Премини към съдържанието

    Препоръчан отговор

    m_power94    50

    Здравейте, искам да направим една обща профилактика на пц-то.Да се деинсталира анти-вирусната програма, браузърите и да се инсталират на ново и обновят.Напоследък работи малко по нестабилно компютъра,понякога не изпълнява дадена команда а просто си стои все едно не го пипаш.Друг път докато съм във хром,просто излиза от всичко и след секунди пак от само себе си си стартира всичко което се е затворило. И още куп дребни бъгове от този род, желанието ми е ако има някакви вирусчета или бъгнали се програми да бъдат отстранени.След това да се преинсталира антивирусната и всички браузъри.

     

    лог файл от farbar recovery:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
    Ran by ASQ (administrator) on VASILIS-666 on 19-06-2015 08:28:31
    Running from C:\Documents and Settings\ASQ\Desktop\Profilaktika
    Loaded Profiles: ASQ (Available Profiles: ASQ & LogMeInRemoteUser)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser not detected!)
    Boot Mode: Normal
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    (ALWIL Software) C:\Program Files\Alwil Software\Avast4\ashServ.exe
    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
    (ALWIL Software) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    () C:\Program Files\Datecs\FlexType 2K\FType2K.exe
    () C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmW.exe
    () C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmwj.exe
    (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Autodata Limited) C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
    () C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
    (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
    () C:\Documents and Settings\All Users\Application Data\VIVACOM 3G USB Modem\OnlineUpdate\ouc.exe
    () C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe
    (ALWIL Software) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    (ALWIL Software) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    (WinZip Computing, S.L. (WinZip Computing)) C:\Program Files\WinZip Driver Updater\winzipdu.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16844800 2007-09-27] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [avast!] => C:\Program Files\Alwil Software\Avast4\ashDisp.exe [81000 2009-11-25] (ALWIL Software)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM\...\Run: [VMSnap3] => C:\WINDOWS\VMSnap3.EXE [49152 2006-08-30] (ZSMCSNAP)
    HKLM\...\Run: [statusAutoRun3010] => C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe [3166720 2012-07-16] ()
    HKLM\...\Run: [Launcher3010] => C:\Program Files\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe [2570752 2011-04-19] (Xerox)
    HKLM\...\Run: [3010 RUN] => C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe [357376 2012-07-16] ()
    HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2014-01-07] (Advanced Micro Devices, Inc.)
    Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2014-01-07] (ATI Technologies Inc.)
    Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll [2011-09-17] (LogMeIn, Inc.)
    HKU\S-1-5-21-1454471165-602162358-527237240-1003\...\Run: [WINZIPDUDriverUpdater] => C:\Program Files\WinZip Driver Updater\winzipdu.exe [10989736 2014-07-11] (WinZip Computing, S.L. (WinZip Computing))
    HKU\S-1-5-21-1454471165-602162358-527237240-1003\...\RunOnce: [Adobe Speed Launcher] => 1434349540
    HKU\S-1-5-21-1454471165-602162358-527237240-1003\...\MountPoints2: {393b0a6e-7149-11e3-a9cc-001e8c7ba91b} - F:\AutoRun.exe
    HKU\S-1-5-21-1454471165-602162358-527237240-1003\...\MountPoints2: {393b0a71-7149-11e3-a9cc-001e8c7ba91b} - F:\AutoRun.exe
    HKU\S-1-5-21-1454471165-602162358-527237240-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation)
    Lsa: [Authentication Packages] msv1_0 nwprovau
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk [2014-07-27]
    ShortcutTarget: FlexType 2K.lnk -> C:\Program Files\Datecs\FlexType 2K\FType2K.exe ()
    Startup: C:\Documents and Settings\ASQ\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-06-15]
    ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
    HKU\S-1-5-21-1454471165-602162358-527237240-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
    HKU\S-1-5-21-1454471165-602162358-527237240-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1454471165-602162358-527237240-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1432386962&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpc&uid=HitachiXHDP725050GLA360_GEB531RE0997XF0997XFX
    SearchScopes: HKU\S-1-5-21-1454471165-602162358-527237240-1003 -> DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
    SearchScopes: HKU\S-1-5-21-1454471165-602162358-527237240-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
    SearchScopes: HKU\S-1-5-21-1454471165-602162358-527237240-1003 -> {B6269E61-9E2B-4567-8EDE-69A49357B561} URL = https://www.google.com/search?q={searchTerms}
    BHO: RobboSaver -> {0241D2F2-FC90-4E1C-AA28-F2F052E5FA5E} -> C:\Program Files\RobboSaver\SZpySbPYDMsQ5J.dll [2015-06-12] ()
    BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO: EnjoyCoaupoon -> {24D74265-95D7-4A82-865F-0D1AC83B4E56} -> C:\Program Files\EnjoyCoaupoon\lxNI8TvJhhzfqd.dll [2015-05-30] ()
    BHO: IIsaVeer -> {6CFC6069-5B38-4E59-A351-487F994CB9BF} -> C:\Program Files\IIsaVeer\vaWpQi1DF6JrO4.dll [2015-05-30] ()
    DPF: {6714928B-F4BF-4E44-82EF-BB036DBD9213} http://192.168.1.5/TLNetDvr.CAB
    DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} http://78.128.52.19:81/codebase/IPCam902.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
     
    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default
    FF NewTab: hxxp://www.mystartsearch.com/newtab/?type=nt&ts=1432386962&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpc&uid=HitachiXHDP725050GLA360_GEB531RE0997XF0997XFX
    FF DefaultSearchEngine: mystartsearch
    FF DefaultSearchUrl: 
    FF SelectedSearchEngine: mystartsearch
    FF Homepage: hxxp://search.gboxapp.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2011-08-02] (Adobe Systems, Inc.)
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=0.9.9 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2009-04-01] (the VideoLAN Team)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF SearchPlugin: C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\searchplugins\conduit.xml [2010-12-15]
    FF SearchPlugin: C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\searchplugins\my-web-search.xml [2012-10-13]
    FF SearchPlugin: C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\searchplugins\sweetim.xml [2011-08-11]
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mystartsearch.xml [2015-05-23]
    FF Extension: No Name - C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\profiles\extensions\extensions [2012-10-08]
    FF Extension: 2YourFace - C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\profiles\extensions\support@2yourface.com [2011-08-11]
    FF Extension: No Name - C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com [2014-01-04]
    FF Extension: QuickSearch - C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\Extensions\searchffv2@gmail.com [2015-05-23]
    FF Extension: 2YourFace - C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\Extensions\support@2yourface.com [2011-08-11]
    FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-12-06]
    FF Extension: Search Results Toolbar - C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\Extensions\{94366e2c-9923-431c-b0d6-747447dd0f2b} [2012-03-07]
    FF Extension: BS Player Community Toolbar - C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}(2) [2011-08-14]
    FF Extension: BS Player Community Toolbar - C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}(3) [2012-03-07]
    FF Extension: SweetPacks Toolbar for Firefox - C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-11-09]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-12-04]
    FF HKLM\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\extensions\searchffv2@gmail.com
    FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
    FF Extension: No Name - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2015-05-08]
     
    Chrome: 
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Documents and Settings\ASQ\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (YouTube) - C:\Documents and Settings\ASQ\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-22]
    CHR Extension: (No Name) - C:\Documents and Settings\ASQ\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-22]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\ASQ\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-26]
    CHR Extension: (Adblock Pro) - C:\Documents and Settings\ASQ\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-05-28]
    CHR Extension: (No Name) - C:\Documents and Settings\ASQ\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-22]
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [Not Found]
     
    ========================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-06-15] (Adobe Systems) [File not signed]
    R2 aswUpdSv; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [18752 2009-11-25] (ALWIL Software)
    R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [643072 2014-01-07] (ATI Technologies Inc.) [File not signed]
    R2 Autodata Limited License Service; C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2015-01-30] (Autodata Limited) [File not signed]
    R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [138680 2009-11-25] (ALWIL Software)
    R3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [254040 2009-11-25] (ALWIL Software)
    R3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [352920 2009-11-25] (ALWIL Software)
    R2 c027e3d4; c:\Program Files\couponight\couponight.dll [1761792 2015-05-23] () [File not signed]
    R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
    R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
    S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [632832 2011-03-21] (Nokia) [File not signed]
    R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
    S2 VIVACOM 3G USB Modem. RunOuc; C:\Program Files\VIVACOM 3G USB Modem\UpdateDog\ouc.exe [246112 2013-12-30] ()
    R2 XRNADB; C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [80896 2012-07-16] () [File not signed]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R1 Aavmker4; C:\WINDOWS\system32\Drivers\Aavmker4.sys [27408 2009-11-25] (ALWIL Software)
    R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
    R2 aswFsBlk; C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys [20560 2009-11-25] (ALWIL Software)
    R2 aswMon2; C:\WINDOWS\system32\Drivers\aswMon2.sys [94160 2009-11-25] (ALWIL Software)
    R3 aswRdr; C:\WINDOWS\system32\Drivers\aswRdr.sys [23120 2009-11-25] (ALWIL Software)
    R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [114768 2009-11-25] (ALWIL Software)
    R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [48560 2009-11-25] (ALWIL Software)
    R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [7875072 2014-01-07] (ATI Technologies Inc.) [File not signed]
    R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [103040 2012-05-14] (Advanced Micro Devices)
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [16384 2004-07-09] (Microsoft Corporation)
    R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
    S3 HdAudAddService; C:\WINDOWS\System32\drivers\AtiHdAud.sys [84992 2006-12-28] (ATI Research Inc.) [File not signed]
    S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [90368 2013-12-30] (Huawei Technologies Co., Ltd.)
    R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] ()
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10112 2004-07-09] (Microsoft Corporation)
    R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [105472 2006-10-18] (NVIDIA Corporation)
    R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [46080 2007-05-21] (NVIDIA Corporation)
    R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [19968 2007-05-21] (NVIDIA Corporation)
    R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
    R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
    R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
    R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
    R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
    R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [721904 2010-11-29] () [File not signed]
    R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
    S3 vmfilter303; C:\WINDOWS\System32\drivers\vmfilter303.sys [428160 2006-04-25] (Vimicro Corporation) [File not signed]
    S3 ZSMC303; C:\WINDOWS\System32\Drivers\usbVM303.sys [392122 2006-12-01] (Vimicro Corporation) [File not signed]
    R1 {a16a1775-5ab3-4034-ac52-de0795db97f0}Gt; C:\WINDOWS\System32\drivers\{a16a1775-5ab3-4034-ac52-de0795db97f0}Gt.sys [55824 2014-12-12] (StdLib)
    U3 axn8wue6; C:\WINDOWS\system32\Drivers\axn8wue6.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
    U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [235392 2013-12-30] (Huawei Technologies Co., Ltd.)
    S4 IntelIde; No ImagePath
    S4 LMIRfsClientNP; No ImagePath
    U1 WS2IFSL; No ImagePath
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2015-06-19 08:28 - 2015-06-19 08:28 - 00000000 ____D C:\FRST
    2015-06-19 08:26 - 2015-06-19 08:28 - 00000000 ____D C:\Documents and Settings\ASQ\Desktop\Profilaktika
    2015-06-15 10:31 - 2015-06-15 10:31 - 00000000 ____D C:\Documents and Settings\ASQ\My Documents\Updater
    2015-06-15 10:30 - 2015-06-15 10:30 - 00001744 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help Center.lnk
    2015-06-15 10:28 - 2015-06-15 10:28 - 00001726 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge.lnk
    2015-06-15 10:27 - 2015-06-15 10:27 - 00000000 ____D C:\Program Files\Common Files\Adobe Systems Shared
    2015-06-15 10:27 - 2015-06-15 10:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2015-06-15 10:26 - 2015-06-15 10:26 - 00001776 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS2.lnk
    2015-06-15 10:26 - 2015-06-15 10:26 - 00001773 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady CS2.lnk
    2015-06-15 10:04 - 2015-06-15 10:04 - 00000000 ____D C:\Documents and Settings\ASQ\Local Settings\Application Data\WMTools Downloaded Files
    2015-06-12 01:01 - 2015-06-12 01:01 - 00000000 ____D C:\Program Files\RobboSaver
    2015-06-04 10:19 - 2015-06-04 10:19 - 00000038 _____ C:\WINDOWS\DAOCONV.T1C
    2015-06-04 10:19 - 2015-06-04 10:19 - 00000000 ____D C:\Program Files\HT Audio
    2015-06-04 10:19 - 2015-06-04 10:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HT Audio
    2015-06-04 10:19 - 1998-08-26 15:26 - 01045776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjet35.dll
    2015-06-04 10:19 - 1998-08-11 17:28 - 00407312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrepl35.dll
    2015-06-04 10:19 - 1997-08-29 14:14 - 00270344 _____ () C:\WINDOWS\system32\Btn32x10.ocx
    2015-06-04 10:19 - 1997-07-19 16:01 - 00196880 ____N (Microsoft Corporation) C:\WINDOWS\system32\RICHTX32.OCX
    2015-06-04 10:19 - 1997-07-19 16:01 - 00192784 ____N (Microsoft Corporation) C:\WINDOWS\system32\TABCTL32.OCX
    2015-06-04 10:19 - 1997-07-19 16:00 - 00604432 ____N (Microsoft Corporation) C:\WINDOWS\system32\COMCTL32.OCX
    2015-06-04 10:19 - 1997-07-19 16:00 - 00155920 ____N (Microsoft Corporation) C:\WINDOWS\system32\COMCT232.OCX
    2015-06-04 10:19 - 1997-07-19 16:00 - 00129808 ____N (Microsoft Corporation) C:\WINDOWS\system32\COMDLG32.OCX
    2015-06-04 10:19 - 1997-01-24 00:00 - 00078608 _____ (Microsoft Corporation) C:\WINDOWS\system32\VB5DB.DLL
    2015-06-04 10:19 - 1997-01-13 17:18 - 00037136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSJINT35.DLL
    2015-06-04 10:19 - 1996-12-05 00:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ODBCTL32.DLL
    2015-06-04 10:19 - 1996-12-02 18:44 - 00251664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSRD2X35.DLL
    2015-06-04 10:19 - 1996-12-02 18:44 - 00024336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSJTER35.DLL
    2015-06-04 10:19 - 1996-01-12 00:00 - 00200704 ____R (Sheridan Software Systems, Inc.) C:\WINDOWS\system32\THREED32.OCX
    2015-06-04 10:16 - 2015-06-04 10:16 - 00000000 ____D C:\Documents and Settings\ASQ\WINDOWS
    2015-06-04 10:11 - 2015-06-04 10:11 - 00000305 _____ C:\WINDOWS\system32\secushr.dat
    2015-05-30 14:07 - 2015-05-30 14:07 - 00000000 ____D C:\Program Files\IIsaVeer
    2015-05-30 14:07 - 2015-05-30 14:07 - 00000000 ____D C:\Program Files\EnjoyCoaupoon
    2015-05-30 14:06 - 2015-05-30 14:06 - 00000000 ____D C:\Program Files\DigiSaavuera
    2015-05-29 13:51 - 2015-05-29 13:51 - 00118784 _____ C:\WINDOWS\Minidump\Mini052915-01.dmp
    2015-05-28 08:17 - 2015-06-18 15:20 - 00000024 _____ C:\Documents and Settings\ASQ\Application Data\appdataFr25.bin
    2015-05-27 15:38 - 2015-05-27 16:33 - 00000000 ____D C:\Documents and Settings\ASQ\Application Data\DMCache
    2015-05-27 15:38 - 2015-05-27 15:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IDM
    2015-05-27 11:42 - 2015-05-27 11:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Samsung
    2015-05-23 16:15 - 2015-05-23 16:15 - 00000000 ____D C:\Program Files\Passter
    2015-05-23 16:15 - 2015-05-23 16:15 - 00000000 ____D C:\Program Files\couponight
    2015-05-23 16:14 - 2015-06-12 01:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\10696673281268315387
    2015-05-23 16:14 - 2015-05-23 16:14 - 00000000 ____D C:\Program Files\PriceMinuus
    2015-05-23 16:14 - 2015-05-23 16:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\jaminbeahcmgifklimggjagabkaphode
    2015-05-23 16:13 - 2015-06-19 04:13 - 00000442 _____ C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job
    2015-05-23 16:13 - 2015-06-09 08:42 - 00000248 _____ C:\WINDOWS\system32\secustat.dat
    2015-05-23 16:13 - 2015-05-24 04:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{d067a482-fa51-f593-d067-7a482fa5920b}
    2015-05-23 15:58 - 2015-06-09 08:42 - 00000000 ____D C:\Documents and Settings\ASQ\Application Data\BITS
    2015-05-23 15:58 - 2015-05-23 15:58 - 00000025 _____ C:\WINDOWS\libem.INI
    2015-05-23 15:58 - 2015-05-23 15:58 - 00000000 ____D C:\Program Files\FlashGet Network
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2015-06-19 08:29 - 2010-11-29 19:39 - 00000000 ____D C:\Documents and Settings\ASQ\Local Settings\Temp
    2015-06-19 08:14 - 2012-03-30 15:29 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-06-19 07:30 - 2010-11-29 21:06 - 00000986 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-06-19 05:30 - 2010-11-29 19:38 - 00032654 _____ C:\WINDOWS\SchedLgU.Txt
    2015-06-19 00:30 - 2010-11-29 21:06 - 00000982 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-06-18 15:26 - 2010-11-29 21:59 - 00000000 ____D C:\Documents and Settings\ASQ\Application Data\Canon
    2015-06-18 12:33 - 2010-11-29 21:25 - 00000538 _____ C:\WINDOWS\wiadebug.log
    2015-06-17 09:18 - 2013-01-31 15:44 - 00000000 _____ C:\sparkraw.log
    2015-06-17 09:14 - 2013-12-28 10:14 - 00000280 _____ C:\WINDOWS\Tasks\WinZipDriverUpdater_UPDATES.job
    2015-06-17 08:52 - 2010-11-29 19:41 - 00000000 ____D C:\Documents and Settings\ASQ\Desktop\Skrabna vest
    2015-06-17 08:48 - 2010-11-29 21:05 - 00001901 _____ C:\WINDOWS\panose.bin
    2015-06-16 17:13 - 2010-11-29 20:46 - 00000000 ____D C:\Documents and Settings\ASQ\Application Data\uTorrent
    2015-06-16 15:10 - 2010-11-29 19:39 - 00028984 _____ C:\Documents and Settings\ASQ\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2015-06-16 15:08 - 2010-11-29 19:40 - 00000000 ____D C:\Documents and Settings\ASQ\My Documents\ASIA
    2015-06-15 11:42 - 2010-11-29 20:14 - 00000000 ____D C:\Documents and Settings\ASQ\Application Data\Adobe
    2015-06-15 11:08 - 2011-04-29 12:32 - 00000000 ____D C:\Documents and Settings\ASQ\Local Settings\Application Data\Adobe
    2015-06-15 10:31 - 2010-11-29 20:14 - 00000000 ____D C:\Program Files\Adobe
    2015-06-15 10:29 - 2010-11-29 20:14 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2015-06-15 10:28 - 2010-11-29 21:04 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
    2015-06-15 10:26 - 2011-04-20 10:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
    2015-06-15 10:10 - 2010-11-29 19:32 - 01565615 _____ C:\WINDOWS\WindowsUpdate.log
    2015-06-15 09:25 - 2012-02-21 12:05 - 01084418 _____ C:\WINDOWS\setupapi.log
    2015-06-15 09:25 - 2011-09-16 18:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogMeIn
    2015-06-15 09:25 - 2010-11-29 21:25 - 00000052 _____ C:\WINDOWS\wiaservc.log
    2015-06-15 09:25 - 2008-04-14 15:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
    2015-06-15 09:24 - 2010-11-29 19:38 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-06-10 19:14 - 2012-03-30 15:29 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2015-06-10 19:14 - 2011-09-15 18:41 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2015-06-10 01:31 - 2015-05-08 10:29 - 00001811 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2015-06-09 11:50 - 2010-11-29 19:41 - 00000000 ____D C:\Documents and Settings\ASQ\Desktop\Tajen pomrn
    2015-06-08 08:33 - 2010-11-29 20:34 - 10485760 _____ C:\WINDOWS\system32\config\Antivirus.Evt
    2015-06-08 08:33 - 2010-11-29 20:11 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
    2015-06-08 08:33 - 2010-11-29 19:39 - 00000178 ___SH C:\Documents and Settings\ASQ\ntuser.ini
    2015-06-04 13:04 - 2014-07-23 12:08 - 00000000 ____D C:\Program Files\SpeedFan
    2015-06-04 10:16 - 2010-11-29 19:39 - 00000000 ____D C:\Documents and Settings\ASQ
    2015-05-29 13:51 - 2010-12-04 16:32 - 00000000 ____D C:\WINDOWS\Minidump
    2015-05-28 08:35 - 2010-11-29 21:20 - 00186629 _____ C:\WINDOWS\setupact.log
    2015-05-27 11:42 - 2015-01-27 14:23 - 00000000 ____D C:\Program Files\SAMSUNG
    2015-05-27 11:42 - 2010-11-29 19:50 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
     
