Премини към съдържанието

    Препоръчан отговор


    Здравейте,
    От извесно време съм нападната от разни рекламни прозорци които се опитват да ми продават разни неща или да ми казват как да забогатея. Когато вляза в торент тракера арена например при всяко едно кликване върху страницата им и ми се отваря по един нов прозорец с реклами. Не казвам че сайта им е виновен, просто го давам за пример. И колкото и да се опитвах да се справя сама с проблема  нещо все не ми се получава. Сканирах със AdwCleaner и с JRT и съм ви прикачила резултатите, а също и снимка на един файл който ми се струва съмнителен. Сканирането го направих под сейфмод, незнам дали има значение. Преди това бях сканирала и със демоверсия на кашперски , но не ми се реши проблема. Също и със SpyHunter, всеки път намира някакъв мувис толбар но не успява да го премахне,  намерих регистрите и се опитах да ги изтрия ръчно, но не ми позволява, изписва ми грешка в изтриването.
     
     
    Ето и резултатите от сканирането с FRST64 - FRST.txt
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
    Ran by Катето (administrator) on GEIZER on 24-06-2015 18:27:32
    Running from C:\Users\Катето\Desktop
    Loaded Profiles: Катето (Available Profiles: Катето)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Английски (Съединени щати)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (BitTorrent Inc.) C:\Users\Катето\AppData\Roaming\uTorrent\uTorrent.exe
    (NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Registry Cleaner\RegistryCleaner.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    (NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    (eMing Software Inc.) C:\Program Files (x86)\PrivateFolder\PF_Pass.exe
    (Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe
    (Microsoft Corporation) C:\Windows\System32\mspaint.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-24] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
    HKLM-x32\...\Run: [PrivateFolder] => C:\Program Files (x86)\PrivateFolder\PF_Pass.exe [253504 2012-12-31] (eMing Software Inc.)
    HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
    HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\Run: [CONNMGRTRAY] => C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrLauncher.exe [363112 2011-03-03] ()
    HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\Run: [uTorrent] => C:\Users\Катето\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-06] (BitTorrent Inc.)
    HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3198224 2014-04-28] (Disc Soft Ltd)
    HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\Run: [NETGATERegistryCleaner] => C:\Program Files\NETGATE\Registry Cleaner\RegistryCleaner.exe [2303824 2013-07-11] (NETGATE Technologies s.r.o.)
    HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785280 2015-06-02] (Skype Technologies S.A.)
    HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\RunOnce: [Adobe Speed Launcher] => 1435156549
    HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\MountPoints2: G - G:\Lucius_setup.exe
    HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\MountPoints2: {584a3890-02fa-11e4-bdda-dc0ea157be6c} - G:\Lucius_setup.exe
    HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\MountPoints2: {606f82a9-2f38-11e4-9658-dc0ea157be6c} - G:\Startme.exe
    BootExecute: autocheck autochk * sh4native Sh4Removal
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: No Name -> {3B5800D1-67B0-464E-BE7D-8CB5FE3ABC2A} ->  No File
    BHO: No Name -> {3BF8D9AD-FE6F-4677-BA4A-2CE8BCF082BB} ->  No File
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Катето\AppData\Roaming\Mozilla\Firefox\Profiles\ufhrkess.default-1403927861999
    FF Homepage: https://www.google.bg/
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-24] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-11-26] (Nullsoft, Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
    FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1385416505-2382510173-1187103659-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Катето\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
    FF SearchPlugin: C:\Users\Катето\AppData\Roaming\Mozilla\Firefox\Profiles\ufhrkess.default-1403927861999\searchplugins\google-.xml [2015-06-24]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml [2015-01-09]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml [2015-01-09]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\Катето\AppData\Local\Google\Chrome\User Data\Default

