Премини към съдържанието

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

Liuboslav Aleksandrov

Имам вирус, който ми изтрива антивирусните

Препоръчан отговор


Здравейте, проблемът ми е такъв, че когато се отворя нещо с свързано (било то сайт, процес и т.н.) с антивирусна програма само се прекратява, изтрива, премахва...Видях потребител, който е имал същия проблем, но разбрах, че се работи индивидуално по проблема. Моят проблем е абсолютно същият като във тази тема.

http://www.kaldata.com/forums/topic/151861-%D0%B8%D0%BC%D0%B0%D0%BC-%D0%B2%D0%B8%D1%80%D1%83%D1%81%D0%BA%D0%BE%D0%B9%D1%82%D0%BE-%D0%B8%D0%B7%D1%82%D1%80%D0%B8-%D0%B0%D0%BD%D1%82%D0%B8%D0%B2%D0%B8%D1%80%D1%83%D1%81%D0%BD%D0%B0%D1%82%D0%B0-%D0%BF%D1%80%D0%BE%D0%B3%D1%80%D0%B0%D0%BC%D0%B0/

 

Докладите:

DDS.txt

 

 

DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2 Run by qwerty at 22:53:05 on 2013-08-03 Microsoft Windows XP Professional  5.1.2600.3.1251.359.1033.18.894.106 [GMT 3:00] . AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes ================ . C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSsystem32Ati2evxx.exe C:Program FilesAviraAntiVir Desktopsched.exe C:WINDOWSExplorer.EXE C:Program FilesGoogleUpdate1.3.21.153GoogleCrashHandler.exe C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe C:Program FilesCommon FilesABBYYFineReader11.00LicensingCENetworkLicenseServer.exe C:WINDOWSsystem32ctfmon.exe C:Program FilesJavajre7binjqs.exe C:Program FilesNeroUpdateNASvc.exe C:Documents and SettingsAll UsersApplication DataSkypeToolbarsSkype C2C Servicec2c_service.exe C:DOCUME~1qwertyLOCALS~1Tempwinwqjuvd.exe C:DOCUME~1qwertyLOCALS~1Tempwinksxqtd.exe C:DOCUME~1qwertyLOCALS~1Tempwinscyeo.exe C:Program FilesMozilla Firefoxfirefox.exe C:Program FilesMozilla Firefoxplugin-container.exe C:Program FilesSkypePhoneSkype.exe C:WINDOWSsystem32rundll32.exe C:WINDOWSsystem32sndrec32.exe C:WINDOWSsystem32wbemwmiprvse.exe C:WINDOWSSystem32svchost.exe -k netsvcs C:WINDOWSsystem32svchost.exe -k NetworkService C:WINDOWSsystem32svchost.exe -k LocalService C:WINDOWSsystem32svchost.exe -k LocalService C:WINDOWSsystem32svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:program filescanoneasy-webprint exewpexbho.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:program filesjavajre7binssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:program filesjavajre7binjp2ssv.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:program filescanoneasy-webprint exewpexhlp.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:program filescanoneasy-webprint exewpexhlp.dll EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:program filescanoneasy-webprint exewpexhlp.dll uRun: [CTFMON.EXE] c:windowssystem32ctfmon.exe uRun: [DAEMON Tools Lite] "d:daemon tools liteDTLite.exe" -autorun uRun: [Google Update] "c:documents and settingsqwertylocal settingsapplication datagoogleupdateGoogleUpdate.exe" /c uRun: [northbridge] c:intelnorthbridge.bat uRunOnce: [FlashPlayerUpdate] c:windowssystem32macromedflashFlashUtil32_11_7_700_224_Plugin.exe -update plugin mRun: [DWPersistentQueuedReporting] c:program filescommon filesmicrosoft shareddwDWTRIG20.EXE -a mRun: [ATICCC] "c:program filesati technologiesati.aceCLIStart.exe" mRun: [NeroFilterCheck] c:windowssystem32NeroCheck.exe mRun: [GrooveMonitor] "c:program filesmicrosoft officeoffice12GrooveMonitor.exe" mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe" mRun: [bonus.SSR.FR11] "d:fine readernew folderBonus.ScreenshotReader.exe" /autorun mRun: [CanonSolutionMenu] c:program filescanonsolutionmenuCNSLMAIN.exe /logon mRun: [LogMeIn Hamachi Ui] "D:hamachi-2-ui.exe" --auto-start mRun: [avgnt] "c:program filesaviraantivir desktopavgnt.exe" /min mRun: [FixCamera] c:windowsFixCamera.exe mRun: [tsnp2std] c:windowstsnp2std.exe mRun: [snpstd3] c:windowsvsnpstd3.exe mRun: [tsnpstd3] c:windowstsnpstd3.exe dRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXE StartupFolder: c:docume~1qwertystartm~1programsstartupon-scr~1.lnk - c:windowssystem32osk.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableLUA = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:progra~1micros~4office12EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:program filesmicrosoft officeoffice12ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe TCP: NameServer = 172.16.1.1 TCP: Interfaces{F615EF8F-D91B-41ED-AED3-73B03AE098FD} : DHCPNameServer = 172.16.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:program filesmicrosoft officeoffice12GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:program filescommon filesskypeSkype4COM.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:program filesgooglechromeapplication28.0.1500.95installerchrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:documents and settingsqwertyapplication datamozillafirefoxprofileswahsbg9c.default-1373472550146 FF - plugin: c:documents and settingsqwertyapplication datamozillapluginsnpgoogletalk.dll FF - plugin: c:documents and settingsqwertyapplication datamozillapluginsnpgtpo3dautoplugin.dll FF - plugin: c:documents and settingsqwertyapplication datamozillapluginsnpo1d.dll FF - plugin: c:documents and settingsqwertylocal settingsapplication datagoogleupdate1.3.21.153npGoogleUpdate3.dll FF - plugin: c:progra~1common~1nerobrowse~1npBrowserPlugin.dll FF - plugin: c:program filesadobereader 10.0readerairnppdf32.dll FF - plugin: c:program filesgoogleupdate1.3.21.153npGoogleUpdate3.dll FF - plugin: c:program filesjavajre7binplugin2npjp2.dll FF - plugin: c:program filesmicrosoft silverlight5.1.20513.0npctrlui.dll FF - plugin: c:windowssystem32macromedflashNPSWF32_11_7_700_224.dll FF - plugin: c:windowssystem32npDeployJava1.dll FF - plugin: c:windowssystem32npptools.dll FF - plugin: d:winamp detectnpwachk.dll . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;c:windowssystem32driversavkmgr.sys [2013-7-28 37352] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32driversdtsoftbus01.sys [2013-3-4 242240] R2 ABBYY.Licensing.FineReader.Corporate.11.0;ABBYY FineReader 11 CE Licensing Service;c:program filescommon filesabbyyfinereader11.00licensingceNetworkLicenseServer.exe [2011-12-22 818952] R2 AntiVirSchedulerService;Avira Scheduler;c:program filesaviraantivir desktopsched.exe [2013-7-28 84024] R2 avgntflt;avgntflt;c:windowssystem32driversavgntflt.sys [2013-7-28 84744] R2 NAUpdate;Nero Update;c:program filesneroupdateNASvc.exe [2012-7-13 769432] R2 Skype C2C Service;Skype C2C Service;c:documents and settingsall usersapplication dataskypetoolbarsskype c2c servicec2c_service.exe [2013-1-31 3289208] R3 amsint32;amsint32;??c:windowssystem32driversfknskq.sys --> c:windowssystem32driversfknskq.sys [?] S2 AntiVirService;Avira Real-Time Protection;c:program filesaviraantivir desktopavguard.exe [2013-7-28 108088] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384] S2 gupdate;Услуга на Google Актуализация (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2013-7-28 116648] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:hamachi-2.exe -s --> d:hamachi-2.exe -s [?] S2 SkypeUpdate;Skype Updater;c:program filesskypeupdaterUpdater.exe [2013-2-28 161384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32macromedflashFlashPlayerUpdateService.exe [2013-2-19 256904] S3 gupdatem;Услуга на Google Актуализация (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2013-7-28 116648] S3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversmbamswissarmy.sys [2013-8-3 40776] S3 MozillaMaintenance;Mozilla Maintenance Service;c:program filesmozilla maintenance servicemaintenanceservice.exe [2013-2-18 117144] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:windowsmicrosoft.netframeworkv4.0.30319wpfWPFFontCache_v0400.exe [2013-4-18 754856] S4 AntiVirWebService;Avira Web Protection;c:program filesaviraantivir desktopavwebgrd.exe [2013-7-28 589368] . =============== Created Last 30 ================ . 2013-08-03 06:20:17  --------  d-----w-  c:program filesSHOUTcast 2013-08-03 05:46:41  40776  ----a-w-  c:windowssystem32driversmbamswissarmy.sys 2013-08-03 05:35:04  --------  d-----w-  c:documents and settingsqwertyapplication dataURSoft 2013-08-02 11:32:59  53760  -c--a-w-  c:windowssystem32dllcachevfwwdm32.dll 2013-08-02 11:32:59  53760  ----a-w-  c:windowssystem32vfwwdm32.dll 2013-07-30 19:08:11  913408  ----a-w-  c:windowsvsnpstd3.exe 2013-07-30 19:08:11  348160  ----a-w-  c:windowstsnpstd3.exe 2013-07-30 19:08:10  3968  ----a-w-  c:windowssystem32driversDeNoise.sys 2013-07-30 19:08:10  10423936  ----a-w-  c:windowssystem32driverssnpstd3.sys 2013-07-30 19:08:08  61440  ----a-w-  c:windowssystem32vsnpstd3.dll 2013-07-30 19:08:08  53248  ----a-w-  c:windowssystem32csnpstd3.dll 2013-07-30 19:08:08  53248  ----a-w-  c:windowscsnpstd3.dll 2013-07-30 19:08:08  155648  ----a-w-  c:windowssystem32rsnpstd3.dll 2013-07-30 19:08:07  --------  d-----w-  c:program filescommon filessnpstd3 2013-07-30 18:44:44  423200  ----a-w-  c:windowsWindowsXP-KB822603-x86.exe 2013-07-30 18:44:43  675840  ----a-w-  c:windowsvsnp2std.exe 2013-07-30 18:44:43  331776  ----a-w-  c:windowstsnp2std.exe 2013-07-30 18:44:43  25472  ----a-w-  c:windowssystem32driverssncamd.sys 2013-07-30 18:44:40  12033024  ----a-w-  c:windowssystem32driverssnp2sxp.sys 2013-07-30 18:44:38  77824  ----a-w-  c:windowssystem32csnp2std.dll 2013-07-30 18:44:38  249856  ----a-w-  c:windowssystem32vsnp2std.dll 2013-07-30 18:44:38  151552  ----a-w-  c:windowssystem32rsnp2std.dll 2013-07-30 18:44:38  --------  d-----w-  c:program filescommon filessnp2std 2013-07-30 18:21:01  98304  ----a-w-  c:windowsamcap.exe 2013-07-30 18:21:01  90112  ----a-w-  c:windowsFixCamera.exe 2013-07-30 14:59:20  --------  d-----w-  c:documents and settingsqwertyapplication dataAvira 2013-07-27 21:56:11  84744  ----a-w-  c:windowssystem32driversavgntflt.sys 2013-07-27 21:56:11  37352  ----a-w-  c:windowssystem32driversavkmgr.sys 2013-07-27 21:56:01  --------  d-----w-  c:program filesAvira 2013-07-27 21:56:01  --------  d-----w-  c:documents and settingsall usersapplication dataAvira 2013-07-11 20:00:54  --------  d-----w-  c:documents and settingsqwertyapplication dataMalwarebytes 2013-07-11 20:00:44  --------  d-----w-  c:documents and settingsall usersapplication dataMalwarebytes 2013-07-11 20:00:42  22856  ----a-w-  c:windowssystem32driversmbam.sys 2013-07-11 20:00:42  --------  d-----w-  c:program filesMalwarebytes' Anti-Malware . ==================== Find3M  ==================== . 2013-06-12 05:08:13  71048  ----a-w-  c:windowssystem32FlashPlayerCPLApp.cpl 2013-06-12 05:08:13  692104  ----a-w-  c:windowssystem32FlashPlayerApp.exe 2013-06-07 21:56:06  920064  ----a-w-  c:windowssystem32wininet.dll 2013-06-07 21:56:06  43520  ----a-w-  c:windowssystem32licmgr10.dll 2013-06-07 21:56:05  1469440  ----a-w-  c:windowssystem32inetcpl.cpl 2013-06-07 20:55:44  385024  ----a-w-  c:windowssystem32html.iec 2013-06-04 07:23:02  562688  ----a-w-  c:windowssystem32qedit.dll 2013-06-04 01:40:45  1876736  ----a-w-  c:windowssystem32win32k.sys 2013-05-08 21:28:02  1543680  ----a-w-  c:windowssystem32wmvdecod.dll . ============= FINISH: 22:58:56,27 ===============  

 

Attach.exe

 

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-09-30.01) . Microsoft Windows XP Professional Boot Device: DeviceHarddiskVolume1 Install Date: 18.2.2013 г. 14:17:32 System Uptime: 03.8.2013 г. 10:49:58 (12 hours ago) . Motherboard: MSI |  | 0A48 Processor: Intel® Pentium® D CPU 3.00GHz |  | 3000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 30 GiB total, 14,452 GiB free. D: is FIXED (NTFS) - 119 GiB total, 105,728 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318} Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard Device ID: ACPIPNP03033&61AAA01&0 Manufacturer: (Standard keyboards) Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard PNP Device ID: ACPIPNP03033&61AAA01&0 Service: i8042prt . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Hamachi Network Interface Device ID: ROOTNET0000 Manufacturer: LogMeIn, Inc. Name: Hamachi Network Interface PNP Device ID: ROOTNET0000 Service: hamachi . ==== System Restore Points =================== . RP135: 12.7.2013 г. 14:00:19 - Software Distribution Service 3.0 RP136: 13.7.2013 г. 14:00:18 - Software Distribution Service 3.0 RP137: 27.7.2013 г. 17:44:44 - Software Distribution Service 3.0 RP138: 28.7.2013 г. 14:00:21 - Software Distribution Service 3.0 RP139: 29.7.2013 г. 14:00:24 - Software Distribution Service 3.0 RP140: 30.7.2013 г. 14:00:20 - Software Distribution Service 3.0 RP141: 30.7.2013 г. 21:20:52 - Installed USB PC Camera RP142: 30.7.2013 г. 21:23:13 - Installed USB PC Camera RP143: 30.7.2013 г. 21:44:37 - Installed USB2.0 PC Camera (SN9C201&202) RP144: 30.7.2013 г. 21:50:15 - Removed USB PC Camera RP145: 30.7.2013 г. 22:08:07 - Installed USB PC Camera RP146: 31.7.2013 г. 14:00:23 - Software Distribution Service 3.0 RP147: 01.8.2013 г. 14:00:17 - Software Distribution Service 3.0 RP148: 02.8.2013 г. 14:00:50 - Software Distribution Service 3.0 RP149: 03.8.2013 г. 08:49:12 - Before uninstalling USB2.0 PC Camera (SN9C201&202) RP150: 03.8.2013 г. 08:50:06 - Before uninstalling USB PC Camera RP151: 03.8.2013 г. 14:00:18 - Software Distribution Service 3.0 . ==== Installed Programs ====================== . Архиватор WinRAR µTorrent ABBYY FineReader 11 Corporate Edition Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.7) ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Display Driver Avira Free Antivirus Bulgarian Keyboards XP by G. Atanasov BulgarianPhonetic XP by G. Atanasov Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX Canon MP Navigator EX 1.0 Canon MP210 series Canon My Printer Canon Utilities Solution Menu CDBurnerXP Cheat Engine 6.3 Choice Guard Counter-Strike 1.6 Professional Edition v2.0 DAEMON Tools Lite EA SPORTS online 2007 FIFA 07 GameRanger Google Chrome Google Talk Plugin Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB954550-v5) Java 7 Update 17 K-Lite Codec Pack 9.7.0 (Full) LogMeIn Hamachi Malwarebytes Anti-Malware, версия 1.75.0.1300 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2833941) Microsoft .NET Framework 1.1 Service Pack 1 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft Help Viewer 1.0 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders  (English) 12 Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server System CLR Types Microsoft Visual Basic 2010 Express - ENU Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Mouse Recorder Pro 2.0.7.4 Mozilla Firefox 22.0 (x86 bg) Mozilla Maintenance Service MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2758694) MSXML 6.0 Parser MultiBit 0.4.21 Nero Audio Pack 1 Nero Blu-ray Player Nero Blu-ray Player Help (CHM) Nero Core Components Nero Kwik Media Nero Kwik Media Help (CHM) Nero Kwik Themes Basic Nero OEM Nero SharedVideoCodecs Nero Update Prerequisite installer Realtek High Definition Audio Driver SafeSaver 1.74 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB2817183) Security Update for Windows Internet Explorer 8 (KB2829530) Security Update for Windows Internet Explorer 8 (KB2838727) Security Update for Windows Internet Explorer 8 (KB2846071) Security Update for Windows Internet Explorer 8 (KB2847204) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB2834904) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219-v2) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135-v2) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2808735) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2820197) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB2829361) Security Update for Windows XP (KB2834886) Security Update for Windows XP (KB2839229) Security Update for Windows XP (KB2845187) Security Update for Windows XP (KB2850851) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) Segoe UI SHOUTcast DNAS Server v2 SHOUTcast Source DSP Plug-in v2 Skype Click to Call Skype™ 6.3 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition Update for Windows XP (KB2345886) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB955759) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB973815) VirtualCamera Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU VobSub v2.23 (Remove Only) WebFldrs XP Winamp Winamp Detector Plug-in Windows Live Call Windows Live Communications Platform Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Rights Management Client Backwards Compatibility SP2 Windows Rights Management Client with Service Pack 2 Your Uninstaller! 7 . ==== Event Viewer Messages From Past Week ======== . 31.7.2013 г. 19:07:23, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 5 time(s). 31.7.2013 г. 14:59:05, error: Service Control Manager [7034]  - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly.  It has done this 1 time(s). 31.7.2013 г. 14:02:28, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109). 31.7.2013 г. 13:06:59, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 4 time(s). 31.7.2013 г. 13:01:46, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 3 time(s). 31.7.2013 г. 13:01:38, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. 31.7.2013 г. 13:01:36, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. 31.7.2013 г. 13:00:10, error: ati2mtag [44044]  - I2c return failed 31.7.2013 г. 13:00:10, error: ati2mtag [44044]  - I2c return failed 31.7.2013 г. 01:07:04, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 5 time(s). 30.7.2013 г. 19:06:49, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 4 time(s). 30.7.2013 г. 17:59:23, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 3 time(s). 30.7.2013 г. 17:59:15, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. 30.7.2013 г. 17:59:08, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. 30.7.2013 г. 17:57:51, error: ati2mtag [44044]  - I2c return failed 30.7.2013 г. 17:57:51, error: ati2mtag [44044]  - I2c return failed 30.7.2013 г. 14:01:32, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109). 30.7.2013 г. 13:06:20, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 5 time(s). 30.7.2013 г. 01:06:21, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 4 time(s). 29.7.2013 г. 22:40:18, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 3 time(s). 29.7.2013 г. 22:40:09, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. 29.7.2013 г. 22:40:01, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. 29.7.2013 г. 22:38:45, error: ati2mtag [44044]  - I2c return failed 29.7.2013 г. 22:38:45, error: ati2mtag [44044]  - I2c return failed 29.7.2013 г. 19:06:22, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 8 time(s). 29.7.2013 г. 14:01:58, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109). 29.7.2013 г. 07:03:39, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 7 time(s). 28.7.2013 г. 23:29:27, error: Service Control Manager [7034]  - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly.  It has done this 1 time(s). 28.7.2013 г. 19:03:44, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 6 time(s). 28.7.2013 г. 14:01:35, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109). 28.7.2013 г. 13:04:12, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 5 time(s). 28.7.2013 г. 00:59:22, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 4 time(s). 28.7.2013 г. 00:59:22, error: Service Control Manager [7022]  - The Avira Real-Time Protection service hung on starting. 28.7.2013 г. 00:59:22, error: Service Control Manager [7001]  - The Avira Web Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error:  After starting, the service hung in a start-pending state. 28.7.2013 г. 00:57:20, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 3 time(s). 28.7.2013 г. 00:57:12, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. 28.7.2013 г. 00:57:03, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. 28.7.2013 г. 00:54:29, error: ati2mtag [44044]  - I2c return failed 28.7.2013 г. 00:54:29, error: ati2mtag [44044]  - I2c return failed 27.7.2013 г. 18:47:42, error: i8042prt [22]  - Could not set the mouse sample rate. 27.7.2013 г. 17:47:32, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109). 27.7.2013 г. 17:46:05, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Avira AntiVir Guard service to connect. 27.7.2013 г. 17:46:05, error: Service Control Manager [7000]  - The Avira AntiVir Guard service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion. 27.7.2013 г. 17:44:23, error: Service Control Manager [7034]  - The Avira AntiVir Guard service terminated unexpectedly.  It has done this 3 time(s). 27.7.2013 г. 17:44:15, error: Service Control Manager [7031]  - The Avira AntiVir Guard service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. 27.7.2013 г. 17:44:07, error: Service Control Manager [7031]  - The Avira AntiVir Guard service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. 27.7.2013 г. 17:42:44, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume. 27.7.2013 г. 17:42:44, error: ati2mtag [44044]  - I2c return failed 27.7.2013 г. 17:42:44, error: ati2mtag [44044]  - I2c return failed 03.8.2013 г. 19:07:14, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 5 time(s). 03.8.2013 г. 14:01:44, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109). 03.8.2013 г. 13:07:46, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 4 time(s). 03.8.2013 г. 10:52:37, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 3 time(s). 03.8.2013 г. 10:52:34, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. 03.8.2013 г. 10:52:33, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. 03.8.2013 г. 10:52:33, error: Service Control Manager [7000]  - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error:  The system cannot find the file specified. 03.8.2013 г. 10:51:17, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume. 03.8.2013 г. 10:51:17, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume. 03.8.2013 г. 10:51:17, error: ati2mtag [44044]  - I2c return failed 03.8.2013 г. 10:51:17, error: ati2mtag [44044]  - I2c return failed 03.8.2013 г. 07:07:24, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 14 time(s). 03.8.2013 г. 01:07:31, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 13 time(s). 02.8.2013 г. 19:07:51, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 12 time(s). 02.8.2013 г. 14:07:25, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109). 02.8.2013 г. 13:08:06, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 11 time(s). 02.8.2013 г. 07:07:33, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 10 time(s). 02.8.2013 г. 01:07:22, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 9 time(s). 01.8.2013 г. 19:07:23, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 8 time(s). 01.8.2013 г. 14:01:45, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109). 01.8.2013 г. 07:07:11, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 7 time(s). 01.8.2013 г. 01:07:32, error: Service Control Manager [7034]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 6 time(s). . ==== End Of File ===========================  

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте..!Не мисля така..по логовете се вижда зараза с полиморфен вирус Sality..
 
 
1. Спрете Autorun функцията.
Изтеглете и стартирайте следния файл Публикувано изображение
Стартирайте го и се съгласете с лицензионното споразумение.
Натиснете Next и изчакайте да си свърпи работата.


2. Спрете System Restore функцията.
Щракнете с десен бутон върху My Computer, след това изберете Properties => отидете на System Restore => изберете опцията Turn off System Restore on all drives => натиснете Apply и затворете прозореца
.
Публикувано изображение
 


3. Изтеглете SalityKiller и го запазете на десктопа.
Изключете интернет достъпа и след това сканирайте с него по описания по-надолу начин:

  • [*]Изтеглете
SalityKiller Версия 1.3.6.0 и запазете инструмента на десктопа. [*]Отворете Start => Run в полето въведете CMD => натиснете Enter => след това  с copy/paste копирайте командата и я поставете в черния прозорец на CMD с десен бутон на мишката => paste "%userprofile%desktopsalitykiller.exe" -n -r -x -a -j -k -l c:report.txt [*]Изчакайте проверката да завърши. [*]След като тя приключи, публикувайте съдържанието на лог файла C:report.txt в следващия си пост.

 

4.Направете една проверка с Kaspersky Virus Removal Tool
След като изтеглите инструмента, изключете достъпа до интернет.
След като стартирате инструмента, отидете до Settings (Иконата, която прилича на звездичка) сложете отметка пред My Computer.
 
Публикувано изображение
 
От опциите за почистване изберете Disinfect => но не избирайте delete if disinfection fails.
 
Публикувано изображение
 
Върнете се до Automatic Scan и натиснете Start Scanning.
 
Публикувано изображение
 
Ако по време на сканирането ви попита за дадено действие изберете skip.
След като приключи проверката изберете Report (Иконата която прилича на листче) => Detected Threats изберете SAVE и запазете документа на десктопа.
 
