\Windows\System32\atiesrxx.exe
      (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
      (@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
      (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
      (AMD) C:\Windows\System32\atieclxx.exe
      (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe
      () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
      () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (ESET) C:\Program Files\ESET\ESET Security\egui.exe
      (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      (Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.96.181.0_x86__zpdnekdrzrea0\Spotify.exe
      (Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.96.181.0_x86__zpdnekdrzrea0\Spotify.exe
      (Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.96.181.0_x86__zpdnekdrzrea0\Spotify.exe
      (Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.96.181.0_x86__zpdnekdrzrea0\Spotify.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
      () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18112.17430.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
      HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
      HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [177928 2018-10-12] (ESET)
      HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      HKU\S-1-5-21-619769886-4034110463-2982145271-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.96.181.0_x86__zpdnekdrzrea0\Spotify.exe [25972968 2018-12-22] (Spotify Ltd)
      HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-13] (Google Inc.)
      GroupPolicy: Restriction ? <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 89.207.131.8 8.8.8.8
      Tcpip\..\Interfaces\{d4f7e68d-b074-4387-bb66-200a4cfcbb5d}: [DhcpNameServer] 89.207.131.8 8.8.8.8
      Tcpip\..\Interfaces\{dd5152f7-fb4e-44ba-b531-9721fa95320d}: [DhcpNameServer] 10.0.0.1
      Internet Explorer:
      ==================
      BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-12-16] (Microsoft Corporation)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll [2017-07-19] (Oracle Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-19] (Oracle Corporation)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-19] (Oracle Corporation)
      BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-19] (Oracle Corporation)
      BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
      Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
      Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-01] (Microsoft Corporation)
      Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-01] (Microsoft Corporation)
      Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-01] (Microsoft Corporation)
      Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-01] (Microsoft Corporation)
      FireFox:
      ========
      FF DefaultProfile: 5zp7ongo.default
      FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5zp7ongo.default [2019-01-06]
      FF Homepage: Mozilla\Firefox\Profiles\5zp7ongo.default -> www.google.bg
      FF Extension: (Video DownloadHelper) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5zp7ongo.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-17]
      FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
      FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2017-07-28] [Legacy] [not signed]
      FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-01-08] ()
      FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-19] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-19] (Oracle Corporation)
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-08] ()
      FF Plugin-x32: @huawei.com/NPPlugin -> C:\Program Files (x86)\Web_TV\WebTVPlugin\NPPlugin.dll [2015-07-02] ()
      FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-19] (Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-19] (Oracle Corporation)
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-11] (Microsoft Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
      FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
      FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
      Chrome: 
      =======
      CHR DefaultProfile: Default
      CHR HomePage: Default -> hxxp://www.google.com/
      CHR StartupUrls: Default -> "hxxp://www.google.com/"
      CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2019-01-10]
      CHR Extension: (Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
      CHR Extension: (Theme Creator) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2017-07-21]
      CHR Extension: (Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
      CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-21]
      CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-21]
      CHR Extension: (Таблици) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
      CHR Extension: (Отдалечен работен плот на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-10-10]
      CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
      CHR Extension: (Floating for YouTube™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjphmlaoffndcnecccgemfdaaoighkel [2018-12-23]
      CHR Extension: (Video DownloadHelper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2018-08-01]
      CHR Extension: (IP домейн флаг) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlpapfcfoakknnhkfpencomejbcecdfp [2017-12-29]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
      CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-21]
      CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-16]
      CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-12-13]
      CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-01-06]
      CHR Extension: (ProxFlow) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aakchaleigkohafkfjfjbblobjifikek [2018-09-13]
      CHR Extension: (Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-24]
      CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-24]
      CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-08]
      CHR Extension: (Таблици) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Отдалечен работен плот на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-11-01]
      CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-01]
      CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-12-16]
      CHR Extension: (Google Hangouts) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2018-12-16]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-05]
      CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-24]
      CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-16]
      CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2 [2019-01-10]
      CHR Extension: (Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
      CHR Extension: (Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
      CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-13]
      CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-13]
      CHR Extension: (Таблици) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
      CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
      CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-13]
      CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-17]
      CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3 [2019-01-09]
      CHR Extension: (Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-11]
      CHR Extension: (Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-11]
      CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-16]
      CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-16]
      CHR Extension: (Таблици) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-11]
      CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-26]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-13]
      CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-16]
      CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-18]
      CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4 [2018-06-20]
      CHR Extension: (Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-10]
      CHR Extension: (Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-10]
      CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-10]
      CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-10]
      CHR Extension: (Таблици) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-10]
      CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-10]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-20]
      CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-10]
      CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-20]
      CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2018-08-12]
      CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe [73048 2018-10-18] (Google Inc.)
      R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9646240 2018-12-07] (Microsoft Corporation)
      R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2302152 2018-10-12] (ESET)
      R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2302152 2018-10-12] (ESET)
      S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-09-16] (Microsoft Corporation)
      R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [740544 2015-11-01] (@ByELDI) [File not signed]
      S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
      S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
      S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation)
      S3 Disc Soft Lite Bus Service; "C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe" [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-07-21] (Disc Soft Ltd)
      R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [143448 2018-10-09] (ESET)
      R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107896 2018-10-09] (ESET)
      S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15872 2018-08-27] (ESET)
      R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [188832 2018-08-27] (ESET)
      R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50144 2018-08-27] (ESET)
      R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [82304 2018-08-27] (ESET)
      R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [109864 2018-08-27] (ESET)
      R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
      R3 pelmouse; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [26880 2016-07-11] (TPMX Electronics Ltd.)