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [813328 2014-04-28] (Disc Soft Ltd)
    R2 NGRegClnSrv; C:\Program Files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe [618832 2013-02-21] (NETGATE Technologies s.r.o.)
    R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [763840 2012-07-11] (Enigma Software Group USA, LLC.)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-13] (Microsoft Corporation)
    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2014-07-04] (Disc Soft Ltd)
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32152 2015-06-24] ()
    R1 PFolder; C:\Windows\System32\Drivers\PFolder64.sys [57832 2012-12-31] (eMing Software Inc.)
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-24 18:27 - 2015-06-24 18:28 - 00010482 _____ C:\Users\Катето\Desktop\FRST.txt
    2015-06-24 18:27 - 2015-06-24 18:27 - 00000000 ____D C:\FRST
    2015-06-24 18:26 - 2015-06-24 18:26 - 02109952 _____ (Farbar) C:\Users\Катето\Desktop\FRST64.exe
    2015-06-24 17:53 - 2015-06-24 17:53 - 00002194 _____ C:\Users\Катето\Desktop\AdwCleaner[s14].txt
    2015-06-24 17:53 - 2015-06-24 17:53 - 00000651 _____ C:\Users\Катето\Desktop\WebSearch.xml.vir
    2015-06-24 17:27 - 2015-06-24 17:27 - 02244096 _____ C:\Users\Катето\Desktop\AdwCleaner.exe
    2015-06-24 17:21 - 2015-06-24 17:21 - 00001474 _____ C:\Users\Катето\Desktop\JRT.txt
    2015-06-24 17:14 - 2015-06-24 17:14 - 00000207 _____ C:\Windows\tweaking.com-regbackup-GEIZER-Windows-7-Ultimate-(64-bit).dat
    2015-06-24 17:14 - 2015-06-24 17:14 - 00000000 ____D C:\RegBackup
    2015-06-24 17:12 - 2015-06-24 17:12 - 02950746 _____ (Malwarebytes Corporation) C:\Users\Катето\Desktop\JRT.exe
    2015-06-24 16:04 - 2010-05-13 18:34 - 00014232 _____ C:\Windows\SysWOW64\sh4native.exe
    2015-06-24 15:19 - 2015-06-24 15:19 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-06-24 15:19 - 2015-06-24 15:19 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
    2015-06-24 15:12 - 2015-06-24 15:12 - 00130048 _____ (CodePlex Community) C:\Users\Катето\Desktop\Microsoft.Win32.TaskScheduler.dll
    2015-06-24 15:08 - 2015-06-24 15:08 - 00554528 _____ (www.patchmypc.net) C:\Users\Катето\Desktop\PatchMyPC.exe
    2015-06-24 14:52 - 2015-06-24 14:52 - 28849904 _____ C:\Users\Катето\Desktop\vlc-2.2.1-win32.exe
    2015-06-24 14:20 - 2015-06-24 14:20 - 00275560 _____ C:\Windows\Minidump\062415-36301-01.dmp
    2015-06-24 14:20 - 2015-06-24 14:20 - 00032152 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
    2015-06-24 10:44 - 2015-06-24 10:44 - 00002290 _____ C:\Users\Катето\Desktop\SpyHunter.lnk
    2015-06-24 10:44 - 2015-06-24 10:44 - 00000000 ____D C:\Users\Катето\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
    2015-06-24 10:44 - 2015-06-24 10:44 - 00000000 ____D C:\sh4ldr
    2015-06-24 10:43 - 2015-06-24 10:43 - 00000350 _____ C:\Users\Катето\Desktop\проблем с thedailytrader.net - Google Търсене.URL
    2015-06-22 22:09 - 2015-06-24 14:34 - 00000000 ____D C:\Users\Катето\Desktop\Wayward.Pines
    2015-06-21 01:30 - 2015-06-21 01:32 - 00000000 ____D C:\Users\Катето\Desktop\Wayward.Pines.S01E02.HDTV.x264-LOL
    2015-06-20 10:34 - 2015-06-20 10:34 - 00275560 _____ C:\Windows\Minidump\062015-40841-01.dmp
    2015-06-20 10:34 - 2015-06-20 10:34 - 00000086 _____ C:\Windows\system32\crusader.log
    2015-06-20 10:32 - 2015-06-24 12:30 - 00000212 _____ C:\Windows\system32\.crusader
    2015-06-20 10:13 - 2015-06-24 12:27 - 00000000 ____D C:\Program Files\HitmanPro
    2015-06-19 22:31 - 2015-06-19 22:31 - 00000000 ____D C:\Users\Катето\Desktop\HitmanPro 3.7.3 Build 193
    2015-06-19 22:20 - 2015-06-19 22:23 - 00000000 ____D C:\Users\Катето\Desktop\Cinderella.2015.BDRip.x264-SPARKS
    2015-06-19 22:15 - 2015-06-19 22:18 - 00000000 ____D C:\Users\Катето\Desktop\Wayward.Pines.S01E01.HDTV.x264-2HD
    2015-06-19 22:10 - 2015-06-20 10:32 - 00000000 ____D C:\ProgramData\HitmanPro
    2015-06-18 22:32 - 2015-06-18 22:35 - 00000000 ____D C:\Users\Катето\Desktop\GirlHouse.2014.BRRip.XviD.AC3-EVO
    2015-06-17 22:42 - 2015-06-24 11:35 - 00000000 ____D C:\Users\Катето\Desktop\антивирус
    2015-06-17 22:40 - 2015-06-17 22:41 - 00000000 ____D C:\Users\Катето\Desktop\Get.Hard.2015.EXTENDED.HDRip.XviD.AC3-EVO
    2015-06-17 14:32 - 2015-06-17 14:32 - 00000000 ____D C:\Users\Катето\AppData\Roaming\InfraRecorder
    2015-06-16 23:06 - 2015-06-17 13:55 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
    2015-06-16 19:51 - 2015-06-16 19:51 - 00000000 ____D C:\Users\Катето\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InfraRecorder
    2015-06-16 19:51 - 2015-06-16 19:51 - 00000000 ____D C:\Program Files\InfraRecorder
    2015-06-16 19:50 - 2015-06-16 19:51 - 04153344 _____ C:\Users\Катето\Desktop\ir053_x64.msi
    2015-06-16 19:31 - 2015-06-16 19:31 - 00000246 _____ C:\Users\Катето\Desktop\Как лесно да почистим компютъра си от вируси - Data.BG Форуми.URL
    2015-06-14 10:22 - 2015-06-24 14:20 - 371511210 _____ C:\Windows\MEMORY.DMP
    2015-06-14 10:22 - 2015-06-24 14:20 - 00000000 ____D C:\Windows\Minidump
    2015-06-14 10:22 - 2015-06-14 10:22 - 00288000 _____ C:\Windows\Minidump\061415-28158-01.dmp
    2015-06-11 09:47 - 2015-05-25 21:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-06-11 09:47 - 2015-05-25 21:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-06-11 09:47 - 2015-05-25 21:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-06-11 09:47 - 2015-05-25 21:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-06-11 09:47 - 2015-05-25 21:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2015-06-11 09:47 - 2015-05-25 21:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
    2015-06-11 09:47 - 2015-05-25 21:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-06-11 09:47 - 2015-05-25 21:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-06-11 09:47 - 2015-05-25 21:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-06-11 09:47 - 2015-05-25 21:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
    2015-06-11 09:47 - 2015-05-25 21:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-06-11 09:47 - 2015-05-25 21:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
    2015-06-11 09:47 - 2015-05-25 21:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-06-11 09:47 - 2015-05-25 21:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
    2015-06-11 09:47 - 2015-05-25 21:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-06-11 09:47 - 2015-05-25 21:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-06-11 09:47 - 2015-05-25 21:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
    2015-06-11 09:47 - 2015-05-25 21:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-06-11 09:47 - 2015-05-25 21:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-06-11 09:47 - 2015-05-25 21:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-06-11 09:47 - 2015-05-25 21:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-06-11 09:47 - 2015-05-25 21:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
    2015-06-11 09:47 - 2015-05-25 21:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
    2015-06-11 09:47 - 2015-05-25 21:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-06-11 09:47 - 2015-05-25 21:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
    2015-06-11 09:47 - 2015-05-25 21:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
    2015-06-11 09:47 - 2015-05-25 21:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-06-11 09:47 - 2015-05-25 21:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
    2015-06-11 09:47 - 2015-05-25 20:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-06-11 09:47 - 2015-05-25 20:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-06-11 09:47 - 2015-05-25 20:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-06-11 09:47 - 2015-05-25 20:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-06-11 09:47 - 2015-05-25 20:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-06-11 09:47 - 2015-05-25 20:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
    2015-06-11 09:47 - 2015-05-25 19:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-06-11 09:47 - 2015-05-25 19:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-06-11 09:47 - 2015-05-25 19:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 19:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-06-11 09:47 - 2015-04-29 21:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-06-11 09:47 - 2015-04-29 21:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2015-06-11 09:47 - 2015-04-29 21:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2015-06-11 09:47 - 2015-04-29 21:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2015-06-11 09:47 - 2015-04-29 21:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-06-11 09:47 - 2015-04-29 21:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-06-11 09:47 - 2015-04-29 21:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2015-06-11 09:47 - 2015-04-29 21:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2015-06-11 09:47 - 2015-04-29 21:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2015-06-11 09:47 - 2015-04-29 21:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-06-11 09:46 - 2015-05-25 20:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-06-11 09:46 - 2015-04-24 21:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
    2015-06-11 09:46 - 2015-04-24 20:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
    2015-06-11 09:46 - 2015-04-11 06:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
    2015-06-11 09:44 - 2015-06-01 22:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-06-11 09:44 - 2015-06-01 21:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-06-11 09:44 - 2015-05-27 17:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-06-11 09:44 - 2015-05-27 17:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-06-11 09:44 - 2015-05-23 06:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-06-11 09:44 - 2015-05-23 06:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-06-11 09:44 - 2015-05-23 06:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-06-11 09:44 - 2015-05-23 06:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-06-11 09:44 - 2015-05-23 06:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-06-11 09:44 - 2015-05-23 06:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-06-11 09:44 - 2015-05-23 06:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-06-11 09:44 - 2015-05-23 06:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-06-11 09:44 - 2015-05-23 06:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-06-11 09:44 - 2015-05-23 06:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-06-11 09:44 - 2015-05-23 06:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-06-11 09:44 - 2015-05-23 06:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-06-11 09:44 - 2015-05-23 06:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-06-11 09:44 - 2015-05-23 05:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-06-11 09:44 - 2015-05-23 05:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-06-11 09:44 - 2015-05-23 05:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-06-11 09:44 - 2015-05-23 05:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-06-11 09:44 - 2015-05-23 05:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-06-11 09:44 - 2015-05-23 05:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-06-11 09:44 - 2015-05-23 05:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-06-11 09:44 - 2015-05-23 05:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-06-11 09:44 - 2015-05-23 05:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-06-11 09:44 - 2015-05-23 05:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-06-11 09:44 - 2015-05-23 05:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-06-11 09:44 - 2015-05-23 05:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-06-11 09:44 - 2015-05-23 05:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-06-11 09:44 - 2015-05-22 22:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-06-11 09:44 - 2015-05-22 22:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-06-11 09:44 - 2015-05-22 22:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-06-11 09:44 - 2015-05-22 22:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-06-11 09:44 - 2015-05-22 22:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-06-11 09:44 - 2015-05-22 22:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-06-11 09:44 - 2015-05-22 22:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-06-11 09:44 - 2015-05-22 21:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-06-11 09:44 - 2015-05-22 21:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-06-11 09:44 - 2015-05-22 21:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-06-11 09:44 - 2015-05-22 21:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-06-11 09:44 - 2015-05-22 21:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-06-11 09:44 - 2015-05-22 21:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-06-11 09:44 - 2015-05-22 21:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-06-11 09:44 - 2015-05-22 21:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-06-11 09:44 - 2015-05-22 21:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-06-11 09:44 - 2015-05-22 21:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-06-11 09:44 - 2015-05-22 21:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-06-11 09:44 - 2015-05-22 21:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-06-11 09:44 - 2015-05-22 21:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-06-11 09:44 - 2015-05-22 21:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-06-11 09:44 - 2015-05-22 21:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-06-11 09:44 - 2015-05-22 21:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-06-11 09:44 - 2015-05-22 21:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-06-11 09:44 - 2015-05-22 21:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-06-11 09:44 - 2015-05-22 21:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-06-11 09:44 - 2015-05-22 20:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-06-11 09:44 - 2015-05-22 20:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-06-11 09:44 - 2015-05-22 20:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-06-11 09:44 - 2015-05-22 20:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-06-07 16:05 - 2015-06-07 16:06 - 00000000 ____D C:\Users\Катето\Desktop\The.Vampire.Diaries.S06E19.HDTV.x264-LOL
    2015-06-05 17:56 - 2015-05-22 21:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-06-05 17:56 - 2015-05-22 21:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-06-05 17:56 - 2015-05-22 21:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-06-05 17:56 - 2015-05-22 21:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-06-05 17:56 - 2015-05-22 21:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-06-05 17:56 - 2015-05-22 21:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-06-05 17:56 - 2015-05-22 21:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-06-05 17:56 - 2015-05-21 16:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-06-03 15:22 - 2015-06-03 15:22 - 00000000 ____D C:\Users\Катето\AppData\Local\GWX
    2015-05-28 09:23 - 2015-06-14 11:00 - 00000000 ____D C:\ProgramData\Kaspersky Lab