Публикувано изображение
 
Kопирайте съдържанието му в следващия си пост.
Затворете инструмента - това ще до деинсталира автоматично.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Мисля, че проблема се оправи, ето ви логовете, само че размених стъпка 3 и 4, тъй като SalityKillera отначало не искаше да се пусне.

kaspersky.txt

 

Status: Disinfected   (events: 221)

04.8.2013 г. 12:29:19 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyApplication Datajxpiinstall.exe High
04.8.2013 г. 12:03:53 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyDesktopMinecraftSP.exe High
04.8.2013 г. 12:04:16 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyDesktopRootKit.exe High
04.8.2013 г. 12:04:18 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyDesktopSimilarBundleGenericDl.exe High
04.8.2013 г. 12:04:27 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyDesktopWinsockxpFix.exe High
04.8.2013 г. 12:05:16 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyDesktopyusetup7.exe High
04.8.2013 г. 12:08:23 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp00B105FE_RarMinecraftSP.exe High
04.8.2013 г. 12:30:41 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp00B1062D_RarMinecraftSP.exe High
04.8.2013 г. 12:10:34 Disinfected virus Virus.Win32.Sality.gen d:hxeg.pif High
04.8.2013 г. 12:10:49 Disinfected virus Virus.Win32.Sality.gen c:Program FilesATI TechnologiesATI.ACECLIStart.exe High
04.8.2013 г. 12:11:01 Disinfected virus Virus.Win32.Sality.gen c:WINDOWSsystem32NeroCheck.exe High
04.8.2013 г. 12:11:17 Disinfected virus Virus.Win32.Sality.gen d:Fine ReaderNew FolderBonus.ScreenshotReader.exe High
04.8.2013 г. 12:11:29 Disinfected virus Virus.Win32.Sality.gen c:Program FilesCanonSolutionMenuCNSLMAIN.EXE High
04.8.2013 г. 12:11:40 Disinfected virus Virus.Win32.Sality.gen c:WINDOWSFixCamera.exe High
04.8.2013 г. 12:11:52 Disinfected virus Virus.Win32.Sality.gen c:WINDOWStsnp2std.exe High
04.8.2013 г. 12:12:04 Disinfected virus Virus.Win32.Sality.gen c:WINDOWSvsnpstd3.exe High
04.8.2013 г. 12:12:16 Disinfected virus Virus.Win32.Sality.gen c:WINDOWStsnpstd3.exe High
04.8.2013 г. 12:12:31 Disinfected virus Virus.Win32.Sality.gen d:DAEMON Tools LiteDTLite.exe High
04.8.2013 г. 12:12:44 Disinfected virus Virus.Win32.Sality.gen c:Intelstart.exe High
04.8.2013 г. 12:13:44 Disinfected virus Virus.Win32.Sality.gen d:uTorrent.exe High
04.8.2013 г. 12:14:04 Disinfected virus Virus.Win32.Sality.gen c:Documents and SettingsqwertyApplication DataGameRangerGameRangerGameRanger.exe High
04.8.2013 г. 12:14:17 Disinfected virus Virus.Win32.Sality.gen d:FIFA 07 - RELOADEDfifa07.exe High
04.8.2013 г. 12:15:56 Disinfected virus Virus.Win32.Sality.gen c:Program FilesAheadNero BackItUpBackItUp.exe High
04.8.2013 г. 12:16:16 Disinfected virus Virus.Win32.Sality.gen d:Fine ReaderNew FolderFineReader.exe High
04.8.2013 г. 12:16:34 Disinfected virus Virus.Win32.Sality.gen c:Program FilesAheadImageDriveImageDrive.exe High
04.8.2013 г. 12:16:52 Disinfected virus Virus.Win32.Sality.gen c:Program FilesMalwarebytes' Anti-Malwarembam.exe High
04.8.2013 г. 12:17:28 Disinfected virus Virus.Win32.Sality.gen c:Program FilesCanonMP Navigator EX 1.0mpnex10.exe High
04.8.2013 г. 12:17:44 Disinfected virus Virus.Win32.Sality.gen c:Program FilesAheadCoverDesignerCoverDes.exe High
04.8.2013 г. 12:17:59 Disinfected virus Virus.Win32.Sality.gen c:Program FilesAheadNero StartSmartNeroStartSmart.exe High
04.8.2013 г. 12:18:13 Disinfected virus Virus.Win32.Sality.gen d:VirtualCameraVCamera.exe High
04.8.2013 г. 12:18:27 Disinfected virus Virus.Win32.Sality.gen c:Program FilesAheadWMPBurnWMPBurn.exe High
04.8.2013 г. 12:18:54 Disinfected virus Virus.Win32.Sality.gen d:Printer FilesCNEZMAIN.EXE High
04.8.2013 г. 12:19:07 Disinfected virus Virus.Win32.Sality.gen c:Program FilesATI TechnologiesATI.ACEthunk.exe High
04.8.2013 г. 12:19:28 Disinfected virus Virus.Win32.Sality.gen d:Your Uninstaller! 7urmain.exe High
04.8.2013 г. 12:30:52 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp00D510BD_Rar200804141307_USB PC Camera_v5.18.1207.000.exe High
04.8.2013 г. 12:31:11 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp00D516B8_Rar200804141307_USB PC Camera_v5.18.1207.000.exe High
04.8.2013 г. 12:31:23 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp00D51F92_Rar200804141307_USB PC Camera_v5.18.1207.000.exe High
04.8.2013 г. 12:31:36 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp00E5AE08_Rar200804141307_USB PC Camera_v5.18.1207.000.exe High
04.8.2013 г. 12:31:46 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp00E5AF60_Rar200804141307_USB PC Camera_v5.18.1207.000.exe High
04.8.2013 г. 12:31:57 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp00E5AF9F_Rar200804141307_USB PC Camera_v5.18.1207.000.exe High
04.8.2013 г. 12:32:12 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0167E0B9_Raruninstall.exe High
04.8.2013 г. 12:32:09 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0167E193_RarAu_.exe High
04.8.2013 г. 12:32:12 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0169900F_Raruninstall.exe High
04.8.2013 г. 12:32:17 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0713CD3A_RarMinecraftSP.exe High
04.8.2013 г. 12:32:25 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp016990F9_RarAu_.exe High
04.8.2013 г. 12:32:25 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp028B8A8E_Rarhelper.exe High
04.8.2013 г. 12:32:25 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp028B8AAD_Rarmaintenanceservice_installer.exe High
04.8.2013 г. 12:32:33 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0713CD4A_RarMinecraftSP.exe High
04.8.2013 г. 12:32:49 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp028B8E76_Rarhelper.exe High
04.8.2013 г. 12:32:37 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp05053761_Raruninstall.exe High
04.8.2013 г. 12:32:38 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0505385B_RarAu_.exe High
04.8.2013 г. 12:32:47 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp07143CBD_RarMinecraftSP.exe High
04.8.2013 г. 12:32:50 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp05061907_Raruninstall.exe High
04.8.2013 г. 12:32:51 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp05061A5E_RarAu_.exe High
04.8.2013 г. 12:33:04 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp07143E63_RarMinecraftSP.exe High
04.8.2013 г. 12:32:58 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp050627EB_Raruninstall.exe High
04.8.2013 г. 12:32:58 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp050628A7_RarAu_.exe High
04.8.2013 г. 12:33:12 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp08626701_RarMinecraftSP.exe High
04.8.2013 г. 12:33:19 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0862675E_RarMinecraftSP.exe High
04.8.2013 г. 12:33:27 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0863CAD6_RarMinecraftSP.exe High
04.8.2013 г. 12:33:39 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0E8E25EB_Rarsetup.exe High
04.8.2013 г. 12:33:45 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0E8E25FB_Rarsetup.exe High
04.8.2013 г. 12:33:44 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp092BC0D7_Rarhelper.exe High
04.8.2013 г. 12:33:51 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0E8E2D00_Rar_is429.exe High
04.8.2013 г. 12:33:55 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0E8E2D0F_Rar_is429.exe High
04.8.2013 г. 12:33:55 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0E8EF6C8_Rarsetup.exe High
04.8.2013 г. 12:34:01 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0E8EF6E7_Rarsetup.exe High
04.8.2013 г. 12:34:07 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0E8EFE0B_Rar_is42A.exe High
04.8.2013 г. 12:34:07 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0E8EFE1B_Rar_is42A.exe High
04.8.2013 г. 12:34:13 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp0E8EFE2B_Rar_is42A.exe High
04.8.2013 г. 12:35:35 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemp7zS4B0.tmp51bd882b85041.exe High
04.8.2013 г. 12:35:35 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTempjrteruntERUNT.EXE High
04.8.2013 г. 12:35:40 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTempMth9BA.tmp~inst.exe High
04.8.2013 г. 12:36:00 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemporary Internet FilesContent.IE59SZH2FK0emusic_qualifier[1].exe High
04.8.2013 г. 12:36:27 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemporary Internet FilesContent.IE59ZGJYWHXsearch_defender_166[1].exe High
04.8.2013 г. 12:36:25 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyLocal SettingsTemporary Internet FilesContent.IE5E8OE9060ezdownloader[1].exe High
04.8.2013 г. 12:36:36 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyMy DocumentsDownloadsadwcleaner.exe High
04.8.2013 г. 12:36:43 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyMy DocumentsDownloadsdds.exe High
04.8.2013 г. 12:36:56 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyMy DocumentsDownloadsmbam-setup-1.75.0.1300.exe High
04.8.2013 г. 12:37:07 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyMy DocumentsDownloadsMinecraft.exe High
04.8.2013 г. 12:37:17 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyMy DocumentsDownloadsnamebench-1.3.1-Windows.exe High
04.8.2013 г. 12:37:34 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyMy DocumentsDownloadsOTL.exe High
04.8.2013 г. 12:37:55 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyMy DocumentsDownloadssambc_lite-fb.exe High
04.8.2013 г. 12:38:17 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyMy DocumentsDownloadssc_serv2_win32_07_31_2011(1).exe High
04.8.2013 г. 12:38:25 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyMy DocumentsDownloadssc_serv2_win32_07_31_2011.exe High
04.8.2013 г. 12:38:51 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyMy DocumentsDownloadsshoutcast-dsp-2-1-3-windows.exe High
04.8.2013 г. 12:38:58 Disinfected virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyMy DocumentsDownloadsshoutcast-dsp-2-3-2-windows.exe High
04.8.2013 г. 12:40:35 Disinfected virus Virus.Win32.Sality.gen C:Program FilesAdobeReader 10.0Readerreader_sl.exe High
04.8.2013 г. 12:40:24 Disinfected virus Virus.Win32.Sality.gen C:Program FilesAheadNeroNeroCmd.exe High
04.8.2013 г. 12:40:29 Disinfected virus Virus.Win32.Sality.gen C:Program FilesAheadNeroUninstallUNNero.exe High
04.8.2013 г. 12:40:41 Disinfected virus Virus.Win32.Sality.gen C:Program FilesAheadNero BackItUpNBJ.exe High
04.8.2013 г. 12:40:40 Disinfected virus Virus.Win32.Sality.gen C:Program FilesAheadNero BackItUpNBR.exe High
04.8.2013 г. 12:40:50 Disinfected virus Virus.Win32.Sality.gen C:Program FilesAheadNero SoundTraxSoundTrax.exe High
04.8.2013 г. 12:40:54 Disinfected virus Virus.Win32.Sality.gen C:Program FilesAheadNero ToolkitCDSpeed.exe High
04.8.2013 г. 12:40:59 Disinfected virus Virus.Win32.Sality.gen C:Program FilesAheadNero ToolkitDriveSpeed.exe High
04.8.2013 г. 12:41:04 Disinfected virus Virus.Win32.Sality.gen C:Program FilesAheadNero Wave EditorDXEnum.exe High
04.8.2013 г. 12:41:09 Disinfected virus Virus.Win32.Sality.gen C:Program FilesAheadNero ToolkitInfoTool.exe High
04.8.2013 г. 12:41:13 Disinfected virus Virus.Win32.Sality.gen C:Program FilesAheadNero Wave EditorWaveEdit.exe High
04.8.2013 г. 12:41:17 Disinfected virus Virus.Win32.Sality.gen C:Program FilesATI TechnologiesATI.ACEatishlx.exe High
04.8.2013 г. 12:41:45 Disinfected virus Virus.Win32.Sality.gen C:Program FilesATI TechnologiesATI.ACEPreview.exe High
04.8.2013 г. 12:41:33 Disinfected virus Virus.Win32.Sality.gen C:Program FilesATI TechnologiesATI.ACEDXStress.exe High
04.8.2013 г. 12:42:08 Disinfected virus Virus.Win32.Sality.gen C:Program FilesATI TechnologiesATI.ACEMMACEPrev.exe High
04.8.2013 г. 12:41:47 Disinfected virus Virus.Win32.Sality.gen C:Program FilesATI TechnologiesATI.ACEPreview_FS.exe High
04.8.2013 г. 12:43:47 Disinfected virus Virus.Win32.Sality.gen C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe High
04.8.2013 г. 12:43:58 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCanonEasy-WebPrint EXMaint.exe High
04.8.2013 г. 12:43:58 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCanonMP Navigator EX 1.0MPNScan.exe High
04.8.2013 г. 12:44:06 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCanonMP Navigator EX 1.0mpncopy.exe High
04.8.2013 г. 12:44:07 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCanonBJIJPrinterCanon MP210 seriescnmvs.exe High
04.8.2013 г. 12:44:22 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCanonSolutionMenuuninst.exe High
04.8.2013 г. 12:44:31 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCheat Engine 6.3unins000.exe High
04.8.2013 г. 12:44:41 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCommon FilesInstallShieldDriver9Intel 32IDriver.exe High
04.8.2013 г. 12:44:34 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCommon FilesInstallShieldDriver9Intel 32IDriver2.exe High
04.8.2013 г. 12:44:49 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCommon FilesInstallShieldengine6Intel 32IKernel.exe High
04.8.2013 г. 12:44:56 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCommon FilesMicrosoft SharedOFFICE12ACECNFLT.EXE High
04.8.2013 г. 12:45:05 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLLoginProxy.exe High
04.8.2013 г. 12:45:12 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCommon Filessnp2stdtsnp2std.exe High
04.8.2013 г. 12:45:06 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCommon Filessnp2stdvsnp2std.exe High
04.8.2013 г. 12:45:23 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCommon Filessnpstd3tsnpstd3.exe High
04.8.2013 г. 12:45:15 Disinfected virus Virus.Win32.Sality.gen C:Program FilesCommon Filessnpstd3vsnpstd3.exe High
04.8.2013 г. 12:45:43 Disinfected virus Virus.Win32.Sality.gen C:Program FilesGoogleUpdateDownload{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}28.0.1500.9528.0.1500.95_28.0.1500.72_chrome_updater.exe High
04.8.2013 г. 12:45:54 Disinfected virus Virus.Win32.Sality.gen C:Program FilesInstallShield Installation Information{1735AD57-FD6E-4EB5-A276-56C2574D6412}setup.exe High
04.8.2013 г. 12:46:04 Disinfected virus Virus.Win32.Sality.gen C:Program FilesInstallShield Installation Information{43801800-CFEE-11D2-A41B-006097B55AD3}Setup.exe High
04.8.2013 г. 12:46:24 Disinfected virus Virus.Win32.Sality.gen C:Program FilesInstallShield Installation Information{9B94BE6F-7CA3-4C40-A266-62667FF746CC}Setup.exe High
04.8.2013 г. 12:46:24 Disinfected virus Virus.Win32.Sality.gen C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}setup.exe High
04.8.2013 г. 12:46:55 Disinfected virus Virus.Win32.Sality.gen C:Program FilesMalwarebytes' Anti-Malwareunins000.exe High
04.8.2013 г. 12:47:23 Disinfected virus Virus.Win32.Sality.gen C:Program FilesMicrosoft OfficeOffice12DRAT.EXE High
04.8.2013 г. 12:47:22 Disinfected virus Virus.Win32.Sality.gen C:Program FilesMicrosoft OfficeOffice12GrooveClean.exe High
04.8.2013 г. 12:47:36 Disinfected virus Virus.Win32.Sality.gen C:Program FilesMicrosoft OfficeOffice12GrooveMigrator.exe High
04.8.2013 г. 12:47:31 Disinfected virus Virus.Win32.Sality.gen C:Program FilesMicrosoft OfficeOffice12GrooveStdURLLauncher.exe High
04.8.2013 г. 12:48:36 Disinfected virus Virus.Win32.Sality.gen C:Program FilesMicrosoft SDKsWindowsv7.0Abinmt.exe High
04.8.2013 г. 12:48:34 Disinfected virus Virus.Win32.Sality.gen C:Program FilesMicrosoft SDKsWindowsv7.0ABootstrapperPackagesVBPowerPacksenVisualBasicPowerPacksSetup.exe High
04.8.2013 г. 12:49:01 Disinfected virus Virus.Win32.Sality.gen C:Program FilesMozilla Firefoxwebapp-uninstaller.exe High
04.8.2013 г. 12:49:24 Disinfected virus Virus.Win32.Sality.gen C:Program FilesMozilla Firefoxmaintenanceservice_installer.exe High
04.8.2013 г. 12:49:19 Disinfected virus Virus.Win32.Sality.gen C:Program FilesMozilla Firefoxuninstallhelper.exe High
04.8.2013 г. 12:49:10 Disinfected virus Virus.Win32.Sality.gen C:Program FilesMozilla Maintenance ServiceUninstall.exe High
04.8.2013 г. 12:50:02 Disinfected virus Virus.Win32.Sality.gen C:Program FilesRealtekInstallShieldChCfg.exe High
04.8.2013 г. 12:49:53 Disinfected virus Virus.Win32.Sality.gen C:Program FilesRealtekInstallShieldRtlUpd.exe High
04.8.2013 г. 12:50:16 Disinfected virus Virus.Win32.Sality.gen C:Program FilesSafeSaveruninstall.exe High
04.8.2013 г. 12:50:33 Disinfected virus Virus.Win32.Sality.gen C:Program FilesSHOUTcastuninstall_shoutcast-dnas-v2.exe High
04.8.2013 г. 12:50:39 Disinfected virus Virus.Win32.Sality.gen C:Program FilesSHOUTcastsc_serv.exe High
04.8.2013 г. 12:50:38 Disinfected virus Virus.Win32.Sality.gen C:Program FilesWindows LiveMessengermsvs.exe High
04.8.2013 г. 12:51:00 Disinfected virus Virus.Win32.Sality.gen C:SWSetupSP33461ChCfg.exe High
04.8.2013 г. 12:50:53 Disinfected virus Virus.Win32.Sality.gen C:SWSetupSP33461RtlUpd.exe High
04.8.2013 г. 12:51:18 Disinfected virus Virus.Win32.Sality.gen C:SWSetupSP33461SetCDfmt.exe High
04.8.2013 г. 12:51:01 Disinfected virus Virus.Win32.Sality.gen C:SWSetupSP33461Setup.exe High
04.8.2013 г. 12:51:31 Disinfected virus Virus.Win32.Sality.gen C:SWSetupSP33461WDMRtlUpd.exe High
04.8.2013 г. 12:51:12 Disinfected virus Virus.Win32.Sality.gen C:SWSetupSP34019setup.exe High
04.8.2013 г. 12:51:19 Disinfected virus Virus.Win32.Sality.gen C:SWSetupSP34556AtiCimUn.exe High
04.8.2013 г. 12:51:47 Disinfected virus Virus.Win32.Sality.gen C:SWSetupSP34556CheckVer.exe High
04.8.2013 г. 12:51:29 Disinfected virus Virus.Win32.Sality.gen C:SWSetupSP34556issetup.exe High
04.8.2013 г. 12:51:36 Disinfected virus Virus.Win32.Sality.gen C:SWSetupSP34556Setup.exe High
04.8.2013 г. 12:51:56 Disinfected virus Virus.Win32.Sality.gen C:SWSetupSP34556ACEsetup.exe High
04.8.2013 г. 12:51:46 Disinfected virus Virus.Win32.Sality.gen C:SWSetupSP34556DriverSetup.exe High
04.8.2013 г. 12:52:09 Disinfected virus Virus.Win32.Sality.gen C:SWSetupsp40751BIOSTools.exe High
04.8.2013 г. 12:52:07 Disinfected virus Virus.Win32.Sality.gen C:WINDOWSWindowsXP-KB822603-x86.exe High
04.8.2013 г. 12:56:31 Disinfected virus Virus.Win32.Sality.gen C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_regiis.exe High
04.8.2013 г. 12:58:39 Disinfected virus Virus.Win32.Sality.gen C:WINDOWSsystem32rspndr.exe High
04.8.2013 г. 12:58:50 Disinfected virus Virus.Win32.Sality.gen C:WINDOWSsystem32spupdsvc.exe High
04.8.2013 г. 13:01:28 Disinfected virus Virus.Win32.Sality.gen D:Counter-Strike 1.6 Professional Edition v2.0hl.exe High
04.8.2013 г. 13:01:27 Disinfected virus Virus.Win32.Sality.gen D:Counter-Strike 1.6 Professional Edition v2.0hlds.exe High
04.8.2013 г. 13:01:36 Disinfected virus Virus.Win32.Sality.gen D:Counter-Strike 1.6 Professional Edition v2.0hltv.exe High
04.8.2013 г. 13:02:24 Disinfected virus Virus.Win32.Sality.gen D:Counter-Strike 1.6 Professional Edition v2.0platformsteamcachedsteambackup.exe High
04.8.2013 г. 13:02:58 Disinfected virus Virus.Win32.Sality.gen D:DAEMON Tools LiteDTHelper.exe High
04.8.2013 г. 13:03:06 Disinfected virus Virus.Win32.Sality.gen D:DAEMON Tools LiteDTShellHlp.exe High
04.8.2013 г. 13:03:32 Disinfected virus Virus.Win32.Sality.gen D:DAEMON Tools Liteuninst.exe High
04.8.2013 г. 13:03:17 Disinfected virus Virus.Win32.Sality.gen D:FIFA 07 - RELOADEDATLJabber.exe High
04.8.2013 г. 13:03:25 Disinfected virus Virus.Win32.Sality.gen D:FIFA 07 - RELOADEDEASOUNInstaller.exe High
04.8.2013 г. 13:03:33 Disinfected virus Virus.Win32.Sality.gen D:FIFA 07 - RELOADEDeauninstall.exe High
04.8.2013 г. 13:07:16 Disinfected virus Virus.Win32.Sality.gen D:FIFA 07 - RELOADEDSportsWrapper.exe High
04.8.2013 г. 13:07:59 Disinfected virus Virus.Win32.Sality.gen D:FIFA 07 - RELOADEDSupportFIFA 07_uninst.exe High
04.8.2013 г. 13:07:59 Disinfected virus Virus.Win32.Sality.gen D:FIFA 07 - RELOADEDSupportFIFA 07_code.exe High
04.8.2013 г. 13:08:17 Disinfected virus Virus.Win32.Sality.gen D:FIFA 07 - RELOADEDSupportEReg.exe High
04.8.2013 г. 13:08:35 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderAbbyySTI.exe High
04.8.2013 г. 13:08:43 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderAdminSetup.exe High
04.8.2013 г. 13:08:44 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderAInfo.exe High
04.8.2013 г. 13:08:52 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderAutoRun.exe High
04.8.2013 г. 13:09:02 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderBusinessCardReader.exe High
04.8.2013 г. 13:09:05 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderFineExec.exe High
04.8.2013 г. 13:09:01 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderFineCmd.exe High
04.8.2013 г. 13:09:17 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderHotFolder.exe High
04.8.2013 г. 13:09:23 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew Folderinstmsiw.exe High
04.8.2013 г. 13:09:28 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderRegistrator.exe High
04.8.2013 г. 13:09:26 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderScanTwain.exe High
04.8.2013 г. 13:09:37 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderScanWia.exe High
04.8.2013 г. 13:09:35 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderSetup.exe High
04.8.2013 г. 13:09:44 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderTrigrammsInstaller.exe High
04.8.2013 г. 13:09:43 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderABBYY FineReader 11AbbyySTI.exe High
04.8.2013 г. 13:09:51 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderABBYY FineReader 11AInfo.exe High
04.8.2013 г. 13:09:51 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderABBYY FineReader 11Bonus.ScreenshotReader.exe High
04.8.2013 г. 13:10:00 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderABBYY FineReader 11BusinessCardReader.exe High
04.8.2013 г. 13:10:01 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderABBYY FineReader 11FineExec.exe High
04.8.2013 г. 13:10:08 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderABBYY FineReader 11FineCmd.exe High
04.8.2013 г. 13:10:19 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderABBYY FineReader 11FineReader.exe High
04.8.2013 г. 13:10:12 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderABBYY FineReader 11HotFolder.exe High
04.8.2013 г. 13:10:23 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderABBYY FineReader 11Registrator.exe High
04.8.2013 г. 13:10:21 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderABBYY FineReader 11ScanTwain.exe High
04.8.2013 г. 13:10:30 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderABBYY FineReader 11ScanWia.exe High
04.8.2013 г. 13:10:35 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderABBYY FineReader 11TrigrammsInstaller.exe High
04.8.2013 г. 13:10:43 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderCommonABBYYFineReader11.00LicensingCENetworkLicenseServer.exe High
04.8.2013 г. 13:10:46 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderLicense ServerSetup.exe High
04.8.2013 г. 13:10:57 Disinfected virus Virus.Win32.Sality.gen D:Microsoft Office 2007 Complete Version Incl CD_KeyLauncher.exe High
04.8.2013 г. 13:11:02 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderLicense ServerABBYY FineReader 11 License ServerAInfo.exe High
04.8.2013 г. 13:11:03 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderLicense ServerABBYY FineReader 11 License ServerLicenseManager.exe High
04.8.2013 г. 13:10:58 Disinfected virus Virus.Win32.Sality.gen D:Fine ReaderNew FolderLicense ServerCommonABBYYFineReader11.00LicensingCENetworkLicenseServer.exe High
04.8.2013 г. 13:11:11 Disinfected virus Virus.Win32.Sality.gen D:Hamachihamachi-2-ui.exe High
04.8.2013 г. 13:11:17 Disinfected virus Virus.Win32.Sality.gen D:Hamachihamachi-2.exe High
04.8.2013 г. 13:13:48 Disinfected virus Virus.Win32.Sality.gen D:Printer FilesCNELMAIN.EXE High
04.8.2013 г. 13:13:56 Disinfected virus Virus.Win32.Sality.gen D:Mouse Recorder Pro 2unins000.exe High
04.8.2013 г. 13:14:00 Disinfected virus Virus.Win32.Sality.gen D:Printer Filesuninst.exe High
04.8.2013 г. 13:14:24 Disinfected virus Virus.Win32.Sality.gen D:VirtualCamerauninst.exe High
04.8.2013 г. 13:14:26 Disinfected virus Virus.Win32.Sality.gen D:VirtualCameradrivervcsetup.exe High
04.8.2013 г. 13:14:32 Disinfected virus Virus.Win32.Sality.gen D:Winampuninstall_shoutcast-source-dsp-v2.exe High
04.8.2013 г. 13:14:43 Disinfected virus Virus.Win32.Sality.gen D:WinampUninstWA.exe High
04.8.2013 г. 13:14:33 Disinfected virus Virus.Win32.Sality.gen D:Winampwinampa.exe High
04.8.2013 г. 13:14:56 Disinfected virus Virus.Win32.Sality.gen D:WinampSHOUTcastuninstall_shoutcast-dnas-v2.exe High
04.8.2013 г. 13:14:53 Disinfected virus Virus.Win32.Sality.gen D:WinampSHOUTcastsc_serv.exe High
04.8.2013 г. 13:19:24 Disinfected virus Virus.Win32.Sality.gen D:Your Uninstaller! 7fos.exe High
04.8.2013 г. 13:19:17 Disinfected virus Virus.Win32.Sality.gen D:Winamp DetectUninstWaDetect.exe High
04.8.2013 г. 13:19:17 Disinfected virus Virus.Win32.Sality.gen D:Your Uninstaller! 7autoupdater.exe High
04.8.2013 г. 13:19:24 Disinfected virus Virus.Win32.Sality.gen D:Your Uninstaller! 7inimerge.exe High
04.8.2013 г. 13:19:31 Disinfected virus Virus.Win32.Sality.gen D:Your Uninstaller! 7unins000.exe High
Status: Absent   (events: 14)
04.8.2013 г. 14:20:53 Not found virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyApplication DataGameRangerGameRangerGameRanger.exe High
04.8.2013 г. 14:20:53 Not found Trojan program Backdoor.PHP.C99Shell.h C:Documents and SettingsqwertyDesktopc99_PSych0.php High
04.8.2013 г. 14:20:53 Not found Trojan program Backdoor.ASP.Ace.so C:Documents and SettingsqwertyDesktopUmer.asp.txt High
04.8.2013 г. 14:20:53 Not found Trojan program Trojan-Proxy.Win32.Agent.gml C:Documents and SettingsqwertyLocal SettingsTempnafycs.exe High
04.8.2013 г. 14:20:53 Not found Trojan program Trojan-PSW.Win32.Agent.aeuw C:Documents and SettingsqwertyLocal SettingsTempwinagfk.exe//UPX High
04.8.2013 г. 14:20:53 Not found Trojan program Trojan.Win32.Agent.hwqm C:Documents and SettingsqwertyLocal SettingsTempwinfgwh.exe High
04.8.2013 г. 14:20:53 Not found Trojan program Trojan-Proxy.Win32.Agent.gml c:documents and settingsqwertylocal settingstempnafycs.exe High
04.8.2013 г. 14:20:53 Not found Trojan program Trojan.Win32.Agent.hwqm c:documents and settingsqwertylocal settingstempwinfgwh.exe High
04.8.2013 г. 14:20:53 Not found Trojan program Trojan-PSW.Win32.Agent.aeuw c:documents and settingsqwertylocal settingstempwinagfk.exe//UPX High
04.8.2013 г. 14:20:53 Not found Trojan program Trojan-PSW.Win32.Agent.aeuw c:Documents and SettingsqwertyLocal SettingsTempwinagfk.exe//UPX High
04.8.2013 г. 14:20:53 Not found Trojan program Trojan.Win32.Agent.hwqm c:Documents and SettingsqwertyLocal SettingsTempwinfgwh.exe High
04.8.2013 г. 14:20:53 Not found Trojan program Trojan-Proxy.Win32.Agent.gml c:Documents and SettingsqwertyLocal SettingsTempnafycs.exe High
04.8.2013 г. 14:20:53 Not found Trojan program Backdoor.PHP.C99Shell.h c:Documents and SettingsqwertyDesktopc99_PSych0.php High
04.8.2013 г. 14:20:53 Not found Trojan program Backdoor.ASP.Ace.so c:Documents and SettingsqwertyDesktopUmer.asp.txt High
Status: Deleted   (events: 10)
04.8.2013 г. 14:13:35 Deleted adware not-a-virus:AdWare.Win32.MegaSearch.am C:Documents and SettingsqwertyDesktopСтари данни Firefox-1extensionsmfmpzzh@s-piu.orgcontentbg.js Medium
04.8.2013 г. 14:13:38 Deleted adware not-a-virus:AdWare.Win32.MegaSearch.am C:Documents and SettingsqwertyDesktopСтари данни Firefox-1extensionsqorrrsl@rwpm-.orgcontentbg.js Medium
04.8.2013 г. 14:31:22 Deleted virus HEUR:HackTool.MSIL.Flooder.gen C:Documents and SettingsqwertyLocal SettingsTempsms.iso//sms bomber.exe High
04.8.2013 г. 14:29:14 Deleted Trojan program Trojan.Win32.AutoRun.gen d:autorun.inf High
04.8.2013 г. 12:23:53 Deleted virus Virus.Win32.Sality.gen C:Documents and SettingsqwertyApplication Datajxpiinstall.exe High
04.8.2013 г. 14:13:40 Deleted adware not-a-virus:AdWare.Win32.MegaSearch.am C:Documents and SettingsqwertyLocal SettingsTemp7zS4B0.tmpla_ihy@lsl-iiey.netcontentbg.js Medium
04.8.2013 г. 14:16:07 Deleted Trojan program Backdoor.ASP.Ace.so C:RECYCLERS-1-5-21-839522115-507921405-1417001333-1004Dc66.txt High
04.8.2013 г. 14:15:44 Deleted Trojan program Backdoor.PHP.C99Shell.h C:RECYCLERS-1-5-21-839522115-507921405-1417001333-1004Dc64.php High
04.8.2013 г. 14:29:14 Deleted Trojan program Trojan.Win32.AutoRun.gen D:autorun.inf High
04.8.2013 г. 14:31:22 Deleted virus HEUR:HackTool.MSIL.Flooder.gen C:Documents and SettingsqwertyLocal SettingsTempsms.iso High
Status: Quarantined   (events: 1)
04.8.2013 г. 13:03:52 Quarantined virus HEUR:Virus.Win32.Generic D:hxeg.pif High
 

report.txt

 

14:40:33:937 0692 scanning threads ...