      R3 pelusblf; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [33048 2016-07-11] ()
      R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Realtek )
      R3 RTL8023x64; C:\WINDOWS\System32\drivers\Rtnic64.sys [51712 2018-04-12] (Realtek Semiconductor Corporation )
      S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
      S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
      S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2019-01-10 21:03 - 2019-01-10 21:03 - 000000000 ____D C:\FRST
      2019-01-08 20:52 - 2019-01-01 15:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
      2019-01-08 20:52 - 2019-01-01 15:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
      2019-01-08 20:52 - 2019-01-01 15:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
      2019-01-08 20:52 - 2019-01-01 15:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
      2019-01-08 20:52 - 2019-01-01 15:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
      2019-01-08 20:52 - 2019-01-01 15:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
      2019-01-08 20:52 - 2019-01-01 15:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
      2019-01-08 20:52 - 2019-01-01 15:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
      2019-01-08 20:52 - 2019-01-01 15:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
      2019-01-08 20:52 - 2019-01-01 15:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
      2019-01-08 20:52 - 2019-01-01 09:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
      2019-01-08 20:52 - 2019-01-01 09:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
      2019-01-08 20:52 - 2019-01-01 09:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
      2019-01-08 20:52 - 2019-01-01 09:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
      2019-01-08 20:52 - 2019-01-01 09:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
      2019-01-08 20:52 - 2019-01-01 09:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
      2019-01-08 20:52 - 2019-01-01 09:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
      2019-01-08 20:52 - 2019-01-01 09:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
      2019-01-08 20:52 - 2019-01-01 09:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
      2019-01-08 20:52 - 2019-01-01 09:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
      2019-01-08 20:52 - 2019-01-01 09:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
      2019-01-08 20:52 - 2019-01-01 09:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
      2019-01-08 20:52 - 2019-01-01 09:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
      2019-01-08 20:52 - 2019-01-01 09:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
      2019-01-08 20:52 - 2019-01-01 09:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
      2019-01-08 20:52 - 2019-01-01 09:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
      2019-01-08 20:52 - 2019-01-01 09:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
      2019-01-08 20:52 - 2019-01-01 09:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
      2019-01-08 20:52 - 2019-01-01 09:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
      2019-01-08 20:52 - 2019-01-01 09:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
      2019-01-08 20:52 - 2019-01-01 08:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
      2019-01-08 20:52 - 2019-01-01 08:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
      2019-01-08 20:52 - 2019-01-01 08:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
      2019-01-08 20:52 - 2019-01-01 08:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
      2019-01-08 20:52 - 2019-01-01 08:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
      2019-01-08 20:52 - 2019-01-01 08:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
      2019-01-08 20:52 - 2019-01-01 08:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
      2019-01-08 20:52 - 2019-01-01 08:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
      2019-01-08 20:52 - 2019-01-01 08:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
      2019-01-08 20:52 - 2019-01-01 08:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
      2019-01-08 20:52 - 2019-01-01 08:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
      2019-01-08 20:52 - 2019-01-01 08:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
      2019-01-08 20:52 - 2019-01-01 08:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
      2019-01-08 20:52 - 2019-01-01 08:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
      2019-01-08 20:52 - 2019-01-01 08:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
      2019-01-08 20:52 - 2019-01-01 08:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
      2019-01-08 20:52 - 2019-01-01 08:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
      2019-01-08 20:52 - 2019-01-01 08:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
      2019-01-08 20:52 - 2019-01-01 08:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
      2019-01-08 20:52 - 2019-01-01 08:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
      2019-01-08 20:52 - 2019-01-01 08:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
      2019-01-08 20:52 - 2019-01-01 08:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
      2019-01-08 20:52 - 2019-01-01 08:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
      2019-01-08 20:52 - 2019-01-01 08:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
      2019-01-08 20:52 - 2019-01-01 08:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
      2019-01-08 20:52 - 2019-01-01 08:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
      2019-01-08 20:52 - 2019-01-01 08:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
      2019-01-08 20:52 - 2019-01-01 08:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
      2019-01-08 20:52 - 2019-01-01 08:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
      2019-01-08 20:52 - 2019-01-01 08:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
      2019-01-08 20:52 - 2019-01-01 08:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
      2019-01-08 20:52 - 2019-01-01 08:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
      2019-01-08 20:52 - 2019-01-01 08:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
      2019-01-08 20:52 - 2019-01-01 08:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
      2019-01-08 20:52 - 2019-01-01 08:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
      2019-01-08 20:52 - 2019-01-01 08:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
      2019-01-08 20:52 - 2019-01-01 08:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
      2019-01-08 20:52 - 2019-01-01 08:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
      2019-01-08 20:52 - 2019-01-01 08:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
      2019-01-08 20:52 - 2019-01-01 08:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
      2019-01-08 20:52 - 2019-01-01 08:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
      2019-01-08 20:52 - 2019-01-01 08:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
      2019-01-08 20:52 - 2019-01-01 08:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
      2019-01-08 20:52 - 2019-01-01 08:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
      2019-01-08 20:52 - 2019-01-01 08:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
      2019-01-08 20:52 - 2019-01-01 08:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
      2019-01-08 20:52 - 2019-01-01 08:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
      2019-01-08 20:52 - 2019-01-01 08:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
      2019-01-08 20:52 - 2019-01-01 08:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
      2019-01-08 20:52 - 2019-01-01 08:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
      2019-01-08 20:52 - 2019-01-01 08:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
      2019-01-08 20:52 - 2019-01-01 08:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
      2019-01-08 20:52 - 2019-01-01 08:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
      2019-01-08 20:52 - 2019-01-01 08:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
      2019-01-08 20:52 - 2019-01-01 08:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
      2019-01-08 20:52 - 2019-01-01 07:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
      2019-01-08 20:52 - 2018-12-19 06:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
      2019-01-06 00:59 - 2019-01-06 00:59 - 000141434 _____ C:\TDSSKiller.3.1.0.25_06.01.2019_00.59.11_log.txt
      2019-01-06 00:47 - 2019-01-06 00:47 - 000000000 ____D C:\Users\User\AppData\Local\mbamtray
      2019-01-06 00:47 - 2019-01-06 00:47 - 000000000 ____D C:\Users\User\AppData\Local\mbam
      2018-12-19 20:41 - 2018-12-14 09:29 - 001130760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
      2018-12-19 20:41 - 2018-12-14 09:25 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
      2018-12-19 20:41 - 2018-12-14 09:21 - 001457240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