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-24 18:26 - 2014-04-10 09:33 - 00000000 ____D C:\Users\Катето\AppData\Roaming\uTorrent
    2015-06-24 18:24 - 2014-04-09 08:39 - 00000000 ____D C:\Users\Катето\AppData\Roaming\Skype
    2015-06-24 18:23 - 2014-04-09 09:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-06-24 18:05 - 2014-06-26 08:41 - 01098543 _____ C:\spyhunter.fix
    2015-06-24 18:05 - 2014-04-09 07:38 - 01630682 _____ C:\Windows\WindowsUpdate.log
    2015-06-24 18:02 - 2014-07-10 20:57 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1385416505-2382510173-1187103659-1000UA.job
    2015-06-24 17:43 - 2009-07-14 07:45 - 00029200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-06-24 17:43 - 2009-07-14 07:45 - 00029200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-06-24 17:40 - 2009-07-14 08:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-06-24 17:35 - 2014-04-10 09:51 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-06-24 17:35 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-06-24 17:35 - 2009-07-14 07:51 - 00049120 _____ C:\Windows\setupact.log
    2015-06-24 17:34 - 2014-08-09 16:46 - 00000000 ____D C:\AdwCleaner
    2015-06-24 16:34 - 2014-04-10 09:51 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-06-24 16:05 - 2010-11-21 06:47 - 00170314 _____ C:\Windows\PFRO.log
    2015-06-24 15:19 - 2014-08-25 06:56 - 00000000 ____D C:\Users\Катето\AppData\Local\Adobe
    2015-06-24 15:19 - 2014-04-10 10:07 - 00000000 ____D C:\Program Files (x86)\Adobe
    2015-06-24 14:40 - 2015-02-04 03:18 - 00000000 ____D C:\Users\Катето\Desktop\торенти
    2015-06-24 14:40 - 2015-02-04 03:07 - 00000000 ____D C:\Users\Катето\Desktop\Pretty.Little.Liars
    2015-06-24 14:38 - 2015-05-14 10:50 - 00000000 ____D C:\Users\Катето\Desktop\Game of Thrones
    2015-06-24 14:20 - 2014-06-26 18:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2015-06-24 12:29 - 2014-06-27 05:24 - 00000538 _____ C:\Windows\wininit.ini
    2015-06-24 12:29 - 2014-06-26 18:19 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2015-06-24 10:44 - 2014-06-26 08:41 - 00008192 _____ C:\shldr.mbr
    2015-06-24 00:23 - 2014-04-09 09:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-06-24 00:23 - 2014-04-09 09:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-06-24 00:23 - 2014-04-09 09:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-06-23 21:02 - 2014-07-10 20:57 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1385416505-2382510173-1187103659-1000Core.job
    2015-06-20 14:36 - 2015-05-17 23:44 - 00000000 ____D C:\Windows\System32\Tasks\Games
    2015-06-19 22:07 - 2015-05-23 00:40 - 00000000 ____D C:\Users\Катето\Desktop\Seventh.Son.2015.HDRip.XViD-juggs[ETRG]
    2015-06-17 11:22 - 2015-05-17 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-06-16 19:56 - 2014-04-10 09:42 - 00000000 ____D C:\Users\Катето\AppData\Roaming\ImgBurn
    2015-06-16 17:06 - 2014-04-09 08:39 - 00000000 ____D C:\ProgramData\Skype
    2015-06-14 12:03 - 2015-02-04 03:11 - 00000000 ____D C:\Users\Катето\Desktop\програми
    2015-06-14 11:00 - 2014-06-28 18:21 - 00000000 ____D C:\Windows\ELAMBKUP
    2015-06-12 04:53 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
    2015-06-12 03:39 - 2009-07-14 07:45 - 00268392 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-06-12 03:35 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2015-06-12 03:12 - 2014-04-09 09:29 - 00000000 ____D C:\Windows\system32\MRT
    2015-06-12 03:03 - 2014-04-09 07:47 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-06-07 22:27 - 2015-02-04 03:08 - 00000000 ____D C:\Users\Катето\Desktop\The.Vampire.Diaries
    2015-06-06 03:17 - 2014-12-31 11:57 - 00000000 ____D C:\Windows\system32\appraiser
    2015-06-06 03:17 - 2014-05-25 16:05 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-06-05 23:11 - 2015-03-18 03:33 - 00000000 ____D C:\Users\Катето\Desktop\Викторианска история
    2015-06-04 22:18 - 2015-01-14 15:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-06-04 16:42 - 2015-04-05 03:02 - 00000000 ____D C:\Users\Катето\Desktop\Хеликс
    2015-06-04 16:38 - 2015-05-12 01:29 - 00000000 ____D C:\Users\Катето\Desktop\Helix.S02E02.HDTV.x264-KILLERS
    2015-06-01 11:41 - 2014-08-01 09:26 - 00000211 _____ C:\ProgramData\acer.zip
    2015-05-28 14:27 - 2015-03-04 16:10 - 00000000 ____D C:\Users\Катето\AppData\Roaming\SkypeFall
    2015-05-28 09:25 - 2014-10-25 16:43 - 00000000 ____D C:\Users\Љ вҐв®
    2015-05-28 09:25 - 2014-08-13 17:34 - 00000000 ____D C:\Users\Guest
    2015-05-28 09:25 - 2014-08-13 17:34 - 00000000 ____D C:\Users\Administrator