14:40:48:703 0692
14:40:48:703 0692 scanning processes ...
14:40:48:734 0692
14:40:48:734 0692 removing autorun.inf files ...
14:40:48:921 0692
14:40:48:921 0692 Restoring show hidden and system files
14:40:48:921 2096
Monitoring thread started
14:40:48:921 0692
14:40:48:921 0692 Disabling autorun on all drive types
14:40:48:921 0692
14:40:48:937 0692 restoring SafeBoot registry node
14:40:48:937 0692 Restoring safe/network boot registry branches for windows XP
14:40:49:140 0692
14:40:49:140 0692 fixing registry ...
14:40:49:140 0692 SalityRegCure: Restoring general registry keys
14:40:49:140 0692 SalityRegCure: Fixing system.ini
14:40:49:140 0692
14:40:49:140 0692 scanning drives ...
14:40:49:140 0692 scanning C: ...
15:08:04:750 0692 scanning D: ...
15:14:37:609 0692
15:14:37:609 2096
Monitoring thread stopped
15:14:37:640 0692
completed
15:14:37:640 0692 Infected files: 0
15:14:37:640 0692 Infected processes: 0
15:14:37:640 0692 Infected threads: 0
15:14:37:640 0692 Cured files: 0
15:14:37:656 0692 Will be cured on reboot: 0
15:14:37:656 0692 Executed registry scripts: 6
 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Aaaa ..не сме приключили..:
 
Публикувано изображение Изтеглете ComboFix Публикувано изображение от тук и го запазете на десктопа си
Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.
Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs
Стартирайте Combo-Fix.com Публикувано изображение и следвайте инструкциите.
Бележка: ComboFix ще се стартира без инсталирана Recovery Console.
Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repai режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.

  • [*]Следвайте инструкциите, за да позволите на
ComboFix да изтегли и инсталира Microsoft Windows Recovery Console.В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.
 
Публикувано изображение
 
След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:
 
Публикувано изображение
Изберете Yes, за да продължи сканирането за зловреден софтуер.
Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:ComboFix.txt в следващия Ви коментар в тази тема.
Бележка:

  • [*]Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа. [*]ComboFix ще нулира всички настройки на
Microsoft Internet Explorer, включително да направи IE браузър по подразбиране. [*]ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразява чрез autorun. Ако това е проблем за вас - моля, уведомете ме. [*]ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си. [*]В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:BUG.txt в следващия Ви коментар в тази тема.

Публикувано изображение Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

 

ComboFix 13-08-04.01 - qwerty 08.2013 г.  23:01:27.1.2 - x86 Microsoft Windows XP Professional  5.1.2600.3.1251.359.1033.18.894.68 [GMT 3:00] Running from: c:documents and settingsqwertyMy DocumentsDownloadsComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:autorun.inf c:documents and settingsAll UsersApplication DataTEMP c:documents and settingsqwertyApplication Datajxpiinstall.exe c:windowssystem32SET12.tmp c:windowssystem32SET13.tmp c:windowsXSxS . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------Legacy_AMSINT32 -------Service_amsint32 . . ((((((((((((((((((((((((( Files Created from 2013-07-04 to 2013-08-04  ))))))))))))))))))))))))))))))) . . 2013-08-04 18:02 . 2013-08-04 18:35  --------  d-----w-  c:program filesSHOUTcast 2013-08-04 16:32 . 2013-08-04 16:32  --------  d-----w-  c:program filesShoutCastGUI 2013-08-04 15:56 . 2013-08-04 16:17  --------  d-----w-  c:documents and settingsqwertyApplication DataWinamp 2013-08-04 15:52 . 2013-08-04 15:57  --------  d-----w-  c:documents and settingsAll UsersApplication Datafirebird 2013-08-04 15:52 . 2013-08-04 15:52  --------  d-----w-  c:documents and settingsqwertyLocal SettingsApplication DataSpacialAudio 2013-08-04 15:48 . 2013-03-19 08:02  552960  ----a-w-  c:windowssystem32GDS32.DLL 2013-08-04 15:47 . 2013-08-04 15:47  --------  d-----w-  c:program filesFirebird 2013-08-04 12:42 . 2013-08-04 12:42  --------  d-----w-  c:program filesCommon FilesJava 2013-08-04 12:41 . 2013-08-04 12:41  144896  ----a-w-  c:windowssystem32javacpl.cpl 2013-08-04 12:41 . 2013-08-04 12:41  94632  ----a-w-  c:windowssystem32WindowsAccessBridge.dll 2013-08-04 12:41 . 2013-08-04 12:41  --------  d-----w-  c:program filesJava 2013-08-04 12:33 . 2013-08-04 12:33  --------  d-----w-  c:documents and settingsqwertyApplication DataRoboForm 2013-08-04 12:31 . 2013-08-04 12:31  --------  d-----w-  c:documents and settingsAll UsersApplication DataRoboForm 2013-08-04 12:29 . 2013-08-04 12:29  --------  d-----w-  c:program filesSiber Systems 2013-08-04 12:27 . 2013-08-04 12:27  369584  ----a-w-  c:windowssystem32driversaswSP.sys 2013-08-04 12:27 . 2013-05-09 08:59  29816  ----a-w-  c:windowssystem32driversaswFsBlk.sys 2013-08-04 12:27 . 2013-05-09 08:59  49760  ----a-w-  c:windowssystem32driversaswRdr.sys 2013-08-04 12:27 . 2013-08-04 12:27  770344  ----a-w-  c:windowssystem32driversaswSnx.sys 2013-08-04 12:27 . 2013-05-09 08:59  56080  ----a-w-  c:windowssystem32driversaswTdi.sys 2013-08-04 12:27 . 2013-08-04 12:27  175176  ----a-w-  c:windowssystem32driversaswVmm.sys 2013-08-04 12:27 . 2013-05-09 08:59  49376  ----a-w-  c:windowssystem32driversaswRvrt.sys 2013-08-04 12:27 . 2013-05-09 08:59  66336  ----a-w-  c:windowssystem32driversaswMonFlt.sys 2013-08-04 12:27 . 2013-05-09 08:58  229648  ----a-w-  c:windowssystem32aswBoot.exe 2013-08-04 12:24 . 2013-05-09 08:58  41664  ----a-w-  c:windowsavastSS.scr 2013-08-04 12:23 . 2013-08-04 12:23  --------  d-----w-  c:program filesAVAST Software 2013-08-04 12:23 . 2013-08-04 12:23  --------  d-----w-  c:documents and settingsAll UsersApplication DataAVAST Software 2013-08-04 11:27 . 2013-08-04 11:27  --------  d-----w-  c:windowsLastGood.Tmp 2013-08-04 09:29 . 2013-08-04 09:29  --------  d--h--w-  c:windowsPIF 2013-08-03 05:46 . 2013-08-03 05:46  40776  ----a-w-  c:windowssystem32driversmbamswissarmy.sys 2013-08-03 05:35 . 2013-08-03 05:35  --------  d-----w-  c:documents and settingsqwertyApplication DataURSoft 2013-08-02 11:32 . 2008-04-14 02:42  53760  -c--a-w-  c:windowssystem32dllcachevfwwdm32.dll 2013-08-02 11:32 . 2008-04-14 02:42  53760  ----a-w-  c:windowssystem32vfwwdm32.dll 2013-08-01 06:29 . 2013-08-01 06:29  --------  d-----w-  c:program filesGabest 2013-07-30 19:08 . 2013-08-04 09:22  270336  ----a-w-  c:windowstsnpstd3.exe 2013-07-30 19:08 . 2013-08-04 09:21  835584  ----a-w-  c:windowsvsnpstd3.exe 2013-07-30 19:08 . 2008-04-14 09:59  10423936  ----a-w-  c:windowssystem32driverssnpstd3.sys 2013-07-30 19:08 . 2008-02-21 14:15  3968  ----a-w-  c:windowssystem32driversDeNoise.sys 2013-07-30 19:08 . 2008-04-09 11:30  61440  ----a-w-  c:windowssystem32vsnpstd3.dll 2013-07-30 19:08 . 2007-07-23 15:04  155648  ----a-w-  c:windowssystem32rsnpstd3.dll 2013-07-30 19:08 . 2005-11-23 10:55  53248  ----a-w-  c:windowssystem32csnpstd3.dll 2013-07-30 19:08 . 2005-11-23 10:55  53248  ----a-w-  c:windowscsnpstd3.dll 2013-07-30 19:08 . 2013-07-30 19:08  --------  d-----w-  c:program filesCommon Filessnpstd3 2013-07-30 19:07 . 2013-07-30 19:07  --------  d-----w-  c:documents and settingsqwertyApplication DataInstallShield 2013-07-30 18:44 . 2013-08-04 09:52  349472  ----a-w-  c:windowsWindowsXP-KB822603-x86.exe 2013-07-30 18:44 . 2013-08-04 09:21  258048  ----a-w-  c:windowstsnp2std.exe 2013-07-30 18:44 . 2007-01-25 15:48  25472  ----a-w-  c:windowssystem32driverssncamd.sys 2013-07-30 18:44 . 2006-09-15 10:21  675840  ----a-w-  c:windowsvsnp2std.exe 2013-07-30 18:44 . 2007-03-30 11:41  12033024  ----a-w-  c:windowssystem32driverssnp2sxp.sys 2013-07-30 18:44 . 2013-07-30 18:44  --------  d-----w-  c:program filesCommon Filessnp2std 2013-07-30 18:44 . 2007-03-29 13:04  249856  ----a-w-  c:windowssystem32vsnp2std.dll 2013-07-30 18:44 . 2006-11-16 12:57  77824  ----a-w-  c:windowssystem32csnp2std.dll 2013-07-30 18:44 . 2006-10-12 14:21  151552  ----a-w-  c:windowssystem32rsnp2std.dll 2013-07-30 18:21 . 2013-08-04 09:21  20480  ----a-w-  c:windowsFixCamera.exe 2013-07-30 18:21 . 2007-09-06 13:56  98304  ----a-w-  c:windowsamcap.exe 2013-07-27 22:06 . 2013-07-27 22:59  --------  d-----w-  c:program filesGoogle 2013-07-27 21:56 . 2013-08-04 12:45  --------  d-----w-  c:documents and settingsAll UsersApplication DataAvira 2013-07-11 20:00 . 2013-07-11 20:00  --------  d-----w-  c:documents and settingsqwertyApplication DataMalwarebytes 2013-07-11 20:00 . 2013-07-11 20:00  --------  d-----w-  c:documents and settingsAll UsersApplication DataMalwarebytes 2013-07-11 20:00 . 2013-08-04 09:22  --------  d-----w-  c:program filesMalwarebytes' Anti-Malware 2013-07-11 20:00 . 2013-04-04 11:50  22856  ----a-w-  c:windowssystem32driversmbam.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-04 12:41 . 2013-03-06 15:30  867240  ----a-w-  c:windowssystem32npDeployJava1.dll 2013-08-04 12:41 . 2013-03-06 15:30  789416  ----a-w-  c:windowssystem32deployJava1.dll 2013-08-04 09:58 . 2013-02-18 12:00  26144  ----a-w-  c:windowssystem32spupdsvc.exe 2013-08-04 09:58 . 2008-05-29 10:04  10752  ----a-w-  c:windowssystem32rspndr.exe 2013-08-04 09:21 . 2013-03-05 12:40  155648  ----a-w-  c:windowssystem32NeroCheck.exe 2013-06-30 11:06 . 2013-06-28 08:42  205984  ----a-w-  c:documents and settingsAll UsersApplication DataMicrosoftVBExpress10.01033ResourceCache.dll 2013-06-12 05:08 . 2013-02-19 09:45  71048  ----a-w-  c:windowssystem32FlashPlayerCPLApp.cpl 2013-06-12 05:08 . 2013-02-19 09:45  692104  ----a-w-  c:windowssystem32FlashPlayerApp.exe 2013-06-07 21:56 . 2009-03-08 03:34  920064  ----a-w-  c:windowssystem32wininet.dll 2013-06-07 21:56 . 2009-03-08 03:34  43520  ----a-w-  c:windowssystem32licmgr10.dll 2013-06-07 21:56 . 2009-03-08 03:34  1469440  ----a-w-  c:windowssystem32inetcpl.cpl 2013-06-07 20:55 . 2009-03-08 03:35  385024  ----a-w-  c:windowssystem32html.iec 2013-06-04 07:23 . 2008-04-14 12:00  562688  ----a-w-  c:windowssystem32qedit.dll 2013-06-04 01:40 . 2009-02-09 11:08  1876736  ----a-w-  c:windowssystem32win32k.sys 2013-05-08 21:28 . 2008-06-17 08:38  1543680  ----a-w-  c:windowssystem32wmvdecod.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOTCLSID{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58  121968  ----a-w-  c:program filesAVAST SoftwareAvastashShell.dll . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "DAEMON Tools Lite"="d:daemon tools liteDTLite.exe" [2013-08-04 3674320] "northbridge"="c:intelnorthbridge.bat" [2013-06-04 50] "RoboForm"="c:program filesSiber SystemsAI RoboFormRoboTaskBarIcon.exe" [2013-08-04 96056] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "DWPersistentQueuedReporting"="c:program filesCommon FilesMicrosoft SharedDWDWTRIG20.EXE" [2011-07-27 434080] "ATICCC"="c:program filesATI TechnologiesATI.ACECLIStart.exe" [2013-08-04 90112] "NeroFilterCheck"="c:windowssystem32NeroCheck.exe" [2013-08-04 155648] "GrooveMonitor"="c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe" [2009-02-26 30040] "Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2013-05-10 958576] "Bonus.SSR.FR11"="d:fine readerNew FolderBonus.ScreenshotReader.exe" [2013-08-04 933640] "CanonSolutionMenu"="c:program filesCanonSolutionMenuCNSLMAIN.exe" [2013-08-04 767312] "FixCamera"="c:windowsFixCamera.exe" [2013-08-04 20480] "tsnp2std"="c:windowstsnp2std.exe" [2013-08-04 258048] "snpstd3"="c:windowsvsnpstd3.exe" [2013-08-04 835584] "tsnpstd3"="c:windowstsnpstd3.exe" [2013-08-04 270336] "avast"="c:program filesAVAST SoftwareAvastavastUI.exe" [2013-05-09 4858968] "SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2013-03-12 253816] . [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun] "CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 15360] . c:documents and settingsqwertyStart MenuProgramsStartup On-Screen Keyboard.lnk - c:windowssystem32osk.exe [2008-6-13 215552] . [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem] "EnableLUA"= 0 (0x0) . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices] "Hamachi2Svc"=2 (0x2) . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList] "%windir%Network Diagnosticxpnetdiag.exe"= "c:Program FilesWindows LiveMessengerwlcsdk.exe"= "c:Program FilesWindows LiveMessengermsnmsgr.exe"= "%windir%system32sessmgr.exe"= "d:uTorrent.exe"= "c:Program FilesNeroNero Blu-ray PlayerBlu-rayPlayer.exe"= "c:Program FilesNeroKMKwikMedia.exe"= "c:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE"= "c:Program FilesMicrosoft OfficeOffice12GROOVE.EXE"= "c:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE"= "c:Program FilesJavajre7binjavaw.exe"= "c:WINDOWSsystem32java.exe"= "c:WINDOWSsystem32javaw.exe"= "c:Documents and SettingsqwertyApplication DataGameRangerGameRangerGameRanger.exe"= "d:FIFA 07 - RELOADEDfifa07.exe"= "c:Documents and SettingsqwertyLocal SettingsApplication DataGoogleGoogle Talk Plugingoogletalkplugin.exe"= "c:Program FilesSkypePhoneSkype.exe"= "c:Program FilesATI TechnologiesATI.ACECLIStart.exe"= "c:WINDOWSsystem32wuauclt.exe"= "c:Program FilesATI TechnologiesATI.ACECLI.EXE"= "c:WINDOWSsystem32taskmgr.exe"= "c:Program FilesMozilla Firefoxfirefox.exe"= "c:Intelintel.exe"= "c:WINDOWSFixCamera.exe"= "c:Documents and SettingsqwertyDesktopWinsockxpFix.exe"= "c:WINDOWStsnp2std.exe"= "c:Program FilesGoogleChromeApplicationchrome.exe"= "c:Program FilesMozilla Firefoxplugin-container.exe"= "c:Program FilesAdobeReader 10.0ReaderReader_sl.exe"= "c:WINDOWSvsnpstd3.exe"= . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList] "25565:TCP"= 25565:TCP:Minecraft "8000:TCP"= 8000:TCP:Радио "8001:TCP"= 8001:TCP:Радио "8000:UDP"= 8000:UDP:Радио "8001:UDP"= 8001:UDP:Радио . R0 aswRvrt;aswRvrt;c:windowssystem32driversaswRvrt.sys [04.8.2013 г. 15:27 49376] R0 aswVmm;aswVmm;c:windowssystem32driversaswVmm.sys [04.8.2013 г. 15:27 175176] R1 aswSnx;aswSnx;c:windowssystem32driversaswSnx.sys [04.8.2013 г. 15:27 770344] R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [04.8.2013 г. 15:27 369584] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32driversdtsoftbus01.sys [04.3.2013 г. 22:36 242240] R2 ABBYY.Licensing.FineReader.Corporate.11.0;ABBYY FineReader 11 CE Licensing Service;c:program filesCommon FilesABBYYFineReader11.00LicensingCENetworkLicenseServer.exe [22.12.2011 г. 19:11 818952] R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [04.8.2013 г. 15:27 29816] R2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys [04.8.2013 г. 15:27 66336] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:program filesFirebirdFirebird_2_5binfbguard.exe [04.8.2013 г. 18:47 98304] R2 NAUpdate;Nero Update;c:program filesNeroUpdateNASvc.exe [13.7.2012 г. 17:27 769432] R2 Skype C2C Service;Skype C2C Service;c:documents and settingsAll UsersApplication DataSkypeToolbarsSkype C2C Servicec2c_service.exe [31.1.2013 г. 10:38 3289208] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:program filesFirebirdFirebird_2_5binfbserver.exe [04.8.2013 г. 18:47 3784704] S2 gupdate;Услуга на Google Актуализация (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [28.7.2013 г. 01:06 116648] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:hamachi-2.exe -s --> d:hamachi-2.exe -s [?] S2 SkypeUpdate;Skype Updater;c:program filesSkypeUpdaterUpdater.exe [28.2.2013 г. 18:45 161384] S3 gupdatem;Услуга на Google Актуализация (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [28.7.2013 г. 01:06 116648] S3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversmbamswissarmy.sys [03.8.2013 г. 08:46 40776] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASWRVRT *NewlyCreated* - ASWSNX *NewlyCreated* - WS2IFSL *Deregistered* - 41789940 . [HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-07-31 23:43  1173456  ----a-w-  c:program filesGoogleChromeApplication28.0.1500.95Installerchrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-08-04 c:windowsTasksAdobe Flash Player Updater.job - c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2013-02-19 05:08] . 2013-08-04 c:windowsTasksavast! Emergency Update.job - c:program filesAVAST SoftwareAvastAvastEmUpdate.exe [2013-08-04 08:58] . 2013-08-03 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2013-07-27 16:48] . 2013-08-04 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2013-07-27 16:48] . 2013-08-03 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-839522115-507921405-1417001333-1004Core.job - c:documents and settingsqwertyLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2013-04-08 12:10] . 2013-08-04 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-839522115-507921405-1417001333-1004UA.job - c:documents and settingsqwertyLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2013-04-08 12:10] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:progra~1MICROS~4Office12EXCEL.EXE/3000 TCP: DhcpNameServer = 172.16.1.1 FF - ProfilePath - c:documents and settingsqwertyApplication DataMozillaFirefoxProfileswahsbg9c.default-1373472550146 FF - ExtSQL: 2013-08-04 15:25; wrc@avast.com; c:program filesAVAST SoftwareAvastWebRepFF FF - ExtSQL: 2013-08-04 15:31; {22119944-ED35-4ab1-910B-E619EA06A115}; c:program filesSiber SystemsAI RoboFormFirefox . - - - - ORPHANS REMOVED - - - - . HKLM-Run-LogMeIn Hamachi Ui - D:hamachi-2-ui.exe c:documents and settingsqwertyStart MenuProgramsStartup_uninst_22855274.lnk - c:documents and settingsqwertyLocal SettingsTemp_uninst_22855274.bat MSConfigStartUp-LogMeIn Hamachi Ui - D:hamachi-2-ui.exe AddRemove-CanonMyPrinter - d:printeruninst.exe AddRemove-Counter-Strike 1.6 Professional Edition v2.0 - d:new folder (3)Counter-Strike 1.6 Professional Edition v2.0Uninstall.exe AddRemove-Easy-PhotoPrint EX - D:uninst.exe AddRemove-{46541929-EDB0-6A3B-9ECE-756E0CAE49F4} - c:docume~1ALLUSE~1APPLIC~1INSTAL~1{7AE2C~1Setup.exe AddRemove-{AB583BA2-DCFA-2C80-4F6E-E3716F4A541F} - c:docume~1ALLUSE~1APPLIC~1INSTAL~1{A9178~1Setup.exe AddRemove-{F3D81B4B-8243-1399-699B-71FF5793B73A} - c:docume~1ALLUSE~1APPLIC~1INSTAL~1{76A09~1Setup.exe AddRemove-Winamp Detect - d:winamp detectUninstWaDetect.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-08-04 23:17 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ...   . scanning hidden autostart entries ... . scanning hidden files ...   . . c:windowsTEMP_avast_unp183608098.tmp 131388 bytes . scan completed successfully hidden files: 1 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WINDOWSsystem32MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:WINDOWSsystem32MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(616) c:windowssystem32Ati2evxx.dll . - - - - - - - > 'explorer.exe'(1524) c:windowssystem32WININET.dll c:windowssystem32msi.dll c:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86MSVCR80.dll c:progra~1WINDOW~4wmpband.dll c:windowssystem32ieframe.dll c:windowssystem32webcheck.dll c:windowssystem32WPDShServiceObj.dll c:windowssystem32PortableDeviceTypes.dll c:windowssystem32PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:windowssystem32Ati2evxx.exe c:program filesAVAST SoftwareAvastAvastSvc.exe c:windowssystem32Ati2evxx.exe c:program filesJavajre7binjqs.exe c:program filesGoogleUpdate1.3.21.153GoogleCrashHandler.exe c:intelintel.exe c:windowssystem32MSSWCHX.EXE c:windowssystem32wscntfy.exe c:program filesATI TechnologiesATI.ACECLI.EXE c:program filesATI TechnologiesATI.ACEcli.exe c:windowssystem32wbemwmiapsrv.exe . ************************************************************************** . Completion time: 2013-08-04  23:22:39 - machine was rebooted ComboFix-quarantined-files.txt  2013-08-04 20:22 . Pre-Run: 17 428 692 992 bytes free Post-Run: 18 910 593 024 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS [operating systems] c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - AC428D7446CA42498A9AF63091C55ACC 8F558EB6672622401DA993E1E865C861  

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте..извинявам се за закъснението..но бях ангажиран..!
 
Публикувано изображение Изтеглете Malwarebytes' Anti-Malware или от тук (не забравяйте да обновите програмата с нови дефиниции)
* Кликнете два пъти върху mbam-setup.exe, за да инсталирате програмата.
* Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish.
* Ако има намерени обновявания, тя ще ги изтегли и инсталира.
* Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.
* Сканирането ще отнеме малко време, затова моля да бъдете търпеливи.
* Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата
* Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.
* Когато всичко бъде премахнато, в Notepad ще бъде отворен лог.
Копирайте този лог и го публикувайте в следващия си коментар по темата.
  Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.
 