      2018-12-19 20:41 - 2018-12-14 09:21 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
      2018-12-19 20:41 - 2018-12-14 09:21 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
      2018-12-19 20:41 - 2018-12-14 09:21 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
      2018-12-19 20:41 - 2018-12-14 09:21 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
      2018-12-19 20:41 - 2018-12-14 09:10 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
      2018-12-19 20:41 - 2018-12-14 09:07 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
      2018-12-19 20:41 - 2018-12-14 08:55 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
      2018-12-19 20:41 - 2018-12-14 08:55 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
      2018-12-19 20:41 - 2018-12-14 08:54 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
      2018-12-19 20:41 - 2018-12-14 08:54 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
      2018-12-19 20:41 - 2018-12-14 08:52 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
      2018-12-19 20:41 - 2018-12-14 08:52 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
      2018-12-19 20:41 - 2018-12-14 08:51 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
      2018-12-19 20:41 - 2018-12-14 08:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
      2018-12-16 16:30 - 2018-12-16 16:30 - 000002527 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
      2018-12-16 16:30 - 2018-12-16 16:30 - 000002496 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
      2018-12-16 16:30 - 2018-12-16 16:30 - 000002490 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
      2018-12-16 16:30 - 2018-12-16 16:30 - 000002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
      2018-12-16 16:30 - 2018-12-16 16:30 - 000002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
      2018-12-16 16:30 - 2018-12-16 16:30 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
      2018-12-16 16:30 - 2018-12-16 16:30 - 000002439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
      2018-12-16 16:30 - 2018-12-16 16:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Инструменти на Microsoft Office
      2018-12-13 23:56 - 2018-12-13 23:56 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-12-13 23:56 - 2018-12-13 23:56 - 000002330 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-12-13 18:52 - 2018-09-05 00:36 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
      2018-12-12 21:25 - 2018-12-08 14:47 - 001786896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
      2018-12-12 21:25 - 2018-12-08 14:42 - 004527800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
      2018-12-12 21:25 - 2018-12-08 14:42 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
      2018-12-12 21:25 - 2018-12-08 14:41 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
      2018-12-12 21:25 - 2018-12-08 14:40 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
      2018-12-12 21:25 - 2018-12-08 14:29 - 013572608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
      2018-12-12 21:25 - 2018-12-08 14:28 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
      2018-12-12 21:25 - 2018-12-08 14:28 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
      2018-12-12 21:25 - 2018-12-08 14:27 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
      2018-12-12 21:25 - 2018-12-08 14:25 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
      2018-12-12 21:25 - 2018-12-08 14:23 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
      2018-12-12 21:25 - 2018-12-08 14:23 - 002892288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
      2018-12-12 21:25 - 2018-12-08 10:07 - 005625352 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
      2018-12-12 21:25 - 2018-12-08 10:06 - 001017168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
      2018-12-12 21:25 - 2018-12-08 10:05 - 007436216 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
      2018-12-12 21:25 - 2018-12-08 10:05 - 002822656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
      2018-12-12 21:25 - 2018-12-08 10:04 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
      2018-12-12 21:25 - 2018-12-08 10:04 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
      2018-12-12 21:25 - 2018-12-08 10:04 - 001943328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
      2018-12-12 21:25 - 2018-12-08 10:04 - 001188512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
      2018-12-12 21:25 - 2018-12-08 10:04 - 000416024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
      2018-12-12 21:25 - 2018-12-08 09:47 - 000861744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
      2018-12-12 21:25 - 2018-12-08 09:46 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
      2018-12-12 21:25 - 2018-12-08 09:46 - 000457056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
      2018-12-12 21:25 - 2018-12-08 09:45 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
      2018-12-12 21:25 - 2018-12-08 09:45 - 004789952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
      2018-12-12 21:25 - 2018-12-08 09:45 - 002307240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
      2018-12-12 21:25 - 2018-12-08 09:45 - 001620472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
      2018-12-12 21:25 - 2018-12-08 09:45 - 001379816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
      2018-12-12 21:25 - 2018-12-08 09:42 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
      2018-12-12 21:25 - 2018-12-08 09:41 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
      2018-12-12 21:25 - 2018-12-08 09:40 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
      2018-12-12 21:25 - 2018-12-08 09:38 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
      2018-12-12 21:25 - 2018-12-08 09:38 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
      2018-12-12 21:25 - 2018-12-08 09:37 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
      2018-12-12 21:25 - 2018-12-08 09:36 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
      2018-12-12 21:25 - 2018-12-08 09:36 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
      2018-12-12 21:25 - 2018-12-08 09:36 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
      2018-12-12 21:25 - 2018-12-08 09:36 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
      2018-12-12 21:25 - 2018-12-08 09:35 - 002126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
      2018-12-12 21:25 - 2018-12-08 09:33 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
      2018-12-12 21:25 - 2018-12-08 09:33 - 001457152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
      2018-12-12 21:25 - 2018-12-08 09:33 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
      2018-12-12 21:25 - 2018-12-08 09:32 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
      2018-12-12 21:25 - 2018-12-08 09:30 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
      2018-12-12 21:25 - 2018-12-08 09:29 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
      2018-12-12 21:25 - 2018-12-08 09:29 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
      2018-12-12 21:25 - 2018-12-08 09:28 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
      2018-12-12 21:25 - 2018-11-09 08:15 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
      2018-12-12 21:25 - 2018-11-09 07:59 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
      2018-12-12 21:25 - 2018-11-09 07:57 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
      2018-12-12 21:25 - 2018-11-09 07:55 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
      2018-12-12 21:25 - 2018-11-09 07:55 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
      2018-12-12 21:25 - 2018-11-09 07:32 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
      2018-12-12 21:25 - 2018-11-09 07:17 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
      2018-12-12 21:25 - 2018-11-09 04:56 - 001213472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
      2018-12-12 21:25 - 2018-11-09 04:48 - 003179760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
      2018-12-12 21:25 - 2018-11-09 04:48 - 001613288 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
      2018-12-12 21:25 - 2018-11-09 04:47 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
      2018-12-12 21:25 - 2018-11-09 04:21 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
      2018-12-12 21:25 - 2018-11-09 04:21 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
      2018-12-12 21:25 - 2018-11-09 04:18 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
      2018-12-12 21:25 - 2018-11-09 04:18 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
      2018-12-12 21:25 - 2018-11-09 04:16 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
      2018-12-12 21:25 - 2018-11-09 04:16 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
      2018-12-12 21:25 - 2018-11-09 04:15 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
      2018-12-12 21:25 - 2018-11-09 04:07 - 002417976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