    ==================== Files in the root of some directories =======

    2015-04-02 23:24 - 2015-04-02 23:25 - 0011640 _____ () C:\Users\Катето\AppData\Local\Temp-log.txt
    2014-08-01 09:26 - 2015-06-01 11:41 - 0000211 _____ () C:\ProgramData\acer.zip

    Some files in TEMP:
    ====================
    C:\Users\Катето\AppData\Local\Temp\Quarantine.exe
    C:\Users\Катето\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-06-23 19:30

    ==================== End of log ============================

    JRT.txt

    AdwCleanerS14.txt

    post-345305-0-18583700-1435158354_thumb.

    post-345305-0-31420100-1435158420_thumb.

    Addition.txt

    Редактирано от Maniac (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте!

    Стъпка 1

    Моля, деинсталирайте: Private Folder Packages

    Стъпка 2

    Моля, изтеглете Malwarebytes Anti-Malware 2.1.6.1022 и я запазете на вашия десктоп.

    • Стартирайте файла mbam-setup-2.0.3.1025.exe и следвайте указанията за да инсталирате програмата.
    • След като инсталацията приключи се уверете че сте сложили отметка пред:
    • Launch Malwarebytes Anti-Malware
    • Отметката активираща пробния 14 дневен период също е маркиран по-подразбиране. Ако не желаете да тествате защитата в реално време на програмата през следващите 14 дни тогава премахнете отметката.
    • Натиснете бутона Finish.
    • Отидете до табът Settings > Detection and Protection > и под категорията Detection Options включете опцията "Scan for rootkits".
    • Отидете до табът Scan, сложете радио-бутона пред Threat Scan и след това натиснете бутона Scan Now >> . Ако е намерена актуализация тогава натиснете бутона Update Now.
    • Ще започне проверка за зловреден софтуер.
    • При някои инфекции можете да видите съобщението:
    • "Could not load DDA driver"
    • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
    • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
    • След като проверката приключи натиснете бутона Apply Actions.
    • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.
    • След рестарта, когато се появи десктопа MBAM ще се зареди още веднъж.
    • Отидете то табът History > Application Logs.
    • Отворете рапорта с последната дата и час и натиснете бутона "Copy to Clipboard"
    • Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.
    Стъпка 3

    Изтеглете fixlist.txt и го запазете в папката от която стартирахте FRST.exe.