Публикувано изображение Изтеглете програмата: ESET Online Scanner

  • [*]Стартирайте esetsmartinstaller_enu.exe Публикувано изображение [*]Сложете отметка на
YES, I accept the Terms of Use и изберете Start:

  • [*]Публикувано изображение

  • [*]Скенерът ще започне да изтегля компонентите, които са му необходими:

  • [*]Публикувано изображение

Уверете се, че е премахната отметката от:

  • [*]
Remove found threats

Уверете се че са маркирани следните позиции:

  • [*]
Scan Archives

Кликнете върху Advanced Settings и маркирайте следните опции:

  • [*]
Scan for potentially unwanted applications [*]Scan for potentially unsafe applications [*]Enable Anti-Stealth Technology

Накрая изберете Start
Скенерът ще започне да изтегля последните дефиниции.

  • [*]След, като сканирането завърши изберете
Finish. [*]Отидете в: C:Program FilesESETESET Online Scanner [*]Отворете файла log.txt , копирайте съдържанието му и го поставете в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

MBAM

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 
Версия на базата от данни: v2013.08.09.02
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
qwerty :: PCV [администратор]
 
09.8.2013 г. 10:08:48
MBAM-log-2013-08-09 (13-07-31).txt
 
Тип сканиране: Пълно сканиране (C:|D:|E:|F:|G:|H:|I:|J:|)
Включени опции за сканиране: Памет | Автоматично зареждане | Системен регистър | Файлова система | Евристики/Допълнителни | Евристики/Shuriken | PUP | PUM
Изключени опции за сканиране: P2P
Сканирани обекти: 286770
Изминало време: 1 час(а), 2 минута(и), 58 секунда(и)
 
Открити процеси в паметта: 0
(Не бяха открити зловредни обекти)
 
Открити модули в паметта: 0
(Не бяха открити зловредни обекти)
 
Открити ключове в системния регистър: 0
(Не бяха открити зловредни обекти)
 
Открити стойности в системния регистър: 0
(Не бяха открити зловредни обекти)
 
Открити информационни обекти в системния регистър: 0
(Не бяха открити зловредни обекти)
 
Открити папки: 0
(Не бяха открити зловредни обекти)
 
Открити файлове: 1
C:Documents and SettingsqwertyMy DocumentsDownloadssam broadcaster v 4.2.2.zip (RiskWare.Tool.HCK) -> Не беше предприето действие.
 
(край)
 

 

 

ESET

C:Documents and SettingsAll UsersApplication DataSecTaskManFixCamera.exe.q_Quarantine_2CF5000_q a variant of Win32/KillProc.A application

C:Documents and SettingsAll UsersApplication DataSecTaskManintel.exe.q_Quarantine_149DC04_q a variant of Win32/BitCoinMiner.W application
C:Documents and SettingsqwertyDesktopyusetup7.exe Win32/Toolbar.Zugo application
C:Documents and SettingsqwertyMy DocumentsDownloadsPCMAX_AF_ErrorsFix_Setup.exe a variant of Win32/RegistryNuke application
C:Documents and SettingsqwertyMy DocumentsDownloadsSoftonicDownloader_for_process-scanner.exe Win32/SoftonicDownloader.E application
C:Documents and SettingsqwertyMy DocumentsDownloadsspam.vbs VBS/HackTool.Skype.B trojan
C:Documents and SettingsqwertyMy DocumentsDownloadswinamp565_full_emusic-7plus_all.exe Win32/OpenCandy application
C:Intelintel32.exe a variant of Win32/BitCoinMiner.W application
C:Intelstart.exe a variant of Win32/HiddenStart.B application
C:Program FilesCheat Engine 6.3cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application
C:Program FilesCheat Engine 6.3standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF application
C:Program FilesSafeSaversprotector.dll a variant of Win32/SProtector.A application
C:System Volume Information_restore{49383A7A-558A-4A7A-9EC8-CD0AC878EC6E}RP2A0000109.exe a variant of Win32/BitCoinMiner.W application
C:System Volume Information_restore{49383A7A-558A-4A7A-9EC8-CD0AC878EC6E}RP4A0000112.exe a variant of Win32/KillProc.A application
D:Advanced Fix 2013AdvancedFix.exe a variant of Win32/RegistryNuke application
 

 

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

 

KILLALL::File::C:Documents and SettingsAll UsersApplication DataSecTaskManFixCamera.exe.q_Quarantine_2CF5000_qC:Documents and SettingsAll UsersApplication DataSecTaskManintel.exe.q_Quarantine_149DC04_q C:Intelintel32.exe C:System Volume Information_restore{49383A7A-558A-4A7A-9EC8-CD0AC878EC6E}RP2A0000109.exeC:System Volume Information_restore{49383A7A-558A-4A7A-9EC8-CD0AC878EC6E}RP4A0000112.exe 
След съхранението преместете  CFScript.txt на иконата на ComboFix.exe

Публикувано изображение

Генерирания рапорт копирайте  и го поставете в следващия си коментар...!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Всичко изглежда наред...!Наблюдавате ли първоначалните проблеми....?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Тогава да считам че проблема ви е решен...!
 
Деинсталирайте ComboFix така:

  • [*]Натиснете Start ==> Run ==> въведете командата
Combofix /Uninstall ==> OK

  • [*]Публикувано изображение

  • [*]Моля, следвайте инструкциите, за да деинсталирате ComboFix. Ще получите съобщение, в което се казва ComboFix е деинсталиран успешно.

Публикувано изображение Изтеглете Публикувано изображениеOTCleanIt или от тук,стартирайте и натиснете Публикувано изображение

 
Публикувано изображение Изтеглете Delfix.exe и го стартирайте. Сложете отметка пред Remove disinfection tools => натиснете бутона Run Инструмента ще се самоизтрие след като приключи своята задача!

 
Публикувано изображение Деинсталирайте ESET Online Scaner.

  • [*]
Start => Run, въведете control appwiz.cpl в полето.След това натиснете ENTER. [*]Изберете ESET Online Scanner от списъка с приложения, а след това маркирайте Remove. Aко бъдете подканени рестартирайте компютъра си.

 

Публикувано изображение Изтрийте всичко друго което е останало след процедурите (използвано в лечението).Препоръчвам програмата Malwarebytes' Anti-Malware да остане на вашия компютър и периодично да сканирате системата си с нея (поне един -два пъти в седмицата),като не забравяйте да обновите дефинициите и преди всяко сканиране..!

 

Стартирайте PatchMyPC и инсталирайте всички ъпдейти, които инструмента ви предложи.

 

Маркирам случая като "Решен"..! Пожелавам ви лек ден и безопасен интернет..! :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Преди 3 години имах проблем с полиморфен вирус и тия неща, които сте му написали няма да оправят проблема перманентно. Полиморфните вируси се самокопират по системните папки на всички дялове (System Volume Information и т.н.) и дори да намериш антивирусна, която да го изтрие от един дял, вирусът автоматично се копира обратно от другите дялове. Единственото генерално и бързо решение на проблема е да си качиш важните неща на ДВД дискове (не на преносим хард или флашка, защото вирусът ще отиде и там) и да направиш цялостен формат на хард диска (или хард дисковете, ако са повече от един), като промениш размера на дяловете. Просто форматиране на дяловете без промяна на размера им не помага - знам го от личен опит. След като форматирах и двата дяла и инсталирах ОС въпросната гадина пак се появи. Единственото, което помогна беше да променя размерите. Преди формата дяловете ми бяха с размери съответно 35000 MB и 85000 MB. За да изчезне вирусът ги направих 34999 и 84999 MB. Това ми реши проблема перманентно.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Преди 3 години имах проблем с полиморфен вирус и тия неща, които сте му написали няма да оправят проблема перманентно. Полиморфните вируси се самокопират по системните папки на всички дялове (System Volume Information и т.н.) и дори да намериш антивирусна, която да го изтрие от един дял, вирусът автоматично се копира обратно от другите дялове. Единственото генерално и бързо решение на проблема е да си качиш важните неща на ДВД дискове (не на преносим хард или флашка, защото вирусът ще отиде и там) и да направиш цялостен формат на хард диска (или хард дисковете, ако са повече от един), като промениш размера на дяловете. Просто форматиране на дяловете без промяна на размера им не помага - знам го от личен опит. След като форматирах и двата дяла и инсталирах ОС въпросната гадина пак се появи. Единственото, което помогна беше да променя размерите. Преди формата дяловете ми бяха с размери съответно 35000 MB и 85000 MB. За да изчезне вирусът ги направих 34999 и 84999 MB. Това ми реши проблема перманентно.

Момчетата от HJT Team неведнъж са се справяли успешно с вируси Sality без нужда от преинсталация. Те знаят какви инструменти да използват и в каква последователност, за разлика от вас или от мен, за да изчистят системата без преинсталация. ;)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Подкрепям момчетата от отбора са много добре подготвени, мисля, че заслужават доверие и уважение ;) 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Преди 3 години имах проблем с полиморфен вирус и тия неща, които сте му написали няма да оправят проблема перманентно. Полиморфните вируси се самокопират по системните папки на всички дялове (System Volume Information и т.н.) и дори да намериш антивирусна, която да го изтрие от един дял, вирусът автоматично се копира обратно от другите дялове. Единственото генерално и бързо решение на проблема е да си качиш важните неща на ДВД дискове (не на преносим хард или флашка, защото вирусът ще отиде и там) и да направиш цялостен формат на хард диска (или хард дисковете, ако са повече от един), като промениш размера на дяловете. Просто форматиране на дяловете без промяна на размера им не помага - знам го от личен опит. След като форматирах и двата дяла и инсталирах ОС въпросната гадина пак се появи. Единственото, което помогна беше да променя размерите. Преди формата дяловете ми бяха с размери съответно 35000 MB и 85000 MB. За да изчезне вирусът ги направих 34999 и 84999 MB. Това ми реши проблема перманентно.

 

 

Преди три години нещата изглеждаха съвсем различно.....!Само това ще кажа и ще приключа с дискусията по въпроса..Нека автора на темата да каже има ли проблеми след процедурите..!Лека вечер на всички....!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от Rada Beliata
      Здравейте, 
      Все още не съм успяла да си купя нов комп. С мъж-о ползваме неговия, преди няколко дена като пътувахме и ползвахме различен доставчик чрез телефон за връзка с мобилен  интернет изведнъж при отваряне на ИЕ (IE) вместо гугъл се появи Vivakom . Не можах по никакъв начин да го махна. Сега пи всеки опит да отворя Интернет Експлоер ми се появява страница на Виваком( не ползваме този доставчик на услуги нито като телефони , нито като домашен Интернет) . Нямам и идея от къде се настани и защо не успявам да го махна. Изтеглих  instrumenta Malwаrebytes , нищо не показа, после изтеглих и AdwCleaner , но и след тези ми действия това нахално "нещо" стои . Явно аз не съм в час какво трябва да направя. Моля за помощта ви и предварително благодаря!
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.09.2018
      Ran by User (administrator) on USER-PC (28-09-2018 22:57:32)
      Running from C:\Users\User\Downloads
      Loaded Profiles: User (Available Profiles: User)
      Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
      Internet Explorer Version 11 (Default browser: IE)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
      (AMD) C:\Windows\System32\atiesrxx.exe
      (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
      (AMD) C:\Windows\System32\atieclxx.exe
      (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
      (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
      (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
      (VoipConnect) C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe
      (Viber Media S.à r.l.) C:\Users\User\AppData\Local\Viber\Viber.exe
      () C:\ProgramData\MobileBrServ\mbbService.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (© 2015 Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      (Intel Corporation) C:\Windows\System32\igfxEM.exe
      (Intel Corporation) C:\Windows\System32\igfxHK.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
      (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
      (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
      (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
      (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
      (Microsoft Corporation) C:\Windows\System32\mspaint.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
      HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-12-05] (IDT, Inc.)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2795248 2013-10-25] (Synaptics Incorporated)
      HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
      HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
      HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
      HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
      HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-05-18] (Advanced Micro Devices, Inc.)
      HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company)
      HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832 2013-11-01] (IVT Corporation)
      Winlogon\Notify\igfxcui: igfxdev.dll [X]
      HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\...\Run: [*LABAL*] => [X]
      HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\...\Run: [VoipConnect] => C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe [36547168 2016-05-14] (VoipConnect)
      HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\...\Run: [Viber] => C:\Users\User\AppData\Local\Viber\Viber.exe [35790408 2018-09-17] (Viber Media S.à r.l.)
      HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\...\Run: [BingSvc] => C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
      HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [50100160 2018-03-02] (Skype Technologies S.A.)
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{4F635613-A958-44D2-ABE6-D3CC1A3DABC3}: [DhcpNameServer] 192.168.8.1 192.168.8.1
      Tcpip\..\Interfaces\{7019DF92-BFEA-4C0F-A4AA-C467798353EB}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
      HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      DPF: HKLM-x32 {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://online.bulbank.bg/capicom.cab
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
      FireFox:
      ========
      FF DefaultProfile: aewkzmml.default
      FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\aewkzmml.default [2018-03-10]
      FF NetworkProxy: Mozilla\Firefox\Profiles\aewkzmml.default -> autoconfig_url", "hxxp://aiidatapro.net/proxy2.js"
      FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] [Legacy]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-14] ()
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-14] ()
      FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
      Chrome: 
      =======
      CHR DefaultProfile: Default
      CHR HomePage: Default -> msn.com
      CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
      CHR DefaultSearchKeyword: Default -> bing.com
      CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
      CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2018-09-28]
      CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
      CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
      CHR Extension: (Skype Calling) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-09-06]
      CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
      CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
      CHR Extension: (Bing) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2018-09-28]
      CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
      CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-09-19]
      CHR Extension: (Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-03]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
      CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
      CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-19]
      CHR HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
      R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
      R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1706744 2013-11-01] (IVT Corporation)
      R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-11-01] (IVT Corporation)
      R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
      R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
      S2 JWC; C:\Jeppesen\JWC\JWC.exe [658016 2014-10-06] (Jeppesen)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
      R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242256 2014-08-20] ()
      R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
      R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
      R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2013-12-05] (IDT, Inc.) [File not signed]
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [35936 2013-04-10] (Advanced Micro Devices, Inc.)
      S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [33968 2012-12-19] (IVT Corporation)
      S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [33968 2012-12-19] (IVT Corporation)
      R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
      R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)
      R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
      R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-25] (Disc Soft Ltd)
      R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)
      R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [200232 2018-09-27] (Malwarebytes)
      R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [118584 2018-09-28] (Malwarebytes)
      R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [58400 2018-09-28] (Malwarebytes)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260384 2018-09-28] (Malwarebytes)
      R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [100664 2018-09-28] (Malwarebytes)
      R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
      R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
      R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.)
      R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
      R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
      S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [444632 2013-09-26] (Realsil Semiconductor Corporation)
      R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-25] (Synaptics Incorporated)
      S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
      S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
      S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
      S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
      S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
      S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
      S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
      S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
      S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-09-28 22:57 - 2018-09-28 22:59 - 000019536 _____ C:\Users\User\Downloads\FRST.txt
      2018-09-28 22:57 - 2018-09-28 22:57 - 000000000 ____D C:\FRST
      2018-09-28 22:56 - 2018-09-28 22:56 - 002414080 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
      2018-09-28 22:38 - 2018-09-28 22:38 - 000118584 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
      2018-09-28 22:38 - 2018-09-28 22:38 - 000100664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
      2018-09-28 22:38 - 2018-09-28 22:38 - 000058400 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2018-09-28 22:35 - 2018-09-28 22:35 - 000260384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2018-09-28 22:27 - 2018-09-28 22:29 - 000000000 ____D C:\AdwCleaner
      2018-09-28 22:27 - 2018-09-28 22:27 - 007592144 _____ (Malwarebytes) C:\Users\User\Downloads\adwcleaner_7.2.4.0.exe
      2018-09-27 23:44 - 2018-09-27 23:44 - 000200232 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2018-09-27 23:44 - 2018-09-27 23:44 - 000000000 ____D C:\Users\User\AppData\Local\mbamtray
      2018-09-27 23:44 - 2018-09-27 23:44 - 000000000 ____D C:\Users\User\AppData\Local\mbam
      2018-09-27 23:43 - 2018-09-27 23:43 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2018-09-27 23:43 - 2018-09-27 23:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2018-09-27 23:43 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
      2018-09-27 23:42 - 2018-09-27 23:43 - 080334792 _____ (Malwarebytes ) C:\Users\User\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.463-1.0.6985.exe
      2018-09-27 17:21 - 2018-09-27 17:21 - 000515494 _____ C:\Users\User\Downloads\20180621_BEG_Vacation Regulation for BEG FCM & CCM.pdf
      2018-09-27 11:00 - 2018-09-27 11:01 - 000656891 _____ C:\Users\User\Documents\viewtickets.pdf
      2018-09-26 13:36 - 2018-09-26 13:37 - 000000000 ____D C:\Users\User\AppData\Local\Viber
      2018-09-16 10:51 - 2018-09-16 10:51 - 000022032 _____ C:\Users\User\Desktop\molba-za-napuskane-na-rabota-na-osnovanie-chl325-t1-ot-kt.pdf
      2018-09-14 22:21 - 2018-09-14 22:21 - 000018446 _____ C:\Users\User\Downloads\Новата такса + нов фонд ремонт.xlsx
      2018-09-14 22:19 - 2018-09-14 22:19 - 000018453 _____ C:\Users\User\Downloads\Новата такса.xlsx
      2018-09-12 18:35 - 2018-08-31 18:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
      2018-09-12 18:35 - 2018-08-31 18:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
      2018-09-12 18:35 - 2018-08-30 04:47 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
      2018-09-12 18:35 - 2018-08-30 04:10 - 001424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
      2018-09-12 18:35 - 2018-08-28 08:50 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
      2018-09-12 18:35 - 2018-08-24 22:47 - 000398424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2018-09-12 18:35 - 2018-08-24 21:47 - 000350296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
      2018-09-12 18:35 - 2018-08-24 02:05 - 025736704 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2018-09-12 18:35 - 2018-08-24 01:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2018-09-12 18:35 - 2018-08-24 01:56 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2018-09-12 18:35 - 2018-08-24 01:45 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2018-09-12 18:35 - 2018-08-24 01:44 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2018-09-12 18:35 - 2018-08-24 01:43 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2018-09-12 18:35 - 2018-08-24 01:43 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2018-09-12 18:35 - 2018-08-24 01:43 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2018-09-12 18:35 - 2018-08-24 01:43 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2018-09-12 18:35 - 2018-08-24 01:37 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2018-09-12 18:35 - 2018-08-24 01:36 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2018-09-12 18:35 - 2018-08-24 01:34 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2018-09-12 18:35 - 2018-08-24 01:34 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2018-09-12 18:35 - 2018-08-24 01:33 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2018-09-12 18:35 - 2018-08-24 01:33 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2018-09-12 18:35 - 2018-08-24 01:33 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2018-09-12 18:35 - 2018-08-24 01:33 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2018-09-12 18:35 - 2018-08-24 01:27 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2018-09-12 18:35 - 2018-08-24 01:24 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2018-09-12 18:35 - 2018-08-24 01:19 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2018-09-12 18:35 - 2018-08-24 01:18 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2018-09-12 18:35 - 2018-08-24 01:17 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2018-09-12 18:35 - 2018-08-24 01:15 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2018-09-12 18:35 - 2018-08-24 01:15 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2018-09-12 18:35 - 2018-08-24 01:13 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2018-09-12 18:35 - 2018-08-24 01:12 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2018-09-12 18:35 - 2018-08-24 01:03 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2018-09-12 18:35 - 2018-08-24 01:01 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2018-09-12 18:35 - 2018-08-24 01:01 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2018-09-12 18:35 - 2018-08-24 01:00 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2018-09-12 18:35 - 2018-08-24 00:59 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2018-09-12 18:35 - 2018-08-24 00:59 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2018-09-12 18:35 - 2018-08-24 00:52 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2018-09-12 18:35 - 2018-08-24 00:40 - 001555456 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2018-09-12 18:35 - 2018-08-24 00:28 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2018-09-12 18:35 - 2018-08-24 00:27 - 020279296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
      2018-09-12 18:35 - 2018-08-24 00:25 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
      2018-09-12 18:35 - 2018-08-24 00:15 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
      2018-09-12 18:35 - 2018-08-24 00:14 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
      2018-09-12 18:35 - 2018-08-24 00:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
      2018-09-12 18:35 - 2018-08-24 00:14 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
      2018-09-12 18:35 - 2018-08-24 00:13 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
      2018-09-12 18:35 - 2018-08-24 00:12 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
      2018-09-12 18:35 - 2018-08-24 00:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
      2018-09-12 18:35 - 2018-08-24 00:09 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
      2018-09-12 18:35 - 2018-08-24 00:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
      2018-09-12 18:35 - 2018-08-24 00:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
      2018-09-12 18:35 - 2018-08-24 00:06 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
      2018-09-12 18:35 - 2018-08-24 00:06 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
      2018-09-12 18:35 - 2018-08-24 00:00 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
      2018-09-12 18:35 - 2018-08-23 23:56 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
      2018-09-12 18:35 - 2018-08-23 23:56 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
      2018-09-12 18:35 - 2018-08-23 23:55 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
      2018-09-12 18:35 - 2018-08-23 23:54 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
      2018-09-12 18:35 - 2018-08-23 23:53 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
      2018-09-12 18:35 - 2018-08-23 23:52 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
      2018-09-12 18:35 - 2018-08-23 23:51 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
      2018-09-12 18:35 - 2018-08-23 23:51 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
      2018-09-12 18:35 - 2018-08-23 23:48 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
      2018-09-12 18:35 - 2018-08-23 23:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
      2018-09-12 18:35 - 2018-08-23 23:44 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
      2018-09-12 18:35 - 2018-08-23 23:44 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
      2018-09-12 18:35 - 2018-08-23 23:44 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
      2018-09-12 18:35 - 2018-08-23 23:30 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
      2018-09-12 18:35 - 2018-08-23 23:27 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
      2018-09-12 18:35 - 2018-08-23 23:24 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 001888768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
      2018-09-12 18:35 - 2018-08-13 18:53 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
      2018-09-12 18:35 - 2018-08-13 18:53 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
      2018-09-12 18:35 - 2018-08-13 18:41 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 001241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
      2018-09-12 18:35 - 2018-08-12 23:32 - 000378464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
      2018-09-12 18:35 - 2018-08-12 23:31 - 001894496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
      2018-09-12 18:35 - 2018-08-12 23:31 - 000289376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
      2018-09-12 18:35 - 2018-08-12 23:28 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
      2018-09-12 18:35 - 2018-08-12 23:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
      2018-09-12 18:35 - 2018-08-10 18:59 - 005552816 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2018-09-12 18:35 - 2018-08-10 18:59 - 000154800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
      2018-09-12 18:35 - 2018-08-10 18:58 - 000385120 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
      2018-09-12 18:35 - 2018-08-10 18:58 - 000263776 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
      2018-09-12 18:35 - 2018-08-10 18:58 - 000096864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
      2018-09-12 18:35 - 2018-08-10 18:57 - 000708272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
      2018-09-12 18:35 - 2018-08-10 18:57 - 000631624 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
      2018-09-12 18:35 - 2018-08-10 18:56 - 001664296 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
      2018-09-12 18:35 - 2018-08-10 18:45 - 000309424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
      2018-09-12 18:35 - 2018-08-10 18:44 - 003961440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
      2018-09-12 18:35 - 2018-08-10 18:42 - 001315512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
      2018-09-12 18:35 - 2018-08-10 18:39 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
      2018-09-12 18:35 - 2018-08-10 18:27 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
      2018-09-12 18:35 - 2018-08-10 18:22 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
      2018-09-12 18:35 - 2018-08-10 18:22 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
      2018-09-12 18:35 - 2018-08-10 18:22 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
      2018-09-12 18:35 - 2018-08-10 18:21 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
      2018-09-12 18:35 - 2018-08-10 18:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
      2018-09-12 18:35 - 2018-08-10 18:17 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
      2018-09-12 18:35 - 2018-08-10 18:17 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
      2018-09-12 18:35 - 2018-08-10 18:17 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
      2018-09-12 18:35 - 2018-08-10 18:15 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
      2018-09-12 18:35 - 2018-08-10 18:13 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
      2018-09-12 18:35 - 2018-08-10 18:13 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
      2018-09-12 18:35 - 2018-08-10 18:13 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
      2018-09-12 18:35 - 2018-08-10 18:13 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
      2018-09-12 18:35 - 2018-08-10 18:12 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
      2018-09-12 18:35 - 2018-08-10 18:12 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
      2018-09-12 18:35 - 2018-08-10 18:12 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
      2018-09-12 18:35 - 2018-08-10 18:12 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
      2018-09-12 18:35 - 2018-08-10 18:12 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
      2018-09-12 18:35 - 2018-08-10 18:12 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
      2018-09-12 18:35 - 2018-08-10 18:10 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
      2018-09-12 18:35 - 2018-08-10 18:10 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
      2018-09-12 18:35 - 2018-08-10 18:10 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
      2018-09-12 18:35 - 2018-08-10 18:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
      2018-09-12 18:35 - 2018-08-10 18:09 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
      2018-09-12 18:35 - 2018-08-10 18:09 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
      2018-09-12 18:35 - 2018-07-29 18:55 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
      2018-09-12 18:35 - 2018-07-18 18:18 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
      2018-09-12 18:35 - 2018-06-27 16:20 - 000419648 _____ C:\Windows\SysWOW64\locale.nls
      2018-09-12 18:35 - 2018-06-27 16:19 - 000419648 _____ C:\Windows\system32\locale.nls
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-09-28 22:44 - 2009-07-14 07:45 - 000031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-09-28 22:44 - 2009-07-14 07:45 - 000031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-09-28 22:35 - 2016-08-05 16:18 - 000003620 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
      2018-09-28 22:34 - 2013-11-20 10:44 - 000001077 _____ C:\Windows\SysWOW64\bscs.ini
      2018-09-28 22:32 - 2016-08-05 16:18 - 000000061 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI
      2018-09-28 22:31 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-09-28 13:43 - 2016-08-05 16:20 - 000000713 _____ C:\Windows\SysWOW64\REMOTEDEVICE.INI
      2018-09-28 12:07 - 2009-07-14 08:13 - 000783606 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-09-28 12:07 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
      2018-09-27 23:43 - 2014-12-09 01:10 - 000000000 ____D C:\ProgramData\Malwarebytes
      2018-09-27 23:33 - 2017-06-11 18:30 - 000000000 ____D C:\Users\User\Documents\ViberDownloads
      2018-09-27 10:07 - 2017-06-11 18:28 - 000000000 ____D C:\Users\User\AppData\Roaming\ViberPC
      2018-09-26 17:00 - 2016-08-05 16:22 - 000000680 _____ C:\Windows\SysWOW64\SHORTCUT.INI
      2018-09-26 13:44 - 2014-12-30 12:03 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
      2018-09-26 13:42 - 2017-03-06 15:12 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2018-09-19 18:08 - 2014-12-09 00:49 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-09-19 18:08 - 2014-12-09 00:49 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-09-16 10:47 - 2016-10-20 11:15 - 000000000 ____D C:\Program Files (x86)\TeamViewer
      2018-09-14 20:15 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\rescache
      2018-09-14 18:44 - 2018-03-13 14:57 - 000004458 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
      2018-09-14 18:44 - 2014-08-21 19:10 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2018-09-14 18:44 - 2014-08-21 19:10 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2018-09-14 18:44 - 2014-08-21 19:10 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2018-09-14 18:44 - 2014-08-21 19:10 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2018-09-14 18:44 - 2014-08-21 19:10 - 000000000 ____D C:\Windows\system32\Macromed
      2018-09-14 17:41 - 2014-08-18 17:35 - 000110008 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
      2018-09-14 17:38 - 2009-07-14 07:45 - 000410984 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-09-12 23:27 - 2014-08-18 19:28 - 000000000 ____D C:\Windows\system32\MRT
      2018-09-12 23:23 - 2014-08-18 19:28 - 139184408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
      2018-09-12 23:20 - 2014-08-18 17:35 - 000767916 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
      2018-09-01 11:30 - 2018-03-31 21:36 - 000000000 ____D C:\Users\User\Desktop\Flying Book R.I
      ==================== Files in the root of some directories =======
      2016-05-14 21:19 - 2016-05-14 21:19 - 000000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
      2017-07-13 23:04 - 2017-07-13 23:04 - 000000000 _____ () C:\Users\User\AppData\Local\{08496EBD-3675-4FFD-9190-C60ED46C2602}
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-09-26 14:18
      ==================== End of FRST.txt ============================
       