      2018-12-12 21:25 - 2018-11-09 03:46 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
      2018-12-12 21:25 - 2018-11-09 03:29 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
      2018-12-12 21:25 - 2018-11-09 03:28 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
      2018-12-12 21:24 - 2018-12-08 14:48 - 000034104 _____ C:\WINDOWS\system32\SyncAppvPublishingServer.exe
      2018-12-12 21:24 - 2018-12-08 14:47 - 001627656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 001422864 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 001048712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 001038352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000954384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000830480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000825352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000750096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000670224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000652296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000645320 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000495632 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000399880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000258064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000231440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
      2018-12-12 21:24 - 2018-12-08 14:47 - 000228368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000201744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000180752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
      2018-12-12 21:24 - 2018-12-08 14:47 - 000173072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
      2018-12-12 21:24 - 2018-12-08 14:46 - 000549760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
      2018-12-12 21:24 - 2018-12-08 14:43 - 000304144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
      2018-12-12 21:24 - 2018-12-08 14:42 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
      2018-12-12 21:24 - 2018-12-08 14:41 - 000481880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
      2018-12-12 21:24 - 2018-12-08 14:39 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
      2018-12-12 21:24 - 2018-12-08 14:27 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.SecureAssessment.dll
      2018-12-12 21:24 - 2018-12-08 14:27 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
      2018-12-12 21:24 - 2018-12-08 14:27 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
      2018-12-12 21:24 - 2018-12-08 14:27 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
      2018-12-12 21:24 - 2018-12-08 14:23 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
      2018-12-12 21:24 - 2018-12-08 14:23 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
      2018-12-12 21:24 - 2018-12-08 14:23 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
      2018-12-12 21:24 - 2018-12-08 14:23 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
      2018-12-12 21:24 - 2018-12-08 14:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
      2018-12-12 21:24 - 2018-12-08 14:22 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
      2018-12-12 21:24 - 2018-12-08 14:22 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
      2018-12-12 21:24 - 2018-12-08 10:12 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
      2018-12-12 21:24 - 2018-12-08 10:12 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
      2018-12-12 21:24 - 2018-12-08 10:12 - 000092688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
      2018-12-12 21:24 - 2018-12-08 10:07 - 001328632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
      2018-12-12 21:24 - 2018-12-08 10:06 - 000777512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
      2018-12-12 21:24 - 2018-12-08 10:06 - 000491416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
      2018-12-12 21:24 - 2018-12-08 10:06 - 000433168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
      2018-12-12 21:24 - 2018-12-08 10:06 - 000249088 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
      2018-12-12 21:24 - 2018-12-08 10:05 - 001935008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
      2018-12-12 21:24 - 2018-12-08 10:05 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
      2018-12-12 21:24 - 2018-12-08 10:05 - 001018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
      2018-12-12 21:24 - 2018-12-08 10:05 - 000793592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
      2018-12-12 21:24 - 2018-12-08 10:05 - 000706040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
      2018-12-12 21:24 - 2018-12-08 10:05 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
      2018-12-12 21:24 - 2018-12-08 10:05 - 000421176 _____ (Microsoft Corporation) C:\WINDOWS\system32\xbgmengine.dll
      2018-12-12 21:24 - 2018-12-08 10:05 - 000413920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
      2018-12-12 21:24 - 2018-12-08 10:05 - 000130312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
      2018-12-12 21:24 - 2018-12-08 10:05 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fileinfo.sys
      2018-12-12 21:24 - 2018-12-08 10:04 - 002590296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
      2018-12-12 21:24 - 2018-12-08 10:04 - 001150312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
      2018-12-12 21:24 - 2018-12-08 10:04 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
      2018-12-12 21:24 - 2018-12-08 10:04 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
      2018-12-12 21:24 - 2018-12-08 10:04 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
      2018-12-12 21:24 - 2018-12-08 10:04 - 000413176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
      2018-12-12 21:24 - 2018-12-08 10:04 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
      2018-12-12 21:24 - 2018-12-08 10:04 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
      2018-12-12 21:24 - 2018-12-08 10:04 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
      2018-12-12 21:24 - 2018-12-08 10:04 - 000158624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
      2018-12-12 21:24 - 2018-12-08 10:04 - 000058168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
      2018-12-12 21:24 - 2018-12-08 09:47 - 000785760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
      2018-12-12 21:24 - 2018-12-08 09:46 - 001397104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
      2018-12-12 21:24 - 2018-12-08 09:46 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
      2018-12-12 21:24 - 2018-12-08 09:46 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
      2018-12-12 21:24 - 2018-12-08 09:45 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
      2018-12-12 21:24 - 2018-12-08 09:45 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
      2018-12-12 21:24 - 2018-12-08 09:45 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
      2018-12-12 21:24 - 2018-12-08 09:45 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
      2018-12-12 21:24 - 2018-12-08 09:45 - 000129296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
      2018-12-12 21:24 - 2018-12-08 09:39 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnsruprov.dll
      2018-12-12 21:24 - 2018-12-08 09:38 - 000419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\eeprov.dll
      2018-12-12 21:24 - 2018-12-08 09:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
      2018-12-12 21:24 - 2018-12-08 09:38 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
      2018-12-12 21:24 - 2018-12-08 09:38 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
      2018-12-12 21:24 - 2018-12-08 09:38 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
      2018-12-12 21:24 - 2018-12-08 09:38 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
      2018-12-12 21:24 - 2018-12-08 09:37 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
      2018-12-12 21:24 - 2018-12-08 09:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
      2018-12-12 21:24 - 2018-12-08 09:37 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
      2018-12-12 21:24 - 2018-12-08 09:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
      2018-12-12 21:24 - 2018-12-08 09:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
      2018-12-12 21:24 - 2018-12-08 09:37 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
      2018-12-12 21:24 - 2018-12-08 09:37 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
      2018-12-12 21:24 - 2018-12-08 09:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
      2018-12-12 21:24 - 2018-12-08 09:36 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
      2018-12-12 21:24 - 2018-12-08 09:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
      2018-12-12 21:24 - 2018-12-08 09:36 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
      2018-12-12 21:24 - 2018-12-08 09:36 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
      2018-12-12 21:24 - 2018-12-08 09:36 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
      2018-12-12 21:24 - 2018-12-08 09:36 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mmcss.sys