    ==================== Files in the root of some directories =======
     
    2015-05-28 08:17 - 2015-06-18 15:20 - 0000024 _____ () C:\Documents and Settings\ASQ\Application Data\appdataFr25.bin
    2010-11-29 19:40 - 2011-09-15 19:03 - 0037888 _____ () C:\Documents and Settings\ASQ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
     
    Some files in TEMP:
    ====================
    C:\Documents and Settings\ASQ\Local Settings\Temp\DrvInst64.exe
    C:\Documents and Settings\ASQ\Local Settings\Temp\gtapi_signed.dll
    C:\Documents and Settings\ASQ\Local Settings\Temp\NEventMessages.dll
    C:\Documents and Settings\ASQ\Local Settings\Temp\NOSEventMessages.dll
    C:\Documents and Settings\ASQ\Local Settings\Temp\pyl1.tmp.exe
    C:\Documents and Settings\ASQ\Local Settings\Temp\pyl144.tmp.exe
    C:\Documents and Settings\ASQ\Local Settings\Temp\pyl1E.tmp.exe
    C:\Documents and Settings\ASQ\Local Settings\Temp\setacl.exe
    C:\Documents and Settings\ASQ\Local Settings\Temp\sfamcc00001.dll
    C:\Documents and Settings\ASQ\Local Settings\Temp\sfamcc00002.dll
    C:\Documents and Settings\ASQ\Local Settings\Temp\sfextra.dll
    C:\Documents and Settings\ASQ\Local Settings\Temp\Uninstall.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
     
    ==================== End of log ============================

    Addition.txt

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    icotonev    7511

    Здравейте..! :)

     

    remove%20outdated.jpg Деинсталиране нa програми

    • Натиснете WindowsKey.png + R на клавиатурата си по едно и също време. Въведете appwiz.cpl и щракнете върху OK.

     

     

    Clickable Links

    DigiSaavuera

    EnjoyCoaupoon

    IIsaVeer

    ParallelEdit
    Passter

    PriceMinuus

    RobboSaver

     

     

     

     

    adwcleaner_new.png Сканиране с AdwCleaner
     
    Моля, изтеглете и стартирайте програмата AdwCleaner (by Xplode):

    • Затворете всички стартирани програми и браузъри
    • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
    • Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени.
    • Маркирайте Clean
    • Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта.
    • Моля, да публикувате съдържанието на този лог в отговора си
    • Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s0].txt

     

     

    JRTbythisisu.png Сканиране с Junkware Removal Tool
     
    Моля, изтеглете Junkware Removal Tool (by Thisisu ) и запазете на вашия десктоп.

    • Спрете временно работата на защитните програми.
    • Стартирайте инструмента JRT.exe
    • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
    • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
    • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
    • Моля копирайте съдържанието на лог файла в следващия си пост.

     

    Направете ново  сканиране с:

     

     

    FRST.gif Сканиране с Farbar Recovery Scan Tool

     

    • Моля изтеглете icon1337953436.pngFarbar Recovery Scan Tool (според версията на Windows изберете 32 битовата или 64 битовата версия) и го запазете на десктопа.
    • Стартирайте файла FRST.exe (или FRST64.exe)
    • Програмата ще се стартира. Натиснете YES за да се съгласите с лицензионното споразумение.
    • Натиснете бутона YClYkft.jpg.
    • Изчакайте търпеливо проверката да приключи.
    • Ще се създадат два лог файла с името - FRST.txt и Addition.txt на десктопа.
    • Копирайте съдържанието на файла FRST.txt в следващия си пост. Прикачете Addition.txt в коментар си (погледнете опцията Прикачване на файлове, когато публикувате мнение).

     

    xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg  Дневници
     
    В следващия си отговор, моля да включите следните дневници:

     

    • FRST.txt
    • Addition.txt
    • AdwCleaner[s0].txt
    • JRT.txt
    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    icotonev    7511

    По тази система има много работа...! :)

     

    Първо съм длъжен да ви обърна внимание че  поддръжката за Windows XP завърши на 8 април 2014 г.
     
    Какво представлява прекратяването на поддръжката за Windows XP?

     

     

    Използвате много стара версия на avast! antivirus...Няма смисъл от нея на този етап...да я деинсталираме,за да не ни пречи в почистването..:

     

    1. Изтеглете инструмента aswclear.exe и да го запишете на вашия работен плот.

    2. Рестартирайте компютъра и преминете в режим Safe Mode.

    3. Стартирайте инструмента.

    4. Ако Avast  не е инсталиран в папката по подразбиране, укажете пътя до него. (Забележка: Съдържанието на тази папка ще бъде премахнато!)

    5.Маркираме REMOVE.

    6.Рестартирайте компютъра и преминавате в нормален режим.

     

     

     

    icon1348768721.jpg  Изтеглете Security Check (автор: screen317) от тук

    • Кликнете два пъти върху SecurityCheck.exe и следвайте инструкциите.
    • Когато програмата завърши работата си, ще се отвори един текстов документ: checkup.txt.
    • Копирайте съдържанието на checkup.txt с Копирай (Copy) и с Постави (Paste) го поставете в следващия си коментар.

     

     

     

     

    FRST.gif Фикс с Farbar Recovery Scan Tool

     
    icon13.gif Изтеглете прикачения файл и го запазете там, където сте свалили FRST.exe => fixlist.txt
    Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.
    Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.

     
    ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

     

     

    xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg  Дневници
     
    В следващия си отговор, моля да включите следните дневници:

     

    • FixLog.txt
    • checkup.txt
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    m_power94    50
     Results of screen317's Security Check version 1.004  
     Windows XP Service Pack 3 x86   
     Internet Explorer 8  
    ``````````````Antivirus/Firewall Check:``````````````
     Windows Firewall Enabled!  
    Please wait while WMIC is being installed.d 
    ECHO is off.
    ECHO is off.
    ECHO is off.
    ECHO is off.
    ECHO is off.
    ECHO is off.
     Antivirus out of date!
    `````````Anti-malware/Other Utilities Check:`````````
      Adobe Flash Player 17.0.0.188 Flash Player out of Date!
     Adobe Reader XI  
     Mozilla Firefox (38.0.5) 
     Google Chrome (43.0.2357.124) 
    ````````Process Check: objlist.exe by Laurent````````
     All Users Application Data VIVACOM 3G USB Modem OnlineUpdate\ouc.exe 
    `````````````````System Health check`````````````````
     Total Fragmentation on Drive C::  
    ````````````````````End of Log``````````````````````
     

    Fixlog.txt


    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    icotonev    7511

    GUZVCQN.jpg Моля, изтеглете Malwarebytes Anti -Malware и го запомнете на вашия работен плот .

    Кликнете два пъти върху mbam-setup - 2.1.4.1018.exe и следвайте инструкциите, за да инсталирате програмата . Убедете се че преди края на инсталацията има отметка тук:

    • Launch Malwarebytes Anti-Malware
    • 14-дневен пробен период е предварително избран. Можете да премахнете отметката ако желаете, при което няма да се ограничат възможностите за сканиране и премахване на зловреден софтуер с програмата.
    • Натиснете Finish
    • В края на инсталацията, ще се извърши актуализация на база данни.
    • Отидете до табът Settings > Detection and Protection > и под категорията Detection Options включете опцията "Scan for rootkits".
    • Отидете до табът Scan, сложете радио-бутона пред Threat Scan и кликнете върху Scan Now и ще започне сканиране за зловреден софтуер.
    • При някои инфекции можете да видите съобщението:

                                          "Could not load DDA driver"

    • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
    • Когато сканирането приключи, ако има някакви открити зарази , щракнете върху Remove Selected за да се позволи на Mbam да почисти засеченото. .
    • В повечето случаи, ще се поиска рестартиране
    • Изчакайте подканата за рестартиране на компютъра, за да се появи, след това кликнете върху Yes
    • След рестарта ,стартирайте Mbam още веднъж.
    • Кликнете на History tab > Application Logs .
    • Кликнете два пъти върху реда , който показва датата и часа на сканирането и натиснете бутона "Copy to Clipboard"
    • Поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.

     

     

    GzlsbnV.png.pagespeed.ce.SLxxSJVib_axmA6 Сканиране с ESET Online Scan
     
     
    i_arrow-r.gif Изтеглете програмата: ESET Online Scanner

    • Стартирайте esetsmartinstaller_enu.exe 7c9e83b53227ef3d.jpg
    • Сложете отметка на YES, I accept the Terms of Use и изберете Start:

    04ed1c15c0abe843.jpg

    • Скенерът ще започне да изтегля компонентите, които са му необходими:

    3b734079c5ccd713.jpg

    • Уверете се, че Enable detection of potentially unwanted applications е избран.

    Уверете се, че е премахната отметката от:

    • Remove found threats

    Уверете се че са маркирани следните позиции:

    • Scan Archives

    Кликнете върху Advanced Settings и маркирайте следните опции:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    Накрая изберете Start
     
    2.JPG
     
    Скенерът ще започне да изтегля последните дефиниции и ще започне сканиране на вашия компютър.
    Моля, бъдете търпеливи, тъй като това може да отнеме известно време.

    • След, като сканирането завърши кликнете на List of found threats.
    • Щракнете върху Export, и запишете файла на вашия работен плот с  име  ESETScan. Копирайте съдържанието на този доклад, в следващия си отговор.
    • Изберете бутона Back.
    • Изберете бутона Finish.

     

    xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg  Дневници
     
    В следващия си отговор, моля да включите следните дневници:

     

    • Дневник от Malwarebytes Anti -Malware
    • Дневник от ESET Online Scanner ( List of found threats )
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    m_power94    50
    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 6/20/2015
    Scan Time: 09:56:38
    Logfile: 
    Administrator: Yes
     
    Version: 2.01.6.1022
    Malware Database: v2015.06.19.05
    Rootkit Database: v2015.06.15.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
     
    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: ASQ
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 363179
    Time Elapsed: 14 min, 19 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Deep Rootkit Scan: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 7
    PUP.Optional.MultiPlug, HKU\S-1-5-21-1454471165-602162358-527237240-1003_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}, Quarantined, [d5bc7448afdbe551506a5c54f3104fb1], 
    PUP.Optional.Mindspark.A, HKU\S-1-5-21-1454471165-602162358-527237240-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}, Quarantined, [f79aac10107a22143b2200751ce79868], 
    PUP.Optional.Mindspark.A, HKU\S-1-5-21-1454471165-602162358-527237240-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}, Quarantined, [f79aac10107a22143b2200751ce79868], 
    PUP.Optional.Mindspark.A, HKU\S-1-5-21-1454471165-602162358-527237240-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A899079D-206F-43A6-BE6A-07E0FA648EA0}, Quarantined, [4d444a72a2e83ef8f1e9e4cae320619f], 
    PUP.Optional.Mindspark.A, HKU\S-1-5-21-1454471165-602162358-527237240-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A899079D-206F-43A6-BE6A-07E0FA648EA0}, Quarantined, [4d444a72a2e83ef8f1e9e4cae320619f], 
    PUP.Optional.Mindspark.A, HKU\S-1-5-21-1454471165-602162358-527237240-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{93A3111F-4F74-4ED8-895E-D9708497629E}, Quarantined, [7b167a42e9a1ee48baa3fb781ee56f91], 
    PUP.Optional.SmartBar.A, HKU\S-1-5-21-1454471165-602162358-527237240-1003\SOFTWARE\SMARTBAR, Quarantined, [573a7a428703f5415e04830e9174b64a], 
     
    Registry Values: 1
    PUP.Optional.SmartBar.A, HKU\S-1-5-21-1454471165-602162358-527237240-1003\SOFTWARE\SMARTBAR|GlobalUserId, 60876254-AB6B-4168-B8E9-A40E5A87E4CC, Quarantined, [573a7a428703f5415e04830e9174b64a]
     
    Registry Data: 3
    PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[bfd2328a2b5f47eff69db58ef6108e72]
    PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[0b86bdff3f4bcc6a7222d76c0bfbb24e]
    PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[7a175468bbcff640b2e3083bd92d4bb5]
     
    Folders: 2
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\conduit, Quarantined, [d9b8e4d89cee7db90aea21d258abb44c], 
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\conduit\facebook, Quarantined, [d9b8e4d89cee7db90aea21d258abb44c], 
     