      Addition.txt

    • от rvp
      здравейте,
       
      Проблема е че след рестарт или изключване процесът отива на 100% и трябва да го спирам ръчно. ето логовете:
       
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.09.2018 03
      Ran by kpacko (administrator) on KPACKO-MOBILEPC (07-09-2018 10:02:30)
      Running from C:\Users\kpacko\Desktop
      Loaded Profiles: kpacko (Available Profiles: kpacko)
      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (Microsoft Corporation) C:\Windows\System32\wlanext.exe
      (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
      (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
      (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
      () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
      (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
      (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
      (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
      () C:\Users\kpacko\AppData\Roaming\WinRAR\Precomp\precomp.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
      HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
      HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] ()
      HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-07-06] (Apple Inc.)
      HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
      HKU\S-1-5-21-2772379611-2548023608-3356451699-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
      IFEO\LogTransport2.exe: [Debugger] 0
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows.vbs [2018-02-26] ()
      GroupPolicy: Restriction ? <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{EDC66EE9-FC63-456B-9263-6FA1362BFECA}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{F056F4A9-7DE8-4608-90FE-D6F4B68785AC}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-2772379611-2548023608-3356451699-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:NewsFeed
      FireFox:
      ========
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
      Chrome: 
      =======
      CHR NewTab: Default ->  Active:"chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
      CHR Session Restore: Default -> is enabled.
      CHR Profile: C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default [2018-09-07]
      CHR Extension: (Презентации) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
      CHR Extension: (Документи) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
      CHR Extension: (Google Диск) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-15]
      CHR Extension: (Auto Copy) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bijpdibkloghppkbmhcklkogpjaenfkg [2018-01-11]
      CHR Extension: (YouTube) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-15]
      CHR Extension: (Forecastfox (fix version)) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\boljdehmejbffnfiiicckjhafabdepnd [2018-08-05]
      CHR Extension: (uBlock Origin) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-08-27]
      CHR Extension: (Таблици) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
      CHR Extension: (Google Документи офлайн) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
      CHR Extension: (Speed Dial 2 Нов раздел) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2018-03-28]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
      CHR Extension: (Gmail) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-15]
      CHR Extension: (Chrome Media Router) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-07]
      CHR Profile: C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\System Profile [2018-04-26]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
      R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc.)
      S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-04-04] ()
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-08-13] (TeamViewer GmbH)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-07-17] (Microsoft Corporation)
      R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-04-04] (Intel® Corporation)
      R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
      R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 CisUtMonitor; C:\Windows\System32\DRIVERS\CisUtMonitor.sys [54192 2017-07-04] (CrystalIdea Software)
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2017-09-16] (DT Soft Ltd)
      R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-12-11] (Intel Corporation)
      R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [59240 2018-03-16] (NVIDIA Corporation)
      U4 AdobeARMservice; no ImagePath
      U3 SwitchBoard; no ImagePath
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-09-07 10:02 - 2018-09-07 10:03 - 000009284 _____ C:\Users\kpacko\Desktop\FRST.txt
      2018-09-07 10:02 - 2018-09-07 10:02 - 000000000 ____D C:\FRST
      2018-09-07 10:01 - 2018-09-07 10:01 - 002413056 _____ (Farbar) C:\Users\kpacko\Desktop\FRST64.exe
      2018-09-06 22:25 - 2018-09-06 13:48 - 000083968 _____ C:\Users\kpacko\Desktop\Working_Schedule_01-10_Sep_Update_4.xls
      2018-09-04 00:43 - 2018-08-03 18:55 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
      2018-09-04 00:43 - 2018-08-02 06:18 - 000096864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
      2018-09-04 00:43 - 2018-08-02 06:07 - 000263776 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
      2018-09-04 00:43 - 2018-08-02 06:02 - 001665320 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
      2018-09-04 00:43 - 2018-08-02 05:58 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
      2018-09-04 00:43 - 2018-08-02 05:58 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
      2018-09-04 00:43 - 2018-08-02 05:58 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
      2018-09-04 00:43 - 2018-08-02 05:58 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
      2018-09-04 00:43 - 2018-08-02 05:58 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
      2018-09-04 00:43 - 2018-08-02 05:58 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
      2018-09-04 00:43 - 2018-08-02 05:45 - 003959984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
      2018-09-04 00:43 - 2018-08-02 05:43 - 001315512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
      2018-09-04 00:43 - 2018-08-02 05:42 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
      2018-09-04 00:43 - 2018-08-02 05:42 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
      2018-09-04 00:43 - 2018-08-02 05:42 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
      2018-09-04 00:43 - 2018-08-02 05:42 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
      2018-09-04 00:43 - 2018-08-02 05:42 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
      2018-09-04 00:43 - 2018-08-02 05:42 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:26 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
      2018-09-04 00:43 - 2018-08-02 05:26 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
      2018-09-04 00:43 - 2018-08-02 05:26 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
      2018-09-04 00:43 - 2018-08-02 05:25 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
      2018-09-04 00:43 - 2018-08-02 05:22 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
      2018-09-04 00:43 - 2018-08-02 05:21 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
      2018-09-04 00:43 - 2018-08-02 05:21 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
      2018-09-04 00:43 - 2018-08-02 05:17 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
      2018-09-04 00:43 - 2018-08-02 05:17 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
      2018-09-04 00:43 - 2018-08-02 05:17 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
      2018-09-04 00:43 - 2018-08-02 05:16 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
      2018-09-04 00:43 - 2018-08-02 05:16 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
      2018-09-04 00:43 - 2018-08-02 05:16 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
      2018-09-04 00:43 - 2018-08-02 05:16 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
      2018-09-04 00:43 - 2018-08-02 05:16 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
      2018-09-04 00:43 - 2018-08-02 05:16 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
      2018-09-04 00:43 - 2018-08-02 05:16 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
      2018-09-04 00:43 - 2018-08-02 05:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
      2018-09-04 00:43 - 2018-08-02 05:11 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
      2018-09-04 00:43 - 2018-08-02 05:11 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
      2018-09-04 00:43 - 2018-08-02 05:11 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
      2018-09-04 00:43 - 2018-08-02 05:10 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
      2018-09-04 00:43 - 2018-08-02 05:10 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
      2018-09-04 00:43 - 2018-07-20 02:53 - 000396936 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2018-09-04 00:43 - 2018-07-20 01:58 - 000350272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
      2018-09-04 00:43 - 2018-07-19 07:48 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2018-09-04 00:43 - 2018-07-19 07:47 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2018-09-04 00:43 - 2018-07-19 07:35 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2018-09-04 00:43 - 2018-07-19 07:34 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2018-09-04 00:43 - 2018-07-19 07:33 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2018-09-04 00:43 - 2018-07-19 07:33 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2018-09-04 00:43 - 2018-07-19 07:33 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2018-09-04 00:43 - 2018-07-19 07:32 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2018-09-04 00:43 - 2018-07-19 07:30 - 005778432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2018-09-04 00:43 - 2018-07-19 07:26 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2018-09-04 00:43 - 2018-07-19 07:25 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2018-09-04 00:43 - 2018-07-19 07:23 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2018-09-04 00:43 - 2018-07-19 07:22 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
      2018-09-04 00:43 - 2018-07-19 07:22 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2018-09-04 00:43 - 2018-07-19 07:22 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2018-09-04 00:43 - 2018-07-19 07:22 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2018-09-04 00:43 - 2018-07-19 07:21 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2018-09-04 00:43 - 2018-07-19 07:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
      2018-09-04 00:43 - 2018-07-19 07:14 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2018-09-04 00:43 - 2018-07-19 07:11 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2018-09-04 00:43 - 2018-07-19 07:05 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
      2018-09-04 00:43 - 2018-07-19 07:05 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2018-09-04 00:43 - 2018-07-19 07:04 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
      2018-09-04 00:43 - 2018-07-19 07:04 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2018-09-04 00:43 - 2018-07-19 07:04 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
      2018-09-04 00:43 - 2018-07-19 07:03 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2018-09-04 00:43 - 2018-07-19 07:03 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
      2018-09-04 00:43 - 2018-07-19 07:01 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
      2018-09-04 00:43 - 2018-07-19 07:00 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2018-09-04 00:43 - 2018-07-19 07:00 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2018-09-04 00:43 - 2018-07-19 06:58 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2018-09-04 00:43 - 2018-07-19 06:58 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
      2018-09-04 00:43 - 2018-07-19 06:57 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
      2018-09-04 00:43 - 2018-07-19 06:56 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
      2018-09-04 00:43 - 2018-07-19 06:56 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2018-09-04 00:43 - 2018-07-19 06:55 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
      2018-09-04 00:43 - 2018-07-19 06:55 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
      2018-09-04 00:43 - 2018-07-19 06:54 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
      2018-09-04 00:43 - 2018-07-19 06:47 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2018-09-04 00:43 - 2018-07-19 06:46 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2018-09-04 00:43 - 2018-07-19 06:46 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
      2018-09-04 00:43 - 2018-07-19 06:45 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2018-09-04 00:43 - 2018-07-19 06:45 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2018-09-04 00:43 - 2018-07-19 06:43 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2018-09-04 00:43 - 2018-07-19 06:43 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2018-09-04 00:43 - 2018-07-19 06:42 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
      2018-09-04 00:43 - 2018-07-19 06:41 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
      2018-09-04 00:43 - 2018-07-19 06:41 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
      2018-09-04 00:43 - 2018-07-19 06:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
      2018-09-04 00:43 - 2018-07-19 06:38 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
      2018-09-04 00:43 - 2018-07-19 06:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
      2018-09-04 00:43 - 2018-07-19 06:35 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
      2018-09-04 00:43 - 2018-07-19 06:32 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
      2018-09-04 00:43 - 2018-07-19 06:31 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2018-09-04 00:43 - 2018-07-19 06:30 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
      2018-09-04 00:43 - 2018-07-19 06:28 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
      2018-09-04 00:43 - 2018-07-19 06:28 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
      2018-09-04 00:43 - 2018-07-19 06:28 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
      2018-09-04 00:43 - 2018-07-19 06:27 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
      2018-09-04 00:43 - 2018-07-19 06:20 - 001554944 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2018-09-04 00:43 - 2018-07-19 06:09 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
      2018-09-04 00:43 - 2018-07-19 06:09 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2018-09-04 00:43 - 2018-07-19 06:06 - 001329152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
      2018-09-04 00:43 - 2018-07-19 06:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
      2018-09-04 00:43 - 2018-07-13 22:19 - 001894080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
      2018-09-04 00:43 - 2018-07-13 22:19 - 000377024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
      2018-09-04 00:43 - 2018-07-13 22:19 - 000287936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
      2018-09-04 00:43 - 2018-07-08 19:08 - 000383680 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
      2018-09-04 00:43 - 2018-07-08 19:02 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
      2018-09-04 00:43 - 2018-07-08 19:01 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
      2018-09-04 00:43 - 2018-07-08 18:47 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
      2018-09-04 00:43 - 2018-07-08 18:42 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
      2018-09-04 00:43 - 2018-07-06 19:09 - 000947904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
      2018-09-04 00:43 - 2018-07-06 19:03 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
      2018-09-04 00:43 - 2018-07-06 18:48 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
      2018-09-04 00:43 - 2018-06-29 18:55 - 000695808 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll
      2018-09-04 00:43 - 2018-06-29 18:55 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
      2018-09-04 00:43 - 2018-06-29 18:55 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
      2018-09-04 00:43 - 2018-06-29 18:40 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscdll.dll
      2018-09-04 00:43 - 2018-06-29 18:14 - 000516096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
      2018-09-04 00:43 - 2018-06-29 18:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscapi.dll
      2018-09-04 00:43 - 2018-06-27 19:01 - 000114368 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
      2018-09-04 00:43 - 2018-06-27 18:55 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
      2018-09-04 00:43 - 2018-06-27 18:55 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
      2018-09-04 00:43 - 2018-06-27 18:54 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
      2018-09-04 00:43 - 2018-06-27 18:54 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
      2018-09-04 00:43 - 2018-06-27 18:43 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
      2018-09-04 00:43 - 2018-06-27 18:42 - 002366464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
      2018-09-04 00:43 - 2018-06-27 18:42 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
      2018-09-04 00:43 - 2018-06-27 18:41 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
      2018-09-04 00:43 - 2018-06-27 18:21 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
      2018-09-04 00:43 - 2018-06-27 18:16 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
      2018-09-04 00:43 - 2018-06-16 08:11 - 000467856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
      2018-09-04 00:43 - 2018-06-13 19:20 - 014185984 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
      2018-09-04 00:43 - 2018-06-13 19:19 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
      2018-09-04 00:43 - 2018-06-13 18:55 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
      2018-09-04 00:43 - 2018-06-13 18:54 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
      2018-09-04 00:43 - 2018-06-08 19:21 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
      2018-09-04 00:43 - 2018-06-08 19:20 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
      2018-09-04 00:43 - 2018-06-08 19:19 - 000357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
      2018-09-04 00:43 - 2018-06-08 19:19 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
      2018-09-04 00:43 - 2018-06-08 19:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
      2018-09-04 00:43 - 2018-06-08 18:55 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
      2018-09-04 00:43 - 2018-06-08 18:55 - 000330240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
      2018-09-04 00:43 - 2018-06-08 18:54 - 000269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
      2018-09-04 00:43 - 2018-06-08 18:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
      2018-09-04 00:43 - 2018-06-07 19:19 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
      2018-09-04 00:43 - 2018-06-07 18:57 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
      2018-09-04 00:43 - 2018-06-07 18:49 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
      2018-09-04 00:43 - 2018-06-07 18:34 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
      2018-09-04 00:43 - 2018-05-15 06:44 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
      2018-09-04 00:43 - 2018-05-15 06:24 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
      2018-09-04 00:43 - 2018-05-15 06:23 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
      2018-09-04 00:43 - 2018-05-15 06:13 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
      2018-09-04 00:43 - 2018-05-15 06:13 - 000782848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
      2018-09-04 00:43 - 2018-05-15 06:13 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
      2018-09-04 00:43 - 2018-05-15 06:01 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
      2018-09-04 00:43 - 2018-05-15 06:01 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
      2018-09-04 00:43 - 2018-05-12 05:07 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
      2018-09-04 00:43 - 2018-05-12 05:07 - 000033152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
      2018-09-04 00:43 - 2018-05-12 05:07 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
      2018-09-04 00:43 - 2018-05-12 00:19 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
      2018-09-04 00:43 - 2018-05-11 03:40 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
      2018-09-04 00:43 - 2018-05-11 03:40 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000998912 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000918296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000065880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000021848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000019288 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000018776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000015192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000013152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
      2018-09-04 00:43 - 2018-04-25 19:02 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
      2018-09-04 00:43 - 2018-04-25 18:18 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
      2018-09-04 00:43 - 2018-04-23 02:40 - 000582144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
      2018-09-04 00:43 - 2018-04-18 19:03 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
      2018-09-04 00:43 - 2018-04-18 19:03 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\hhsetup.dll
      2018-09-04 00:43 - 2018-04-18 18:51 - 000523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
      2018-09-04 00:43 - 2018-04-18 18:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhsetup.dll
      2018-09-04 00:43 - 2018-04-18 18:41 - 000016896 _____ (Microsoft Corporation) C:\Windows\hh.exe
      2018-09-04 00:43 - 2018-04-18 18:35 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hh.exe
      2018-09-04 00:43 - 2018-04-11 19:38 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
      2018-09-04 00:43 - 2018-04-11 19:36 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
      2018-09-04 00:43 - 2018-04-10 19:36 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
      2018-09-04 00:43 - 2018-04-10 19:36 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
      2018-09-04 00:43 - 2018-04-10 19:34 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
      2018-09-04 00:43 - 2018-04-10 19:33 - 001241600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
      2018-09-04 00:43 - 2018-04-10 19:32 - 000487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
      2018-09-04 00:43 - 2018-04-10 19:00 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
      2018-09-04 00:43 - 2018-04-10 18:48 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
      2018-09-04 00:43 - 2018-04-10 18:47 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
      2018-09-04 00:43 - 2018-04-10 18:47 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
      2018-09-04 00:43 - 2018-04-07 19:41 - 000371392 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
      2018-09-04 00:43 - 2018-03-14 20:16 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
      2018-09-04 00:43 - 2018-03-14 20:12 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
      2018-09-04 00:43 - 2018-03-14 20:12 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
      2018-09-04 00:43 - 2018-03-14 20:12 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
      2018-09-04 00:43 - 2018-03-14 20:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
      2018-09-04 00:43 - 2018-03-14 19:57 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
      2018-09-04 00:43 - 2018-03-14 19:57 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
      2018-09-04 00:43 - 2018-03-14 19:57 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
      2018-09-04 00:43 - 2018-03-14 19:57 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
      2018-09-04 00:43 - 2018-03-14 19:53 - 002651648 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
      2018-09-04 00:43 - 2018-03-14 19:53 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
      2018-09-04 00:43 - 2018-03-14 19:52 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
      2018-09-04 00:43 - 2018-03-14 19:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
      2018-09-04 00:43 - 2018-03-14 19:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
      2018-09-04 00:43 - 2018-03-14 19:52 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
      2018-09-04 00:43 - 2018-03-14 19:52 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
      2018-09-04 00:43 - 2018-03-06 21:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
      2018-09-04 00:43 - 2018-03-06 21:07 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
      2018-09-04 00:43 - 2018-02-22 06:28 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
      2018-09-04 00:43 - 2018-02-22 06:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
      2018-09-04 00:43 - 2018-02-10 21:35 - 000367296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000334528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000185024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000122560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
      2018-09-04 00:43 - 2018-02-10 21:35 - 000068288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000064192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
      2018-09-04 00:43 - 2018-02-10 21:35 - 000063168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000060608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000036032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000031936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000020160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000015040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000012096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
      2018-09-04 00:43 - 2018-02-10 21:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
      2018-09-04 00:43 - 2018-02-10 21:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\racpldlg.dll
      2018-09-04 00:43 - 2018-02-10 21:11 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
      2018-09-04 00:43 - 2018-02-10 20:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
      2018-09-04 00:43 - 2018-02-10 20:25 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
      2018-09-04 00:43 - 2018-02-10 20:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
      2018-09-04 00:43 - 2018-02-10 20:25 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
      2018-09-04 00:43 - 2018-01-12 19:40 - 000407040 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
      2018-09-04 00:43 - 2018-01-12 19:27 - 004834816 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
      2018-09-04 00:43 - 2018-01-12 19:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
      2018-09-04 00:43 - 2018-01-12 19:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
      2018-09-04 00:43 - 2018-01-11 19:41 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
      2018-09-04 00:43 - 2018-01-11 19:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
      2018-09-04 00:43 - 2018-01-01 05:21 - 000288488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
      2018-09-04 00:43 - 2018-01-01 05:21 - 000213736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
      2018-09-04 00:43 - 2018-01-01 05:18 - 001741312 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 001361408 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000961024 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000439296 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000366592 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
      2018-09-04 00:43 - 2018-01-01 05:18 - 000264704 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistHttpTrans.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapPeerProxy.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapAuthProxy.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
      2018-09-04 00:43 - 2018-01-01 05:04 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
      2018-09-04 00:43 - 2018-01-01 05:00 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
      2018-09-04 00:43 - 2018-01-01 05:00 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDist.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
      2018-09-04 00:43 - 2018-01-01 04:59 - 000309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
      2018-09-04 00:43 - 2018-01-01 04:55 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
      2018-09-04 00:43 - 2018-01-01 04:55 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
      2018-09-04 00:43 - 2018-01-01 04:55 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
      2018-09-04 00:43 - 2018-01-01 04:55 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
      2018-09-04 00:43 - 2018-01-01 04:55 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
      2018-09-04 00:43 - 2018-01-01 04:50 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
      2018-09-04 00:43 - 2018-01-01 04:47 - 000244224 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe
      2018-09-04 00:43 - 2018-01-01 04:46 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\vmictimeprovider.dll
      2018-09-04 00:43 - 2018-01-01 04:43 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
      2018-09-04 00:43 - 2018-01-01 04:43 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
      2018-09-04 00:43 - 2018-01-01 04:43 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
      2018-09-04 00:43 - 2018-01-01 04:43 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapPeerProxy.dll
      2018-09-04 00:43 - 2018-01-01 04:43 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapAuthProxy.dll
      2018-09-04 00:43 - 2018-01-01 04:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshqos.dll
      2018-09-04 00:43 - 2018-01-01 04:41 - 000754176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
      2018-09-04 00:43 - 2017-12-05 20:36 - 000625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
      2018-09-04 00:43 - 2017-12-05 20:36 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
      2018-09-04 00:43 - 2017-12-05 20:36 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
      2018-09-04 00:43 - 2017-12-05 20:36 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
      2018-09-04 00:43 - 2017-12-05 20:36 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
      2018-09-04 00:43 - 2017-12-05 20:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
      2018-09-04 00:43 - 2017-12-05 20:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
      2018-09-04 00:43 - 2017-12-05 20:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
      2018-09-04 00:43 - 2017-12-05 20:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
      2018-09-04 00:43 - 2017-12-05 20:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
      2018-09-04 00:43 - 2017-12-05 20:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
      2018-09-04 00:43 - 2017-12-05 19:04 - 000404992 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
      2018-09-04 00:43 - 2017-12-05 18:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
      2018-09-04 00:42 - 2018-08-03 18:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
      2018-09-04 00:42 - 2018-08-02 06:20 - 000708272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
      2018-09-04 00:42 - 2018-08-02 06:06 - 000156256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
      2018-09-04 00:42 - 2018-08-02 06:05 - 005553760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2018-09-04 00:42 - 2018-08-02 06:00 - 000633080 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
      2018-09-04 00:42 - 2018-08-02 05:59 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
      2018-09-04 00:42 - 2018-08-02 05:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
      2018-09-04 00:42 - 2018-08-02 05:59 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
      2018-09-04 00:42 - 2018-08-02 05:58 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
      2018-09-04 00:42 - 2018-08-02 05:58 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
      2018-09-04 00:42 - 2018-08-02 05:57 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
      2018-09-04 00:42 - 2018-08-02 05:57 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
      2018-09-04 00:42 - 2018-08-02 05:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
      2018-09-04 00:42 - 2018-08-02 05:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
      2018-09-04 00:42 - 2018-08-02 05:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
      2018-09-04 00:42 - 2018-08-02 05:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
      2018-09-04 00:42 - 2018-07-19 09:15 - 025745408 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2018-09-04 00:42 - 2018-07-19 07:04 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
      2018-09-04 00:42 - 2018-07-08 19:02 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
      2018-09-04 00:42 - 2018-07-08 19:02 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
      2018-09-04 00:42 - 2018-07-08 19:01 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
      2018-09-04 00:42 - 2018-07-08 18:42 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
      2018-09-04 00:42 - 2018-07-08 18:41 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
      2018-09-04 00:42 - 2018-07-08 18:41 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
      2018-09-04 00:42 - 2018-07-08 18:13 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
      2018-09-04 00:42 - 2018-07-07 18:24 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
      2018-09-04 00:42 - 2018-07-06 19:03 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
      2018-09-04 00:42 - 2018-07-06 18:48 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
      2018-09-04 00:42 - 2018-06-29 18:55 - 000137728 _____ (Microsoft Corporation) C:\Windows\system32\CscMig.dll
      2018-09-04 00:42 - 2018-06-27 18:55 - 003246592 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
      2018-09-04 00:42 - 2018-06-27 18:55 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
      2018-09-04 00:42 - 2018-06-27 18:42 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
      2018-09-04 00:42 - 2018-06-21 06:33 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
      2018-09-04 00:42 - 2018-06-21 06:09 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
      2018-09-04 00:42 - 2018-06-16 08:24 - 000459632 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
      2018-09-04 00:42 - 2018-06-16 08:11 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
      2018-09-04 00:42 - 2018-06-13 19:23 - 000140992 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
      2018-09-04 00:42 - 2018-06-13 19:18 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
      2018-09-04 00:42 - 2018-06-08 19:20 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
      2018-09-04 00:42 - 2018-06-08 19:20 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
      2018-09-04 00:42 - 2018-06-08 18:55 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
      2018-09-04 00:42 - 2018-06-08 18:44 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
      2018-09-04 00:42 - 2018-06-08 18:28 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
      2018-09-04 00:42 - 2018-06-08 16:05 - 002860032 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
      2018-09-04 00:42 - 2018-06-08 16:05 - 001602048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
      2018-09-04 00:42 - 2018-06-08 16:05 - 000783872 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
      2018-09-04 00:42 - 2018-06-08 16:05 - 000612352 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
      2018-09-04 00:42 - 2018-06-08 16:05 - 000470016 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
      2018-09-04 00:42 - 2018-06-08 16:05 - 000443392 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
      2018-09-04 00:42 - 2018-06-08 16:05 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
      2018-09-04 00:42 - 2018-06-08 16:05 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
      2018-09-04 00:42 - 2018-06-07 19:20 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
      2018-09-04 00:42 - 2018-06-07 19:19 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
      2018-09-04 00:42 - 2018-06-07 19:19 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
      2018-09-04 00:42 - 2018-05-15 07:16 - 001681088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
      2018-09-04 00:42 - 2018-05-15 06:44 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
      2018-09-04 00:42 - 2018-05-15 06:44 - 001159680 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
      2018-09-04 00:42 - 2018-05-15 06:44 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
      2018-09-04 00:42 - 2018-05-15 06:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
      2018-09-04 00:42 - 2018-05-12 00:19 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
      2018-09-04 00:42 - 2018-05-02 18:32 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
      2018-09-04 00:42 - 2018-05-02 18:32 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
      2018-09-04 00:42 - 2018-05-02 18:32 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
      2018-09-04 00:42 - 2018-05-02 18:32 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
      2018-09-04 00:42 - 2018-05-02 18:32 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
      2018-09-04 00:42 - 2018-05-02 18:32 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
      2018-09-04 00:42 - 2018-05-02 18:32 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
      2018-09-04 00:42 - 2018-04-23 03:00 - 000876032 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
      2018-09-04 00:42 - 2018-04-11 19:38 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
      2018-09-04 00:42 - 2018-04-11 19:36 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
      2018-09-04 00:42 - 2018-04-10 19:35 - 001735168 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
      2018-09-04 00:42 - 2018-03-10 20:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
      2018-09-04 00:42 - 2018-03-06 21:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
      2018-09-04 00:42 - 2018-03-06 21:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
      2018-09-04 00:42 - 2018-03-06 21:10 - 000170176 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
      2018-09-04 00:42 - 2018-03-06 21:07 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
      2018-09-04 00:42 - 2018-02-10 21:35 - 000023744 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
      2018-09-04 00:42 - 2018-02-10 21:11 - 003665920 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
      2018-09-04 00:42 - 2018-02-10 21:11 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
      2018-09-04 00:42 - 2018-02-10 20:36 - 000108032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msra.exe
      2018-09-04 00:42 - 2018-02-10 20:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdchange.exe
      2018-09-04 00:42 - 2018-02-10 20:26 - 000653312 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
      2018-09-04 00:42 - 2018-02-10 20:26 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
      2018-09-04 00:42 - 2018-01-01 05:18 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000863232 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
      2018-09-04 00:42 - 2018-01-01 05:18 - 000705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
      2018-09-04 00:42 - 2018-01-01 05:18 - 000303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
      2018-09-04 00:42 - 2018-01-01 05:18 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\vmicres.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
      2018-09-04 00:42 - 2018-01-01 05:18 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
      2018-09-04 00:42 - 2018-01-01 05:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
      2018-09-04 00:42 - 2018-01-01 05:00 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
      2018-09-04 00:42 - 2018-01-01 05:00 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
      2018-09-04 00:42 - 2018-01-01 05:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\traffic.dll
      2018-09-04 00:42 - 2018-01-01 05:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
      2018-09-04 00:42 - 2018-01-01 04:46 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\IcCoinstall.dll
      2018-09-04 00:42 - 2018-01-01 04:43 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
      2018-09-04 00:42 - 2017-12-05 20:36 - 001484288 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
      2018-09-04 00:42 - 2017-12-05 20:36 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
      2018-09-04 00:42 - 2017-12-05 20:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
      2018-08-13 10:45 - 2018-08-13 10:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
      2018-08-13 10:45 - 2018-08-13 10:45 - 000000000 ____D C:\Program Files\qBittorrent
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-09-07 10:02 - 2017-09-16 15:50 - 000000000 ____D C:\Users\kpacko\AppData\Roaming\qBittorrent
      2018-09-07 07:53 - 2009-07-14 07:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-09-07 07:53 - 2009-07-14 07:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-09-07 07:51 - 2009-07-14 08:13 - 000772130 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-09-07 07:51 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
      2018-09-07 07:49 - 2017-09-15 22:54 - 000002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-09-07 07:45 - 2017-09-16 17:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer
      2018-09-07 07:45 - 2017-09-15 18:18 - 000000000 ____D C:\ProgramData\NVIDIA
      2018-09-07 07:45 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-09-07 00:19 - 2017-10-22 09:50 - 000000000 ____D C:\Users\kpacko\AppData\Local\CrashDumps
      2018-09-06 23:59 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\rescache
      2018-09-04 22:42 - 2017-09-17 23:54 - 000000000 ____D C:\Users\kpacko\AppData\Roaming\FileZilla
      2018-09-04 00:58 - 2009-07-14 07:45 - 000295648 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-09-04 00:56 - 2017-09-16 19:15 - 000000000 ____D C:\Windows\system32\appraiser
      2018-09-04 00:56 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\PolicyDefinitions
      2018-09-04 00:51 - 2017-07-17 23:37 - 000756356 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
      2018-09-02 00:28 - 2017-10-02 14:41 - 000000000 ____D C:\Users\kpacko\AppData\Roaming\ViberPC
      2018-09-02 00:27 - 2018-07-02 00:59 - 000000000 ____D C:\Users\kpacko\AppData\Local\Viber
      2018-09-02 00:26 - 2017-10-02 14:41 - 000000000 ____D C:\Users\kpacko\Documents\ViberDownloads
      2018-08-19 17:49 - 2017-11-02 01:00 - 000001018 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
      2018-08-08 00:53 - 2017-10-02 09:30 - 000000000 ____D C:\Users\kpacko\AppData\Local\ElevatedDiagnostics
      2018-08-08 00:53 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\NDF
      ==================== Files in the root of some directories =======
      2018-05-04 13:56 - 2018-05-01 20:53 - 001527138 _____ () C:\Users\kpacko\AppData\Roaming\ccseetup542pro.exe
      2018-05-04 13:56 - 2018-04-30 15:50 - 015816144 ____R (Piriform Ltd) C:\Users\kpacko\AppData\Roaming\ccsetup542pro.exe
      2018-05-04 13:56 - 2018-03-12 20:36 - 001371485 _____ () C:\Users\kpacko\AppData\Roaming\ccsetup542proo.exe
      2018-05-04 13:56 - 2018-03-12 20:34 - 000211375 _____ () C:\Users\kpacko\AppData\Roaming\ccsetup542prro.exe
      2017-11-30 16:35 - 2018-02-22 12:29 - 000007603 _____ () C:\Users\kpacko\AppData\Local\Resmon.ResmonCfg
      Some files in TEMP:
      ====================
      2018-04-30 12:09 - 2018-04-30 12:09 - 011491456 _____ (Raxco Software, Inc.                                        ) C:\Users\kpacko\AppData\Local\Temp\PD140p_x64.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-09-06 23:52
      ==================== End of FRST.txt ============================
      Addition.txt
    • от мирослав24
      Здравейте,сблъсках се със следния проблем-неизвестно лице или лица правят опити за проникване в мои акаунти в електронни  пощи и  сайтове където съм се регистрирал.Получих писмо от единия сайт че е правен опит за вписване с моето потребителско име,но с грешна парола,и аналогично съобщение от е-майл провайдър.Ползвам десктоп компютър и лаптоп и не знам дали някое от устройствата не е със зловреден софтуер.Видимо нямам проблеми с машините,освен че и на двата компютъра като исках да си сменя паролата на един сайт,ми излезе прозорец с искане да си напиша електронната поща с който съм регистриран в сайта и като я написах след това ми излезе втори прозорец с подкана да напиша и паролата си за съответната поща.Нищо не смених в крайна сметка докато не установя къде е проблема.Изпращам резултатите от сканиране с FRST на настолния компютър :
       