      2018-12-12 21:24 - 2018-12-08 09:35 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
      2018-12-12 21:24 - 2018-12-08 09:34 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
      2018-12-12 21:24 - 2018-12-08 09:34 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
      2018-12-12 21:24 - 2018-12-08 09:34 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
      2018-12-12 21:24 - 2018-12-08 09:34 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
      2018-12-12 21:24 - 2018-12-08 09:34 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
      2018-12-12 21:24 - 2018-12-08 09:33 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
      2018-12-12 21:24 - 2018-12-08 09:33 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
      2018-12-12 21:24 - 2018-12-08 09:33 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
      2018-12-12 21:24 - 2018-12-08 09:33 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
      2018-12-12 21:24 - 2018-12-08 09:32 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
      2018-12-12 21:24 - 2018-12-08 09:32 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
      2018-12-12 21:24 - 2018-12-08 09:32 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
      2018-12-12 21:24 - 2018-12-08 09:30 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
      2018-12-12 21:24 - 2018-12-08 09:30 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
      2018-12-12 21:24 - 2018-12-08 09:29 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
      2018-12-12 21:24 - 2018-12-08 09:29 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
      2018-12-12 21:24 - 2018-12-08 09:28 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
      2018-12-12 21:24 - 2018-12-08 09:28 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
      2018-12-12 21:24 - 2018-12-08 09:27 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
      2018-12-12 21:24 - 2018-12-08 09:27 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
      2018-12-12 21:24 - 2018-12-08 09:27 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
      2018-12-12 21:24 - 2018-12-08 09:27 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
      2018-12-12 21:24 - 2018-12-08 09:26 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
      2018-12-12 21:24 - 2018-12-08 09:26 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
      2018-12-12 21:24 - 2018-12-08 09:25 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
      2018-12-12 21:24 - 2018-12-08 09:25 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
      2018-12-12 21:24 - 2018-12-08 09:25 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
      2018-12-12 21:24 - 2018-12-08 09:25 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
      2018-12-12 21:24 - 2018-12-08 09:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
      2018-12-12 21:24 - 2018-12-08 09:24 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
      2018-12-12 21:24 - 2018-12-08 09:24 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
      2018-12-12 21:24 - 2018-12-08 09:24 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
      2018-12-12 21:24 - 2018-11-09 08:00 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
      2018-12-12 21:24 - 2018-11-09 07:58 - 000244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
      2018-12-12 21:24 - 2018-11-09 07:57 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
      2018-12-12 21:24 - 2018-11-09 07:56 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
      2018-12-12 21:24 - 2018-11-09 07:56 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
      2018-12-12 21:24 - 2018-11-09 07:56 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
      2018-12-12 21:24 - 2018-11-09 07:54 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
      2018-12-12 21:24 - 2018-11-09 07:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
      2018-12-12 21:24 - 2018-11-09 07:20 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
      2018-12-12 21:24 - 2018-11-09 07:20 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
      2018-12-12 21:24 - 2018-11-09 07:19 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
      2018-12-12 21:24 - 2018-11-09 07:18 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
      2018-12-12 21:24 - 2018-11-09 07:18 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
      2018-12-12 21:24 - 2018-11-09 04:49 - 000723416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
      2018-12-12 21:24 - 2018-11-09 04:49 - 000565048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
      2018-12-12 21:24 - 2018-11-09 04:49 - 000368656 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
      2018-12-12 21:24 - 2018-11-09 04:48 - 002719736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
      2018-12-12 21:24 - 2018-11-09 04:48 - 000899920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
      2018-12-12 21:24 - 2018-11-09 04:48 - 000766704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
      2018-12-12 21:24 - 2018-11-09 04:48 - 000745472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
      2018-12-12 21:24 - 2018-11-09 04:48 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
      2018-12-12 21:24 - 2018-11-09 04:47 - 002062392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
      2018-12-12 21:24 - 2018-11-09 04:47 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
      2018-12-12 21:24 - 2018-11-09 04:47 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
      2018-12-12 21:24 - 2018-11-09 04:47 - 000537912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
      2018-12-12 21:24 - 2018-11-09 04:22 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
      2018-12-12 21:24 - 2018-11-09 04:22 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
      2018-12-12 21:24 - 2018-11-09 04:21 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
      2018-12-12 21:24 - 2018-11-09 04:21 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
      2018-12-12 21:24 - 2018-11-09 04:21 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
      2018-12-12 21:24 - 2018-11-09 04:20 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
      2018-12-12 21:24 - 2018-11-09 04:20 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
      2018-12-12 21:24 - 2018-11-09 04:20 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
      2018-12-12 21:24 - 2018-11-09 04:20 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
      2018-12-12 21:24 - 2018-11-09 04:19 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
      2018-12-12 21:24 - 2018-11-09 04:19 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
      2018-12-12 21:24 - 2018-11-09 04:18 - 000573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
      2018-12-12 21:24 - 2018-11-09 04:18 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
      2018-12-12 21:24 - 2018-11-09 04:18 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
      2018-12-12 21:24 - 2018-11-09 04:17 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
      2018-12-12 21:24 - 2018-11-09 04:17 - 001069568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
      2018-12-12 21:24 - 2018-11-09 04:16 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
      2018-12-12 21:24 - 2018-11-09 04:16 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
      2018-12-12 21:24 - 2018-11-09 04:15 - 000933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
      2018-12-12 21:24 - 2018-11-09 04:15 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
      2018-12-12 21:24 - 2018-11-09 04:07 - 001299704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
      2018-12-12 21:24 - 2018-11-09 03:48 - 000550728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
      2018-12-12 21:24 - 2018-11-09 03:47 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
      2018-12-12 21:24 - 2018-11-09 03:46 - 002161008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
      2018-12-12 21:24 - 2018-11-09 03:46 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
      2018-12-12 21:24 - 2018-11-09 03:46 - 000721024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
      2018-12-12 21:24 - 2018-11-09 03:46 - 000573504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
      2018-12-12 21:24 - 2018-11-09 03:31 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
      2018-12-12 21:24 - 2018-11-09 03:31 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
      2018-12-12 21:24 - 2018-11-09 03:30 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
      2018-12-12 21:24 - 2018-11-09 03:30 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
      2018-12-12 21:24 - 2018-11-09 03:29 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
      2018-12-12 21:24 - 2018-11-09 03:29 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
      2018-12-12 21:24 - 2018-11-09 03:27 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
      2018-12-12 21:24 - 2018-11-09 03:26 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
      2018-12-12 21:24 - 2018-11-09 03:26 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