    Files: 18
    PUP.Optional.InstallIQ.A, C:\Documents and Settings\ASQ\My Documents\Downloads\installfreefileopener_553.exe, Quarantined, [a5ecc9f341499d99e336f55af40db848], 
    Adware.InstallBrain, C:\Documents and Settings\ASQ\My Documents\Downloads\VideoPerformerSetup.exe, Quarantined, [761b813ba8e2a096694ccc742ad70ff1], 
    PUP.Optiona.ConduitTB.Gen, C:\Documents and Settings\ASQ\My Documents\Downloads\bsplayer257.1051EN_clip(2).exe, Quarantined, [573a4f6d23672a0cbb9df292fb0b14ec], 
    PUP.Optiona.ConduitTB.Gen, C:\Documents and Settings\ASQ\My Documents\Downloads\bsplayer257.1051EN_clip(3).exe, Quarantined, [0f823587830701351840dba9ec1a3ec2], 
    PUP.Optiona.ConduitTB.Gen, C:\Documents and Settings\ASQ\My Documents\Downloads\bsplayer257.1051EN_clip.exe, Quarantined, [4f426755c2c80b2bcd8b9aeaa066f907], 
    PUP.Optiona.ConduitTB.Gen, C:\Documents and Settings\ASQ\My Documents\Downloads\bsplayer258.1058.exe, Quarantined, [e0b128949bef2c0af365552ff412ac54], 
    PUP.Optional.InstallCore.A, C:\Documents and Settings\ASQ\My Documents\Downloads\microsoft-word-2013.exe, Quarantined, [c2cfb5073d4d1c1a637f5414679b6d93], 
    PUP.Optional.APNToolBar.A, C:\Documents and Settings\ASQ\My Documents\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe, Quarantined, [9ff21f9dd9b1d0661e086ef85ea4d42c], 
    PUP.Optional.InstallIQ.A, C:\Documents and Settings\ASQ\My Documents\Downloads\installfreefileopener_553(1).exe, Quarantined, [b7daceee3d4dc27401187fd09b66db25], 
    PUP.Optional.InstallIQ.A, C:\Documents and Settings\ASQ\My Documents\Downloads\installfreefileopener_553(2).exe, Quarantined, [2d645c60acdef541ce4b301ffe031ae6], 
    PUP.Optional.InstallIQ.A, C:\Documents and Settings\ASQ\My Documents\Downloads\installfreefileopener_553(3).exe, Quarantined, [d4bde1db4347d3638b8ec38c9071ce32], 
    PUP.Optional.InstallIQ.A, C:\Documents and Settings\ASQ\My Documents\Downloads\installfreefileopener_553(4).exe, Quarantined, [a7ea83397b0fe25456c360efc8399967], 
    PUP.Optional.MultiPlug, C:\Program Files\Passter\Passter.exe, Quarantined, [ddb41ba13d4db185b19d70e00df5b848], 
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\conduit\alertDB.sqlite, Quarantined, [d9b8e4d89cee7db90aea21d258abb44c], 
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\conduit\facebook\menu-en-us.xml, Quarantined, [d9b8e4d89cee7db90aea21d258abb44c], 
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\conduit\facebook\menu-null.xml, Quarantined, [d9b8e4d89cee7db90aea21d258abb44c], 
    PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\conduit\facebook\settings.xml, Quarantined, [d9b8e4d89cee7db90aea21d258abb44c], 
    PUP.Optional.GboxApp.A, C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\d2qeh6x7.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://search.gboxapp.com/");),Replaced,[cbc6c5f75931092d5f381f694fb7ec14]
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)
     
    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    ESETScan.txt
     
    C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Application Data\{d067a482-fa51-f593-d067-7a482fa5920b}\sammobile.premium_v2.1.3.apk.exe.vir a variant of Win32/Adware.MultiPlug.KV application
    C:\AdwCleaner\Quarantine\C\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}(3)\chrome(2)\bs_player.jar.vir Win32/Toolbar.Conduit potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Documents and Settings\ASQ\Local Settings\Application Data\Conduit\Community Alerts\Aler0.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Documents and Settings\ASQ\Local Settings\Application Data\Conduit\Community Alerts\Alert.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Documents and Settings\ASQ\LOCALS~1\Temp\BS_Player\tbBS_2.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files\Clickable Links\Clickable Links.exe.vir Win32/Adware.MultiPlug.KG application
    C:\AdwCleaner\Quarantine\C\Program Files\couponight\couponight.dll.vir a variant of Win32/Adware.MultiPlug.IX application
    C:\AdwCleaner\Quarantine\C\Program Files\DigiSaavuera\DigiSaavuera.exe.vir Win32/Adware.MultiPlug.KG application
    C:\AdwCleaner\Quarantine\C\Program Files\EnjoyCoaupoon\lxNI8TvJhhzfqd.dll.vir a variant of Win32/Adware.MultiPlug.KM application
    C:\AdwCleaner\Quarantine\C\Program Files\EnjoyCoaupoon\lxNI8TvJhhzfqd.exe.vir Win32/Adware.MultiPlug.KG application
    C:\AdwCleaner\Quarantine\C\Program Files\IIsaVeer\vaWpQi1DF6JrO4.dll.vir a variant of Win32/Adware.MultiPlug.KM application
    C:\AdwCleaner\Quarantine\C\Program Files\IIsaVeer\vaWpQi1DF6JrO4.exe.vir Win32/Adware.MultiPlug.KG application
    C:\AdwCleaner\Quarantine\C\Program Files\PriceMinuus\PriceMinuus.exe.vir a variant of Win32/Adware.MultiPlug.JY application
    C:\AdwCleaner\Quarantine\C\Program Files\RobboSaver\SZpySbPYDMsQ5J.dll.vir a variant of Win32/Adware.MultiPlug.KM application
    C:\AdwCleaner\Quarantine\C\Program Files\RobboSaver\SZpySbPYDMsQ5J.exe.vir Win32/Adware.MultiPlug.KG application
    C:\AdwCleaner\Quarantine\C\Program Files\WinZip Driver Updater\WDUUninstall.exe.vir a variant of Win32/Systweak.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files\WinZip Driver Updater\winzipdu.exe.vir a variant of Win32/Systweak.R potentially unwanted application
    C:\AdwCleaner\Quarantine\C\WINDOWS\system32\drivers\{a16a1775-5ab3-4034-ac52-de0795db97f0}Gt.sys.vir a variant of Win32/NetFilter.A potentially unsafe application
    C:\Documents and Settings\ASQ\Application Data\WinZip\WinZipDU\WinZip Driver Updater\productSetup_Setup_7_21_2014.exe a variant of Win32/Systweak.R potentially unwanted application
    D:\Adobe Photoshop CS2 ISO + Keygen\keygen\keygen.exe a variant of Win32/Keygen.CW potentially unsafe application
    D:\programi\klcodec385fxtorrents.rar a variant of Win32/Kryptik.FA trojan
    D:\programi\Ambient.Design.ArtRage.v2.5.19.Multilingual.Retail.Incl.Keymaker-ZWT\keygen.exe a variant of Win32/Keygen.CX potentially unsafe application
    D:\programi\Winx 3GP PDA MP4 Video Converter 3.5.50\Crack\WinX3GPPDAMP4VideoConverter_GOLDCrack.exe a variant of Win32/HackTool.Patcher.X potentially unsafe application
     

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    icotonev    7511

    Добро утро..? Какво е състоянието на системата след процедурите до тук..? В дневника от ESET се виждат Keygen -и ..Да не ги трия аз...моля направете това ръчно:

     

     

    D:\Adobe Photoshop CS2 ISO + Keygen\keygen\keygen.exe a variant of Win32/Keygen.CW potentially unsafe application

    D:\programi\Ambient.Design.ArtRage.v2.5.19.Multilingual.Retail.Incl.Keymaker-ZWT\keygen.exe a variant of Win32/Keygen.CX potentially unsafe application
    D:\programi\Winx 3GP PDA MP4 Video Converter 3.5.50\Crack\WinX3GPPDAMP4VideoConverter_GOLDCrack.exe a variant of Win32/HackTool.Patcher.X potentially unsafe application
     

     

     

     

    FRST.gif Фикс с Farbar Recovery Scan Tool

     
    icon13.gif Изтеглете прикачения файл и го запазете там, където сте свалили FRST.exe => fixlist.txt
    Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.
    Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.

     
    ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

     

     

    xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg  Дневници
     
    В следващия си отговор, моля да включите следните дневници:

     

    • FixLog.txt
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    m_power94    50

    Добро утро,компютъра се държи много по добре, даже не мисля ,че някога е бил по добре от сега.Вече ги няма проблемите реагира бързо на командите и изобщо мисля ,че е много добре.Дори стартира по бързо от преди,но програмата malawarebytes Anti-Malware , му тежи адски много на процесора постоянно го държи на 60 70% и като отворя хром застава на 100% и всичко насича.Като я изключа всичко е ок.Ето лога:

     

    Fixlog.txt

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    icotonev    7511

    Чудесно..! :)

     

    icon_arrow.gif Изтеглете следния файл и го запазете в папката от която стартирахте FRST.exe.
    Стартирайте FRST.exe и натиснете бутона Fix веднъж!
    След като приключи публикувайте лог файла - fixlog.txt, който ще се създаде след работата. Той трябва да изтрие карантинната папка на инструмента разположена в C:FRS\Quarantine.

     

     

    icon_arrow.gif Деинсталирайте ESET Online Scaner.

    • Start => Run, въведете control appwiz.cpl в полето.След това натиснете ENTER.
    • Изберете ESET Online Scanner от списъка с приложения, а след това маркирайте Remove. Aко бъдете подканени рестартирайте компютъра си.

     

     

    icon_arrow.gif Изтеглете DelFix и го стартирайте. Сложете отметка пред:

    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
    • Create registry backup

    delfix.JPG
     
    ..и след това натиснете бутона Run

    • След като операцията е завърши,ще се създаде дневник
    • Копирате го и го поставите в следващия си отговор

    Инструмента ще се самоизтрие след като приключи своята задача!

     

     

     

    Заразите които бяха в системата ви са обновили Chrome до developer версия, където всички защитни механизми и вътрешни проверки са изключени.Деинсталирайте сега и Google Chrome..но

    преди да го премахнете си експортнете всички запаметени пароли и любими страници (ако имате такива в браузъра).

     

    За отметките:

     

    Експортиране на отметки от Chrome

    1. В горния десен ъгъл на прозореца на браузъра кликнете върху менюто на Chrome.
    2. Изберете Отметки > Диспечер на отметките.
    3. Кликнете върху менюто „Организиране“ в диспечера.
    4. Сега изберете Export bookmarks to HTML file.

    Тук са даден инструкции след това как да ги импортнете обратно след преинсталацията на браузъра:

    http://www.wikihow.c...rks-from-Chrome

     

    За паролите вижте дали следния инструмент сработва:

    http://www.intowindo...chrome-browser/

     

    След това изтеглете и инсталирайте последната стабилна версия..!

     

     

    vxyzw0.gif Обновете и Adobe Flash Player ..!

     

     

    Сега е момента да си инсталирате антивирусна програма.Винаги я  поддържайте   с актуални дефиниции и  сканирайте с нея редовно.Само ще добавя никога да не разчитате само на  AV програма (ако си изберете безплатен вариант) ,добавете задължително и качествен HIPS базиран софтуер... COMODO, PrivateFirewall, Online Armor...What is Host Intrusion Prevention System (HIPS) and how does it work? .Справка: Сигурност и антивирусна защита
     

     

     

    Препоръчвам ви да прегледате следните теми:

     

    Оптимизиране на Windows с цел по-добра производителност

    Ръководство за поддръжка на Windows (XP, Vista и 7) [Revision 2.0]

    Какво да направя, ако компютърът ми работи бавно

     

    Няма да е излишна и една дефрагментация..!Аз бих заложил това да стане с програмата MyDefrag..(Не се препоръчва дефрагментация на SSD Твърд диск )

     

    Изтеглете MyDefrag и я инсталирайте.
     
    Изберете System Disk Monthly => Посочете системния и recovery дяловете и натиснете Run
     
    t23MhLW.png
     
    Може да отнеме доста време...след като приключи ще изпише Finished и можете да затворите програмата от X-са
     
    How+do+I+consolidate+free+space+using+My
     
    След това рестартирайте системата.

     

    Ако нямате други проблеми да приключваме...Маркирам случая за "Решен"...! Пожелавам лек ден и безопасен интернет..! :)

    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    m_power94    50

    Да мисля ,че всички проблеми се решиха.Ще последвам съветите ви за безопасността на системата.

    Благодаря ви за помощта и за отделеното време.  :handshake:

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    • Горещи теми в момента

    • Подобни теми

      • от RudeBoy
        Здравейте,
        Направих една голяма глупост - изтеглих и опитах да отворя кийген за една програма. Явно е бил фалшив, защото компютърът ми се напълни с какво ли не. Сканирах с Panda, премахна много неща, но има още. Като браузвам в нета, постоянно ми се отварят рекламни страници, при кликване на всеки линк. Отварят се дори и от само себе си, при затворен браузър. Имам системен диск, в краен случай съм готов да преинсталирам, но ако мога да се справя с ваша помощ, ще е чудесно  .
        Прикачвам логовете:
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2017
        Ran by mcpph (administrator) on DESKTOP-P7903MO (17-09-2017 12:39:55)
        Running from C:\Users\mcpph\Desktop
        Loaded Profiles: mcpph (Available Profiles: mcpph)
        Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
        Internet Explorer Version 11 (Default browser: Opera)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
        (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
        (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
        (@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
        (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
        () C:\ProgramData\WinSxA.exe
        (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
        (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
        (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
        (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
        (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Intel Corporation) C:\Program Files\Intel\STCServ\STCServ.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
        HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [144520 2017-07-19] (Panda Security, S.L.)
        HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
        HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
        HKU\S-1-5-21-3410296404-4140097037-1986194597-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
        HKU\S-1-5-21-3410296404-4140097037-1986194597-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\ENDLES~1.SCR [5133824 2015-12-01] (Extreme Internet Software)
        BootExecute: 
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
        Tcpip\..\Interfaces\{399be296-21bc-4c44-b88b-015636c079a7}: [DhcpNameServer] 192.168.100.1
        Internet Explorer:
        ==================
        HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
        FireFox:
        ========
        FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
        FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
        FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
        FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
        Opera: 
        =======
        OPR Extension: (Adguard AdBlocker) - C:\Users\mcpph\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2017-09-04]
        OPR Extension: (Quick Searcher) - C:\Users\mcpph\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-09-17]
        StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-12-29] (Foxit Software Inc.)
        S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [365040 2017-03-18] (Intel Corporation)
        S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
        S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
        R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [109024 2017-07-19] (Panda Security, S.L.)
        R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
        R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48784 2017-07-19] (Panda Security, S.L.)
        R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI) [File not signed]
        R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
        R2 STCServ; C:\Program Files\Intel\STCServ\STCServ.exe [8095456 2015-03-16] (Intel Corporation)
        S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
        S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
        R2 WinSxA; C:\ProgramData\WinSxA.exe [423080 2017-09-17] ()
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
        S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [33448 2016-12-07] ()
        S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
        S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] ()
        S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
        R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
        S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-09-17] (Malwarebytes)
        S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
        R1 NNSALPC; C:\Windows\system32\DRIVERS\NNSALPC.sys [106976 2017-04-07] (Panda Security, S.L.)
        R1 NNSHTTP; C:\Windows\system32\DRIVERS\NNSHTTP.sys [211936 2017-04-07] (Panda Security, S.L.)
        R1 NNSHTTPS; C:\Windows\system32\DRIVERS\NNSHTTPS.sys [121312 2017-04-07] (Panda Security, S.L.)
        R1 NNSIDS; C:\Windows\system32\DRIVERS\NNSIDS.sys [125920 2017-04-07] (Panda Security, S.L.)
        R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [89960 2017-03-17] (Panda Security, S.L.)
        R1 NNSPICC; C:\Windows\system32\DRIVERS\NNSPICC.sys [118240 2017-04-07] (Panda Security, S.L.)
        R1 NNSPIHSW; C:\Windows\system32\DRIVERS\NNSPIHSW.sys [91104 2017-04-07] (Panda Security, S.L.)
        R1 NNSPOP3; C:\Windows\system32\DRIVERS\NNSPOP3.sys [135648 2017-04-07] (Panda Security, S.L.)
        R1 NNSPROT; C:\Windows\system32\DRIVERS\NNSPROT.sys [336352 2017-04-07] (Panda Security, S.L.)
        R1 NNSPRV; C:\Windows\system32\DRIVERS\NNSPRV.sys [226272 2017-04-07] (Panda Security, S.L.)
        R1 NNSSMTP; C:\Windows\system32\DRIVERS\NNSSMTP.sys [123360 2017-04-07] (Panda Security, S.L.)
        R1 NNSSTRM; C:\Windows\system32\DRIVERS\NNSSTRM.sys [280032 2017-04-07] (Panda Security, S.L.)
        R1 NNSTLSC; C:\Windows\system32\DRIVERS\NNSTLSC.sys [125408 2017-04-07] (Panda Security, S.L.)
        R2 PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [179168 2017-07-19] (Panda Security, S.L.)
        R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [140256 2017-07-19] (Panda Security, S.L.)
        R1 PSINKNC; C:\Windows\system32\DRIVERS\PSINKNC.sys [207328 2017-07-19] (Panda Security, S.L.)
        R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [133600 2017-07-19] (Panda Security, S.L.)
        R2 PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [146912 2017-07-19] (Panda Security, S.L.)
        R2 PSINReg; C:\Windows\system32\DRIVERS\PSINReg.sys [117216 2017-07-19] (Panda Security, S.L.)
        U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [72648 2017-05-22] (Panda Security, S.L.)
        R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
        S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
        S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
        S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
        S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
        S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-17 12:39 - 2017-09-17 12:40 - 000010125 _____ C:\Users\mcpph\Desktop\FRST.txt
        2017-09-17 12:39 - 2017-09-17 12:39 - 002398720 _____ (Farbar) C:\Users\mcpph\Desktop\FRST64.exe
        2017-09-17 12:39 - 2017-09-17 12:39 - 000000000 ____D C:\FRST
        2017-09-17 12:08 - 2017-09-17 12:13 - 000001024 _____ C:\Windows\system32\Drivers\etc\hosts.bak
        2017-09-17 12:04 - 2017-09-17 12:05 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Zara
        2017-09-17 12:04 - 2017-09-17 12:04 - 000423080 _____ C:\ProgramData\WinSxA.exe
        2017-09-17 12:04 - 2017-09-17 12:04 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\spbggb0is40
        2017-09-17 12:04 - 2017-09-17 12:04 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\0sziqug0wpx
        2017-09-17 12:03 - 2017-09-17 12:07 - 000001654 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ореrа Вrоwsеr.lnk
        2017-09-16 08:28 - 2017-09-16 21:13 - 000000000 ____D C:\Users\mcpph\AppData\Local\Samsung
        2017-09-16 08:28 - 2017-09-16 08:28 - 000000000 ____D C:\Users\Public\Documents\NativeFus_Log
        2017-09-16 08:28 - 2017-09-16 08:28 - 000000000 ____D C:\Users\mcpph\Documents\samsung
        2017-09-16 08:27 - 2017-09-16 08:27 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
        2017-09-15 21:10 - 2017-09-16 21:13 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Samsung
        2017-09-15 21:10 - 2016-07-22 10:21 - 000164992 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
        2017-09-15 21:10 - 2016-07-22 10:21 - 000130688 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus.sys
        2017-09-15 21:09 - 2017-09-16 21:13 - 000000000 ____D C:\ProgramData\Samsung
        2017-09-15 21:09 - 2017-09-15 21:10 - 000000000 ____D C:\Program Files (x86)\Samsung
        2017-09-15 21:09 - 2016-05-18 14:49 - 004659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
        2017-09-15 21:09 - 2016-05-18 14:49 - 000144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
        2017-09-15 21:08 - 2017-09-15 21:08 - 000000000 ____D C:\Users\mcpph\AppData\Local\Downloaded Installations
        2017-09-12 15:13 - 2017-09-12 15:13 - 000000911 _____ C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ExifPro 2.1.lnk
        2017-09-12 09:35 - 2017-09-17 12:07 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
        2017-09-12 09:35 - 2017-09-12 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
        2017-09-12 09:35 - 2017-09-12 09:35 - 000000000 ____D C:\ProgramData\Malwarebytes
        2017-09-12 09:35 - 2017-09-12 09:35 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
        2017-09-12 09:35 - 2015-10-05 09:50 - 000109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
        2017-09-12 09:35 - 2015-10-05 09:50 - 000064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
        2017-09-12 09:35 - 2015-10-05 09:50 - 000025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
        2017-09-05 23:33 - 2017-09-05 23:33 - 000000000 ____D C:\Program Files\Reference Assemblies
        2017-09-05 23:33 - 2017-09-05 23:33 - 000000000 ____D C:\Program Files\MSBuild
        2017-09-05 23:33 - 2017-09-05 23:33 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
        2017-09-05 23:33 - 2017-09-05 23:33 - 000000000 ____D C:\Program Files (x86)\MSBuild
        2017-09-05 23:33 - 2017-02-10 11:26 - 001166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
        2017-09-05 23:33 - 2017-02-10 11:26 - 000124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
        2017-09-05 23:33 - 2017-02-10 11:26 - 000035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
        2017-09-05 23:33 - 2017-02-10 11:21 - 000778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
        2017-09-05 23:33 - 2017-02-10 11:21 - 000103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
        2017-09-05 23:33 - 2017-02-10 11:21 - 000035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
        2017-09-05 23:27 - 2017-09-05 23:27 - 000000000 ____D C:\Users\mcpph\AppData\Local\ElevatedDiagnostics
        2017-09-05 23:24 - 2017-09-05 23:24 - 000000000 ____D C:\Windows\SysWOW64\directx
        2017-09-05 23:21 - 2017-09-05 23:21 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\WinRAR
        2017-09-04 22:44 - 2017-09-04 22:45 - 000000000 _____ C:\Recovery.txt
        2017-09-04 19:29 - 2017-09-04 08:51 - 000000000 ____D C:\Windows\Panther
        2017-09-04 18:30 - 2017-09-04 18:30 - 000000000 _SHDL C:\Documents and Settings
        2017-09-04 18:29 - 2017-09-17 12:36 - 000000006 ____H C:\Windows\Tasks\SA.DAT
        2017-09-04 18:29 - 2017-09-17 09:31 - 000000000 ____D C:\Windows\system32\SleepStudy
        2017-09-04 18:29 - 2017-09-04 18:29 - 000000000 ____D C:\Windows\ServiceProfiles
        2017-09-04 18:29 - 2017-09-04 09:56 - 000267480 _____ C:\Windows\system32\FNTCACHE.DAT
        2017-09-04 17:53 - 2017-09-04 17:54 - 000000000 ____D C:\Users\mcpph\AppData\Local\Easy CD-DA Extractor
        2017-09-04 17:53 - 2017-09-04 17:53 - 000000000 ____D C:\ProgramData\TEMP
        2017-09-04 17:53 - 2017-09-04 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy CD-DA Extractor 16
        2017-09-04 17:53 - 2017-09-04 17:53 - 000000000 ____D C:\ProgramData\Easy CD-DA Extractor
        2017-09-04 17:53 - 2017-09-04 17:53 - 000000000 ____D C:\Program Files\Easy CD-DA Extractor 16
        2017-09-04 17:50 - 2017-09-04 17:50 - 000000000 ____D C:\Users\mcpph\AppData\Local\Kolor
        2017-09-04 17:50 - 2017-09-04 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolor
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Mozilla
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\IObit
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\LocalLow\Mozilla
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Local\Turbo.net
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Local\Mozilla
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Local\CrashDumps
        2017-09-04 14:36 - 2017-09-04 17:50 - 000000000 ____D C:\Program Files\Kolor
        2017-09-04 11:30 - 2017-09-04 11:30 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
        2017-09-04 11:23 - 2017-09-04 11:23 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Yamicsoft
        2017-09-04 11:23 - 2017-09-04 11:23 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yamicsoft
        2017-09-04 11:23 - 2017-09-04 11:23 - 000000000 ____D C:\Users\mcpph\AppData\Local\DBG
        2017-09-04 11:23 - 2017-09-04 11:23 - 000000000 ____D C:\Program Files\Yamicsoft
        2017-09-04 10:15 - 2017-09-04 10:15 - 000000000 ____D C:\Users\mcpph\Documents\Adobe
        2017-09-04 10:13 - 2017-09-04 10:13 - 000000000 ____D C:\Program Files\Common Files\Adobe
        2017-09-04 10:08 - 2017-09-04 10:13 - 000000000 ____D C:\Program Files\Adobe
        2017-09-04 10:08 - 2017-09-04 10:08 - 000001029 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk
        2017-09-04 10:08 - 2017-09-04 10:08 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
        2017-09-04 10:07 - 2017-09-04 10:13 - 000000000 ____D C:\ProgramData\Adobe
        2017-09-04 10:07 - 2017-09-04 10:07 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Macromedia
        2017-09-04 10:04 - 2017-09-04 10:04 - 000000000 ____D C:\Users\mcpph\AppData\Local\4kdownload.com
        2017-09-04 10:04 - 2017-09-04 10:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
        2017-09-04 10:04 - 2017-09-04 10:04 - 000000000 ____D C:\Program Files (x86)\4KDownload
        2017-09-04 09:58 - 2017-09-04 09:58 - 000001531 ____H C:\Windows\EPMBatch.ept
        2017-09-04 09:55 - 2017-09-16 21:13 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
        2017-09-04 09:55 - 2017-09-04 09:55 - 000000000 ___HD C:\Program Files (x86)\Temp
        2017-09-04 09:55 - 2017-09-04 09:55 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
        2017-09-04 09:55 - 2017-09-04 09:55 - 000000000 ____D C:\Program Files\Realtek
        2017-09-04 09:55 - 2017-09-04 09:55 - 000000000 ____D C:\Program Files (x86)\Realtek
        2017-09-04 09:55 - 2015-06-18 18:45 - 004496600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
        2017-09-04 09:55 - 2015-06-18 17:59 - 002862488 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
        2017-09-04 09:55 - 2015-06-17 19:47 - 002930904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
        2017-09-04 09:55 - 2015-06-17 14:45 - 003234520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
        2017-09-04 09:55 - 2015-06-15 17:39 - 001748184 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
        2017-09-04 09:55 - 2015-05-27 17:38 - 002825944 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
        2017-09-04 09:55 - 2015-05-26 11:59 - 000166616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
        2017-09-04 09:55 - 2015-05-25 15:18 - 003195416 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
        2017-09-04 09:55 - 2015-05-18 14:47 - 002702040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
        2017-09-04 09:55 - 2015-05-15 19:27 - 002918104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
        2017-09-04 09:55 - 2015-05-15 16:32 - 001316056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
        2017-09-04 09:55 - 2014-11-11 13:44 - 000631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
        2017-09-04 09:55 - 2014-06-09 10:59 - 000560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
        2017-09-04 09:55 - 2014-04-10 12:19 - 002041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
        2017-09-04 09:55 - 2014-01-08 15:25 - 000397592 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
        2017-09-04 09:55 - 2013-10-11 12:47 - 000113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