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.08.2018
      Ran by User1 (administrator) on PC1 (30-08-2018 15:49:50)
      Running from C:\Documents and Settings\User1\Desktop
      Loaded Profiles: User1 (Available Profiles: User1 & User2 & Administrator)
      Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
      Internet Explorer Version 8 (Default browser: IE)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
      (Comodo) C:\Program Files\Comodo\Dragon\dragon_updater.exe
      () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe
      () C:\WINDOWS\tsnpstd3.exe
      () C:\WINDOWS\vsnpstd3.exe
      () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe
      (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
      (BitTorrent, Inc.) C:\Program Files\uTorrent\uTorrent.exe
      (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
      (MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
      (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
      (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
      (Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [tsnpstd3] => C:\WINDOWS\tsnpstd3.exe [262144 2006-06-19] ()
      HKLM\...\Run: [snpstd3] => C:\WINDOWS\vsnpstd3.exe [827392 2006-09-19] ()
      HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe [8063200 2016-07-18] ()
      HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
      HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
      HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [Messenger (Yahoo!)] => "F:\SKYPE_~1\yahoo\Messenger\YahooMessenger.exe" -quiet
      HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [395640 2011-05-02] (BitTorrent, Inc.)
      HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-20] (Piriform Ltd)
      HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [Google Update] => C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-12-02] (Google Inc.)
      HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
      HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
      HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [1447936 2018-07-27] (Adobe Systems Incorporated)
      Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2018-03-28]
      ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
      Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk [2018-08-30]
      ShortcutTarget: VPN Client.lnk -> C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\..\Interfaces\{0227FD86-8C54-4C88-8029-3F44137A8ADF}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{1524681E-CD57-4084-9846-709C0A2CC0ED}: [NameServer] 192.168.100.40,192.168.100.140
      Internet Explorer:
      ==================
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKU\S-1-5-21-220523388-412668190-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_152\bin\ssv.dll [2017-12-08] (Oracle Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_152\bin\jp2ssv.dll [2017-12-08] (Oracle Corporation)
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
      FireFox:
      ========
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-12-08] ()
      FF Plugin: @java.com/DTPlugin,version=11.152.2 -> C:\Program Files\Java\jre1.8.0_152\bin\dtplugin\npDeployJava1.dll [2017-12-08] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.152.2 -> C:\Program Files\Java\jre1.8.0_152\bin\plugin2\npjp2.dll [2017-12-08] (Oracle Corporation)
      FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
      FF Plugin HKU\S-1-5-21-220523388-412668190-1417001333-1003: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\User1\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
      FF Plugin HKU\S-1-5-21-220523388-412668190-1417001333-1003: @talk.google.com/O1DPlugin -> C:\Documents and Settings\User1\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
      FF Plugin HKU\S-1-5-21-220523388-412668190-1417001333-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-02] (Google Inc.)
      FF Plugin HKU\S-1-5-21-220523388-412668190-1417001333-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-02] (Google Inc.)
      FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\User1\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
      FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\User1\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-07-27] (Adobe Systems Incorporated) [File not signed]
      S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
      R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.)
      R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
      R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
      R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2060848 2016-02-05] (Comodo)
      R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
      R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
      S3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
      R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
      R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [602112 2007-06-04] (Hewlett-Packard Co.) [File not signed]
      S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170912 2013-01-12] (Oracle Corporation)
      R2 LanmanServer; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
      R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
      R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe [664040 2016-07-18] ()
      S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [95744 2008-05-19] (Microsoft Corporation) [File not signed]
      S3 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
      R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
      R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
      R3 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
      R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
      R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
      S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [File not signed]
      R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
      R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
      S3 Wmi; C:\WINDOWS\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation) [File not signed]
      S2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
      R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-06-18] (Advanced Micro Devices)
      S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
      R3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
      R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2010-03-23] (Cisco Systems, Inc.) [File not signed]
      R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
      R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.129.0\gzflt.sys [175008 2016-04-28] (BitDefender LLC)
      R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-01-19] (HP)
      R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-01-19] (HP)
      R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-19] (HP)
      R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
      R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RtkHDAud.sys [4368896 2006-08-15] (Realtek Semiconductor Corp.) [File not signed]
      R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
      R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
      R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
      R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
      S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
      R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
      R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed]
      R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [57856 2006-07-11] (NVIDIA Corporation)
      R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [20480 2006-07-11] (NVIDIA Corporation)
      R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
      S3 SNPSTD3; C:\WINDOWS\System32\DRIVERS\snpstd3.sys [10252544 2007-03-27] (Sonix Co. Ltd.)
      R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
      R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
      S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [428832 2016-04-28] (BitDefender S.R.L.)
      S3 usbaudio; C:\WINDOWS\System32\drivers\usbaudio.sys [60160 2013-07-17] (Microsoft Corporation) [File not signed]
      R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-09] (Microsoft Corporation) [File not signed]
      R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed]
      S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-03] (Microsoft Corporation) [File not signed]
      R3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
      S3 catchme; \??\C:\DOCUME~1\User1\LOCALS~1\Temp\catchme.sys [X]
      S4 IntelIde; no ImagePath
      S2 StarOpen; no ImagePath
      S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam32.sys [X]
      S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard32.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-30 15:49 - 2018-08-30 15:50 - 000014109 _____ C:\Documents and Settings\User1\Desktop\FRST.txt
      2018-08-30 15:15 - 2018-08-30 15:15 - 001773568 _____ (Farbar) C:\Documents and Settings\User1\Desktop\FRST.exe
      2018-08-10 12:36 - 2018-08-10 12:40 - 000000000 ____D C:\Documents and Settings\User2\Desktop\куче Анжело 0887999938
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-30 15:50 - 2015-07-18 13:46 - 000000000 ____D C:\Documents and Settings\User1\Local Settings\temp
      2018-08-30 15:49 - 2018-03-26 11:31 - 000000000 ____D C:\FRST
      2018-08-30 15:48 - 2011-05-02 12:46 - 000000000 ____D C:\Documents and Settings\User1\Application Data\uTorrent
      2018-08-30 15:31 - 2011-05-02 12:44 - 000000000 ____D C:\Program Files\Opera
      2018-08-30 14:58 - 2016-02-20 13:25 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MCShield
      2018-08-30 14:58 - 2015-06-22 14:14 - 000000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
      2018-08-30 14:58 - 2015-06-22 14:14 - 000000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
      2018-08-30 14:58 - 2011-05-02 10:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2018-08-30 14:57 - 2018-03-27 15:50 - 000032638 _____ C:\WINDOWS\SchedLgU.Txt
      2018-08-30 14:57 - 2011-05-02 12:10 - 000000178 ___SH C:\Documents and Settings\User1\ntuser.ini
      2018-08-30 14:57 - 2011-05-02 12:10 - 000000000 ____D C:\Documents and Settings\User1
      2018-08-30 14:55 - 2013-03-08 15:11 - 000001078 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-412668190-1417001333-1003UA.job
      2018-08-30 14:47 - 2015-04-26 09:48 - 000000000 ____D C:\Documents and Settings\User2\Application Data\Skype
      2018-08-30 14:47 - 2011-05-02 13:28 - 000000000 ____D C:\Documents and Settings\User2\Local Settings\Temp
      2018-08-30 12:55 - 2013-03-08 15:11 - 000001026 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-412668190-1417001333-1003Core.job
      2018-08-30 07:50 - 2001-08-23 12:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
      2018-08-25 12:48 - 2017-01-16 13:16 - 000000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
      2018-08-25 12:48 - 2011-05-02 10:10 - 000000000 ____D C:\WINDOWS\system32\Macromed
      2018-08-09 12:25 - 2011-05-16 16:38 - 000000000 ____D C:\Program Files\Recuva
      2018-08-02 14:29 - 2013-12-09 13:51 - 000000000 ____D C:\Documents and Settings\User2\Desktop\образци PDF
      ==================== Files in the root of some directories =======
      2011-05-02 13:33 - 2014-09-24 16:20 - 000014848 _____ () C:\Documents and Settings\User1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2014-01-01 13:07 - 2014-01-01 13:07 - 000000036 _____ () C:\Documents and Settings\User1\Local Settings\Application Data\housecall.guid.cache
      2011-05-15 13:35 - 2011-05-15 13:35 - 000000056 _____ () C:\Documents and Settings\All Users\Application Data\ezsidmv.dat
      2017-09-02 12:57 - 2018-04-11 15:32 - 000021736 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => MD5 is legit
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => MD5 is legit
      C:\WINDOWS\system32\dnsapi.dll => MD5 is legit
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
      ==================== End of FRST.txt ============================
      Addition.txt
    • от d1cho
      Привет преди два дни ми изпищя windows defender-a и антивируснта програма,пише, че гадината е Trojan:Win32/Killav.DR. Компютрите са в мрежа, единя е с vista business 64 bit, a другия с windows 10 32bit. Този с vistata не ми да ва да включа защитната стена и да инсталриам антивирусна. Мъчих компютъра с windows 10 с различни антивирусни понеже ми позволява да инсталриам,но само ги слага под карантина,а мен ме е страх да ги трия понеже имаме софтуер за работа и ме тревожи да не би да повредя нещо и да замине информацията.
      Моля за съдействие, понеже е почти невъзможно да се работи на компютрите.
      Ето тоша ми е от лог файла на компѝтъра с вистата FRST.txt
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
      Ran by DBPROTOOLS (administrator) on DBPROTOOLS-PC (17-08-2018 10:17:44)
      Running from C:\Users\DBPROTOOLS\Desktop
      Loaded Profiles: DBPROTOOLS (Available Profiles: DBPROTOOLS)
      Platform: Windows Vista (TM) Business Service Pack 2 (X64) Language: English (United States)
      Internet Explorer Version 7 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      () C:\Windows\zqmeyojeujuakpbxqoc.exe
      (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
      () C:\Users\DBPROTOOLS\AppData\Local\Temp\zeoucgp.exe
      () C:\Users\DBPROTOOLS\AppData\Local\Temp\zeoucgp.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
      (Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
      HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-23] (Brother Industries, Ltd.)
      HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.)
      HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.)
      HKLM-x32\...\Run: [mqzelo] => C:\Windows\fuoewkdwkxgksvfzq.exe [503808 2018-08-17] ()
      HKLM-x32\...\Run: [qapanwkyhpts] => C:\Users\DBPROTOOLS\AppData\Local\Temp\fuoewkdwkxgksvfzq.exe [503808 2018-08-16] () <==== ATTENTION
      HKLM-x32\...\RunOnce: [zeoucgp] => mebupgcypfryjpcztshe.exe .
      HKLM-x32\...\RunOnce: [tcqamuhucjm] => C:\Users\DBPROTOOLS\AppData\Local\Temp\zqmeyojeujuakpbxqoc.exe . [503808 2018-08-16] () <==== ATTENTION
      HKLM\...\Policies\Explorer\Run: [oufmvaku] => C:\Windows\zqmeyojeujuakpbxqoc.exe [503808 2018-08-16] ()
      HKLM\...\Policies\Explorer\Run: [bemqw] => C:\Users\DBPROTOOLS\AppData\Local\Temp\fuoewkdwkxgksvfzq.exe [503808 2018-08-16] ()
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\Run: [fmygqwhsy] => C:\Windows\oezqjysmbpzenrcxpm.exe [503808 2018-08-17] ()
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\Run: [mqzelo] => C:\Users\DBPROTOOLS\AppData\Local\Temp\ymfulyqivhpszbkd.exe [503808 2018-08-16] () <==== ATTENTION
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\RunOnce: [ygtcnugszf] => fuoewkdwkxgksvfzq.exe .
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\RunOnce: [zeoucgp] => C:\Users\DBPROTOOLS\AppData\Local\Temp\oezqjysmbpzenrcxpm.exe . [503808 2018-08-16] () <==== ATTENTION
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\Policies\system: [DisableRegistryTools] 1
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\MountPoints2: {175dbd82-9a45-11e8-861a-0019990d7d87} - E:\tyquftktfbz.bat
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\MountPoints2: {1b56a57f-9a44-11e8-a149-8748c642f7d2} - E:\setup.exe
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
      Tcpip\..\Interfaces\{16F65250-913D-4F56-B2DA-49AF5C765191}: [DhcpNameServer] 192.168.0.1 192.168.0.1
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
      SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      SearchScopes: HKU\S-1-5-21-3181692578-1277306937-1901717452-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-04-11] (Microsoft Corporation)
      Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-04-11] (Microsoft Corporation)
      Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-04-11] (Microsoft Corporation)
      Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-04-11] (Microsoft Corporation)
      FireFox:
      ========
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-06] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-06] (Google Inc.)
      Chrome: 
      =======
      CHR Profile: C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default [2018-08-17]
      CHR Extension: (Slides) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-07]
      CHR Extension: (Docs) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-07]
      CHR Extension: (Google Drive) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-07]
      CHR Extension: (YouTube) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-07]
      CHR Extension: (Sheets) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-07]
      CHR Extension: (Google Docs Offline) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-07]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-07]
      CHR Extension: (Gmail) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-07]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-08-13] (TeamViewer GmbH)
      S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
      S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
      S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-17 10:17 - 2018-08-17 10:18 - 000008964 _____ C:\Users\DBPROTOOLS\Desktop\FRST.txt
      2018-08-17 10:16 - 2018-08-17 10:17 - 000000000 ____D C:\FRST
      2018-08-17 10:15 - 2018-08-17 10:15 - 002412544 _____ (Farbar) C:\Users\DBPROTOOLS\Desktop\FRST64.exe
      2018-08-17 09:35 - 2018-08-17 09:36 - 046625016 _____ (Microsoft Corporation) C:\Users\DBPROTOOLS\Downloads\Windows-KB890830-x64-V5.63.exe
      2018-08-16 12:03 - 2018-08-16 12:03 - 000000000 ____D C:\ProgramData\AVG
      2018-08-16 12:02 - 2018-08-16 11:36 - 007460520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\DBPROTOOLS\Desktop\avg_antivirus_free_setup.exe
      2018-08-15 16:13 - 2018-08-15 16:33 - 000038147 _____ C:\Users\DBPROTOOLS\Documents\ПРОТОКОЛ КОНСИГНАЦИЯ.odt
      2018-08-15 10:04 - 2018-08-17 10:18 - 000000272 ____H C:\Windows\SysWOW64\dacaawxyupgsitlnmqkmj.vgd
      2018-08-15 10:04 - 2018-08-17 10:18 - 000000272 ____H C:\Windows\dacaawxyupgsitlnmqkmj.vgd
      2018-08-15 10:04 - 2018-08-17 10:18 - 000000272 ____H C:\Program Files (x86)\dacaawxyupgsitlnmqkmj.vgd
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\ymfulyqivhpszbkd.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\smlgdwusldranvkjfgxwqy.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\oezqjysmbpzenrcxpm.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\mebupgcypfryjpcztshe.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\fuoewkdwkxgksvfzq.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\busmiaxumdqykrfdyyomf.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\zqmeyojeujuakpbxqoc.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\zqmeyojeujuakpbxqoc.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\ymfulyqivhpszbkd.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\smlgdwusldranvkjfgxwqy.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\oezqjysmbpzenrcxpm.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\mebupgcypfryjpcztshe.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\fuoewkdwkxgksvfzq.exe
      2018-08-15 10:03 - 2018-08-15 10:03 - 000503808 __RSH C:\Windows\SysWOW64\busmiaxumdqykrfdyyomf.exe
      2018-08-08 19:55 - 2018-08-08 19:55 - 000000586 _____ C:\Users\DBPROTOOLS\Desktop\control8.lnk
      2018-08-08 19:53 - 2018-08-08 19:54 - 000000586 _____ C:\Users\DBPROTOOLS\Desktop\control7.lnk
      2018-08-08 10:50 - 2018-08-08 10:51 - 000000000 ___HD C:\Program Files (x86)\Temp
      2018-08-08 10:49 - 2018-08-08 10:49 - 020227746 _____ C:\Users\DBPROTOOLS\Downloads\FTS_RealtekHDAudio_6015911_1039707.zip
      2018-08-08 10:36 - 2018-08-08 10:36 - 000529696 _____ (Fujitsu) C:\Users\DBPROTOOLS\Downloads\AutoDetect_CR.exe
      2018-08-08 10:19 - 2018-08-08 10:19 - 000870768 _____ (PDFLogic Corporation ) C:\Users\DBPROTOOLS\Downloads\pdfvista.exe
      2018-08-08 10:14 - 2018-08-08 10:14 - 000127389 _____ C:\Users\DBPROTOOLS\Downloads\received_1656658347796650.jpeg
      2018-08-08 09:51 - 2018-08-08 09:51 - 000131068 _____ C:\Users\DBPROTOOLS\Downloads\ACFrOgD5qMx8urBDsFoSA7F_JPxuDeiEhFOgmeQLIU44kuc2fxOLoZfY-xq9ebf1sM-mw4X0coR12Y2kOz69foLufsDyMtHGIiFwi_Ya2E4BRTKHCOlw-VxJoiTp7S8=
      2018-08-08 09:41 - 2018-08-08 09:41 - 000949332 _____ (Vivid Document Imaging Technologies ) C:\Users\DBPROTOOLS\Downloads\PDFViewerSetup (1).exe
      2018-08-08 09:40 - 2018-08-16 12:03 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Roaming\YcanPDF
      2018-08-08 09:39 - 2018-08-08 09:39 - 003451040 _____ (PDFZilla, Inc. ) C:\Users\DBPROTOOLS\Downloads\freepdfreader.exe
      2018-08-07 17:15 - 2018-08-07 17:15 - 000008192 ___RS C:\BOOTSECT.BAK
      2018-08-07 17:15 - 2018-08-07 16:22 - 000000000 ____D C:\Windows\Panther
      2018-08-07 17:15 - 2009-04-11 19:22 - 000333257 __RSH C:\bootmgr
      2018-08-07 16:21 - 2018-08-07 16:21 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_00_00.Wdf
      2018-08-07 16:18 - 2018-08-07 16:18 - 000000000 ____D C:\Windows\CSC
      2018-08-07 12:34 - 2018-08-07 12:34 - 000044749 _____ C:\Users\DBPROTOOLS\Downloads\logo_db_protools.pdf
      2018-08-07 12:29 - 2018-08-07 12:29 - 001207800 _____ (Adobe Systems Incorporated) C:\Users\DBPROTOOLS\Downloads\readerdc_en_ha_install.exe
      2018-08-07 12:27 - 2018-08-07 12:27 - 000949332 _____ (Vivid Document Imaging Technologies ) C:\Users\DBPROTOOLS\Downloads\PDFViewerSetup.exe
      2018-08-07 12:22 - 2018-08-07 12:22 - 000004088 ____H C:\Users\DBPROTOOLS\AppData\Local\ygtcnugszfhefberbqviqmyucpyjqcov.dab
      2018-08-07 12:20 - 2018-08-17 10:18 - 000000272 ____H C:\Users\DBPROTOOLS\AppData\Local\dacaawxyupgsitlnmqkmj.vgd
      2018-08-07 12:19 - 2018-08-07 12:19 - 000000000 ____D C:\Users\DBPROTOOLS\Desktop\Оферти Доставчици
      2018-08-07 12:16 - 2018-08-07 12:16 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Roaming\ControlCenter4
      2018-08-07 12:13 - 2018-08-07 12:13 - 000001975 _____ C:\Users\Public\Desktop\Brother Creative Center.lnk
      2018-08-07 12:13 - 2018-08-07 12:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\ProgramData\ControlCenter4
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\Program Files (x86)\ControlCenter4
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\Program Files (x86)\BrownyInd
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\Program Files (x86)\Browny02
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\Brother
      2018-08-07 12:11 - 2012-12-14 04:31 - 000180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
      2018-08-07 12:11 - 2012-12-14 04:31 - 000113744 _____ (Brother Industries Ltd) C:\Windows\SysWOW64\BRRBTOOL.EXE
      2018-08-07 12:11 - 2012-12-14 04:31 - 000077824 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BRLMW03A.DLL
      2018-08-07 12:11 - 2012-12-14 04:31 - 000045056 _____ C:\Windows\SysWOW64\BRTCPCON.DLL
      2018-08-07 12:11 - 2012-12-14 04:31 - 000025299 _____ (Brother Industries, Ltd) C:\Windows\SysWOW64\BRLM03A.DLL
      2018-08-07 12:11 - 2012-12-14 04:31 - 000000114 _____ C:\Windows\SysWOW64\BRLMW03A.INI
      2018-08-07 12:11 - 2012-12-14 04:29 - 000000050 _____ C:\Windows\system32\BRADM12A.DAT
      2018-08-07 12:11 - 2012-12-13 19:00 - 000226816 _____ (Brother Industries, Ltd.) C:\Windows\system32\BRCOM12A.DLL
      2018-08-07 12:11 - 2012-10-19 15:07 - 001441792 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrWi212c.dll
      2018-08-07 12:11 - 2012-10-19 15:03 - 000054272 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrUsi12c.dll
      2018-08-07 12:11 - 2012-07-06 13:56 - 000012800 _____ (Brother Industries Ltd.) C:\Windows\system32\BrCiImg.dll
      2018-08-07 12:11 - 2011-09-08 12:36 - 000279040 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrJDec.dll
      2018-08-07 12:10 - 2018-08-07 12:11 - 000000000 ____D C:\Program Files (x86)\Brother
      2018-08-07 12:10 - 2018-08-07 12:10 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
      2018-08-07 12:10 - 2012-11-02 18:15 - 000245760 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
      2018-08-07 12:10 - 2012-02-02 11:21 - 000002560 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
      2018-08-07 12:10 - 2010-03-15 19:45 - 000073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
      2018-08-07 12:10 - 2007-12-13 22:16 - 000005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
      2018-08-07 12:09 - 2018-08-07 12:13 - 000000000 ____D C:\ProgramData\Brother
      2018-08-07 12:09 - 2018-08-07 12:09 - 000000000 ____D C:\Users\DBPROTOOLS\Downloads\install
      2018-08-07 12:08 - 2018-08-07 12:08 - 141297272 _____ (A.I.SOFT,INC.) C:\Users\DBPROTOOLS\Downloads\DCP-1510-inst-A1-eeu.EXE
      2018-08-07 10:22 - 2018-08-07 10:22 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Roaming\OpenOffice
      2018-08-07 10:12 - 2018-08-07 10:12 - 000000985 _____ C:\Users\Public\Desktop\OpenOffice 4.1.5.lnk
      2018-08-07 10:12 - 2018-08-07 10:12 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.5
      2018-08-07 10:12 - 2018-08-07 10:12 - 000000000 ____D C:\Program Files (x86)\OpenOffice 4
      2018-08-07 09:45 - 2018-08-07 09:46 - 000456080 _____ C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistMSI22E4.txt
      2018-08-07 09:45 - 2018-08-07 09:46 - 000011632 _____ C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistUI22E4.txt
      2018-08-07 09:44 - 2018-08-07 09:45 - 000452836 _____ C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistMSI223D.txt
      2018-08-07 09:44 - 2018-08-07 09:45 - 000011616 _____ C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistUI223D.txt
      2018-08-07 09:44 - 2018-08-07 09:44 - 000000000 ____D C:\Users\DBPROTOOLS\Desktop\OpenOffice 4.1.5 (bg) Installation Files
      2018-08-07 09:40 - 2018-08-07 09:40 - 013057882 _____ C:\Users\DBPROTOOLS\Downloads\Apache_OpenOffice_4.1.5_Win_x86_langpack_bg.exe
      2018-08-07 09:40 - 2018-08-07 09:40 - 000000000 ____D C:\Users\DBPROTOOLS\Desktop\OpenOffice 4.1.5 Language Pack (Bulgarian) Installation Files
      2018-08-07 09:39 - 2018-08-07 09:40 - 129515834 _____ C:\Users\DBPROTOOLS\Downloads\Apache_OpenOffice_4.1.5_Win_x86_install_bg.exe
      2018-08-07 09:34 - 2018-08-07 09:34 - 000000000 ____D C:\Users\DBPROTOOLS\Desktop\Нова папка
      2018-08-07 09:34 - 2013-06-28 14:49 - 001732096 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athurx.sys
      2018-08-07 09:31 - 2018-08-07 09:32 - 245571584 _____ C:\Users\DBPROTOOLS\Downloads\LibreOffice_5.4.7_Win_x64.msi
      2018-08-07 07:22 - 2018-08-08 09:45 - 000054608 _____ C:\Users\DBPROTOOLS\AppData\Local\GDIPFONTCACHEV1.DAT
      2018-08-07 07:22 - 2018-08-07 07:22 - 000000979 _____ C:\Users\DBPROTOOLS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      2018-08-07 07:22 - 2018-08-07 07:22 - 000000974 _____ C:\Users\DBPROTOOLS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
      2018-08-07 07:22 - 2018-08-07 07:22 - 000000949 _____ C:\Users\DBPROTOOLS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
      2018-08-07 07:21 - 2018-08-16 17:01 - 000000732 _____ C:\Users\DBPROTOOLS\AppData\Local\d3d9caps64.dat
      2018-08-07 07:21 - 2018-08-10 15:00 - 000000000 ____D C:\Users\DBPROTOOLS
      2018-08-07 07:21 - 2018-08-07 12:20 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\VirtualStore
      2018-08-07 07:21 - 2018-08-07 07:22 - 000000915 _____ C:\Users\DBPROTOOLS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
      2018-08-07 07:21 - 2018-08-07 07:21 - 000000020 ___SH C:\Users\DBPROTOOLS\ntuser.ini
      2018-08-07 00:53 - 2018-08-16 17:02 - 000000680 _____ C:\Users\DBPROTOOLS\AppData\Local\d3d9caps.dat
      2018-08-07 00:52 - 2018-08-16 17:01 - 000000000 ____D C:\Program Files (x86)\TeamViewer
      2018-08-07 00:52 - 2018-08-15 06:17 - 000000882 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
      2018-08-07 00:52 - 2018-08-15 06:17 - 000000870 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
      2018-08-07 00:52 - 2018-08-07 00:52 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Roaming\TeamViewer
      2018-08-07 00:51 - 2018-08-07 00:51 - 020688888 _____ (TeamViewer GmbH) C:\Users\DBPROTOOLS\Downloads\TeamViewer_Setup.exe
      2018-08-07 00:47 - 2018-08-07 00:47 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-08-07 00:47 - 2018-08-07 00:47 - 000002025 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-08-07 00:47 - 2018-08-07 00:47 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\Google
      2018-08-07 00:47 - 2018-08-07 00:47 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\Deployment
      2018-08-07 00:47 - 2018-08-07 00:47 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\Apps\2.0
      2018-08-07 00:47 - 2018-08-07 00:47 - 000000000 ____D C:\Program Files (x86)\Google
      2018-08-07 00:47 - 2018-08-06 16:30 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
      2018-08-07 00:47 - 2018-08-06 16:30 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
      2018-08-06 19:35 - 2018-08-06 19:35 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\TeamViewer
      2018-08-06 16:30 - 2018-08-06 16:30 - 000000693 _____ C:\Users\DBPROTOOLS\Desktop\Downloads - Shortcut.lnk
      2018-08-06 16:29 - 2018-08-06 16:29 - 000000000 ____D C:\Program Files (x86)\GUM4368.tmp
      2018-08-06 14:37 - 2018-08-06 14:38 - 274317312 _____ C:\Users\DBPROTOOLS\Downloads\LibreOffice_6.0.6_Win_x64.msi
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-17 09:01 - 2006-11-02 18:20 - 000005024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
      2018-08-17 09:01 - 2006-11-02 18:20 - 000005024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
      2018-08-16 17:08 - 2006-11-02 16:33 - 000000000 ____D C:\Windows\inf
      2018-08-16 17:08 - 2006-11-02 15:46 - 000690960 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-08-16 17:01 - 2006-11-02 18:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-08-16 14:51 - 2006-11-02 18:38 - 000011762 _____ C:\Windows\Tasks\SCHEDLGU.TXT
      2018-08-08 09:44 - 2006-11-02 18:20 - 000256016 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-08-07 17:15 - 2006-11-02 18:05 - 000262144 _____ C:\Windows\system32\config\BCD-Template
      2018-08-07 09:44 - 2006-11-02 16:33 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
      2018-08-07 09:43 - 2006-11-02 16:34 - 000000000 ____D C:\Windows\system32\NDF
      2018-08-07 07:21 - 2006-11-02 16:33 - 000000000 ____D C:\Windows\rescache
      ==================== Files in the root of some directories =======
      2018-08-15 10:04 - 2018-08-17 10:18 - 000000272 ____H () C:\Program Files (x86)\dacaawxyupgsitlnmqkmj.vgd
      2018-08-07 00:53 - 2018-08-16 17:02 - 000000680 _____ () C:\Users\DBPROTOOLS\AppData\Local\d3d9caps.dat
      2018-08-07 07:21 - 2018-08-16 17:01 - 000000732 _____ () C:\Users\DBPROTOOLS\AppData\Local\d3d9caps64.dat
      2018-08-07 12:20 - 2018-08-17 10:18 - 000000272 ____H () C:\Users\DBPROTOOLS\AppData\Local\dacaawxyupgsitlnmqkmj.vgd
      2018-08-07 09:44 - 2018-08-07 09:45 - 000452836 _____ () C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistMSI223D.txt
      2018-08-07 09:45 - 2018-08-07 09:46 - 000456080 _____ () C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistMSI22E4.txt
      2018-08-07 09:44 - 2018-08-07 09:45 - 000011616 _____ () C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistUI223D.txt
      2018-08-07 09:45 - 2018-08-07 09:46 - 000011632 _____ () C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistUI22E4.txt
      2018-08-07 12:22 - 2018-08-07 12:22 - 000004088 ____H () C:\Users\DBPROTOOLS\AppData\Local\ygtcnugszfhefberbqviqmyucpyjqcov.dab
      Files to move or delete:
      ====================
      C:\Users\DBPROTOOLS\AppData\Local\Temp\fuoewkdwkxgksvfzq.exe
      C:\Users\DBPROTOOLS\AppData\Local\Temp\zqmeyojeujuakpbxqoc.exe .
      C:\Users\DBPROTOOLS\AppData\Local\Temp\ymfulyqivhpszbkd.exe
      C:\Users\DBPROTOOLS\AppData\Local\Temp\oezqjysmbpzenrcxpm.exe .