      2018-12-12 21:24 - 2018-11-09 03:25 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
      2018-12-12 21:24 - 2018-11-09 03:25 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2019-01-10 20:59 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
      2019-01-10 19:30 - 2018-09-16 16:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
      2019-01-09 18:35 - 2018-09-16 16:27 - 001532434 _____ C:\WINDOWS\system32\PerfStringBackup.INI
      2019-01-09 18:35 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
      2019-01-09 18:35 - 2017-07-30 15:50 - 000536072 _____ C:\WINDOWS\system32\perfh002.dat
      2019-01-09 18:35 - 2017-07-30 15:50 - 000162902 _____ C:\WINDOWS\system32\perfc002.dat
      2019-01-09 18:29 - 2018-09-16 16:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2019-01-08 23:43 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
      2019-01-08 23:42 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
      2019-01-08 23:42 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
      2019-01-08 21:01 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
      2019-01-08 20:25 - 2018-09-16 16:31 - 000004550 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
      2019-01-08 20:25 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
      2019-01-08 20:25 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
      2019-01-08 20:21 - 2018-09-16 16:31 - 000004586 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
      2019-01-07 22:18 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
      2019-01-06 23:41 - 2017-12-25 22:05 - 000000000 ____D C:\Users\User\Desktop\1
      2019-01-06 00:54 - 2017-07-19 15:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2019-01-06 00:54 - 2017-07-19 15:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
      2019-01-06 00:39 - 2017-07-19 16:04 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
      2019-01-06 00:39 - 2017-07-19 15:57 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
      2019-01-05 19:20 - 2017-07-19 16:01 - 000000000 ____D C:\Users\User\AppData\Roaming\TeamViewer
      2019-01-05 18:45 - 2017-07-20 10:24 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2019-01-04 19:10 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
      2019-01-03 22:12 - 2017-08-09 19:30 - 000001456 _____ C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
      2019-01-02 21:41 - 2018-04-12 01:41 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
      2019-01-02 21:41 - 2018-04-12 01:41 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
      2019-01-01 20:39 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
      2018-12-25 00:42 - 2017-07-21 09:01 - 000000000 ____D C:\Users\User\AppData\Roaming\qBittorrent
      2018-12-23 23:24 - 2018-02-23 22:15 - 000000000 ____D C:\Users\User\AppData\Local\Packages
      2018-12-23 10:06 - 2017-07-21 21:21 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приложения в Chrome
      2018-12-20 20:04 - 2018-09-16 16:31 - 000003518 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
      2018-12-20 20:04 - 2018-09-16 16:31 - 000003394 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
      2018-12-20 19:17 - 2018-09-16 16:31 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-619769886-4034110463-2982145271-1001
      2018-12-20 19:17 - 2018-09-16 16:16 - 000002388 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
      2018-12-20 19:17 - 2017-07-19 09:25 - 000000000 ___RD C:\Users\User\OneDrive
      2018-12-16 17:01 - 2017-07-21 09:02 - 000000000 ____D C:\ProgramData\TEMP
      2018-12-16 16:29 - 2017-07-20 10:33 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
      2018-12-14 00:22 - 2017-09-16 08:33 - 000000000 ____D C:\Program Files (x86)\Audacity
      2018-12-13 23:56 - 2017-07-19 15:57 - 000000000 ____D C:\Program Files (x86)\Google
      2018-12-13 23:54 - 2018-09-09 15:45 - 000000000 ___DC C:\WINDOWS\Panther
      2018-12-13 18:42 - 2018-02-23 22:31 - 000000000 ___RD C:\Users\User\3D Objects
      2018-12-13 18:42 - 2016-11-21 09:30 - 000000000 __RHD C:\Users\Public\AccountPictures
      2018-12-13 18:40 - 2018-09-16 16:13 - 000401856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
      2018-12-12 22:57 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
      2018-12-12 22:57 - 2018-04-12 01:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
      2018-12-12 22:57 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellComponents
      ==================== Files in the root of some directories =======
      2017-12-25 22:02 - 2017-12-25 22:02 - 000000128 ____H () C:\Users\User\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
      2017-08-09 19:30 - 2019-01-03 22:12 - 000001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-09-16 16:12
      ==================== End of FRST.txt ============================
      Addition.txt
    • от B0rn T0 P0rN (Forest*)
      Нещо не схванах каква е цялата схема на раздела, но моето не е чак толкова голям проблем. Изтеглих си Bandicam от "някакъв" сайт, но когато тръгнах да го инсталирам ми изкара прозорче, в което искаше да му дам достъп като админ, за да продължи инсталацията. Направи ми впечатление, че искаше да инсталира някакъв друг software и направо му цъкнах Cancel, след това компютъра заби за около 1-2 секунди, отворих Task manager-a, поне над 6-7 процеса (непознати) работеха, както и да е, инсталира ми някакви програмки, премахнах ги, всичко ток ама без жицата. Остана един друг проблееем.. Сега от цялата история остана един AD който не намирам начин да го премахна.. Гледах, суках, струвах, изтеглих Junkware Removal Tool-a дето уж щял да помогне но уви, не помогна. Ето ей таз глупост не успявам да я премахна > ЦЪК < На антивирустни изобщо не се доверявам, хем компютъра цикли повече от тях, хем двойно повече вируси се бъкат.. Абе като дъвка са за вирусите. Ето и log-a след края на JRT; 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.4 (07.09.2017) Operating System: Windows 7 Ultimate x64 Ran by idk (Administrator) on ўв 15.01.2019 Ј. at 3:38:08,89 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 17 Failed to delete: C:\Program Files (x86)\proxygate (Folder) Successfully deleted: C:\Users\idk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Users\idk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\idk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F68ZGOQX (Temporary Internet Files Folder) Successfully deleted: C:\Users\idk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIQK8NQU (Temporary Internet Files Folder) Successfully deleted: C:\Users\idk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\idk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HML355FN (Temporary Internet Files Folder) Successfully deleted: C:\Users\idk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Users\idk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1LRYOEA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F68ZGOQX (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIQK8NQU (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HML355FN (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1LRYOEA (Temporary Internet Files Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on ўв 15.01.2019 Ј. at 3:40:09,86 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Само ми направи впечатление ей това > "Failed to delete: C:\Program Files (x86)\proxygate (Folder)", нещо ми е много мерак да го изтрия ръчно?
    • от legolas69
      Здравейте, въпросният лаптоп се използва от майка ми за ежедневни дейности и то рядко. При стартирането на системата ESET засича PUP.Optional.Reimage, позволих си да сканирам с Malwarebytes, БЕЗ да предприемам действия. Каква е тази папка и има ли нещо притеснително ? Благодаря предварително. 
      Addition.txt
      FRST.txt
      malwarebytes.txt
    • от v3cko
      Здравейте и за много години,моят проблем хром бавно отваря забива и се срива- отварят се по няколко страници . В момента съм safe mode иначе забива
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2019
      Ran by ВЕС (administrator) on WIN-SKFJ6HLGST2 (03-01-2019 20:43:32)
      Running from C:\Users\ВЕС\Downloads
      Loaded Profiles: ВЕС (Available Profiles: ВЕС)
      Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
      Internet Explorer Version 8 (Default browser: Chrome)
      Boot Mode: Safe Mode (with Networking)
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\Run: [DHY0GM3ATCSFE7M] => "C:\Program Files\x0h1djdcnoe\3OQCH.exe"
      HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize 
      HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\MountPoints2: {41be252d-0f82-11e9-a624-002713343a56} - F:\Lenovo_Suite.exe
      HKLM\...\Drivers32: [MSVideo8] => C:\Windows\system32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)
      HKLM\Software\Microsoft\Active Setup\Installed Components: [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -> C:\Windows\System32\iedkcs32.dll [2010-11-20] (Microsoft Corporation)
      HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2019-01-03] (Google Inc.)