        2017-09-04 09:55 - 2012-06-08 16:21 - 000897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
        2017-09-04 09:55 - 2012-06-08 16:21 - 000753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
        2017-09-04 09:55 - 2012-03-08 11:47 - 000108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
        2017-09-04 09:55 - 2011-12-20 15:32 - 000331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
        2017-09-04 09:55 - 2011-12-16 14:57 - 000065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
        2017-09-04 09:55 - 2011-11-22 16:28 - 000014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
        2017-09-04 09:55 - 2010-09-27 09:34 - 000318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
        2017-09-04 09:55 - 2009-11-24 09:55 - 000518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
        2017-09-04 09:55 - 2009-11-24 09:55 - 000211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
        2017-09-04 09:55 - 2009-11-24 09:55 - 000198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
        2017-09-04 09:55 - 2009-11-24 09:55 - 000155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
        2017-09-04 09:55 - 2009-11-18 07:13 - 000060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
        2017-09-04 09:54 - 2017-09-13 19:40 - 000000000 ____D C:\Program Files\Recuva
        2017-09-04 09:54 - 2017-09-04 09:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
        2017-09-04 09:51 - 2017-09-17 12:32 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\vlc
        2017-09-04 09:51 - 2017-09-04 09:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
        2017-09-04 09:51 - 2017-09-04 09:51 - 000000000 ____D C:\Program Files (x86)\VideoLAN
        2017-09-04 09:50 - 2017-09-04 09:50 - 000000000 ____D C:\Users\mcpph\AppData\Local\Foxit Reader
        2017-09-04 09:49 - 2017-09-04 09:50 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Foxit Software
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\Users\Public\Foxit Software
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Foxit AgentInformation
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\ProgramData\Foxit Software
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\Program Files (x86)\Foxit Software
        2017-09-04 09:48 - 2017-09-04 09:48 - 000000000 ____D C:\Users\mcpph\AppData\Local\Viber
        2017-09-04 09:47 - 2017-09-16 12:23 - 000000000 ____D C:\Users\mcpph\Documents\ViberDownloads
        2017-09-04 09:45 - 2017-09-16 12:22 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\ViberPC
        2017-09-04 09:45 - 2017-09-04 09:45 - 000001033 _____ C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
        2017-09-04 09:45 - 2017-09-04 09:45 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
        2017-09-04 09:45 - 2017-09-04 09:45 - 000000000 ____D C:\Users\mcpph\AppData\Local\Viber Media S.à r.l
        2017-09-04 09:45 - 2017-09-04 09:45 - 000000000 ____D C:\Users\mcpph\AppData\Local\Package Cache
        2017-09-04 09:41 - 2017-09-04 09:41 - 000000691 _____ C:\Users\mcpph\Desktop\VIDEO.lnk
        2017-09-04 09:40 - 2017-09-04 09:40 - 000000716 _____ C:\Users\mcpph\Desktop\DOWNLOAD.lnk
        2017-09-04 09:40 - 2017-09-04 09:40 - 000000691 _____ C:\Users\mcpph\Desktop\AUDIO.lnk
        2017-09-04 09:40 - 2017-09-04 09:40 - 000000000 ____D C:\ProgramData\ShellIcons
        2017-09-04 09:39 - 2017-09-04 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
        2017-09-04 09:39 - 2017-09-04 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 12.5
        2017-09-04 09:39 - 2017-09-04 09:39 - 000000000 ____D C:\Program Files\Speccy
        2017-09-04 09:38 - 2017-09-04 09:38 - 000000000 ____D C:\Program Files (x86)\EaseUS
        2017-09-04 09:38 - 2017-08-08 17:49 - 004027072 _____ C:\Windows\system32\BootMan.exe
        2017-09-04 09:38 - 2017-08-08 17:49 - 003037376 _____ C:\Windows\SysWOW64\BootMan.exe
        2017-09-04 09:38 - 2016-12-07 13:26 - 000033448 _____ C:\Windows\system32\epmntdrv.sys
        2017-09-04 09:38 - 2016-07-11 10:01 - 000101984 _____ C:\Windows\system32\setupempdrvx64.exe
        2017-09-04 09:38 - 2016-07-11 10:01 - 000088160 _____ C:\Windows\SysWOW64\setupempdrv03.exe
        2017-09-04 09:38 - 2016-07-11 10:01 - 000010848 _____ C:\Windows\system32\EuGdiDrv.sys
        2017-09-04 09:38 - 2016-07-11 10:01 - 000010208 _____ C:\Windows\SysWOW64\EuGdiDrv.sys
        2017-09-04 09:38 - 2016-07-08 15:28 - 000248832 _____ C:\Windows\SysWOW64\epmntdrv.pdb
        2017-09-04 09:38 - 2016-01-14 10:05 - 000021496 _____ C:\Windows\SysWOW64\epmntdrv.sys
        2017-09-04 09:38 - 2014-11-18 14:46 - 000021088 _____ C:\Windows\SysWOW64\EuEpmGdi.dll
        2017-09-04 09:38 - 2014-11-18 14:46 - 000017504 _____ C:\Windows\system32\EuEpmGdi.dll
        2017-09-04 09:37 - 2017-09-04 09:37 - 000000000 ____D C:\Users\mcpph\AppData\Local\FastStone
        2017-09-04 09:37 - 2017-09-04 09:37 - 000000000 ____D C:\ProgramData\FastStone
        2017-09-04 09:36 - 2017-09-04 09:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture
        2017-09-04 09:36 - 2017-09-04 09:38 - 000000000 ____D C:\Program Files (x86)\FastStone Capture
        2017-09-04 09:31 - 2017-09-12 22:12 - 000004650 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
        2017-09-04 09:31 - 2017-09-12 21:38 - 000004422 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
        2017-09-04 09:30 - 2017-09-12 22:12 - 000000000 ____D C:\Users\mcpph\AppData\Local\Adobe
        2017-09-04 09:27 - 2017-09-04 09:37 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\FastStone
        2017-09-04 09:26 - 2017-09-04 09:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
        2017-09-04 09:26 - 2017-09-04 09:26 - 000000000 ____D C:\Program Files (x86)\FastStone Image Viewer
        2017-09-04 09:14 - 2017-09-09 17:38 - 000000000 ____D C:\Program Files\Opera
        2017-09-04 09:14 - 2017-09-09 07:08 - 000003958 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1504505679
        2017-09-04 09:14 - 2017-09-04 09:14 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Opera Software
        2017-09-04 09:14 - 2017-09-04 09:14 - 000000000 ____D C:\Users\mcpph\AppData\Local\Opera Software
        2017-09-04 09:12 - 2017-09-04 10:04 - 000003834 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
        2017-09-04 09:12 - 2017-09-04 09:12 - 000003604 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
        2017-09-04 09:12 - 2017-09-04 09:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
        2017-09-04 09:12 - 2017-09-04 09:12 - 000000000 ____D C:\ProgramData\Intel(R) Update Manager
        2017-09-04 09:11 - 2017-09-06 10:25 - 000000000 ____D C:\Users\mcpph\AppData\Local\Share Link
        2017-09-04 09:11 - 2017-09-04 10:04 - 000000000 ____D C:\ProgramData\Intel
        2017-09-04 09:11 - 2017-09-04 09:11 - 000003394 _____ C:\Windows\System32\Tasks\IntelBootstrapCCDashExe
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Connect Center
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\Program Files\WinRAR
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\Program Files (x86)\ASUS
        2017-09-04 09:09 - 2017-09-12 15:13 - 000000000 ____D C:\Program Files\ExifPro 2.1
        2017-09-04 09:09 - 2017-09-04 09:09 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\MiK
        2017-09-04 09:09 - 2017-09-04 09:09 - 000000000 ____D C:\Users\mcpph\AppData\Local\MicrosoftEdge
        2017-09-04 09:09 - 2017-09-04 09:09 - 000000000 ____D C:\ProgramData\MiK
        2017-09-04 09:06 - 2017-09-04 09:25 - 000000551 _____ C:\Users\mcpph\Desktop\PHOTOS.lnk
        2017-09-04 09:06 - 2017-09-04 09:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Endless Slideshow Screensaver
        2017-09-04 09:06 - 2017-09-04 09:06 - 000000000 ____D C:\Program Files (x86)\Endless Slideshow Screensaver
        2017-09-04 09:06 - 2015-12-01 16:11 - 005133824 _____ (Extreme Internet Software) C:\Windows\Endless-Slideshow.scr
        2017-09-04 09:06 - 2013-02-06 18:30 - 000337408 _____ (www.imageen.com) C:\Windows\dcrawlib.dll
        2017-09-04 09:06 - 2012-05-21 13:43 - 001274880 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\libeay32.dll
        2017-09-04 09:06 - 2012-05-21 13:43 - 000330752 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\ssleay32.dll
        2017-09-04 09:06 - 2007-06-23 08:29 - 000084992 _____ C:\Windows\jbiglib.dll
        2017-09-04 09:06 - 2005-08-30 07:00 - 003919872 _____ C:\Windows\imagemagick.dll
        2017-09-04 08:59 - 2017-09-04 14:36 - 000000000 ____D C:\ProgramData\Package Cache
        2017-09-04 08:59 - 2017-09-04 08:59 - 000000000 ___RD C:\Program Files (x86)\Skype
        2017-09-04 08:59 - 2017-09-04 08:59 - 000000000 ____D C:\Users\mcpph\Tracing
        2017-09-04 08:59 - 2017-09-04 08:59 - 000000000 ____D C:\ProgramData\Skype
        2017-09-04 08:59 - 2017-09-04 08:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
        2017-09-04 08:49 - 2017-09-04 08:49 - 000002870 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
        2017-09-04 08:49 - 2017-09-04 08:49 - 000002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Protection.lnk
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Panda Security
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Protection
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\Program Files\CCleaner
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\Program Files (x86)\Panda Security
        2017-09-04 08:49 - 2017-07-19 05:31 - 000207328 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINKNC.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000179168 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINAflt.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000146912 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProt.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000140256 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINFile.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000133600 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProc.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000117216 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINReg.sys
        2017-09-04 08:49 - 2017-05-22 08:01 - 000072648 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
        2017-09-04 08:48 - 2017-09-04 08:49 - 000000000 ____D C:\ProgramData\Panda Security
        2017-09-04 08:43 - 2017-09-04 08:43 - 000000716 _____ C:\Users\mcpph\Desktop\SOFTWARE.lnk
        2017-09-04 08:40 - 2017-09-09 18:51 - 000000000 ____D C:\Wallpaper
        2017-09-04 08:37 - 2017-09-04 08:37 - 000004608 _____ C:\Windows\SECOH-QAD.exe
        2017-09-04 08:37 - 2017-09-04 08:37 - 000003584 _____ C:\Windows\SECOH-QAD.dll
        2017-09-04 08:37 - 2017-09-04 08:37 - 000003476 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
        2017-09-04 08:37 - 2017-09-04 08:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
        2017-09-04 08:37 - 2017-09-04 08:37 - 000000000 ____D C:\Program Files\KMSpico
        2017-09-04 08:37 - 2010-12-06 05:16 - 000090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
        2017-09-04 08:36 - 2017-09-17 12:39 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Skype
        2017-09-04 08:36 - 2017-09-17 12:20 - 001259196 _____ C:\Windows\system32\PerfStringBackup.INI
        2017-09-04 08:36 - 2017-09-04 08:51 - 000000000 ___RD C:\Users\mcpph\OneDrive
        2017-09-04 08:36 - 2017-09-04 08:36 - 000000000 ____D C:\Users\mcpph\AppData\Local\Comms
        2017-09-04 08:35 - 2017-09-04 09:12 - 000000000 ____D C:\Program Files (x86)\Intel
        2017-09-04 08:35 - 2017-09-04 09:11 - 000000000 ____D C:\Program Files\Intel
        2017-09-04 08:35 - 2017-09-04 08:36 - 000000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
        2017-09-04 08:35 - 2017-09-04 08:35 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
        2017-09-04 08:35 - 2017-09-04 08:35 - 000000000 ____D C:\Intel
        2017-09-04 08:35 - 2017-09-04 08:35 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
        2017-09-04 08:35 - 2017-09-04 08:23 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
        2017-09-04 08:35 - 2017-09-04 08:23 - 000000000 __SHD C:\Users\mcpph\IntelGraphicsProfiles
        2017-09-04 08:35 - 2017-03-18 08:35 - 000095216 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
        2017-09-04 08:35 - 2017-03-18 08:35 - 000091120 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
        2017-09-04 08:34 - 2017-09-04 17:49 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Adobe
        2017-09-04 08:34 - 2017-09-04 17:47 - 000000000 ____D C:\Users\mcpph\AppData\Local\Packages
        2017-09-04 08:34 - 2017-09-04 08:35 - 000000000 ____D C:\Users\mcpph\AppData\Local\ConnectedDevicesPlatform
        2017-09-04 08:34 - 2017-09-04 08:34 - 000000000 __RHD C:\Users\Public\AccountPictures
        2017-09-04 08:34 - 2017-09-04 08:34 - 000000000 ____D C:\Users\mcpph\AppData\Local\VirtualStore
        2017-09-04 08:34 - 2017-09-04 08:34 - 000000000 ____D C:\Users\mcpph\AppData\Local\TileDataLayer
        2017-09-04 08:34 - 2017-09-04 08:34 - 000000000 ____D C:\Users\mcpph\AppData\Local\Publishers
        2017-09-04 08:33 - 2017-09-13 19:41 - 000000000 ____D C:\Users\mcpph
        2017-09-04 08:33 - 2017-09-04 08:33 - 000000020 ___SH C:\Users\mcpph\ntuser.ini
        2017-09-04 08:33 - 2017-09-04 08:33 - 000000000 ____D C:\ProgramData\USOShared
        2017-09-04 08:32 - 2017-07-12 07:39 - 000942592 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
        2017-09-04 08:32 - 2017-03-18 23:56 - 002233344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
        2017-09-04 08:32 - 2017-03-18 07:59 - 004164608 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0002.dll
        2017-09-04 08:32 - 2017-03-18 07:55 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0002.dll
        2017-09-04 08:32 - 2017-03-18 07:54 - 001914368 _____ (Microsoft Corporation) C:\Windows\system32\MLS2.dll
        2017-09-04 08:32 - 2017-03-18 07:43 - 004164608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsLexicons0002.dll
        2017-09-04 08:32 - 2017-03-18 07:40 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsData0002.dll
        2017-09-04 08:32 - 2017-03-18 07:39 - 001868288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MLS2.dll
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-17 12:36 - 2017-03-18 14:40 - 000524288 _____ C:\Windows\system32\config\BBI
        2017-09-17 12:22 - 2017-03-19 00:01 - 000000000 ____D C:\Windows\INF
        2017-09-12 22:12 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\SysWOW64\Macromed
        2017-09-12 22:12 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\Macromed
        2017-09-05 23:33 - 2017-03-18 23:51 - 000000000 ____D C:\Windows\CbsTemp
        2017-09-05 08:03 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\appcompat
        2017-09-04 19:28 - 2017-03-19 00:03 - 000028672 _____ C:\Windows\system32\config\BCD-Template
        2017-09-04 18:30 - 2017-03-18 14:40 - 000000000 ____D C:\Windows\system32\Sysprep
        2017-09-04 18:29 - 2017-03-19 05:31 - 000000000 ____D C:\Windows\HoloShell
        2017-09-04 18:29 - 2017-03-19 00:03 - 000000000 ___RD C:\Windows\PrintDialog
        2017-09-04 18:29 - 2017-03-19 00:03 - 000000000 ___RD C:\Windows\MiracastView
        2017-09-04 18:29 - 2017-03-19 00:03 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
        2017-09-04 18:29 - 2017-03-18 14:40 - 000032768 _____ C:\Windows\system32\config\ELAM
        2017-09-04 17:47 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\AppReadiness
        2017-09-04 11:34 - 2017-03-19 00:03 - 000000000 ___HD C:\Program Files\WindowsApps
        2017-09-04 10:07 - 2017-03-19 00:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
        2017-09-04 08:49 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
        2017-09-04 08:49 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\GroupPolicy
        2017-09-04 08:47 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\Cursors
        2017-09-04 08:33 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\WinBioDatabase
        2017-09-04 08:33 - 2017-03-19 00:03 - 000000000 ____D C:\ProgramData\USOPrivate
        2017-09-04 08:32 - 2017-03-19 05:30 - 000000000 ____D C:\Windows\OCR
        2017-09-04 08:32 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\spool
        2017-09-04 08:32 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\FxsTmp
        2017-09-04 08:31 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\rescache
        2017-09-04 08:31 - 2017-03-19 00:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
        ==================== Files in the root of some directories =======
        2017-09-17 12:04 - 2017-09-17 12:04 - 000423080 _____ () C:\ProgramData\WinSxA.exe
        Files to move or delete:
        ====================
        C:\ProgramData\WinSxA.exe