      Some files in TEMP:
      ====================
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\busmiaxumdqykrfdyyomf.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\fuoewkdwkxgksvfzq.exe
      2018-08-07 12:20 - 2018-08-07 12:20 - 000327680 _____ () C:\Users\DBPROTOOLS\AppData\Local\Temp\gegdhvgwcqz.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\mebupgcypfryjpcztshe.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\oezqjysmbpzenrcxpm.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\smlgdwusldranvkjfgxwqy.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\ymfulyqivhpszbkd.exe
      2018-08-07 12:20 - 2018-08-07 12:20 - 000708608 _____ () C:\Users\DBPROTOOLS\AppData\Local\Temp\zeoucgp.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\zqmeyojeujuakpbxqoc.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-08-17 05:08
      ==================== End of FRST.txt ============================
      Addition.txt
    • от v3cko
      malwarbytes засече троянец и други гадинки
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.08.2018
      Ran by BECKO (administrator) on BECKO-PC (12-08-2018 08:46:39)
      Running from C:\Users\BECKO\Downloads
      Loaded Profiles: BECKO (Available Profiles: BECKO)
      Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Английски (Съединени щати)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
      (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
      (Microsoft Corporation) C:\Windows\System32\rundll32.exe
      (Intel Corporation) C:\Windows\System32\igfxtray.exe
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Intel Corporation) C:\Windows\System32\igfxpers.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
      (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
      (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2018-08-11] (Synaptics Incorporated)
      HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
      HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\...\Run: [Chromium] => "c:\users\becko\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{4447F6FC-1164-470A-9CC4-84A798333B40}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{566E0D37-D76E-44FA-984D-4A40BF15E2B7}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
      StartMenuInternet: IEXPLORE.EXE - iexplore.exe
      FireFox:
      ========
      FF ProfilePath: C:\Users\BECKO\AppData\Roaming\K-Meleon\ignaeef5.default [2018-08-12]
      FF user.js: detected! => C:\Users\BECKO\AppData\Roaming\K-Meleon\ignaeef5.default\user.js [2006-04-06]
      FF Homepage: K-Meleon\ignaeef5.default -> google.bg
      FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2016-01-04] [Legacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-08-11] ()
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-11] (Google Inc.)
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-11] (Google Inc.)
      Chrome: 
      =======
      CHR HomePage: Default -> hxxp://google.bg/
      CHR StartupUrls: Default -> "hxxps://www.google.bg/"
      CHR Profile: C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default [2018-08-12]
      CHR Extension: (Презентации) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-11]
      CHR Extension: (Документи) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-11]
      CHR Extension: (Google Диск) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-11]
      CHR Extension: (YouTube) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-11]
      CHR Extension: (Adblock Plus) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-08-11]
      CHR Extension: (Таблици) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-11]
      CHR Extension: (Google Документи офлайн) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-11]
      CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2018-08-11]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-11]
      CHR Extension: (Gmail) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-11]
      CHR Extension: (Chrome Media Router) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-11]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1680088 2018-08-11] (Broadcom Corporation.)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
      R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [175320 2018-08-11] (Broadcom Corporation.)
      S3 btwampfl; C:\Windows\System32\DRIVERS\btwampfl.sys [144600 2018-08-11] (Broadcom Corporation.)
      R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-06-19] (Malwarebytes)
      S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [38224 2018-08-11] ()
      R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [527344 2018-08-11] (Intel Corporation)
      R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26096 2018-08-11] (Intel Corporation)
      R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [44800 2018-08-11] (Infineon Technologies AG)
      R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2018-08-11] (Windows (R) Codename Longhorn DDK provider)
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [165608 2018-08-11] (Malwarebytes)
      R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [95488 2018-08-12] (Malwarebytes)
      R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [42728 2018-08-12] (Malwarebytes)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-08-12] (Malwarebytes)
      R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [73336 2018-08-12] (Malwarebytes)
      R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7523840 2018-08-11] (Intel Corporation)
      R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [7424 2018-08-11] ()
      R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2018-08-12] (Zemana Ltd.)
      R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2018-08-12] (Zemana Ltd.)
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-12 08:46 - 2018-08-12 08:47 - 000008916 _____ C:\Users\BECKO\Downloads\FRST.txt
      2018-08-12 08:46 - 2018-08-12 08:46 - 000000000 ____D C:\FRST
      2018-08-12 08:44 - 2018-08-12 08:44 - 001773056 _____ (Farbar) C:\Users\BECKO\Downloads\FRST.exe
      2018-08-12 08:08 - 2018-08-12 08:46 - 000032169 _____ C:\Windows\ZAM.krnl.trace
      2018-08-12 08:08 - 2018-08-12 08:46 - 000011705 _____ C:\Windows\ZAM_Guard.krnl.trace
      2018-08-12 08:08 - 2018-08-12 08:08 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
      2018-08-12 08:08 - 2018-08-12 08:08 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
      2018-08-12 08:08 - 2018-08-12 08:08 - 000001892 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
      2018-08-12 08:08 - 2018-08-12 08:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
      2018-08-12 08:08 - 2018-08-12 08:08 - 000000000 ____D C:\Program Files\Zemana AntiMalware
      2018-08-12 08:06 - 2018-08-12 08:06 - 000000000 ____D C:\Users\BECKO\AppData\Local\Zemana
      2018-08-12 08:05 - 2018-08-12 08:05 - 006625600 _____ (Zemana Ltd. ) C:\Users\BECKO\Downloads\Zemana.AntiMalware.Setup.exe
      2018-08-12 07:45 - 2018-08-12 07:45 - 007417040 _____ (Malwarebytes) C:\Users\BECKO\Downloads\adwcleaner_7.2.2.exe
      2018-08-12 07:44 - 2018-08-12 07:45 - 000000000 ____D C:\AdwCleaner
      2018-08-12 07:44 - 2018-08-12 07:44 - 007277776 _____ (Malwarebytes) C:\Users\BECKO\Downloads\adwcleaner_7.1.1.exe
      2018-08-12 07:12 - 2018-08-12 07:12 - 000000000 ____D C:\Users\BECKO\AppData\Local\CrashDumps
      2018-08-12 06:43 - 2018-08-12 08:36 - 000000000 ____D C:\ProgramData\RogueKiller
      2018-08-12 06:43 - 2018-08-12 08:16 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
      2018-08-12 06:42 - 2018-08-12 06:42 - 000001005 _____ C:\Users\Public\Desktop\RogueKiller.lnk
      2018-08-12 06:42 - 2018-08-12 06:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
      2018-08-12 06:42 - 2018-08-12 06:42 - 000000000 ____D C:\Program Files\RogueKiller
      2018-08-12 06:41 - 2018-08-12 06:41 - 036826200 _____ (Adlice Software ) C:\Users\BECKO\Downloads\RogueKiller_setup.exe
      2018-08-12 06:39 - 2018-08-12 06:39 - 000000000 _____ C:\Users\BECKO\Downloads\RogueKiller.exe
      2018-08-12 00:53 - 2018-08-12 00:53 - 000000046 _____ C:\Users\BECKO\AppData\Roaming\WB.CFG
      2018-08-12 00:38 - 2018-08-11 13:48 - 000000000 ____D C:\Windows\Panther
      2018-08-12 00:32 - 2018-08-12 00:32 - 000000000 ____D C:\Windows.old
      2018-08-12 00:20 - 2018-08-12 00:20 - 000000000 ____D C:\Windows\pss
      2018-08-11 22:23 - 2018-08-11 22:23 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
      2018-08-11 22:23 - 2018-08-11 22:23 - 000000000 ____D C:\Program Files\Synaptics
      2018-08-11 22:18 - 2018-08-11 22:18 - 000214312 _____ (Synaptics Incorporated) C:\Windows\system32\SynCtrl.dll
      2018-08-11 22:18 - 2018-08-11 22:18 - 000173352 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
      2018-08-11 22:18 - 2018-08-11 22:18 - 000120104 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo4.dll
      2018-08-11 22:14 - 2018-08-11 22:14 - 000165160 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
      2018-08-11 22:11 - 2018-08-11 22:11 - 001303728 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
      2018-08-11 22:09 - 2018-08-11 22:09 - 000046592 _____ (REDC) C:\Windows\system32\Drivers\risdptsk.sys
      2018-08-11 22:04 - 2018-08-11 22:04 - 000044800 _____ (Infineon Technologies AG) C:\Windows\system32\Drivers\ifxtpm.sys
      2018-08-11 21:57 - 2018-08-11 21:57 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ATSwpWDF_01009.Wdf
      2018-08-11 21:57 - 2018-08-11 21:57 - 000000000 ____D C:\Program Files\AuthenTec
      2018-08-11 21:54 - 2018-08-11 21:54 - 000000000 ____D C:\Intel
      2018-08-11 21:52 - 2018-08-11 21:53 - 000571904 _____ (Intel Corporation) C:\Windows\system32\igdumdx32.dll
      2018-08-11 21:52 - 2018-08-11 21:52 - 000452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
      2018-08-11 21:51 - 2018-08-11 21:52 - 004411392 _____ (Intel Corporation) C:\Windows\system32\igd10umd32.dll
      2018-08-11 21:48 - 2018-08-11 21:51 - 011405312 _____ (Intel Corporation) C:\Windows\system32\ig4icd32.dll
      2018-08-11 21:48 - 2018-08-11 21:48 - 000004096 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
      2018-08-11 21:48 - 2018-08-11 21:48 - 000000268 _____ C:\Windows\system32\GfxUI.exe.config
      2018-08-11 21:47 - 2018-08-11 21:48 - 003157784 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
      2018-08-11 21:47 - 2018-08-11 21:47 - 000189552 _____ C:\Windows\system32\Gfxres.th-TH.resources
      2018-08-11 21:47 - 2018-08-11 21:47 - 000121173 _____ C:\Windows\system32\Gfxres.tr-TR.resources
      2018-08-11 21:47 - 2018-08-11 21:47 - 000120320 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
      2018-08-11 21:47 - 2018-08-11 21:47 - 000104044 _____ C:\Windows\system32\Gfxres.zh-TW.resources
      2018-08-11 21:47 - 2018-08-11 21:47 - 000102883 _____ C:\Windows\system32\Gfxres.zh-CN.resources
      2018-08-11 21:46 - 2018-08-11 21:47 - 000119360 _____ C:\Windows\system32\Gfxres.sv-SE.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000178407 _____ C:\Windows\system32\Gfxres.el-GR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000165395 _____ C:\Windows\system32\Gfxres.ru-RU.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000139909 _____ C:\Windows\system32\Gfxres.ar-SA.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000136401 _____ C:\Windows\system32\Gfxres.ja-JP.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000133746 _____ C:\Windows\system32\Gfxres.he-IL.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000125558 _____ C:\Windows\system32\Gfxres.it-IT.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000123230 _____ C:\Windows\system32\Gfxres.ko-KR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000122927 _____ C:\Windows\system32\Gfxres.es-ES.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000122709 _____ C:\Windows\system32\Gfxres.de-DE.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000120800 _____ C:\Windows\system32\Gfxres.fr-FR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000120366 _____ C:\Windows\system32\Gfxres.pt-BR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000119616 _____ C:\Windows\system32\Gfxres.hu-HU.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000119586 _____ C:\Windows\system32\Gfxres.nl-NL.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000119067 _____ C:\Windows\system32\Gfxres.pt-PT.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118745 _____ C:\Windows\system32\Gfxres.cs-CZ.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118697 _____ C:\Windows\system32\Gfxres.fi-FI.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118409 _____ C:\Windows\system32\Gfxres.pl-PL.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118058 _____ C:\Windows\system32\Gfxres.sk-SK.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000114852 _____ C:\Windows\system32\Gfxres.nb-NO.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000114372 _____ C:\Windows\system32\Gfxres.sl-SI.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000114261 _____ C:\Windows\system32\Gfxres.da-DK.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000110214 _____ C:\Windows\system32\Gfxres.en-US.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000084992 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
      2018-08-11 21:45 - 2018-08-11 21:46 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000084992 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000084480 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000084480 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000082944 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000082944 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
      2018-08-11 21:43 - 2018-08-11 21:45 - 008198936 _____ (Intel(R) Corporation) C:\Windows\system32\TVWSetup.exe
      2018-08-11 21:43 - 2018-08-11 21:43 - 000261632 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
      2018-08-11 21:43 - 2018-08-11 21:43 - 000179480 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
      2018-08-11 21:43 - 2018-08-11 21:43 - 000023552 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
      2018-08-11 21:42 - 2018-08-11 21:43 - 000172824 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000828928 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000268056 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000228864 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000208896 _____ (Intel Corporation) C:\Windows\system32\iglhsip32.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000195584 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000171288 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000147456 _____ (Intel Corporation) C:\Windows\system32\iglhcp32.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000138008 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000130048 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000115200 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
      2018-08-11 21:42 - 2018-08-11 21:42 - 000095232 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000057856 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
      2018-08-11 21:41 - 2018-08-11 21:42 - 001921265 _____ C:\Windows\system32\iglhxa32.cpa
      2018-08-11 21:41 - 2018-08-11 21:41 - 000439308 _____ C:\Windows\system32\igcompkrng500.bin
      2018-08-11 21:41 - 2018-08-11 21:41 - 000092356 _____ C:\Windows\system32\igfcg500m.bin
      2018-08-11 21:41 - 2018-08-11 21:41 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2555.dll
      2018-08-11 21:41 - 2018-08-11 21:41 - 000060254 _____ C:\Windows\system32\iglhxg32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000060226 _____ C:\Windows\system32\iglhxc32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000060015 _____ C:\Windows\system32\iglhxo32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000051628 _____ C:\Windows\system32\iglhxs32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000001090 _____ C:\Windows\system32\iglhxa32.vp
      2018-08-11 21:40 - 2018-08-11 21:41 - 000982240 _____ C:\Windows\system32\igkrng500.bin
      2018-08-11 21:37 - 2018-08-11 21:37 - 000017408 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\KMWDFILTER.sys
      2018-08-11 21:36 - 2018-08-11 21:36 - 000007424 _____ () C:\Windows\system32\Drivers\whfltr2k.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000095488 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000073336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000042728 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2018-08-11 20:30 - 2018-08-11 20:30 - 000165608 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2018-08-11 20:27 - 2018-08-11 20:28 - 000000000 ____D C:\Users\BECKO\Downloads\windows.loader.v2.2.2
      2018-08-11 20:26 - 2018-08-11 20:26 - 001768154 _____ C:\Users\BECKO\Downloads\windows.loader.v2.2.2.zip
      2018-08-11 19:36 - 2018-08-11 19:36 - 078989872 _____ (Malwarebytes ) C:\Users\BECKO\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.6237.exe
      2018-08-11 19:36 - 2018-08-11 19:36 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\ProgramData\Malwarebytes
      2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\Program Files\Malwarebytes
      2018-08-11 19:36 - 2018-06-19 14:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
      2018-08-11 19:15 - 2018-08-11 19:15 - 000038224 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
      2018-08-11 19:14 - 2018-08-11 19:15 - 000000000 ____D C:\ProgramData\HitmanPro
      2018-08-11 18:56 - 2018-08-12 08:13 - 000001134 _____ C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
      2018-08-11 18:54 - 2018-07-20 18:17 - 084469760 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Roaming\rasapi32.dll
      2018-08-11 18:53 - 2018-08-12 06:28 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\41B13405-F6F9-0E07-41F8-1ED9F82C4739
      2018-08-11 18:52 - 2018-08-11 19:54 - 000000000 ____D C:\ProgramData\McAfee
      2018-08-11 18:51 - 2018-08-12 00:31 - 000000000 ____D C:\Windows\system32\yiuxtdsr
      2018-08-11 18:50 - 2018-08-11 19:43 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Sound Volume Control
      2018-08-11 18:47 - 2018-08-11 18:47 - 000000000 ____D C:\Windows\system32\appmgmt
      2018-08-11 18:28 - 2018-08-11 18:28 - 017142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 011220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 004240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 003969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 003914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2018-08-11 18:28 - 2018-08-11 18:28 - 002166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2018-08-11 18:28 - 2018-08-11 18:28 - 001818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
      2018-08-11 18:28 - 2018-08-11 18:28 - 000610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2018-08-11 18:28 - 2018-08-11 18:28 - 000244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2018-08-11 18:28 - 2018-08-11 18:28 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000000000 ____D C:\Users\BECKO\AppData\LocalLow\Temp
      2018-08-11 18:27 - 2018-08-11 18:27 - 001294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
      2018-08-11 18:27 - 2018-08-11 18:27 - 000868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
      2018-08-11 18:27 - 2018-08-11 18:27 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
      2018-08-11 18:27 - 2018-08-11 18:27 - 000240496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
      2018-08-11 18:27 - 2018-08-11 18:27 - 000231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
      2018-08-11 18:27 - 2018-08-11 18:27 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
      2018-08-11 18:27 - 2018-08-11 18:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 003419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 002284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
      2018-08-11 18:23 - 2018-08-11 18:23 - 001505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
      2018-08-11 18:22 - 2018-08-11 18:22 - 031194832 _____ (Microsoft Corporation) C:\Users\BECKO\Downloads\IE11-Windows6.1-x86-bg-bg.exe
      2018-08-11 17:59 - 2018-08-11 18:02 - 009037312 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd32.sys
      2018-08-11 17:57 - 2018-08-11 17:58 - 002760704 _____ (Intel Corporation) C:\Windows\system32\NETwNr32.dll
      2018-08-11 17:57 - 2018-08-11 17:57 - 000684032 _____ (Intel Corporation) C:\Windows\system32\NETwNc32.dll
      2018-08-11 17:55 - 2018-08-11 17:57 - 007523840 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETwNs32.sys
      2018-08-11 17:55 - 2018-08-11 17:55 - 000527344 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
      2018-08-11 17:55 - 2018-08-11 17:55 - 000026096 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys
      2018-08-11 17:54 - 2018-08-11 17:54 - 000232664 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1y6232.sys
      2018-08-11 17:54 - 2018-08-11 17:54 - 000121440 _____ (Intel Corporation) C:\Windows\system32\e1000msg.dll
      2018-08-11 17:54 - 2018-08-11 17:54 - 000081600 _____ (Intel Corporation) C:\Windows\system32\NicInstY.dll
      2018-08-11 17:54 - 2018-08-11 17:54 - 000028792 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll
      2018-08-11 17:54 - 2018-08-11 17:54 - 000003313 _____ C:\Windows\system32\e1y6232.din
      2018-08-11 17:53 - 2018-08-11 17:53 - 000144600 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys
      2018-08-11 17:53 - 2018-08-11 17:53 - 000060120 _____ (Broadcom Corporation.) C:\Windows\system32\btwdi.dll
      2018-08-11 17:52 - 2018-08-11 17:53 - 001680088 _____ (Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe
      2018-08-11 17:52 - 2018-08-11 17:52 - 001640152 _____ (Broadcom Corporation.) C:\Windows\system32\BcmBtRSupport.dll
      2018-08-11 17:52 - 2018-08-11 17:52 - 000175320 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys
      2018-08-11 17:50 - 2018-08-11 17:50 - 000048128 _____ (REDC) C:\Windows\system32\Drivers\rimmptsk.sys
      2018-08-11 17:45 - 2018-08-11 17:45 - 001461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoinstaller01009.dll
      2018-08-11 17:45 - 2018-08-11 17:45 - 000015544 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\CPQBttn.sys
      2018-08-11 17:44 - 2018-08-11 17:44 - 000971752 _____ (AuthenTec, Inc.) C:\Windows\system32\Drivers\ATSwpWDF.sys
      2018-08-11 17:42 - 2018-08-11 17:42 - 000035896 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\Accelerometer.sys
      2018-08-11 17:42 - 2018-08-11 17:42 - 000026168 _____ (Hewlett-Packard Company) C:\Windows\system32\hpservice.exe
      2018-08-11 17:42 - 2018-08-11 17:42 - 000025656 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\hpdskflt.sys
      2018-08-11 17:42 - 2018-08-11 17:42 - 000016952 _____ (Hewlett-Packard Company) C:\Windows\system32\accelerometerdll.DLL
      2018-08-11 17:42 - 2018-08-11 17:42 - 000014392 _____ (Hewlett-Packard Company) C:\Windows\system32\HPMDPCoInst12.dll
      2018-08-11 17:40 - 2018-08-12 07:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
      2018-08-11 17:39 - 2018-08-11 17:39 - 004107032 _____ (Easeware ) C:\Users\BECKO\Downloads\DriverEasy_Setup.exe
      2018-08-11 16:22 - 2018-08-11 16:22 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Adobe
      2018-08-11 16:21 - 2018-08-11 18:15 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
      2018-08-11 16:21 - 2018-08-11 18:15 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
      2018-08-11 16:21 - 2018-08-11 18:15 - 000000000 ____D C:\Windows\system32\Macromed
      2018-08-11 16:21 - 2018-08-11 18:15 - 000000000 ____D C:\Users\BECKO\AppData\Local\Adobe
      2018-08-11 16:21 - 2018-08-11 16:21 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Macromedia
      2018-08-11 16:21 - 2018-08-11 16:21 - 000000000 ____D C:\Users\BECKO\AppData\Local\CEF
      2018-08-11 16:17 - 2018-08-11 17:11 - 000000000 ____D C:\Users\BECKO\AppData\Local\K-Meleon
      2018-08-11 16:17 - 2018-08-11 16:17 - 000001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Meleon.lnk
      2018-08-11 16:17 - 2018-08-11 16:17 - 000001067 _____ C:\Users\Public\Desktop\K-Meleon.lnk
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\Downloads\k-meleon
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Mozilla
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\K-Meleon
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Program Files\K-Meleon
      2018-08-11 16:14 - 2018-08-11 16:14 - 032875887 _____ (kmeleonbrowser.org) C:\Users\BECKO\Downloads\K-Meleon76RC.exe
      2018-08-11 16:04 - 2018-08-11 16:04 - 000000000 ____H C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
      2018-08-11 16:04 - 2018-08-11 16:04 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
      2018-08-11 16:04 - 2012-07-26 06:39 - 000526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
      2018-08-11 16:04 - 2012-07-26 06:39 - 000047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
      2018-08-11 16:04 - 2012-07-26 05:46 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
      2018-08-11 16:04 - 2012-06-02 17:34 - 000000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
      2018-08-11 14:20 - 2018-07-17 01:02 - 000480888 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
      2018-08-11 14:18 - 2018-08-11 14:18 - 000000492 _____ C:\Users\BECKO\Desktop\LFS.lnk
      2018-08-11 14:04 - 2018-08-11 14:04 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-08-11 14:04 - 2018-08-11 14:04 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-08-11 14:04 - 2018-08-11 14:04 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Google
      2018-08-11 14:03 - 2018-08-11 14:18 - 000000000 ____D C:\Users\BECKO\AppData\Local\Google
      2018-08-11 14:03 - 2018-08-11 14:03 - 000000000 ____D C:\Program Files\Google
      2018-08-11 14:02 - 2018-08-11 14:02 - 000057560 _____ C:\Users\BECKO\AppData\Local\GDIPFONTCACHEV1.DAT
      2018-08-11 13:49 - 2018-08-11 13:49 - 000001417 _____ C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      2018-08-11 13:49 - 2014-05-14 19:23 - 001973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
      2018-08-11 13:49 - 2014-05-14 19:23 - 000581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
      2018-08-11 13:49 - 2014-05-14 19:23 - 000054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
      2018-08-11 13:49 - 2014-05-14 19:23 - 000045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
      2018-08-11 13:49 - 2014-05-14 19:23 - 000036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
      2018-08-11 13:49 - 2014-05-14 19:17 - 002425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
      2018-08-11 13:49 - 2014-05-14 19:17 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
      2018-08-11 13:49 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
      2018-08-11 13:49 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
      2018-08-11 13:48 - 2018-08-12 08:13 - 000000000 ____D C:\Users\BECKO
      2018-08-11 13:48 - 2018-08-11 13:48 - 000000020 ___SH C:\Users\BECKO\ntuser.ini
      2018-08-11 13:48 - 2018-08-11 13:48 - 000000000 ____D C:\Users\BECKO\AppData\Local\VirtualStore
      2018-08-11 13:48 - 2010-11-21 03:46 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Media Center Programs
      2018-08-11 13:43 - 2018-08-11 13:43 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
      2018-08-11 13:42 - 2018-08-11 13:42 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
      2018-08-11 13:41 - 2018-08-11 13:41 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-12 07:58 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-08-12 07:58 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-08-12 07:56 - 2010-11-21 00:01 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-08-12 07:56 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
      2018-08-12 07:51 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-08-12 00:38 - 2009-07-14 07:52 - 000028672 _____ C:\Windows\system32\config\BCD-Template
      2018-08-11 21:57 - 2009-07-14 07:52 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
      2018-08-11 21:40 - 2009-07-14 01:09 - 004967424 _____ (Intel Corporation) C:\Windows\system32\igdumd32.dll
      2018-08-11 18:36 - 2009-07-14 07:33 - 000266808 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-08-11 18:34 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\PolicyDefinitions
      2018-08-11 17:30 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\rescache
      2018-08-11 17:24 - 2010-11-21 03:38 - 000000000 ____D C:\Windows\system32\WCN
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\sysprep
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\oobe
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\migwiz
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\servicing
      2018-08-11 17:23 - 2010-11-21 03:46 - 000000000 ____D C:\Program Files\Windows Journal
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Sidebar
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Defender
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\DVD Maker
      2018-08-11 17:23 - 2009-07-14 05:37 - 000000000 ____D C:\Program Files\Common Files\System
      2018-08-11 14:05 - 2017-10-21 15:53 - 000000000 ____D C:\LFS
      2018-08-11 13:48 - 2009-07-14 05:37 - 000000000 __RHD C:\Users\Public\Libraries
      2018-08-11 13:43 - 2009-07-14 07:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
      2018-08-11 13:39 - 2010-11-21 03:46 - 000000000 ____D C:\Windows\CSC
      ==================== Files in the root of some directories =======
      2018-08-11 18:54 - 2018-07-20 18:17 - 084469760 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Roaming\rasapi32.dll
      2018-08-12 00:53 - 2018-08-12 00:53 - 000000046 _____ () C:\Users\BECKO\AppData\Roaming\WB.CFG
      Some files in TEMP:
      ====================
      2018-08-12 06:43 - 2018-08-11 18:28 - 001289096 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Local\Temp\dllnt_dump.dll
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-08-11 13:38
      ==================== End of FRST.txt ============================
      Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02.08.2018
      Ran by BECKO (12-08-2018 08:47:38)
      Running from C:\Users\BECKO\Downloads
      Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2018-08-11 10:48:46)
      Boot Mode: Normal
      ==========================================================