    Стартирайте FRST.exe и натиснете бутона Fix веднъж!

    След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

     

    Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

    В следващия си коментар в тази тема, включете следните лог файлове:

    • Лог файл от FRST
    • Лог файл от Malwarebytes Anti-Malware

    fixlist.txt

    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    За съжаление не мога да си спомня паролата за Private Folder Packages а без нея не мога да я деинсталирам. :(

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

     

    Какво да правя? Да премина ли към стъпка 2 или да се опитам да изтрия ръчно каквото мога от програмата

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Понеже днеска си нямах друга работа, надявам се само да не съм сгрешила, успях да изтрия под сейфмод инсталационната папка на Private Folder Packages, след което изпълних стъпка 2 и 3 и ви прикачвам лог файловете

    Malwarebytes Anti-Malware.txt

    Fixlog.txt


    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Моля, деинсталирайте вашия Malwarebytes Anti-Malware. След като приключите:

    • Моля, изтеглете Mbam-clean.exe от тук  и  го запомнете на до вашия десктоп .
    • Моля, затворете всички отворени приложения и временно спрете вашата антивирусна за да се избегнат всякакви конфликти при използването на инструмента.
    • Стартирайте файла Mbam-clean.exe и следвайте указанията на екрана.
    • След процедурата ще се изиска да рестартирате компютъра си, моля, направете го, това е много важно
    • Уверете се, че сте се активирали вашата антивирусна програма след рестарта
    След като приключите, изпълнете отново инструкциите ми по-горе, обновете го и направете сканиране от типа Threat Scan, без да изтегляте кей генератори, да го краквате и прочие глупости. Накрая, публикувайте лог файла си тук.
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    1. Изтеглете ComboFix от BleepingComputer

    и го запазете (бутон Save -> Save as) ComboFix на вашия десктоп:

    2exprgh.jpg

    След приключване на изтеглянето на ComboFix, иконката на програмата би трябвало да изглежда така:

    29eqjuq.jpg

    2. Затворете всички работещи приложения, отворени прозорци и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност, ако има такива.

    3. Стартирайте с двоен клик Combofix.exe. Изберете YES, за да се съгласите с условията за използване на програмата. Важно: По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.

    4. Ако получите предупреждение от UAC, съгласете се.

    5 ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на Combofix, моля да прочетете това: Manually restoring the Internet connection section.

    6 Когато работата на ComboFix приключи, ще се появи текстов документ (log) в Notepad:

    157m978.jpg

    Копирайте с (Copy) и поставете с (Paste) съдържанието на лога в следващия си коментар.

    Забележка: Ако се появи следното съобщение при отварянето на различни програми след завършване на сканирането с Combofix - "illegal operation on a registry key that has been marked for deletion." просто рестартирайте компютъра още веднъж и то ще изчезне.

    По време на сканирането не използвайте компютъра си !

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Забелязах че след сканирането във дял С се появиха нови папки, които преди не бяха видими, като папката програм дата например, въпреки че бях настроила да ми се показват и скритите файлове и папки.

     

     