        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\SysWOW64\explorer.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\SysWOW64\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\SysWOW64\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\SysWOW64\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-09-04 18:29
        ==================== End of FRST.txt ============================
        Addition.txt
        Panda_report.txt
      • от pesho66
        Привет Имам проблем с дяловете на хард дисковете , вероятно става въпрос за някои вирус .Темата е пренасочена от Инфо за проблема
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
        Ran by BigUser (administrator) on BIGUSER-PC (03-09-2017 11:52:48)
        Running from C:\Users\BigUser\Downloads
        Loaded Profiles: BigUser (Available Profiles: BigUser)
        Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
        Internet Explorer Version 8 (Default browser: FF)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (AMD) C:\Windows\System32\atiesrxx.exe
        (AMD) C:\Windows\System32\atieclxx.exe
        (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
        (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
        (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
        (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
        (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
        (Transaction Software, D 81737 Munich) C:\BMWgroup\ETKLokal\transbase\tbmux32.exe
        (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
        (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
        (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
        HKU\S-1-5-21-2627889718-3068437435-1976458178-1000\...\Run: [Viber] => C:\Users\BigUser\AppData\Local\Viber\Viber.exe [30896208 2017-08-22] (Viber Media S.à r.l.)
        HKU\S-1-5-21-2627889718-3068437435-1976458178-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17420464 2012-07-13] (Skype Technologies S.A.)
        HKU\S-1-5-21-2627889718-3068437435-1976458178-1000\...\MountPoints2: G - G:\setup.exe
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
        Tcpip\..\Interfaces\{0C599813-3678-49A7-B4FE-517D8BC490A4}: [DhcpNameServer] 192.168.0.1
        Internet Explorer:
        ==================
        HKU\S-1-5-21-2627889718-3068437435-1976458178-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yandex.ru/?win=260&clid=2255931
        SearchScopes: HKU\S-1-5-21-2627889718-3068437435-1976458178-1000 -> DefaultScope d2356acc-c842-11e6-bdf2-00262d527177 URL = hxxps://yandex.ru/search/?win=260&clid=2255932&text={searchTerms}
        SearchScopes: HKU\S-1-5-21-2627889718-3068437435-1976458178-1000 -> d2356acc-c842-11e6-bdf2-00262d527177 URL = hxxps://yandex.ru/search/?win=260&clid=2255932&text={searchTerms}
        BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
        BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
        BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
        BHO-x32: Instair -> {0D778FDC-FAD7-4B1D-AB88-7A76A562D65C} -> C:\Program Files\Instair\Instair.dll [2016-12-23] ()
        BHO-x32: QuickStores-Toolbar -> {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
        BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
        BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
        Toolbar: HKLM-x32 - QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
        Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
        Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
        Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
        Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
        Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
        Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
        Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
        Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
        Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
        FireFox:
        ========
        FF ProfilePath: C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2017-09-03]
        FF NewTab: Mozilla\Firefox\Profiles\nahd6ha2.default -> chrome://fvd.speeddial/content/fvd_about_blank.html
        FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Яндекс
        FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Яндекс
        FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> chrome://fvd.speeddial/content/fvd_about_blank.html
        FF Extension: (AdBlocker Ultimate) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-12-28]
        FF Extension: (Instair) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\contact@instair.net [2016-12-23] [not signed]
        FF Extension: (Nimbus Screen Capture - editable screenshots.) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2016-12-23]
        FF Extension: (Speed Dial [FVD] - New Tab Page, Sync...) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\pavel.sherbakov@gmail.com [2017-09-02]
        FF Extension: (Save as PDF) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2016-12-23]
        FF Extension: (Google Translator for Firefox) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\translator@zoli.bod.xpi [2017-02-12]
        FF Extension: (Google  Image Search) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2016-12-23]
        FF Extension: (DownThemAll!) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-12-23]
        FF SearchPlugin: C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-143319.xml [2016-12-22]
        FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
        FF Plugin: @videolan.org/vlc,version=3.0.0-git -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-06-17] (VideoLAN)
        FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-27] (Google, Inc.)
        FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
        FF Plugin-x32: @mobilityflow.com/tvp,version=1.0.1 -> C:\Program Files (x86)\Mobilityflow\Torrent Video Player\npvlc.dll [2012-11-19] (VideoLAN)
        FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-07-24] (Nitro PDF)
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-01] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-01] (Google Inc.)
        FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2007-05-10] (Adobe Systems Inc.)
        FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
        Chrome:
        =======
        CHR DefaultProfile: Default
        CHR HomePage: Default -> yandex.ru/?__PARAM__from=chromehp
        CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT2481034&SearchSource=48","hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={6189A548-5277-11E2-A19C-005056C00008}","hxxp://www.delta-search.com/?affID=119292&babsrc=HP_ss&mntrId=6ada26500000000000002eeee680fd43","hxxp://www.yandex.ru/?win=125&clid=2041421","hxxp://isearch.omiga-plus.com/?type=hp&ts=1405529599&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ATNSAF254578V","hxxp://isearch.omiga-plus.com/?type=hp&ts=1405530061&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ATNSAF254578V","hxxp://www.mystartsearch.com/?type=hp&ts=1418069766&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ATNSAF254578V"
        CHR DefaultSearchURL: Default -> hxxps://yandex.ru/search/?__PARAM__from=chromesearch&text={searchTerms}
        CHR DefaultSearchKeyword: Default -> yandex.ru
        CHR DefaultSuggestURL: Default -> hxxps://suggest.yandex.net/suggest-ff.cgi?uil=ru&part={searchTerms}
        CHR Session Restore: Default -> is enabled.
        CHR Profile: C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default [2017-01-11]
        CHR Extension: (Google Презентации) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-22]
        CHR Extension: (Google Диск) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-22]
        CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-12-22]
        CHR Extension: (YouTube) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-22]
        CHR Extension: (Adblock Plus) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-22]
        CHR Extension: (Google Търсене) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-12-22]
        CHR Extension: (Електронни таблици от Google) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-22]
        CHR Extension: (Google Документи офлайн) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-22]
        CHR Extension: (AdBlock) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-07]
        CHR Extension: (Запазване в Google Диск) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2016-12-22]
        CHR Extension: (Numerics Calculator & Converter) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2016-12-22]
        CHR Extension: (Google Карти) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-12-22]
        CHR Extension: (Save to Pocket) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-12-22]
        CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-22]
        CHR Extension: (Gmail) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-22]
        CHR Extension: (Chrome Media Router) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-22]
        CHR HKLM-x32\...\Chrome\Extension: [geidjeefddhgefeplhdlegoldlgiodon] - hxxp://clients2.google.com/service/update2/crx
        CHR HKLM-x32\...\Chrome\Extension: [lgdnilodcpljomelbbnpgdogdbmclbni] - hxxp://clients2.google.com/service/update2/crx
        CHR HKLM-x32\...\Chrome\Extension: [pjfkgjlnocfakoheoapicnknoglipapd] - hxxp://clients2.google.com/service/update2/crx
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-24] (Nitro PDF Software)
        S2 SwOffScheduler; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2011-05-28] (Airytec) [File not signed]
        S2 SwOffWeb; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2011-05-28] (Airytec) [File not signed]
        R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
        R2 Transbase; C:\BMWgroup\ETKLokal\transbase\tbmux32.exe [385024 2004-08-05] (Transaction Software, D 81737 Munich) [File not signed]
        S2 Transbase TECDOC CD 1_2015 Service; F:\TECDOC_CD\1_2015\db\tbmux32.exe [360448 2014-05-08] (Transaction Software, D 81829 Munich) [File not signed]
        R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
        R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
        R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
        S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 esgiguard; F:\My Programs\Антиспам-програми Firewalls\SpyHunter\esgiguard.sys [15920 2016-08-25] (Enigma Software Group USA, LLC.)
        S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2011-11-07] ()
        S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2014-07-23] (Windows (R) Win 7 DDK provider)
        U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
        S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2016-04-19] (Western Digital Technologies)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-03 11:52 - 2017-09-03 11:53 - 000015913 _____ C:\Users\BigUser\Downloads\FRST.txt
        2017-09-03 11:52 - 2017-09-03 11:52 - 000000000 ____D C:\FRST
        2017-09-03 11:50 - 2017-09-03 11:50 - 002395648 _____ (Farbar) C:\Users\BigUser\Downloads\FRST64.exe
        2017-09-03 11:45 - 2017-09-03 11:46 - 000008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
        2017-09-02 21:11 - 2017-09-02 21:11 - 000002515 _____ C:\Users\Public\Desktop\Skype.lnk
        2017-09-02 21:11 - 2017-09-02 21:11 - 000000000 ___RD C:\Program Files (x86)\Skype
        2017-09-02 21:11 - 2017-09-02 21:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
        2017-09-02 21:08 - 2017-09-02 21:08 - 000000000 ____D C:\Windows\system32\appmgmt
        2017-09-02 20:54 - 2017-09-02 21:07 - 000000000 ____D C:\Users\BigUser\Desktop\b
        2017-09-02 16:04 - 2017-09-02 16:05 - 000000000 ____D C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Pro
        2017-09-02 16:04 - 2017-09-02 16:04 - 000002007 _____ C:\Users\BigUser\AppData\Roaming\Microsoft\Windows\Start Menu\ScreenHunter 5.1 Pro.lnk
        2017-09-02 16:04 - 2017-09-02 16:04 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 5 Pro
        2017-09-02 16:04 - 2017-09-02 16:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 5 Pro
        2017-09-01 13:25 - 2017-09-01 13:25 - 000000000 ____D C:\Users\BigUser\AppData\Local\Viber Media S.à r.l
        2017-09-01 13:24 - 2017-09-01 13:25 - 000000000 ____D C:\Users\BigUser\AppData\Local\Viber
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-03 11:52 - 2009-07-14 07:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
        2017-09-03 11:52 - 2009-07-14 07:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
        2017-09-03 11:48 - 2009-07-14 08:13 - 000781782 _____ C:\Windows\system32\PerfStringBackup.INI
        2017-09-03 11:48 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
        2017-09-03 11:45 - 2016-12-22 15:11 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\ViberPC
        2017-09-03 11:44 - 2016-12-22 15:11 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\Skype
        2017-09-03 11:44 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
        2017-09-03 10:59 - 2016-12-22 14:56 - 000000000 ____D C:\Program Files (x86)\Steam
        2017-09-03 10:24 - 2016-12-23 21:46 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\Nitro PDF
        2017-09-03 10:06 - 2017-03-05 01:31 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\vlc
        2017-09-02 21:20 - 2016-12-22 14:40 - 000000000 ____D C:\Users\BigUser\Documents\ViberDownloads
        2017-09-02 21:11 - 2016-12-22 15:11 - 000000000 ____D C:\ProgramData\Skype
        2017-09-02 20:54 - 2016-12-22 14:25 - 000000000 ____D C:\Users\BigUser
        2017-09-02 11:19 - 2016-12-26 23:20 - 000000000 ____D C:\BMWScan140
        2017-09-01 17:37 - 2017-02-26 23:56 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\uTorrent
        2017-09-01 17:37 - 2017-02-26 23:56 - 000000000 ____D C:\Users\BigUser\AppData\LocalLow\uTorrent
        2017-09-01 13:20 - 2016-12-22 14:50 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
        2017-09-01 13:20 - 2016-12-22 14:50 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
        2017-09-01 13:13 - 2016-12-22 14:50 - 000003430 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
        2017-09-01 13:13 - 2016-12-22 14:50 - 000003302 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
        ==================== Files in the root of some directories =======
        2016-12-22 15:25 - 2014-04-29 18:36 - 000000036 _____ () C:\Users\BigUser\AppData\Local\installLang.ini
        2016-12-25 21:14 - 2016-12-26 20:40 - 012390794 _____ () C:\ProgramData\OfflineCatalogue_1_2015_TECDOC_CD.log
        Some files in TEMP:
        ====================
        2010-11-18 23:27 - 2010-11-18 23:27 - 000587776 _____ (Igor Pavlov) C:\Users\BigUser\AppData\Local\Temp\7za.exe
        2016-12-26 18:35 - 2013-09-04 16:01 - 023454528 ____N (                                   ) C:\Users\BigUser\AppData\Local\Temp\AdbeRdr_en_US.exe
        2016-12-22 15:29 - 2016-12-22 15:29 - 000059904 _____ () C:\Users\BigUser\AppData\Local\Temp\bitool.dll
        2013-07-29 01:22 - 2013-07-29 01:22 - 000107520 _____ () C:\Users\BigUser\AppData\Local\Temp\KEYGEN-FFF.exe
        2016-12-22 15:27 - 2013-10-16 23:55 - 000036864 _____ (noOrg) C:\Users\BigUser\AppData\Local\Temp\lanbox.exe
        2015-07-31 07:06 - 2015-07-31 07:06 - 000242864 ____R (Microsoft Corporation) C:\Users\BigUser\AppData\Local\Temp\ose00000.exe
        2014-11-08 11:33 - 2015-01-08 00:48 - 000601088 _____ () C:\Users\BigUser\AppData\Local\Temp\Quarantine.exe
        2010-03-31 22:17 - 2010-03-31 22:17 - 000435544 _____ (AB-Tools.com                                                ) C:\Users\BigUser\AppData\Local\Temp\QuickStores_Unlocker.exe
        2012-11-02 12:08 - 2012-11-02 12:08 - 000118784 _____ () C:\Users\BigUser\AppData\Local\Temp\xmlUpdater.exe
        2016-12-22 15:33 - 2016-09-08 18:01 - 000237920 _____ () C:\Users\BigUser\AppData\Local\Temp\YandexWorking.exe
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\SysWOW64\wininit.exe => File is digitally signed
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\SysWOW64\explorer.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\SysWOW64\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\SysWOW64\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\SysWOW64\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-04-04 01:52
        ==================== End of FRST.txt ============================
         