      ==================== Accounts: =============================
      Administrator (S-1-5-21-4192057778-3853912004-1886924142-500 - Administrator - Disabled)
      BECKO (S-1-5-21-4192057778-3853912004-1886924142-1001 - Administrator - Enabled) => C:\Users\BECKO
      Guest (S-1-5-21-4192057778-3853912004-1886924142-501 - Limited - Disabled)
      HomeGroupUser$ (S-1-5-21-4192057778-3853912004-1886924142-1002 - Limited - Enabled)
      ==================== Security Center ========================
      (If an entry is included in the fixlist, it will be removed.)
      AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
      AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
      AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      ==================== Installed Programs ======================
      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
      Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
      Adobe Flash Player 30 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
      Driver Easy 5.6.4 (HKLM\...\DriverEasy_is1) (Version: 5.6.4 - Easeware)
      Google Chrome (HKLM\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
      Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
      K-Meleon 76.0 (x86 en-US) (HKLM\...\K-Meleon 76.0 (x86 en-US)) (Version: 76.0 - kmeleonbrowser.org)
      Malwarebytes, версия 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
      Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
      RogueKiller version 12.12.31.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.31.0 - Adlice Software)
      Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
      Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
      ==================== Custom CLSID (Whitelisted): ==========================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      CustomCLSID: HKU\S-1-5-21-4192057778-3853912004-1886924142-1001_Classes\CLSID\{d33c6260-dafc-4b90-bf39-8ad6a5f19b7d}\localserver32 -> "C:\Program Files\Avira\SoftwareUpdater\AviraSoftwareUpdaterToastNotificationsBridge.exe" -ToastActivated => No File
      ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2018-08-12] ()
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2018-08-11] (Intel Corporation)
      ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2018-08-12] ()
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
      ==================== Scheduled Tasks (Whitelisted) =============
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      Task: {15D51586-5D78-42F1-9AC0-F11850F32BB2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-08-11] (Adobe Systems Incorporated)
      Task: {4311FBF7-FF23-4B96-8A7A-7C848E6879A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-08-11] (Google Inc.)
      Task: {755ADDF9-F707-4126-9FD6-5EE5C09A6ED0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-08-11] (Google Inc.)
      Task: {87310821-94B6-4F2B-B233-805F8167F2AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-11] (Adobe Systems Incorporated)
      Task: {A663C5B5-F8F8-4769-83E9-A86545183E28} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-08-11] (Adobe Systems Incorporated)
      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      ==================== Shortcuts & WMI ========================
      (The entries could be listed to be restored or removed.)

      ==================== Loaded Modules (Whitelisted) ==============
      2018-08-11 19:36 - 2018-07-03 12:59 - 002077904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
      2018-08-11 19:36 - 2018-06-18 13:32 - 002169040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
      2018-08-11 14:04 - 2018-08-08 03:55 - 004076888 _____ () C:\Program Files\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
      2018-08-11 14:04 - 2018-08-08 03:55 - 000096088 _____ () C:\Program Files\Google\Chrome\Application\68.0.3440.106\libegl.dll
      ==================== Alternate Data Streams (Whitelisted) =========
      (If an entry is included in the fixlist, only the ADS will be removed.)
      AlternateDataStreams: C:\Windows\system32\config\systemprofile:.repos [6121592]
      ==================== Safe Mode (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
      ==================== Association (Whitelisted) ===============
      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

      ==================== Internet Explorer trusted/restricted ===============
      (If an entry is included in the fixlist, it will be removed from the registry.)

      ==================== Hosts content: ===============================
      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
      2009-07-14 05:04 - 2009-06-11 00:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

      ==================== Other Areas ============================
      (Currently there is no automatic fix for this section.)
      HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: 192.168.0.1
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.
      ==================== MSCONFIG/TASK MANAGER disabled items ==

      ==================== FirewallRules (Whitelisted) ===============
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      FirewallRules: [{38F020BD-9D8B-47A7-BA58-523640743E70}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
      FirewallRules: [TCP Query User{73CDBD4B-E707-4433-90BB-0CA4D37853D5}D:\lfs\lfs.exe] => (Allow) D:\lfs\lfs.exe
      FirewallRules: [UDP Query User{43AE0B81-FBBA-40D9-9930-B10662946E5D}D:\lfs\lfs.exe] => (Allow) D:\lfs\lfs.exe
      FirewallRules: [{EB2B59E7-24DC-4376-8CA5-5C73EB6B45AC}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
      FirewallRules: [TCP Query User{3CA70832-11D6-43D6-996B-CE4FD0FFCA2F}C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe] => (Allow) C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe
      FirewallRules: [UDP Query User{A8FAE1F8-F48D-463D-9467-C469B6224C66}C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe] => (Allow) C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe
      FirewallRules: [{C20D9306-3310-4603-955A-D8750AB02ABC}] => (Allow) C:\Users\BECKO\AppData\Local\Chromium\Application\chrome.exe
      ==================== Restore Points =========================
      11-08-2018 13:48:58 Windows Update
      11-08-2018 14:19:49 Windows Update
      11-08-2018 16:16:29 Windows Backup
      11-08-2018 16:53:14 Language Pack Installation
      11-08-2018 18:23:09 Програма за инсталиране на модули за Windows
      11-08-2018 18:41:57 Windows Update
      11-08-2018 18:46:40 Removed Avira Software Updater
      11-08-2018 19:18:13 Точка на възстановяване на HitmanPro
      11-08-2018 19:29:58 Точка на възстановяване на HitmanPro
      ==================== Faulty Device Manager Devices =============
      Name: RICOH Bay8Controller
      Description: RICOH Bay8Controller
      Class Guid: 
      Manufacturer: 
      Service: 
      Problem: : The drivers for this device are not installed. (Code 28)
      Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

      ==================== Event log errors: =========================
      Application errors:
      ==================
      Error: (08/12/2018 07:53:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/12/2018 07:48:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/12/2018 07:16:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/12/2018 07:12:39 AM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Име на приложение с грешки: rundll32.exe_rasapi32.dll, версия: 6.1.7600.16385, времево клеймо: 0x4a5bc637
      Име на модул с грешки: rasapi32.dll_unloaded, версия: 0.0.0.0, времево клеймо: 0x5b51fcfc
      Код на изключение: 0xc0000005
      Отместване на грешка: 0x5d2300fb
      ИД на процес на грешка: 0xc58
      Начален час на приложението с грешки: 0x01d431b9f55ad649
      Път на приложението с грешки: C:\Windows\System32\rundll32.exe
      Път на модула с грешки: rasapi32.dll
      ИД на доклад: f345bb24-9de5-11e8-8c5b-002713343a56
      Error: (08/12/2018 12:27:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/11/2018 10:30:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/11/2018 08:31:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/11/2018 07:56:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

      System errors:
      =============
      Error: (08/12/2018 07:50:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: Услуга Software Protection беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 120000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service.
      Error: (08/12/2018 07:50:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга HP Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:50:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: Услуга Windows Media Player Network Sharing Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 30000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service.
      Error: (08/12/2018 07:50:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга Bluetooth Driver Management Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:46:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: Услуга Windows Media Player Network Sharing Service не може да бъде стартирана поради следната грешка: 
      Системата не може да намери указания път.
      Error: (08/12/2018 07:45:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга HP Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:45:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга Bluetooth Driver Management Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:45:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: Услуга Windows Media Player Network Sharing Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 30000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service.

      Windows Defender:
      ===================================
      Date: 2018-08-11 18:49:37.775
      Description: 
      Windows Defender has detected spyware or other potentially unwanted software.
      For more information please see the following:
      http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Prepscram&threatid=226289
      Name:SoftwareBundler:Win32/Prepscram
      ID:226289
      Severity:High
      Category:Software Bundler
      Path Found:file:C:\Program Files\KMSPico 10.2.1 Final\WindowsLoader.exe;process:pid:1664
      Detection Type:Concrete
      Detection Source:Real-Time Protection
      Status:Unknown
      Process Name:
      CodeIntegrity:
      ===================================
      Date: 2018-08-11 18:47:53.133
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:47:33.024
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:46:32.355
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:36:54.706
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:34:39.836
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:29:33.389
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:26:43.817
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:19:33.847
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      ==================== Memory info =========================== 
      Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
      Percentage of memory in use: 57%
      Total physical RAM: 3000.26 MB
      Available physical RAM: 1266.7 MB
      Total Virtual: 7094.55 MB
      Available Virtual: 5571.67 MB
      ==================== Drives ================================
      Drive c: () (Fixed) (Total:100.1 GB) (Free:34 GB) NTFS
      Drive d: () (Fixed) (Total:365.12 GB) (Free:278.48 GB) NTFS
      \\?\Volume{b6af5893-9d52-11e8-b3b1-806e6f6e6963}\ (Резервирана за системата) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
      \\?\Volume{b6af5896-9d52-11e8-b3b1-806e6f6e6963}\ () (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS
      ==================== MBR & Partition Table ==================
      ========================================================
      Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0FD73A73)
      Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=100.1 GB) - (Type=07 NTFS)
      Partition 3: (Not Active) - (Size=365.1 GB) - (Type=07 NTFS)
      Partition 4: (Not Active) - (Size=450 MB) - (Type=27)
      ==================== End of Addition.txt ============================
      това беше открито снощи 
      Malwarebytes
      www.malwarebytes.com
      -Детайли за регистъра-
      Дата на сканиране: 11.08.18 г.
      Час на сканиране: 19:39
      Файл на регистъра: 1355b5a2-9d85-11e8-97c9-002713343a56.json
      Администратор: Да
      -Информация за софтуера-
      Версия: 3.5.1.2522
      Версия на компонентите: 1.0.391
      Актуализирай версията на пакета: 1.0.6301
      Лиценз: Пробен период
      -Системна информация-
      OS: Windows 7 Service Pack 1
      CPU: x86
      Файлова система: NTFS
      Потребител: BECKO-PC\BECKO
      -Резюме на сканирането-
      Тип сканиране: Threat Scan
      Сканирането е стартирано от: Ръчно
      Резултат: Завършено
      Сканирани обекти: 158748
      Открити заплахи: 85
      Заплахи под карантина: 85
      Изтекло време: 3 мин, 55 сек
      -Опции за сканиране-
      Памет: Разрешено
      Стартиране: Разрешено
      Файлова система: Разрешено
      Архиви: Разрешено
      руткитове: Разрешено
      Евристика: Разрешено
      PUP: Открий
      PUM: Открий
      -Детайли за сканирането-
      Процес: 0
      (Не бяха открити зловредни елементи)
      Модул: 0
      (Не бяха открити зловредни елементи)
      Ключ на регистъра: 16
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Chromium tatec, Под карантина, [3754], [483380],1.0.6301
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3754], [483380],1.0.6301
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3754], [483380],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OPERA SCHEDULED AUTOUPDATE 4086469641, Под карантина, [103], [535908],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5A62AD84-CD2D-4C9B-AB06-213D0315B69D}, Под карантина, [103], [535908],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{5A62AD84-CD2D-4C9B-AB06-213D0315B69D}, Под карантина, [103], [535908],1.0.6301
      Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Multitimer_is1, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chromium tatec, Под карантина, [3725], [-1],0.0.0
      PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3725], [-1],0.0.0
      PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3725], [-1],0.0.0
      Adware.FastDataX, HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\SOFTWARE\FastDataX, Под карантина, [3932], [484533],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\campaign9961, Под карантина, [417], [518478],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, Под карантина, [417], [518476],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\Speedycar, Под карантина, [417], [518473],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\TechnologyDesktopnew, Под карантина, [417], [518479],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D2A33A63-8223-EBE3-33A3-9B63E32348E3}, Под карантина, [3725], [542290],1.0.6301
      Стойност на регистъра: 6
      Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Multitimer, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.NotChromeRun, HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GOOGLECHROMEAUTOLAUNCH_A26881468A4EFB18BAF645F9B1FB72E9, Под карантина, [6940], [241243],1.0.6301
      Adware.Tuto4PC.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|QWTD433SW12, Под карантина, [3704], [522751],1.0.6301
      Adware.NeoBar, HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|AwRWNQQxQn, Под карантина, [1236], [431477],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5A62AD84-CD2D-4C9B-AB06-213D0315B69D}|PATH, Под карантина, [103], [535907],1.0.6301
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}|PATH, Под карантина, [3754], [483378],1.0.6301
      Данни на регистъра: 0
      (Не бяха открити зловредни елементи)
      Поток данни: 0
      (Не бяха открити зловредни елементи)
      Папка: 8
      PUP.Optional.BundleInstaller, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\845712, Под карантина, [407], [463480],1.0.6301
      Adware.Tuto4PC, C:\PROGRAM FILES\MULTITIMER, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\5b2ec796-04d1-0, Под карантина, [679], [407181],1.0.6301
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\5b2ec796-56c1-1, Под карантина, [679], [407181],1.0.6301
      Adware.NeoBar, C:\USERS\BECKO\APPDATA\LOCAL\CYPJMERAKY, Под карантина, [1236], [431477],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\USERS\BECKO\APPDATA\LOCAL\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}, Под карантина, [3725], [542290],1.0.6301
      Файл: 55
      PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\5b2ec796-04d1-0\BITAC33.tmp, Под карантина, [3742], [257931],1.0.6301
      PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\5b2ec796-56c1-1\BIT96A0.tmp, Под карантина, [3742], [257931],1.0.6301
      PUP.Optional.BundleInstaller, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\845712\ic-0.9290ec7e4e043.exe, Под карантина, [407], [463480],1.0.6301
      PUP.Optional.BundleInstaller, C:\Users\BECKO\AppData\Local\Temp\845712\ic-0.ab640b600fd5f8.exe, Под карантина, [407], [463480],1.0.6301
      PUP.Optional.WinYahoo.Generic, C:\WINDOWS\SYSTEM32\TASKS\Chromium tatec, Под карантина, [3754], [483380],1.0.6301
      Adware.Agent, C:\WINDOWS\SYSTEM32\TASKS\OPERA SCHEDULED AUTOUPDATE 4086469641, Под карантина, [103], [535908],1.0.6301
      Adware.Agent, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\allradio_4.27_portable.exe, Под карантина, [103], [536191],1.0.6301
      Adware.Tuto4PC, C:\PROGRAM FILES\MULTITIMER\UNINS000.DAT, Под карантина, [2764], [474048],1.0.6301
      Adware.Tuto4PC, C:\Program Files\Multitimer\Multitimer.exe, Под карантина, [2764], [474048],1.0.6301
      Adware.Tuto4PC, C:\Program Files\Multitimer\unins000.exe, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}\fado, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}\hdat1, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}\hdat2, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Chromium tatec, Под карантина, [3725], [-1],0.0.0
      Adware.Tuto4PC.Generic, C:\PROGRAM FILES\YUYFG\5138832.EXE, Под карантина, [3704], [522751],1.0.6301
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      Adware.NeoBar, C:\Users\BECKO\AppData\Local\cypjMERAky\activation.exe, Под карантина, [1236], [431477],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\USERS\BECKO\APPDATA\LOCAL\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HOWTOREMOVE\HOWTOREMOVE.HTML, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\chromium-min.jpg, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\control panel-min-min.JPG, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\down.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\ff menu.JPG, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\ff search engine-min.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\hp-min ff.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\hp-min ie.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\search engine.gif, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\setup pages.gif, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\sp-min.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\start-min.jpg, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\up.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\lilacisa, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\lonadel, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\uninst.exe, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\uninstp.dat, Под карантина, [3725], [542290],1.0.6301
      Ransom.Crysis, C:\USERS\BECKO\APPDATA\ROAMING\MICROSOFT\WINDOWS\REACSRHG\UIFBACFE.EXE, Под карантина, [7210], [551188],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\Sound Volume Control.lnk, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\ROAMING\SOUND VOLUME CONTROL\SNDVOL.EXE, Под карантина, [0], [392686],1.0.6301
      PUP.Optional.BundleInstaller, C:\PROGRAM FILES\KMSPICO 10.2.1 FINAL\REGISTRY_ACTIVATION_2751393056.EXE, Под карантина, [407], [505351],1.0.6301
      Trojan.MalPack, C:\PROGRAM FILES\KMSPICO 10.2.1 FINAL\WINDOWSLOADER.EXE, Под карантина, [4152], [500527],1.0.6301
      Backdoor.Bot, C:\PROGRAM FILES\KMSPICO 10.2.1 FINAL\ACTIVATION.EXE, Под карантина, [806], [419768],1.0.6301
      Adware.Agent, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\IS-AT1Q7.TMP\ZRGVBV.DLL, Под карантина, [103], [539849],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\TEMP2_WINDOWS LOADER 3.1.ZIP\WINDOWS LOADER 3.1.EXE, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\TEMP3_WINDOWS LOADER 3.1.ZIP\WINDOWS LOADER 3.1.EXE, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\TEMP4_WINDOWS LOADER 3.1.ZIP\WINDOWS LOADER 3.1.EXE, Под карантина, [0], [392686],1.0.6301
      Adware.Tuto4PC, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\EYEKAZXXJYM.EXE, Под карантина, [2764], [474076],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\REFSUTIL.EXE, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\BEAD.TMP.EXE, Под карантина, [0], [392686],1.0.6301
      Физически сектор: 0
      (Не бяха открити зловредни елементи)
      WMI: 0
      (Не бяха открити зловредни елементи)

      (end)
  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.