    ComboFix 15-06-27.01 - Катето 06.2015 г.  11:36:39.1.2 - x64
    Microsoft Windows 7 Ultimate   6.1.7601.1.1251.359.1033.18.3819.2849 [GMT 3:00]
    Running from: c:\users\¦рЄхЄю\Desktop\ComboFix.exe
    AV: Norton Security *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
    FW: Norton Security *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
    SP: Norton Security *Disabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Created a new restore point
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    c:\programdata\ntuser.pol
    c:\windows\msdownld.tmp
    c:\windows\PFRO.log
    c:\windows\wininit.ini
    .
    .
    (((((((((((((((((((((((((   Files Created from 2015-05-28 to 2015-06-28  )))))))))))))))))))))))))))))))
    .
    .
    2015-06-28 08:50 . 2015-06-28 08:50    --------    d-----w-    c:\users\Default\AppData\Local\temp
    2015-06-26 17:11 . 2015-06-26 19:28    136408    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-06-26 17:10 . 2015-04-14 06:37    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
    2015-06-26 17:10 . 2015-04-14 06:37    107736    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
    2015-06-26 17:10 . 2015-04-14 06:37    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
    2015-06-26 17:10 . 2015-06-26 17:10    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
    2015-06-26 17:10 . 2015-06-26 17:10    --------    d-----w-    c:\programdata\Malwarebytes
    2015-06-26 09:11 . 2015-06-26 09:11    --------    d-----w-    c:\program files (x86)\Common Files\Symantec Shared
    2015-06-26 08:48 . 2015-06-26 08:48    102616    ----a-w-    c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2015-06-26 08:48 . 2015-06-26 08:48    --------    d-----w-    c:\program files\Common Files\Symantec Shared
    2015-06-26 08:44 . 2015-06-26 08:44    --------    d-----w-    c:\windows\system32\drivers\NSx64
    2015-06-26 08:44 . 2015-06-26 08:44    --------    d-----w-    c:\program files (x86)\Norton Security
    2015-06-26 08:43 . 2015-06-26 08:43    --------    d-----w-    c:\program files (x86)\NortonInstaller
    2015-06-26 08:42 . 2015-06-26 09:00    --------    d-----w-    c:\programdata\Norton
    2015-06-25 15:50 . 2015-06-25 15:50    --------    d-----w-    C:\Rbackup
    2015-06-25 15:47 . 2015-06-25 15:50    --------    d-----w-    c:\program files\Perfect Uninstaller
    2015-06-25 15:33 . 2015-06-25 15:33    --------    d-----w-    c:\users\Катето\AppData\Roaming\ChemTable Software
    2015-06-25 15:32 . 2015-06-25 15:32    --------    d-----w-    c:\program files (x86)\Full Uninstall
    2015-06-25 15:32 . 2015-06-25 15:32    --------    d-----w-    c:\users\Катето\AppData\Local\ChemTable Software
    2015-06-25 08:08 . 2015-06-26 08:26    --------    d-----w-    c:\programdata\F-Secure
    2015-06-25 08:08 . 2015-06-26 08:25    --------    d-----w-    c:\users\Катето\AppData\Local\F-Secure
    2015-06-25 07:50 . 2015-06-12 07:50    12221144    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5BB419D-E924-45FF-B2BA-DA0E6349A227}\mpengine.dll
    2015-06-24 15:27 . 2015-06-25 17:11    --------    d-----w-    C:\FRST
    2015-06-24 14:14 . 2015-06-24 14:14    --------    d-----w-    C:\RegBackup
    2015-06-24 13:04 . 2010-05-13 15:34    14232    ----a-w-    c:\windows\SysWow64\sh4native.exe
    2015-06-24 11:20 . 2015-06-24 11:20    32152    ----a-w-    c:\windows\system32\drivers\hitmanpro37.sys
    2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe
    2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe
    2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe
    2015-06-24 07:44 . 2015-06-24 07:44    --------    d-----w-    C:\sh4ldr
    2015-06-20 07:13 . 2015-06-24 09:27    --------    d-----w-    c:\program files\HitmanPro
    2015-06-19 19:10 . 2015-06-20 07:32    --------    d-----w-    c:\programdata\HitmanPro
    2015-06-17 11:32 . 2015-06-17 11:32    --------    d-----w-    c:\users\Катето\AppData\Roaming\InfraRecorder
    2015-06-16 20:06 . 2015-06-26 08:04    --------    d---a-w-    C:\Kaspersky Rescue Disk 10.0
    2015-06-16 16:51 . 2015-06-16 16:51    --------    d-----w-    c:\program files\InfraRecorder
    2015-06-11 06:46 . 2015-04-24 18:17    633856    ----a-w-    c:\windows\system32\comctl32.dll
    2015-06-11 06:46 . 2015-04-24 17:56    530432    ----a-w-    c:\windows\SysWow64\comctl32.dll
    2015-06-11 06:46 . 2015-05-25 17:08    3206144    ----a-w-    c:\windows\system32\win32k.sys
    2015-06-11 06:46 . 2015-04-11 03:19    69888    ----a-w-    c:\windows\system32\drivers\stream.sys
    2015-06-05 14:56 . 2015-05-22 18:18    1021440    ----a-w-    c:\windows\system32\appraiser.dll
    2015-06-05 14:56 . 2015-05-22 18:18    700416    ----a-w-    c:\windows\system32\generaltel.dll
    2015-06-05 14:56 . 2015-05-22 18:18    757248    ----a-w-    c:\windows\system32\invagent.dll
    2015-06-05 14:56 . 2015-05-22 18:18    423424    ----a-w-    c:\windows\system32\devinv.dll
    2015-06-05 14:56 . 2015-05-22 18:18    45568    ----a-w-    c:\windows\system32\acmigration.dll
    2015-06-05 14:56 . 2015-05-22 18:13    1119232    ----a-w-    c:\windows\system32\aeinv.dll
    2015-06-05 14:56 . 2015-05-21 13:19    193536    ----a-w-    c:\windows\system32\aepic.dll
    2015-06-05 14:56 . 2015-05-22 18:18    227328    ----a-w-    c:\windows\system32\aepdu.dll
    2015-06-03 12:22 . 2015-06-03 12:22    --------    d-----w-    c:\users\Катето\AppData\Local\GWX
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe
    2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe
    2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe
    2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe
    2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe
    2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe
    2015-06-23 21:23 . 2014-04-09 06:07    778416    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
    2015-06-23 21:23 . 2014-04-09 06:07    142512    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-06-12 00:03 . 2014-04-09 04:47    140135120    ----a-w-    c:\windows\system32\MRT.exe
    2015-05-25 18:01 . 2015-06-11 06:47    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
    2015-05-01 13:17 . 2015-05-14 00:02    124112    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-01 13:16 . 2015-05-14 00:02    102608    ----a-w-    c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2015-04-20 03:17 . 2015-05-13 06:35    1647104    ----a-w-    c:\windows\system32\DWrite.dll
    2015-04-20 03:17 . 2015-05-13 06:35    1179136    ----a-w-    c:\windows\system32\FntCache.dll
    2015-04-20 02:56 . 2015-05-13 06:35    1250816    ----a-w-    c:\windows\SysWow64\DWrite.dll
    2015-04-18 03:10 . 2015-05-13 06:37    460800    ----a-w-    c:\windows\system32\certcli.dll
    2015-04-18 02:56 . 2015-05-13 06:37    342016    ----a-w-    c:\windows\SysWow64\certcli.dll
    2015-04-13 03:28 . 2015-05-13 06:36    328704    ----a-w-    c:\windows\system32\services.exe
    2015-04-08 03:29 . 2015-05-13 06:35    275456    ----a-w-    c:\windows\system32\InkEd.dll
    2015-04-08 03:29 . 2015-05-13 06:35    24576    ----a-w-    c:\windows\system32\jnwmon.dll
    2015-04-08 03:14 . 2015-05-13 06:35    216064    ----a-w-    c:\windows\SysWow64\InkEd.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CONNMGRTRAY"="c:\program files\Acer\Acer 3G Connection Manager\ConnMgrLauncher.exe" [2011-03-03 363112]
    "uTorrent"="c:\users\Катето\AppData\Roaming\uTorrent\uTorrent.exe" [2015-05-06 1694560]
    "DAEMON Tools Ultra Agent"="c:\program files (x86)\DAEMON Tools Ultra\DTAgent.exe" [2014-04-28 3198224]
    "NETGATERegistryCleaner"="c:\program files\NETGATE\Registry Cleaner\RegistryCleaner.exe" [2013-07-11 2303824]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-06-02 28785280]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-03 1021128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute    REG_MULTI_SZ       autocheck autochk *\0sh4native Sh4Removal
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
    @=""
    .
    R1 SDHookDriver;Hook Test Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
    R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 tsusbhub;tsusbhub;tsusbhub [x]
    S0 SymEFASI;Symantec Extended File Attributes (SI);c:\windows\system32\drivers\NSx64\1605000.07C\SYMEFASI64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1605000.07C\SYMEFASI64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\BASHDefs\20150625.001\BHDrvx64.sys;c:\program files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\BASHDefs\20150625.001\BHDrvx64.sys [x]
    S1 ccSet_NS;NS Settings Manager;c:\windows\system32\drivers\NSx64\1605000.07C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSx64\1605000.07C\ccSetx64.sys [x]
    S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\IPSDefs\20150626.001\IDSvia64.sys;c:\program files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\IPSDefs\20150626.001\IDSvia64.sys [x]
    S1 PFolder;PFolder;c:\windows\System32\Drivers\PFolder64.sys;c:\windows\SYSNATIVE\Drivers\PFolder64.sys [x]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NSx64\1605000.07C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1605000.07C\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NSx64\1605000.07C\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1605000.07C\SYMNETS.SYS [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
    S2 NGRegClnSrv;NETGATE Registry Cleaner Service;c:\program files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe;c:\program files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe [x]
    S2 NS;Norton Security;c:\program files (x86)\Norton Security\Engine\22.5.0.124\NS.exe;c:\program files (x86)\Norton Security\Engine\22.5.0.124\NS.exe [x]
    S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [x]
    S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtscsibus.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMPROTECTOR
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-09 21:23]
    .
    .
    --------- X64 Entries -----------
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearch Page = hxxp://www.google.com
    mDefault_Page_URL = about:blank
    mDefault_Search_URL = hxxp://www.google.com
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Катето\AppData\Roaming\Mozilla\Firefox\Profiles\ufhrkess.default-1403927861999\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.bg/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-PrivateFolder - c:\program files (x86)\PrivateFolder\PF_Pass.exe
    Wow6432Node-HKLM-Run-Andy - c:\program files\Andy\HandyAndy.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NS]
    "ImagePath"="\"c:\program files (x86)\Norton Security\Engine\22.5.0.124\NS.exe\" /s \"NS\" /m \"c:\program files (x86)\Norton Security\Engine\22.5.0.124\diMaster.dll\" /prefetch:1"
    "ImagePath"="\SystemRoot\system32\drivers\NSx64\1605000.07C\SYMNETS.SYS"
    "TrustedImagePaths"="c:\program files (x86)\Norton Security\Engine\22.5.0.124;c:\program files (x86)\Norton Security\Engine64\22.5.0.124"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-06-28  11:55:52
    ComboFix-quarantined-files.txt  2015-06-28 08:55
    .
    Pre-Run: 124 812 935 168 bytes free
    Post-Run: 124 626 305 024 bytes free
    .
    - - End Of File - - 5EA533D2B6C24A6FDC9B7CB6D9F1C48E
    A36C5E4F47E84449FF07ED3517B43A31
     