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{840DEA2A-8553-4D25-A5FB-7DB86C5BFBE5}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{EE11610E-0BCC-42A7-A0AC-89B4A3B92BF1}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-3512987231-521144983-709920193-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
      SearchScopes: HKU\S-1-5-21-3512987231-521144983-709920193-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10477_754_190103&q={searchTerms}
      BHO: YoutubeAdBlock -> {984AFA40-4BEC-457F-AEDE-FE3404A646FA} -> C:\Program Files\VKkhWVSisIE\kwTiXoR.dll => No File
      FireFox:
      ========
      FF ProfilePath: C:\Users\ВЕС\AppData\Roaming\K-Meleon\oytl87x0.default [2019-01-03]
      FF user.js: detected! => C:\Users\ВЕС\AppData\Roaming\K-Meleon\oytl87x0.default\user.js [2006-04-06]
      FF Extension: (NewsFox) - C:\Users\ВЕС\Downloads\k-meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2016-01-04] [Legacy] [not signed]
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]
      Chrome: 
      =======
      CHR HomePage: Default -> hxxp://google.bg/
      CHR Profile: C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default [2019-01-03]
      CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2019-01-03]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-03]
      CHR Extension: (Chrome Media Router) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-03]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      "qamplvkj" => service was unlocked. <==== ATTENTION
      S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [375776 2018-12-12] (Google Inc.)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
      S2 qamplvkj; C:\Windows\system32\qamplvkj\dfaricjc.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
      S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
      S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [172280 2019-01-03] (Malwarebytes)
      S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [106144 2019-01-03] (Malwarebytes)
      S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [63760 2019-01-03] (Malwarebytes)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [230120 2019-01-03] (Malwarebytes)
      S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [83648 2019-01-03] (Malwarebytes)
      U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2019-01-04 03:15 - 2019-01-04 03:15 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
      2019-01-04 03:15 - 2019-01-04 03:15 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
      2019-01-04 03:14 - 2019-01-04 03:14 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
      2019-01-04 03:10 - 2019-01-03 18:31 - 000000000 ____D C:\Windows\Panther
      2019-01-04 03:03 - 2019-01-04 03:03 - 000000000 ____D C:\Windows.old
      2019-01-03 20:43 - 2019-01-03 20:43 - 001783808 _____ (Farbar) C:\Users\ВЕС\Downloads\FRST.exe
      2019-01-03 20:43 - 2019-01-03 20:43 - 000007564 _____ C:\Users\ВЕС\Downloads\FRST.txt
      2019-01-03 20:43 - 2019-01-03 20:43 - 000000000 ____D C:\FRST
      2019-01-03 20:18 - 2019-01-03 20:18 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
      2019-01-03 20:18 - 2019-01-03 20:18 - 000083648 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
      2019-01-03 20:18 - 2019-01-03 20:18 - 000063760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2019-01-03 20:03 - 2019-01-03 20:03 - 000000000 ____D C:\Users\ВЕС\AppData\Local\mbam
      2019-01-03 20:02 - 2019-01-03 20:42 - 000172280 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2019-01-03 20:02 - 2019-01-03 20:02 - 000230120 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2019-01-03 20:02 - 2019-01-03 20:02 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\Users\ВЕС\AppData\Local\mbamtray
      2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\ProgramData\Malwarebytes
      2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\Program Files\Malwarebytes
      2019-01-03 20:02 - 2018-12-04 08:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
      2019-01-03 20:00 - 2019-01-03 20:01 - 081227760 _____ (Malwarebytes ) C:\Users\ВЕС\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
      2019-01-03 19:40 - 2019-01-03 20:03 - 000000000 ____D C:\ProgramData\RogueKiller
      2019-01-03 19:40 - 2019-01-03 19:40 - 029162424 _____ (Adlice Software ) C:\Users\ВЕС\Downloads\RogueKiller_setup.exe
      2019-01-03 19:40 - 2019-01-03 19:40 - 000001001 _____ C:\Users\Public\Desktop\RogueKiller.lnk
      2019-01-03 19:40 - 2019-01-03 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
      2019-01-03 19:40 - 2019-01-03 19:40 - 000000000 ____D C:\Program Files\RogueKiller
      2019-01-03 19:34 - 2019-01-03 20:42 - 000265284 _____ C:\Windows\ntbtlog.txt
      2019-01-03 19:30 - 2019-01-03 19:30 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
      2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\teiqv2gvtfm
      2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\imgn0qmwmwh
      2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\acysy1vaoki
      2019-01-03 19:10 - 2019-01-03 19:10 - 006161408 _____ C:\Users\ВЕС\AppData\Local\dump007.dat
      2019-01-03 19:09 - 2019-01-03 19:09 - 000000009 _____ C:\Users\ВЕС\rstr1.ini
      2019-01-03 19:08 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\3zxuksmazmq
      2019-01-03 19:07 - 2019-01-03 19:07 - 000000258 __RSH C:\Users\ВЕС\ntuser.pol
      2019-01-03 19:04 - 2019-01-03 19:04 - 000000000 ____D C:\Windows\system32\qamplvkj
      2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\vi5lm2mflim
      2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\sq0zlve2tqj
      2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\qc1oa2vrskn
      2019-01-03 19:02 - 2019-01-03 19:02 - 000000000 ____D C:\Users\ВЕС\AppData\LocalLow\yHNPHHIzKpsCK
      2019-01-03 19:01 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\423viiu5lfu
      2019-01-03 19:01 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Michael
      2019-01-03 19:01 - 2019-01-03 19:19 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\ShopMore
      2019-01-03 19:01 - 2019-01-03 19:07 - 000002964 __RSH C:\ProgramData\ntuser.pol
      2019-01-03 19:01 - 2019-01-03 19:01 - 000493800 _____ (VideoDriver) C:\Windows\D04DE5140B2D.sys
      2019-01-03 19:01 - 2019-01-03 19:01 - 000140800 _____ C:\Users\ВЕС\AppData\Local\installer.dat
      2019-01-03 19:01 - 2019-01-03 19:01 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Python
      2019-01-03 19:00 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\ezc3lfxnx4j
      2019-01-03 19:00 - 2019-01-03 19:00 - 000000003 _____ C:\Users\ВЕС\AppData\Local\wbem.ini
      2019-01-03 19:00 - 2019-01-03 19:00 - 000000000 ____D C:\ProgramData\{AC10FE2E-1A46-0496-3E07-15883EE04CD9}