         
         
        Addition.txt
      • от Филипов
        Не е мой. Поради това мога да се забавя с реакцията. Нещо иска да поправя компютъра / упдейтва драйвери.
        Едното го премахмах от Add/Remove Programs и се замени от друг подобен боклук.
        Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2017
        Ran by User 1 (administrator) on HOME-5D870EAA9B (01-09-2017 21:38:43)
        Running from C:\Documents and Settings\User 1\Desktop
        Loaded Profiles: User 1 & UpdatusUser (Available Profiles: User 1 & UpdatusUser)
        Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
        Internet Explorer Version 8 (Default browser: FF)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (VIA Technologies, Inc.) C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
        (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
        (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
        () C:\Documents and Settings\User 1\Application Data\System Monitor\sm.exe
        (Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
        (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
        (Jawego) C:\Program Files\PC Protector Plus\PCProtectorPlus.exe
        (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
        (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
        (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
        (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [AudioDeck] => C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe [528384 2007-08-09] (VIA Technologies, Inc.)
        HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
        HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
        HKLM\...\Run: [PC Protector Plus_startup] => C:\Program Files\PC Protector Plus\PCProtectorPlus.exe [6239680 2016-09-26] (Jawego)
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [25479680 2017-03-20] (Skype Technologies S.A.)
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\Run: [SMReminder] => C:\Documents and Settings\User 1\Application Data\System Monitor\sm.exe [2959312 2017-08-30] ()
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\Run: [securedriverupdaterDUReminder] => C:\Program Files\Secure Driver Updater\SDU.exe -rem
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\MountPoints2: {350a9c3e-b665-11e6-a11e-0008c7399231} - D:\LGAutoRun.exe
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\MountPoints2: {c9e26fc6-0281-11e3-9c1b-000b6a1cfcf7} - CMD /C START SysConfig.{645FF040-5081-101B-9F08-00AA002F954E}\sysconfig-x932851.dat
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
        Tcpip\..\Interfaces\{ED529269-1461-4DBF-ADAD-F0E66CE70B2A}: [DhcpNameServer] 192.168.1.1
        Internet Explorer:
        ==================
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://gbg.bg/
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
        URLSearchHook: [S-1-5-21-1757981266-1275210071-1644491937-1004] ATTENTION => Default URLSearchHook is missing
        BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
        DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
        Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
        Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
        FireFox:
        ========
        FF ProfilePath: C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750 [2017-09-01]
        FF Session Restore: C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750 -> is enabled.
        FF Extension: (Enhancer for YouTube™) - C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2017-06-19]
        FF Extension: (YouTube Video and Audio Downloader) - C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2017-06-20]
        FF Extension: (Low Quality Flash) - C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750\Extensions\low_quality_flash@pie2k.com [2017-06-19]
        FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
        FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-18] [not signed]
        FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-09-01] ()
        FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
        FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
        FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
        FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
        FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
        Chrome:
        =======
        CHR DefaultProfile: Default
        CHR HKLM\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
        CHR HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-09-01] (Adobe Systems Incorporated) [File not signed]
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
        S3 DrvAgent32; C:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2013-08-17] (Phoenix Technologies) [File not signed]
        S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
        R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
        R3 N100; C:\WINDOWS\System32\DRIVERS\n100325.sys [128000 2001-08-17] (Compaq Computer Corporation)
        S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
        S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [33512 2013-02-14] (AnchorFree Inc)
        R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [26880 2002-12-27] (VIA Technologies, Inc.)
        R3 VIAudio; C:\WINDOWS\System32\drivers\vinyl97.sys [207488 2007-06-27] (VIA Technologies, Inc.)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-01 21:38 - 2017-09-01 21:39 - 000008769 _____ C:\Documents and Settings\User 1\Desktop\FRST.txt
        2017-09-01 21:38 - 2017-09-01 21:38 - 000000000 ____D C:\FRST
        2017-09-01 21:32 - 2017-09-01 21:32 - 001792512 _____ (Farbar) C:\Documents and Settings\User 1\Desktop\FRST.exe
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000780 _____ C:\Documents and Settings\All Users\Desktop\PC Protector Plus.lnk
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000326 _____ C:\WINDOWS\Tasks\PC Protector Plus_runnag.job
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Program Files\PC Protector Plus
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\User 1\Local Settings\Application Data\Jawego
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\User 1\Application Data\PCPRJ
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\User 1\Application Data\Jawego
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PC Protector Plus
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Jawego
        2017-09-01 20:57 - 2016-09-26 17:26 - 000022464 _____ C:\WINDOWS\system32\pcplusnative32.exe
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-01 21:39 - 2013-08-11 14:47 - 000000000 ____D C:\Documents and Settings\User 1\Local Settings\Temp
        2017-09-01 21:37 - 2013-08-11 16:29 - 000000000 ____D C:\Documents and Settings\User 1\Application Data\Skype
        2017-09-01 21:23 - 2013-08-11 15:11 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
        2017-09-01 21:15 - 2015-01-05 17:01 - 000000986 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
        2017-09-01 20:57 - 2017-06-20 16:22 - 000000000 ____D C:\Documents and Settings\User 1\Application Data\System Monitor
        2017-09-01 20:53 - 2014-02-16 19:52 - 000003564 _____ C:\WINDOWS\wincmd.ini
        2017-09-01 20:52 - 2016-12-17 02:04 - 000000982 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d257f0bb9fdf30.job
        2017-09-01 20:52 - 2015-01-05 17:01 - 000000982 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
        2017-09-01 20:52 - 2014-06-19 14:26 - 000000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
        2017-09-01 20:52 - 2013-08-11 14:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
        2017-09-01 20:52 - 2008-04-14 12:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
        2017-09-01 20:51 - 2013-08-11 14:47 - 000000178 ___SH C:\Documents and Settings\User 1\ntuser.ini
        2017-09-01 20:51 - 2013-08-11 14:43 - 000032540 _____ C:\WINDOWS\SchedLgU.Txt
        2017-09-01 16:23 - 2017-08-01 10:23 - 005763072 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
        2017-09-01 16:23 - 2013-08-11 15:11 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
        2017-09-01 16:23 - 2013-08-11 15:11 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
        2017-09-01 16:23 - 2013-08-11 14:34 - 000000000 ____D C:\WINDOWS\system32\Macromed
        2017-08-08 15:00 - 2014-06-19 14:26 - 000000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
        ==================== Files in the root of some directories =======
        2014-12-11 13:44 - 2014-12-11 13:44 - 000031611 ____C () C:\Program Files\third-party_attributions.txt
        2015-09-20 04:55 - 2017-05-03 22:21 - 000009728 _____ () C:\Documents and Settings\User 1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\WINDOWS\explorer.exe => File is digitally signed
        C:\WINDOWS\system32\winlogon.exe => File is digitally signed
        C:\WINDOWS\system32\svchost.exe => File is digitally signed
        C:\WINDOWS\system32\services.exe => File is digitally signed
        C:\WINDOWS\system32\User32.dll => File is digitally signed
        C:\WINDOWS\system32\userinit.exe => File is digitally signed
        C:\WINDOWS\system32\rpcss.dll => File is digitally signed
        C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
        C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
        ==================== End of FRST.txt ============================
        Addition.txt
      • от мирослав24
        Здравейте,
        имам проблеми с компютъра-много трудно използвам клавиатурата,особено ако пиша директно в браузъра,за да се напише буква трябва да натискам няколко пъти съответния бутон и често не се изписва съответната буква а се изпълнява друга функция-или се отваря някоя икона от десктопа или се затваря браузъра.Така е с виртуалната и с наличната и с външна.Много трудно се отварят програмите по причина че се отварят за части от секундата и се затварят сами.Успях частично да сканирам с ЕСЕТ онлайн скенер,като заби почти на привършване,ето и лога :
        C:\ProgramData\Panda Security\Panda Cloud Antivirus\Download\0x04011000\CloudAntivirus.exe    a variant of Win32/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.B potentially unwanted application,a variant of Win64/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.C potentially unwanted application,a variant of Win32/Toolbar.Visicom.E potentially unwanted application,a variant of Win64/NetFilter.A potentially unsafe application,a variant of Win32/NetFilter.A potentially unsafe application    
        C:\Users\All Users\Panda Security\Panda Cloud Antivirus\Download\0x04011000\CloudAntivirus.exe    a variant of Win32/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.B potentially unwanted application,a variant of Win64/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.C potentially unwanted application,a variant of Win32/Toolbar.Visicom.E potentially unwanted application,a variant of Win64/NetFilter.A potentially unsafe application,a variant of Win32/NetFilter.A potentially unsafe application    
        C:\Users\GERGANA\AppData\Roaming\uTorrent\uTorrent.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    
        C:\Users\GERGANA\Desktop\avc-free.exe    a variant of Win32/FusionCore.L potentially unwanted application    
        Успях да подкарам и FRST
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2017
        Ran by GERGANA (administrator) on GERGANA-PC (13-08-2017 17:35:14)
        Running from C:\Users\GERGANA\Desktop
        Loaded Profiles: GERGANA (Available Profiles: GERGANA)
        Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
        Internet Explorer Version 11 (Default browser: Chrome)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
        (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
        (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
        (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
        (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
        (BitTorrent Inc.) C:\Users\GERGANA\AppData\Roaming\uTorrent\uTorrent.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [SBRegRebootCleaner] => C:\VIPRERESCUE\SBRC.exe [202128 2013-09-30] (ThreatTrack Security, Inc.)
        HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [2154592 2017-07-31] (QIHU 360 SOFTWARE CO. LIMITED)
        Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
        Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2015-01-08]
        ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
        BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 84.54.128.100 84.54.128.9
        Tcpip\..\Interfaces\{050FEA5C-3630-4D0F-A8E4-8EC183BF8AE8}: [DhcpNameServer] 84.54.128.100 84.54.128.9
        Tcpip\..\Interfaces\{94C064C5-8139-44AB-810C-1E9D0A2F024F}: [DhcpNameServer] 84.54.128.100 84.54.128.9
        Tcpip\..\Interfaces\{C9DE01DF-38AF-422C-8292-00BF45A44DE5}: [DhcpNameServer] 217.18.252.131 87.246.20.11
        Internet Explorer:
        ==================
        BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2017-07-26] (Qihu 360 Software Co., Ltd.)
        BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation)
        BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
        FireFox:
        ========
        FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
        FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
        FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
        FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
        FF Plugin-x32: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)
        FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
        FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
        Chrome: 
        =======
        CHR DefaultProfile: Default
        CHR Profile: C:\Users\GERGANA\AppData\Local\Google\Chrome\User Data\Default [2017-08-13]
        CHR Extension: (Adblock Plus) - C:\Users\GERGANA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
        CHR Extension: (AdBlocker Ultimate) - C:\Users\GERGANA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2017-01-22]
        CHR Extension: (Chrome Media Router) - C:\Users\GERGANA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-04]
        CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
        Opera: 
        =======
        OPR StartupUrls: "hxxp://google.bg/"
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
        S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
        R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
        R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [929888 2017-07-26] (QIHU 360 SOFTWARE CO. LIMITED)
        S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed]
        R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [175040 2017-06-09] (360.cn)
        R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [86248 2017-07-26] (360.cn)
        R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2017-07-26] (360.cn)
        R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2017-07-26] (360.cn)
        R3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [49088 2017-06-09] (360.cn)
        R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [423360 2017-06-09] (360.cn)
        R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [190400 2017-06-09] (360.cn)
        R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
        S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
        S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
        R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-11] (Intel Corporation)
        S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [119680 2009-11-17] (TCT International Mobile Ltd)
        R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-19] (Qualcomm Atheros Co., Ltd.)
        S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-08-13 17:35 - 2017-08-13 17:35 - 000008280 _____ C:\Users\GERGANA\Desktop\FRST.txt
        2017-08-13 17:34 - 2017-08-13 17:35 - 000000000 ____D C:\FRST
        2017-08-13 17:32 - 2017-08-13 17:32 - 002395648 _____ (Farbar) C:\Users\GERGANA\Desktop\FRST64.exe
        2017-08-13 17:20 - 2017-08-13 17:20 - 000002738 _____ C:\Users\GERGANA\Desktop\есет сканиране.txt
        2017-08-13 16:54 - 2017-08-13 16:54 - 006754944 _____ (ESET spol. s r.o.) C:\Users\GERGANA\Desktop\esetonlinescanner_enu.exe
        2017-08-13 16:54 - 2017-08-13 16:54 - 000000000 ____D C:\Users\GERGANA\AppData\Local\ESET
        2017-08-09 18:00 - 2017-08-09 18:00 - 391386202 _____ C:\Windows\MEMORY.DMP
        2017-08-09 18:00 - 2017-08-09 18:00 - 000281272 _____ C:\Windows\Minidump\080917-15880-01.dmp
        2017-08-06 22:30 - 2017-08-06 22:30 - 000109864 _____ C:\Users\GERGANA\AppData\Local\GDIPFONTCACHEV1.DAT
        2017-08-06 20:52 - 2017-08-06 20:52 - 000409576 _____ C:\Windows\system32\FNTCACHE.DAT
        2017-08-04 22:57 - 2017-08-04 22:57 - 000002071 _____ C:\Users\GERGANA\Desktop\Cleanup.lnk
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-08-13 17:35 - 2013-12-11 15:23 - 000000000 ____D C:\Users\GERGANA\AppData\Roaming\uTorrent
        2017-08-13 17:34 - 2016-05-09 19:36 - 000000000 __SHD C:\$360Section
        2017-08-13 17:34 - 2016-05-09 19:32 - 000000000 ____D C:\ProgramData\360Quarant
        2017-08-13 12:59 - 2016-05-09 19:30 - 000000000 ____D C:\Users\GERGANA\AppData\LocalLow\360WD
        2017-08-13 12:54 - 2009-07-14 07:45 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
        2017-08-13 12:54 - 2009-07-14 07:45 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
        2017-08-13 12:48 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
        2017-08-09 18:00 - 2014-10-14 19:33 - 000000000 ____D C:\Windows\Minidump
        2017-08-09 17:56 - 2016-05-27 01:36 - 000000000 ____D C:\Users\GERGANA\AppData\Roaming\Skype
        2017-08-09 17:41 - 2016-05-08 15:52 - 000594316 _____ C:\Windows\system32\perfh002.dat
        2017-08-09 17:41 - 2016-05-08 15:52 - 000096648 _____ C:\Windows\system32\perfc002.dat
        2017-08-09 17:41 - 2009-07-14 08:13 - 001365408 _____ C:\Windows\system32\PerfStringBackup.INI
        2017-08-09 17:41 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
        2017-08-08 09:50 - 2016-06-30 21:37 - 000001149 _____ C:\Users\Public\Desktop\360 Total Security.lnk
        2017-08-08 09:50 - 2016-05-09 19:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
        2017-08-06 19:41 - 2014-05-30 07:32 - 000003718 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
        2017-08-06 19:41 - 2014-05-30 07:32 - 000003476 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
        2017-08-06 19:41 - 2013-12-11 16:41 - 000003430 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
        2017-08-06 19:41 - 2013-12-11 16:41 - 000003302 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
        2017-08-03 22:08 - 2013-12-11 16:42 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
        2017-07-27 09:04 - 2009-07-14 08:08 - 000032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
        2017-07-26 13:36 - 2016-05-09 19:30 - 000086248 _____ (360.cn) C:\Windows\SysWOW64\Drivers\360AvFlt.sys
        2017-07-26 13:36 - 2016-05-09 19:29 - 000330472 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys
        2017-07-26 13:36 - 2016-05-09 19:29 - 000086248 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys
        ==================== Files in the root of some directories =======
        2014-03-20 23:13 - 2017-05-28 13:47 - 000011776 _____ () C:\Users\GERGANA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
        2016-06-16 17:44 - 2016-06-16 17:44 - 000000036 _____ () C:\Users\GERGANA\AppData\Local\housecall.guid.cache
        2013-12-17 20:46 - 2014-09-03 23:44 - 000007668 _____ () C:\Users\GERGANA\AppData\Local\resmon.resmoncfg
        2014-02-02 00:20 - 2014-02-02 00:20 - 000000000 _____ () C:\ProgramData\0x0304A000.sfl
        Some files in TEMP:
        ====================
        2017-08-06 21:00 - 2017-08-07 18:05 - 058782680 _____ (Skype Technologies S.A.) C:\Users\GERGANA\AppData\Local\Temp\SkypeSetup.exe
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\SysWOW64\wininit.exe => File is digitally signed
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\SysWOW64\explorer.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\SysWOW64\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\SysWOW64\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\SysWOW64\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-08-13 16:40
        ==================== End of FRST.txt ============================
        Addition.txt
      • от alexalm
        Здравейте,
        имам лаптоп Lenovo IdeaPad Y700-15ISK
        вчера вечерта забелязах, че докато съм в интерент системата зпочна да се забавя, да мисли много докато отврая нещо... Пуснах windows defender  да сканира и намери 4 вируса - изтрих ги, като цяло всичко изглежда добре но днес пак ми намери един троянски кон + мисля че може да вижда като вируси кейгени, които съм използвала за инсталиране на Photoshop и Illustartor - HackTool:Win32/Keygen.
        Нямам диск за операционната система.
        Моля да проверим дали системата ми е чиста.
         