      2019-01-03 19:00 - 2019-01-03 19:00 - 000000000 ____D C:\ProgramData\{59403C6F-D807-F1C6-7FC5-457D7F221C2C}
      2019-01-03 18:57 - 2019-01-03 18:57 - 000008906 _____ C:\Users\NYBMYXMIG-DECRYPT.txt
      2019-01-03 18:57 - 2019-01-03 18:57 - 000008906 _____ C:\NYBMYXMIG-DECRYPT.txt
      2019-01-03 18:57 - 2019-01-03 18:57 - 000000000 ____H C:\d85105b2d85102533b.lock
      2019-01-03 18:56 - 2019-01-03 18:56 - 000000000 ____D C:\ProgramData\HCRGWPOIZH4OHCKX91M2
      2019-01-03 18:56 - 2015-08-03 08:53 - 000384000 _____ (SafeIP) C:\Windows\system32\SafeIPs.dll
      2019-01-03 18:55 - 2019-01-03 20:05 - 000000000 ____D C:\Program Files\KMSPico 10.2.1 Final
      2019-01-03 18:53 - 2018-12-10 23:04 - 000499424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
      2019-01-03 18:48 - 2019-01-03 18:48 - 001259736 _____ (Plarium) C:\Users\ВЕС\Downloads\PlariumPlaySetup (1).exe
      2019-01-03 18:46 - 2019-01-03 18:46 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Package Cache
      2019-01-03 18:45 - 2019-01-03 19:03 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Mozilla
      2019-01-03 18:45 - 2019-01-03 18:45 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\K-Meleon
      2019-01-03 18:45 - 2019-01-03 18:45 - 000000000 ____D C:\Users\ВЕС\AppData\Local\K-Meleon
      2019-01-03 18:44 - 2019-01-03 18:44 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Plarium
      2019-01-03 18:44 - 2019-01-03 18:44 - 000000000 ____D C:\Users\ВЕС\AppData\Local\CEF
      2019-01-03 18:39 - 2019-01-03 18:39 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Google
      2019-01-03 18:38 - 2019-01-03 19:53 - 000002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2019-01-03 18:38 - 2019-01-03 19:53 - 000002161 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2019-01-03 18:37 - 2019-01-03 19:02 - 000000000 ____D C:\Program Files\Google
      2019-01-03 18:37 - 2019-01-03 19:00 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Google
      2019-01-03 18:37 - 2019-01-03 18:37 - 000057560 _____ C:\Users\ВЕС\AppData\Local\GDIPFONTCACHEV1.DAT
      2019-01-03 18:37 - 2019-01-03 18:37 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Deployment
      2019-01-03 18:37 - 2019-01-03 18:37 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Apps\2.0
      2019-01-03 18:36 - 2014-05-14 17:23 - 001973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
      2019-01-03 18:36 - 2014-05-14 17:23 - 000054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
      2019-01-03 18:36 - 2014-05-14 17:23 - 000045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
      2019-01-03 18:36 - 2014-05-14 17:17 - 002425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
      2019-01-03 18:36 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
      2019-01-03 18:36 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
      2019-01-03 18:33 - 2019-01-03 19:53 - 000001335 _____ C:\Users\ВЕС\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      2019-01-03 18:33 - 2019-01-03 19:09 - 000000000 ____D C:\Users\ВЕС
      2019-01-03 18:33 - 2019-01-03 18:33 - 000000020 ___SH C:\Users\ВЕС\ntuser.ini
      2019-01-03 18:33 - 2019-01-03 18:33 - 000000000 ____D C:\Users\ВЕС\AppData\Local\VirtualStore
      2019-01-03 18:33 - 2010-11-21 01:46 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Media Center Programs
      2019-01-03 16:27 - 2019-01-03 16:27 - 000000000 ____D C:\My Drivers
      2018-12-30 08:50 - 2018-12-30 08:50 - 005183296 _____ (Marcin Szeniak ) C:\Users\ВЕС\Downloads\BCUninstaller_4.12.1_setup.exe
      2018-12-29 13:35 - 2018-12-29 13:35 - 000000000 ____D C:\SWSetup
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2019-01-04 03:15 - 2009-07-14 05:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
      2019-01-04 03:15 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\sysprep
      2019-01-04 03:12 - 2010-11-21 01:46 - 000000000 ____D C:\Windows\CSC
      2019-01-04 03:10 - 2009-07-14 05:52 - 000028672 _____ C:\Windows\system32\config\BCD-Template
      2019-01-03 20:30 - 2010-11-20 22:01 - 000713888 _____ C:\Windows\system32\PerfStringBackup.INI
      2019-01-03 20:30 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
      2019-01-03 20:18 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2019-01-03 20:17 - 2009-07-14 05:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2019-01-03 20:17 - 2009-07-14 05:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2019-01-03 19:01 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\GroupPolicy
      2019-01-03 18:57 - 2018-08-11 19:54 - 000000000 ____D C:\Intel
      2019-01-03 18:57 - 2017-10-21 13:53 - 000000000 ____D C:\LFS
      2019-01-03 18:57 - 2017-09-25 20:50 - 000000000 ___RD C:\BECKO-PC
      2019-01-03 18:57 - 2017-04-14 15:10 - 000036892 ____H C:\iCS Source.suo.nybmyxmig
      2019-01-03 18:33 - 2009-07-14 05:33 - 000266808 _____ C:\Windows\system32\FNTCACHE.DAT
      2019-01-03 18:31 - 2009-07-14 03:37 - 000000000 __RHD C:\Users\Public\Libraries
      2019-01-03 17:30 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\rescache
      2019-01-03 15:34 - 2018-08-11 14:17 - 000000000 ____D C:\Users\ВЕС\Downloads\k-meleon
      2019-01-01 13:09 - 2018-09-02 13:32 - 000000000 ____D C:\Users\ВЕС\Documents\TalkHelper
      ==================== Files in the root of some directories =======
      1601-01-03 21:26 - 1601-01-03 21:26 - 000186368 ____N (Microsoft Corporation) C:\Users\ВЕС\AppData\Local\aIQEonJ.exe
      2019-01-03 19:10 - 2019-01-03 19:10 - 006161408 _____ () C:\Users\ВЕС\AppData\Local\dump007.dat
      2019-01-03 19:01 - 2019-01-03 19:01 - 000140800 _____ () C:\Users\ВЕС\AppData\Local\installer.dat
      2019-01-03 19:00 - 2019-01-03 19:00 - 000000003 _____ () C:\Users\ВЕС\AppData\Local\wbem.ini
      Some files in TEMP:
      ====================
      2019-01-03 18:56 - 2019-01-03 18:56 - 000710464 _____ () C:\Users\ВЕС\AppData\Local\Temp\3.exe
      2019-01-03 19:00 - 2019-01-03 19:00 - 001312696 _____ (                                                            ) C:\Users\ВЕС\AppData\Local\Temp\fastdatax.exe
      2019-01-03 19:09 - 2019-01-03 20:19 - 000000000 ____D () C:\Users\ВЕС\AppData\Local\Temp\IEShims.dll
      2019-01-03 19:00 - 2019-01-03 19:00 - 003520512 _____ () C:\Users\ВЕС\AppData\Local\Temp\installer_mi.exe
      2019-01-03 18:56 - 2019-01-03 18:56 - 002715792 _____ (SafeIP, LLC.                                                ) C:\Users\ВЕС\AppData\Local\Temp\update.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2019-01-04 03:11
      ==================== End of FRST.txt ===========================
      Addition.txt

    • от Шабан Талипов
      Някой може ли дами помогне, тази грешка забранява достъпа на обновление на windows-a и не позволява включването на защитната стена. Пробвах с антивирусна програма bitdefender без успех
  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.