        Благодаря предварително!
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
        Ran by Vesi (administrator) on DESKTOP-KT0311H (26-08-2017 11:22:49)
        Running from C:\Users\Vesi\Desktop
        Loaded Profiles: Vesi (Available Profiles: Vesi)
        Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
        Internet Explorer Version 11 (Default browser: FF)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
        (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
        () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
        (Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
        (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
        (@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
        (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
        (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
        (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
        (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
        (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
        (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
        (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
        (Intel Corporation) C:\Windows\System32\igfxEM.exe
        (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
        (Intel Corporation) C:\Windows\System32\igfxHK.exe
        () C:\Windows\System32\igfxTray.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
        (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
        (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
        (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
        (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
        (Viber Media S.à r.l.) C:\Users\Vesi\AppData\Local\Viber\Viber.exe
        (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
        (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
        (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
        (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
        (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
        () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
        (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
        (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
        (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
        () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
        (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
        () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
        () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\Video.UI.exe
        (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8400.41055.0_x64__8wekyb3d8bbwe\HxOutlook.exe
        (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8400.41055.0_x64__8wekyb3d8bbwe\HxTsr.exe
        () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1862.0_x64__8wekyb3d8bbwe\Calculator.exe
        (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
        (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
        (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
        (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
        (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
        (Microsoft Corporation) C:\Windows\System32\dllhost.exe
        (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
        (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
        (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
        (Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
        (Microsoft Corporation) C:\Windows\System32\dllhost.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
        HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-01-22] (Realtek Semiconductor)
        HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-01-22] (Realtek Semiconductor)
        HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-01-22] (Realtek Semiconductor)
        HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-01-22] (Realtek Semiconductor)
        HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
        HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
        HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
        HKU\S-1-5-21-3436498861-2500663078-494777252-1001\...\Run: [uTorrent] => C:\Users\Vesi\AppData\Roaming\uTorrent\uTorrent.exe [2146496 2017-07-03] (BitTorrent Inc.)
        HKU\S-1-5-21-3436498861-2500663078-494777252-1001\...\Run: [Viber] => C:\Users\Vesi\AppData\Local\Viber\Viber.exe [30867536 2017-08-03] (Viber Media S.à r.l.)
        HKU\S-1-5-21-3436498861-2500663078-494777252-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27815896 2017-07-28] (Skype Technologies S.A.)
        HKU\S-1-5-21-3436498861-2500663078-494777252-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-07-03] (Disc Soft Ltd)
        HKU\S-1-5-21-3436498861-2500663078-494777252-1001\...\MountPoints2: {5543fe8a-5cfb-11e7-82e3-ccb0daa79f6a} - "E:\Autoplay.exe" -auto
        IFEO\OSppSvc.exe: [Debugger] KMS-R@1nHook.exe
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
        Tcpip\Parameters: [DhcpNameServer] 172.16.1.1
        Tcpip\..\Interfaces\{69341f9f-82fc-48be-8c8d-204136e485b0}: [DhcpNameServer] 172.16.1.1
        Internet Explorer:
        ==================
        BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-15] (Microsoft Corporation)
        Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
        Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
        Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
        Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
        FireFox:
        ========
        FF DefaultProfile: gpgj94ro.default
        FF ProfilePath: C:\Users\Vesi\AppData\Roaming\Mozilla\Firefox\Profiles\gpgj94ro.default [2017-08-26]
        FF Homepage: Mozilla\Firefox\Profiles\gpgj94ro.default -> hxxps://www.google.bg
        FF Extension: (Adblock Plus) - C:\Users\Vesi\AppData\Roaming\Mozilla\Firefox\Profiles\gpgj94ro.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
        FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-26] ()
        FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
        FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
        FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-26] ()
        FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
        FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
        FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
        FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
        FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
        R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
        R2 AtherosSvc; C:\WINDOWS\system32\AdminService.exe [347064 2016-08-12] (Windows (R) Win 7 DDK provider)
        S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [623072 2016-06-01] (Intel Corporation)
        R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [176640 2015-09-22] () [File not signed]
        S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-07-03] (Disc Soft Ltd)
        R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
        R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373736 2016-06-01] (Intel Corporation)
        S2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2016-12-27] () [File not signed]
        R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
        R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
        R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
        S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
        R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
        S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
        R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI) [File not signed]
        R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [267360 2017-01-23] (Synaptics Incorporated)
        R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10884848 2017-05-23] (TeamViewer GmbH)
        R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
        R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-12-27] (Disc Soft Ltd)
        R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-12-27] (Disc Soft Ltd)
        R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] ()
        R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-08-26] (Malwarebytes)
        R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-08-26] (Malwarebytes)
        R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-08-26] (Malwarebytes)
        R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2017-08-26] (Malwarebytes)
        R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-08-26] (Malwarebytes)
        R1 MpKsl40c82695; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{461EC048-3160-430F-8E36-C01F014B6662}\MpKsl40c82695.sys [44928 2017-08-25] (Microsoft Corporation)
        R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
        S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
        R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
        R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2344448 2017-03-18] (Qualcomm Atheros, Inc.)
        R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
        R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3128600 2016-08-18] (Realtek Semiconductor Corp.)
        S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
        R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72800 2017-01-23] (Synaptics Incorporated)
        S3 TTDrv; D:\Programs\KOPLAYER\vbox\TTDrv.sys [261104 2015-12-22] (Oracle Corporation)
        S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
        R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
        R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
        U4 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2016-12-28] (Basil Projects)
        R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-08-26 11:22 - 2017-08-26 11:23 - 000015866 _____ C:\Users\Vesi\Desktop\FRST.txt
        2017-08-26 11:22 - 2017-08-26 11:22 - 002395648 _____ (Farbar) C:\Users\Vesi\Desktop\FRST64.exe
        2017-08-26 11:22 - 2017-08-26 11:22 - 000000000 ____D C:\FRST
        2017-08-26 10:33 - 2017-08-26 10:33 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
        2017-08-26 10:33 - 2017-08-26 10:33 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
        2017-08-26 10:33 - 2017-08-26 10:33 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
        2017-08-26 10:33 - 2017-08-26 10:33 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
        2017-08-26 10:32 - 2017-08-26 10:32 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
        2017-08-26 10:32 - 2017-08-26 10:32 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
        2017-08-26 10:32 - 2017-08-26 10:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
        2017-08-26 10:32 - 2017-08-26 10:32 - 000000000 ____D C:\ProgramData\Malwarebytes
        2017-08-26 10:32 - 2017-08-26 10:32 - 000000000 ____D C:\Program Files\Malwarebytes
        2017-08-26 10:32 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
        2017-08-26 10:30 - 2017-08-26 10:31 - 066347240 _____ (Malwarebytes ) C:\Users\Vesi\Downloads\mb3-setup-consumer-3.2.2.2018.exe
        2017-08-26 10:21 - 2017-08-26 10:21 - 000000000 ____D C:\ProgramData\McAfee
        2017-08-20 15:21 - 2017-08-20 15:22 - 000000000 ____D C:\Users\Vesi\Documents\rexultati izsledvaniq
        2017-08-20 15:20 - 2017-08-20 15:20 - 000000696 _____ C:\Users\Vesi\Desktop\vayana - Shortcut.lnk
        2017-08-20 15:15 - 2017-08-20 15:17 - 000000000 ____D C:\Users\Vesi\Desktop\sait pictures
        2017-08-19 20:07 - 2017-08-19 20:07 - 005833448 _____ C:\Users\Vesi\Desktop\cover.pdf
        2017-08-13 22:05 - 2017-08-01 05:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
        2017-08-13 22:05 - 2017-08-01 05:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
        2017-08-13 22:05 - 2017-08-01 05:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
        2017-08-13 22:05 - 2017-08-01 05:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
        2017-08-13 22:05 - 2017-08-01 05:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
        2017-08-13 22:05 - 2017-08-01 05:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
        2017-08-13 22:05 - 2017-08-01 05:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
        2017-08-13 22:05 - 2017-08-01 05:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
        2017-08-13 22:05 - 2017-08-01 05:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
        2017-08-13 22:05 - 2017-08-01 05:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
        2017-08-13 22:05 - 2017-08-01 05:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
        2017-08-13 22:05 - 2017-08-01 05:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
        2017-08-13 22:05 - 2017-08-01 05:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
        2017-08-13 22:05 - 2017-08-01 05:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
        2017-08-13 22:05 - 2017-08-01 05:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
        2017-08-13 22:05 - 2017-08-01 05:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
        2017-08-13 22:05 - 2017-08-01 05:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
        2017-08-13 22:05 - 2017-08-01 05:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
        2017-08-13 22:05 - 2017-08-01 05:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
        2017-08-13 22:05 - 2017-08-01 05:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
        2017-08-13 22:05 - 2017-08-01 05:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
        2017-08-13 22:05 - 2017-08-01 05:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
        2017-08-13 22:05 - 2017-08-01 05:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
        2017-08-13 22:05 - 2017-08-01 05:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
        2017-08-13 22:05 - 2017-08-01 05:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
        2017-08-13 22:05 - 2017-08-01 05:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
        2017-08-13 22:05 - 2017-08-01 05:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
        2017-08-13 22:05 - 2017-08-01 05:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
        2017-08-13 22:05 - 2017-08-01 05:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
        2017-08-13 22:05 - 2017-08-01 05:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
        2017-08-13 22:05 - 2017-08-01 05:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
        2017-08-13 22:05 - 2017-08-01 05:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
        2017-08-13 22:05 - 2017-08-01 05:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
        2017-08-13 22:05 - 2017-08-01 05:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
        2017-08-13 22:05 - 2017-08-01 05:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
        2017-08-13 22:05 - 2017-08-01 05:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
        2017-08-13 22:05 - 2017-08-01 05:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
        2017-08-13 22:05 - 2017-08-01 04:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
        2017-08-13 22:05 - 2017-08-01 04:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
        2017-08-13 22:05 - 2017-08-01 04:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
        2017-08-13 22:05 - 2017-08-01 04:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
        2017-08-13 22:05 - 2017-08-01 04:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
        2017-08-13 22:05 - 2017-08-01 04:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
        2017-08-13 22:05 - 2017-08-01 04:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
        2017-08-13 22:05 - 2017-08-01 04:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
        2017-08-13 22:05 - 2017-08-01 04:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
        2017-08-13 22:05 - 2017-08-01 04:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
        2017-08-13 22:05 - 2017-07-28 08:25 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
        2017-08-13 22:05 - 2017-07-28 08:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
        2017-08-13 22:05 - 2017-07-28 08:23 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
        2017-08-13 22:05 - 2017-07-28 08:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
        2017-08-13 22:05 - 2017-07-28 08:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
        2017-08-13 22:05 - 2017-07-28 08:16 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
        2017-08-13 22:05 - 2017-07-28 08:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
        2017-08-13 22:05 - 2017-07-28 08:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
        2017-08-13 22:05 - 2017-07-28 08:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
        2017-08-13 22:05 - 2017-07-28 08:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
        2017-08-13 22:05 - 2017-07-28 08:10 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
        2017-08-13 22:05 - 2017-07-28 08:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
        2017-08-13 22:05 - 2017-07-28 08:09 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
        2017-08-13 22:05 - 2017-07-28 08:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
        2017-08-13 22:05 - 2017-07-28 07:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
        2017-08-13 22:05 - 2017-07-28 07:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
        2017-08-13 22:05 - 2017-07-28 07:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
        2017-08-13 22:05 - 2017-07-28 07:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
        2017-08-13 22:05 - 2017-07-28 07:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
        2017-08-13 22:05 - 2017-07-28 07:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
        2017-08-13 22:05 - 2017-07-28 07:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
        2017-08-13 22:05 - 2017-07-28 07:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
        2017-08-13 22:05 - 2017-07-28 07:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
        2017-08-13 22:05 - 2017-07-28 07:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
        2017-08-13 22:05 - 2017-07-28 07:33 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
        2017-08-13 22:05 - 2017-07-28 07:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
        2017-08-13 22:05 - 2017-07-28 07:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
        2017-08-13 22:05 - 2017-07-28 07:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
        2017-08-13 22:05 - 2017-07-28 07:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
        2017-08-13 22:05 - 2017-07-28 07:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
        2017-08-13 22:05 - 2017-07-28 07:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
        2017-08-13 22:05 - 2017-07-28 07:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
        2017-08-13 22:05 - 2017-07-28 07:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
        2017-08-13 22:05 - 2017-07-28 07:21 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
        2017-08-13 22:05 - 2017-07-28 07:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
        2017-08-13 22:05 - 2017-07-28 07:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
        2017-08-13 22:05 - 2017-07-28 07:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
        2017-08-13 22:05 - 2017-07-28 07:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
        2017-08-13 22:05 - 2017-07-28 07:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
        2017-08-13 22:05 - 2017-07-28 07:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
        2017-08-13 22:05 - 2017-07-28 07:19 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
        2017-08-13 22:05 - 2017-07-28 07:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
        2017-08-13 22:05 - 2017-07-28 07:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
        2017-08-13 22:05 - 2017-07-28 07:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
        2017-08-13 22:05 - 2017-07-28 07:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
        2017-08-13 22:05 - 2017-07-28 07:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
        2017-08-13 22:05 - 2017-07-28 07:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
        2017-08-13 22:05 - 2017-07-28 07:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
        2017-08-13 22:05 - 2017-07-28 07:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
        2017-08-13 22:05 - 2017-07-28 07:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
        2017-08-13 22:05 - 2017-07-28 07:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
        2017-08-13 22:05 - 2017-07-28 07:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
        2017-08-13 22:05 - 2017-07-28 07:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
        2017-08-13 22:05 - 2017-07-28 07:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
        2017-08-13 22:05 - 2017-07-28 07:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
        2017-08-13 22:05 - 2017-07-28 07:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
        2017-08-13 22:05 - 2017-07-28 07:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
        2017-08-13 22:05 - 2017-07-28 07:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
        2017-08-13 22:05 - 2017-07-28 07:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
        2017-08-13 22:05 - 2017-07-28 07:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
        2017-08-13 22:05 - 2017-07-28 07:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
        2017-08-13 22:05 - 2017-07-28 07:12 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
        2017-08-13 22:05 - 2017-07-28 07:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
        2017-08-13 22:05 - 2017-07-28 07:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
        2017-08-13 22:05 - 2017-07-28 07:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
        2017-08-13 22:05 - 2017-07-28 07:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
        2017-08-13 22:05 - 2017-07-28 07:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
        2017-08-13 22:05 - 2017-07-28 07:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
        2017-08-13 22:05 - 2017-07-28 07:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
        2017-08-13 22:05 - 2017-07-28 07:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
        2017-08-13 22:05 - 2017-07-28 07:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
        2017-08-13 22:05 - 2017-07-28 07:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
        2017-08-13 22:05 - 2017-07-28 07:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
        2017-08-13 22:05 - 2017-07-28 07:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
        2017-08-13 22:05 - 2017-07-28 07:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
        2017-08-13 22:05 - 2017-07-28 07:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
        2017-08-13 22:05 - 2017-07-28 07:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
        2017-08-13 22:05 - 2017-07-28 07:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
        2017-08-13 22:05 - 2017-07-28 07:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
        2017-08-13 22:05 - 2017-07-28 07:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
        2017-08-13 22:05 - 2017-07-28 07:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
        2017-08-13 22:05 - 2017-07-28 07:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
        2017-08-13 22:05 - 2017-07-28 07:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
        2017-08-13 22:05 - 2017-07-28 07:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
        2017-08-13 22:05 - 2017-07-28 07:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
        2017-08-13 22:04 - 2017-08-01 05:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
        2017-08-13 22:04 - 2017-08-01 05:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
        2017-08-13 22:04 - 2017-08-01 05:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
        2017-08-13 22:04 - 2017-08-01 05:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
        2017-08-13 22:04 - 2017-08-01 05:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
        2017-08-13 22:04 - 2017-08-01 05:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
        2017-08-13 22:04 - 2017-08-01 05:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
        2017-08-13 22:04 - 2017-08-01 05:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
        2017-08-13 22:04 - 2017-08-01 05:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
        2017-08-13 22:04 - 2017-08-01 05:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
        2017-08-13 22:04 - 2017-08-01 05:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
        2017-08-13 22:04 - 2017-08-01 05:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
        2017-08-13 22:04 - 2017-08-01 05:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
        2017-08-13 22:04 - 2017-08-01 05:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
        2017-08-13 22:04 - 2017-08-01 04:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
        2017-08-13 22:04 - 2017-08-01 04:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
        2017-08-13 22:04 - 2017-08-01 04:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
        2017-08-13 22:04 - 2017-08-01 04:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
        2017-08-13 22:04 - 2017-08-01 04:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
        2017-08-13 22:04 - 2017-08-01 04:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
        2017-08-13 22:04 - 2017-08-01 04:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
        2017-08-13 22:04 - 2017-08-01 04:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
        2017-08-13 22:04 - 2017-08-01 04:41 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
        2017-08-13 22:04 - 2017-08-01 04:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
        2017-08-13 22:04 - 2017-08-01 04:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
        2017-08-13 22:04 - 2017-08-01 04:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
        2017-08-13 22:04 - 2017-08-01 04:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
        2017-08-13 22:04 - 2017-08-01 04:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
        2017-08-13 22:04 - 2017-08-01 04:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
        2017-08-13 22:04 - 2017-08-01 04:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
        2017-08-13 22:04 - 2017-08-01 04:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
        2017-08-13 22:04 - 2017-08-01 04:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
        2017-08-13 22:04 - 2017-08-01 04:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
        2017-08-13 22:04 - 2017-08-01 04:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
        2017-08-13 22:04 - 2017-08-01 04:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
        2017-08-13 22:04 - 2017-08-01 04:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
        2017-08-13 22:04 - 2017-08-01 04:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
        2017-08-13 22:04 - 2017-08-01 04:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
        2017-08-13 22:04 - 2017-08-01 04:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
        2017-08-13 22:04 - 2017-08-01 04:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
        2017-08-13 22:04 - 2017-08-01 04:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
        2017-08-13 22:04 - 2017-08-01 04:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
        2017-08-13 22:04 - 2017-08-01 04:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
        2017-08-13 22:04 - 2017-08-01 04:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
        2017-08-13 22:04 - 2017-08-01 04:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
        2017-08-13 22:04 - 2017-08-01 04:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
        2017-08-13 22:04 - 2017-08-01 04:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
        2017-08-13 22:04 - 2017-08-01 04:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
        2017-08-13 22:04 - 2017-08-01 04:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
        2017-08-13 22:04 - 2017-07-28 08:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
        2017-08-13 22:04 - 2017-07-28 08:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
        2017-08-13 22:04 - 2017-07-28 08:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
        2017-08-13 22:04 - 2017-07-28 08:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
        2017-08-13 22:04 - 2017-07-28 08:22 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
        2017-08-13 22:04 - 2017-07-28 08:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
        2017-08-13 22:04 - 2017-07-28 08:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
        2017-08-13 22:04 - 2017-07-28 08:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
        2017-08-13 22:04 - 2017-07-28 08:15 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
        2017-08-13 22:04 - 2017-07-28 08:15 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
        2017-08-13 22:04 - 2017-07-28 08:14 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
        2017-08-13 22:04 - 2017-07-28 08:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
        2017-08-13 22:04 - 2017-07-28 08:13 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
        2017-08-13 22:04 - 2017-07-28 08:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
        2017-08-13 22:04 - 2017-07-28 08:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
        2017-08-13 22:04 - 2017-07-28 08:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
        2017-08-13 22:04 - 2017-07-28 08:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
        2017-08-13 22:04 - 2017-07-28 08:12 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
        2017-08-13 22:04 - 2017-07-28 08:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
        2017-08-13 22:04 - 2017-07-28 08:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
        2017-08-13 22:04 - 2017-07-28 08:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
        2017-08-13 22:04 - 2017-07-28 08:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
        2017-08-13 22:04 - 2017-07-28 07:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
        2017-08-13 22:04 - 2017-07-28 07:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
        2017-08-13 22:04 - 2017-07-28 07:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
        2017-08-13 22:04 - 2017-07-28 07:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
        2017-08-13 22:04 - 2017-07-28 07:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
        2017-08-13 22:04 - 2017-07-28 07:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
        2017-08-13 22:04 - 2017-07-28 07:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
        2017-08-13 22:04 - 2017-07-28 07:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
        2017-08-13 22:04 - 2017-07-28 07:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
        2017-08-13 22:04 - 2017-07-28 07:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
        2017-08-13 22:04 - 2017-07-28 07:25 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
        2017-08-13 22:04 - 2017-07-28 07:25 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
        2017-08-13 22:04 - 2017-07-28 07:25 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
        2017-08-13 22:04 - 2017-07-28 07:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
        2017-08-13 22:04 - 2017-07-28 07:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
        2017-08-13 22:04 - 2017-07-28 07:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
        2017-08-13 22:04 - 2017-07-28 07:24 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
        2017-08-13 22:04 - 2017-07-28 07:23 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
        2017-08-13 22:04 - 2017-07-28 07:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
        2017-08-13 22:04 - 2017-07-28 07:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
        2017-08-13 22:04 - 2017-07-28 07:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
        2017-08-13 22:04 - 2017-07-28 07:22 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
        2017-08-13 22:04 - 2017-07-28 07:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
        2017-08-13 22:04 - 2017-07-28 07:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
        2017-08-13 22:04 - 2017-07-28 07:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
        2017-08-13 22:04 - 2017-07-28 07:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
        2017-08-13 22:04 - 2017-07-28 07:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
        2017-08-13 22:04 - 2017-07-28 07:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
        2017-08-13 22:04 - 2017-07-28 07:21 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
        2017-08-13 22:04 - 2017-07-28 07:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
        2017-08-13 22:04 - 2017-07-28 07:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
        2017-08-13 22:04 - 2017-07-28 07:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
        2017-08-13 22:04 - 2017-07-28 07:20 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
        2017-08-13 22:04 - 2017-07-28 07:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
        2017-08-13 22:04 - 2017-07-28 07:19 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
        2017-08-13 22:04 - 2017-07-28 07:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
        2017-08-13 22:04 - 2017-07-28 07:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
        2017-08-13 22:04 - 2017-07-28 07:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
        2017-08-13 22:04 - 2017-07-28 07:19 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
        2017-08-13 22:04 - 2017-07-28 07:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
        2017-08-13 22:04 - 2017-07-28 07:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
        2017-08-13 22:04 - 2017-07-28 07:18 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
        2017-08-13 22:04 - 2017-07-28 07:18 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
        2017-08-13 22:04 - 2017-07-28 07:18 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
        2017-08-13 22:04 - 2017-07-28 07:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
        2017-08-13 22:04 - 2017-07-28 07:17 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
        2017-08-13 22:04 - 2017-07-28 07:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
        2017-08-13 22:04 - 2017-07-28 07:17 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
        2017-08-13 22:04 - 2017-07-28 07:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
        2017-08-13 22:04 - 2017-07-28 07:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
        2017-08-13 22:04 - 2017-07-28 07:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
        2017-08-13 22:04 - 2017-07-28 07:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
        2017-08-13 22:04 - 2017-07-28 07:15 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
        2017-08-13 22:04 - 2017-07-28 07:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
        2017-08-13 22:04 - 2017-07-28 07:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
        2017-08-13 22:04 - 2017-07-28 07:13 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
        2017-08-13 22:04 - 2017-07-28 07:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
        2017-08-13 22:04 - 2017-07-28 07:13 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
        2017-08-13 22:04 - 2017-07-28 07:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
        2017-08-13 22:04 - 2017-07-28 07:12 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
        2017-08-13 22:04 - 2017-07-28 07:12 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
        2017-08-13 22:04 - 2017-07-28 07:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
        2017-08-13 22:04 - 2017-07-28 07:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
        2017-08-13 22:04 - 2017-07-28 07:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
        2017-08-13 22:04 - 2017-07-28 07:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
        2017-08-13 22:04 - 2017-07-28 07:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
        2017-08-13 22:04 - 2017-07-28 07:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
        2017-08-13 22:04 - 2017-07-28 07:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
        2017-08-13 22:04 - 2017-07-28 07:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
        2017-08-13 22:04 - 2017-07-28 07:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
        2017-08-13 22:04 - 2017-07-28 07:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
        2017-08-13 22:04 - 2017-07-28 07:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
        2017-08-13 22:04 - 2017-07-28 07:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
        2017-08-13 22:04 - 2017-07-28 07:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
        2017-08-13 22:04 - 2017-07-28 07:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
        2017-08-13 22:04 - 2017-07-28 07:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
        2017-08-13 22:04 - 2017-07-28 07:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
        2017-08-13 22:04 - 2017-07-28 07:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
        2017-08-13 22:04 - 2017-07-28 07:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
        2017-08-13 21:39 - 2017-08-13 21:41 - 000000000 ____D C:\Users\Vesi\AppData\Local\Viber
        2017-07-27 20:00 - 2017-07-27 20:00 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3436498861-2500663078-494777252-1001
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-08-26 11:21 - 2016-12-26 14:48 - 000000000 ____D C:\Users\Vesi\AppData\Roaming\Skype
        2017-08-26 10:00 - 2017-07-02 21:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
        2017-08-26 09:58 - 2016-12-26 18:40 - 000000000 ____D C:\Users\Vesi\AppData\Local\Adobe
        2017-08-26 09:57 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
        2017-08-26 09:57 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
        2017-08-26 09:54 - 2016-12-29 16:44 - 000000000 ____D C:\Users\Vesi\AppData\LocalLow\Mozilla
        2017-08-26 09:53 - 2017-05-31 20:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
        2017-08-26 09:36 - 2016-12-27 19:22 - 000000000 ____D C:\Users\Vesi\AppData\Local\Microsoft Windows
        2017-08-26 09:33 - 2017-02-16 19:16 - 000000000 ____D C:\Users\Vesi\AppData\Roaming\ViberPC
        2017-08-26 09:32 - 2017-05-31 20:06 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
        2017-08-26 09:32 - 2016-12-26 15:11 - 000000000 __SHD C:\Users\Vesi\IntelGraphicsProfiles
        2017-08-25 23:17 - 2016-12-26 15:00 - 000000000 ____D C:\Users\Vesi\AppData\Roaming\uTorrent
        2017-08-25 19:54 - 2017-02-16 19:16 - 000000000 ____D C:\Users\Vesi\Documents\ViberDownloads
        2017-08-25 17:51 - 2017-03-19 00:03 - 000000000 ___HD C:\Program Files\WindowsApps
        2017-08-25 17:51 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\AppReadiness
        2017-08-18 19:10 - 2016-12-26 17:05 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
        2017-08-16 22:50 - 2017-07-19 19:58 - 006963200 _____ C:\Users\Vesi\Desktop\Vayana_edited.indd
        2017-08-16 21:45 - 2017-07-22 21:01 - 001377627 _____ C:\Users\Vesi\Desktop\identichnost.pdf
        2017-08-16 19:42 - 2017-01-01 17:17 - 000017290 _____ C:\Users\Vesi\Desktop\Сметки апартамент.xlsx
        2017-08-14 18:40 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\rescache
        2017-08-14 18:30 - 2017-05-31 20:22 - 000897226 _____ C:\WINDOWS\system32\PerfStringBackup.INI
        2017-08-14 18:30 - 2017-03-19 00:01 - 000000000 ____D C:\WINDOWS\INF
        2017-08-14 18:26 - 2016-04-27 08:37 - 000000000 __RHD C:\Users\Public\AccountPictures
        2017-08-14 18:24 - 2017-05-31 20:02 - 005058928 _____ C:\WINDOWS\system32\FNTCACHE.DAT
        2017-08-14 18:22 - 2017-05-31 20:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
        2017-08-14 18:22 - 2016-12-29 12:10 - 000000000 ____D C:\ProgramData\NVIDIA
        2017-08-13 22:56 - 2017-03-18 14:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
        2017-08-13 22:55 - 2017-03-19 00:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
        2017-08-13 22:55 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
        2017-08-13 22:55 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
        2017-08-13 22:55 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
        2017-08-13 22:55 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\system32\oobe
        2017-08-13 22:55 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
        2017-08-13 22:55 - 2017-03-19 00:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
        2017-08-13 22:55 - 2017-03-19 00:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
        2017-08-13 22:12 - 2017-03-18 23:51 - 000000000 ____D C:\WINDOWS\CbsTemp
        2017-08-13 22:09 - 2016-12-27 18:48 - 000000000 ____D C:\WINDOWS\system32\MRT
        2017-08-13 22:07 - 2016-12-27 18:48 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
        2017-08-13 21:47 - 2017-05-31 20:21 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
        2017-08-13 21:46 - 2016-12-30 17:24 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
        2017-08-13 21:41 - 2016-12-26 23:18 - 000000000 ____D C:\ProgramData\Skype
        2017-08-07 19:11 - 2016-12-26 14:44 - 000000000 ____D C:\Users\Vesi\AppData\Local\Packages
        2017-07-31 18:15 - 2017-03-19 00:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
        2017-07-31 18:15 - 2017-03-19 00:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
        2017-07-27 20:00 - 2016-12-26 14:47 - 000002360 _____ C:\Users\Vesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
        2017-07-27 20:00 - 2016-12-26 14:47 - 000000000 ___RD C:\Users\Vesi\OneDrive
        ==================== Files in the root of some directories =======
        2016-12-26 19:39 - 2017-07-24 22:24 - 000000034 _____ () C:\Users\Vesi\AppData\Roaming\AdobeWLCMCache.dat
        2017-01-07 22:47 - 2017-07-23 14:23 - 000000112 _____ () C:\Users\Vesi\AppData\Roaming\JP2K CS6 Prefs
        2016-12-27 19:05 - 2017-04-12 19:49 - 000007597 _____ () C:\Users\Vesi\AppData\Local\Resmon.ResmonCfg
        2017-05-31 20:06 - 2017-05-31 20:06 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
        2017-05-31 20:07 - 2017-05-31 20:07 - 000000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
        Some files in TEMP:
        ====================
        2017-07-04 20:43 - 2017-07-04 20:43 - 000790488 _____ (Disc Soft Ltd.) C:\Users\Vesi\AppData\Local\Temp\dt_B73C.tmp.exe
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\WINDOWS\system32\winlogon.exe => File is digitally signed
        C:\WINDOWS\system32\wininit.exe => File is digitally signed
        C:\WINDOWS\explorer.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
        C:\WINDOWS\system32\svchost.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
        C:\WINDOWS\system32\services.exe => File is digitally signed
        C:\WINDOWS\system32\User32.dll => File is digitally signed
        C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
        C:\WINDOWS\system32\userinit.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
        C:\WINDOWS\system32\rpcss.dll => File is digitally signed
        C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
        C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
        C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-08-25 20:24
        ==================== End of FRST.txt ============================
        Addition.txt
    • Разглеждащи в момента   0 потребители

      Няма регистрирани потребители разглеждащи тази страница.

    • Дарение

    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.