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Стъпка 1

    Моля, изтеглете и стартирайте този инструмент. Следвайте инструкциите, за да завърши работата си.

    ftp://ftp.f-secure.com/support/tools/uitool/UninstallationTool.exe

    Стъпка 2

    Моля изтеглете icon1351185104.pngJunkware Removal Tool на вашия десктоп.

    • Спрете временно работата на защитните програми.
    • Стартирайте инструмента JRT.exe
    • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
    • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
    • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
    • Моля копирайте съдържанието на лог файла в следващия си пост.
    Стъпка 3
    • Изтеглете и стартирайте 6sv1DN9.jpgAdwCleaner.exe.
    • Натиснете бутона Scan.
    • AdwCleaner ще започне да проверява компютъра.
    • След като проверката приключи натиснете бутона Clean.
    • Програмата ще затвори всички излишни процеси и след почистването ще иска да рестартира машината. Съгласете се.
    • Ще се появи автоматично лог файл с името (AdwCleaner[s0].txt) в C:\Adwcleaner
    • Публикувайте съдържанието му в следващия си коментар.
    В следващия си коментар в тази тема, включете следните лог файлове:
    • Лог файл от Junkware Removal Tool
    • Лог файл от AdwCleaner
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Позволих си да сканирам с  adwcleaner още 2 пъти веднага един след друг,  и в двата резултата ми намира C:\Users\Катето\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Homepage] : hxxp://websearch.coolsearches.info/?pid=21735&r=2015/03/31&hid=8210722968839278389&lg=EN&cc=GR&unqvl=85. Това означава ли че не може да го почисти? Уж след рестарта трябва да е изтрито, а него пак го има. Или аз съм в грешка? За съжаление познанията ми са колкото на обикновен потребител :(

    AdwCleanerR16.txt

    AdwCleanerR17.txt

    AdwCleanerR18.txt

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Не, това категорично не означава, че не е възможно да се изчисти, а че е упорит зловредния софтуер.

    Моля, изтрийте вашето FRST.exe копие, изтеглете ново и генерирайте нови лог файлове. Публикувайте ги тук.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Стъпка 1

    Моля, деинсталирайте: Google Update Helper

    Стъпка 2

    Изтеглете fixlist.txt и го запазете в папката от която стартирахте FRST.exe.

    Стартирайте FRST.exe и натиснете бутона Fix веднъж!

    След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

     

    Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

    fixlist.txt

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Единственото което открих за програмата Google Update Helper е че е упомената в един текстов документ който съм прикачила. Може би е била изтрита от някой от скенерите или от антивирусната , незнам,  но никъде не я откривам. Прикачвам и файла от FRST64

    Add-Remove Programs.txt

    Fixlog.txt

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    • Моля изтеглете и стартирайте изпълнимия файл от линка отдолу:

      ESET OnlineScan

    • Сложете отметката предesetAcceptTerms.png
    • Натиснете бутона esetStart.png.
    • Сложете отметката пред Enable detection of potentially unwanted applications.
    • Сега кликнете на Advanced Settings и се уверете, че опцията Remove found threats не е маркирана, а следните са маркирани:
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
      • Изберете сега бутона Change и изберете само Operating memory и дял C:\
    fhSji42.png
    • Натиснете бутона Start.
    • ESET ще започне да сваля и инсталира актуализации за вирусните дефиниции и след това ще започне да сканира компютъра. Бъдете търпеливи, защото процеса е бавен и може да отнеме доста време.
    • След като проверката приключи натиснете бутонаesetListThreats.png
    • Сега натиснете бутона esetExport.png, и запазете файла на десктопа с име по избор като например (ESETScan.txt). Копирайте резултата в следващия си коментар.
    • Натиснете бутона esetBack.png и след това натиснете бутона esetFinish.png за да затворите приложението.
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\EnJooyCCoupOoN\YQwuQCBBAwAyon.x64.dll.vir    a variant of Win64/Adware.MultiPlug.G application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\mozilla firefox\dbghelp.dll.vir    a variant of Win32/Adware.MultiPlug.IY application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SSaloePlues\Qu8xaGBTptX9YF.x64.dll.vir    a variant of Win64/Adware.MultiPlug.G application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\uanisallees\AmsWJ0bVddraTu.x64.dll.vir    a variant of Win64/Adware.MultiPlug.I application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\YoutUbeAdBlocke\JLVvAwM2UwwNw5.x64.dll.vir    a variant of Win64/Adware.MultiPlug.I application
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Chromatic Browser\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\torch\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\torch\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\torch\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\torch\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\torch\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Roaming\OpenCandy\6F0368E0ADC24DBB93EF22573D595C24\dm317c.exe.vir    a variant of Win32/OpenCandy.A potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Roaming\webssearches\UninstallManager.exe.vir    a variant of Win32/ELEX.CP potentially unwanted application
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js    JS/Kryptik.ATB trojan
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js    JS/Kryptik.ATB trojan
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js    JS/Adware.MultiPlug.B application
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js    JS/Kryptik.ATB trojan
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js    JS/Kryptik.ATB trojan
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js    JS/Adware.MultiPlug.B application
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js    JS/Kryptik.ATB trojan
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js    JS/Kryptik.ATB trojan
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js    JS/Adware.MultiPlug.B application
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js    JS/Kryptik.ATB trojan
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js    JS/Kryptik.ATB trojan
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js    JS/Adware.MultiPlug.B application
    C:\Users\Катето\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js    JS/Kryptik.ATB trojan
    C:\Users\Катето\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js    JS/Adware.MultiPlug.B application
    C:\Users\Катето\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js    JS/Adware.MultiPlug.B application
    C:\Users\Катето\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js    JS/Kryptik.ATB trojan
    C:\Users\Катето\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js    JS/Adware.MultiPlug.B application
    C:\Users\Катето\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js    JS/Kryptik.ATB trojan
    C:\Users\Катето\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js    JS/Adware.MultiPlug.B application
    C:\Users\Катето\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js    JS/Adware.MultiPlug.B application
    C:\Users\Катето\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js    JS/Kryptik.ATB trojan
    C:\Users\Катето\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js    JS/Adware.MultiPlug.B application
    C:\Users\Катето\AppData\Roaming\rmi\KMPlayer_v3.8.0.117.exe    Win32/OpenCandy potentially unsafe application
    C:\Users\Катето\AppData\Roaming\uTorrent\updates\3.4.1_30768.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application
    C:\Users\Катето\AppData\Roaming\uTorrent\updates\3.4.2_37754.exe    a variant of Win32/OpenCandy.C potentially unsafe application
    C:\Users\Катето\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe    a variant of Win32/OpenCandy.C potentially unsafe application
    C:\Windows\Installer\MSI5564.tmp    a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
     

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Моля, повторете сканирането, но този път маркирайте Remove found threats.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Забелязах че намерените файлове са поставени под карантина, след което има опция да бъдат изтрити оттам. Трябва ли да ги изтрия, или да ги оставя така ?

    ESETScan2.txt

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Точно този резултат очакваме. Те са изтрити успешно.

    Това, което ме интересува на този етап е имаме ли някакви положителни резултати?

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    В началото успях да изтегля един филм, без да се отвори нито една реклама,  но като стигнах до субтитрите, пак се започна. При всеки клик на мишката по един нов прозорец. Не знам какъв е този вирус, но явно непрекъснато се възпроизвежда :(

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Съвсем случайно намерих GoogleUpdateHelper за който говорехме преди няколко дена. Странно е че търсачката не го открива, нито пък в списъка със инсталираните програми е наличен. Файлът се намира в C:\Program Files (x86)\Google\Update \1.3.24.15 . GoogleUpdateHelper.msi - тип  пакет за инсталиране на windows. Ще бъде ли проблем ако изтрия цялата папка за по сигурно? И защо търсачката не го открива файла ? Качвам и снимка на съдържанието на папката.

    post-345305-0-28695000-1436106147_thumb.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Деинсталирайте временно и Google Earth и ако все още съществува цялата тази папка:

    C:\Program Files (x86)\Google

    Накрая рестартирайте и стартирайте отново Junkware и AdwCleaner. Публикувайте резултатите и проверете за промяна в състоянието.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    • Горещи теми в момента

    • Подобни теми

      • от tany
        От известно време 3-4 пъти месечно "Актуализация" ми иска съгласието да го инсталирам.Аз отказвам но след 6-7 дни пак опит 
        и така вече няколко месеца.Нямам представа дали е вирус,нямам проблеми с компютъра,няма забивания или забавяне.
        Ето за това става въпрос
         
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-09-2017
        Ran by Стоянчо (administrator) on DESKTOP-HV76MO6 (24-09-2017 23:11:02)
        Running from C:\Users\Стоянчо\Downloads
        Loaded Profiles: Стоянчо (Available Profiles: Стоянчо)
        Platform: Windows 10 Pro Version 1703 (X64) Language: Български (България)
        Internet Explorer Version 11 (Default browser: Chrome)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
        (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
        (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
        (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
        (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
        (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
        () C:\Program Files\Gramblr\gramblr.exe
        (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
        (Intel Corporation) C:\Windows\System32\igfxEM.exe
        (Intel Corporation) C:\Windows\System32\igfxHK.exe
        () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
        (Microsoft Corporation) C:\Windows\System32\dllhost.exe
        (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
        (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
        (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe
        () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\Video.UI.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        ==================== Registry (Whitelisted) ===========================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
        HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
        Winlogon\Notify\igfxcui: igfxdev.dll [X]
        HKU\S-1-5-21-3274723310-3931731729-1199849900-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48138880 2015-10-14] (Skype Technologies S.A.)
        HKU\S-1-5-21-3274723310-3931731729-1199849900-1001\...\Run: [GoogleChromeAutoLaunch_7AC76D272A3C9865EEE36FF327D0728E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848 2017-08-23] (Google Inc.)
        Startup: C:\Users\Стоянчо\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2016-12-26]
        ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Стоянчо\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Hosts: 127.0.0.1    localhost
        Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
        Tcpip\..\Interfaces\{2b43ead3-416b-49fc-acb0-4ea078b43530}: [DhcpNameServer] 192.168.42.129
        Tcpip\..\Interfaces\{9146b479-0d48-411c-83c0-18542761f0fe}: [DhcpNameServer] 95.87.194.4 192.168.0.1
        Tcpip\..\Interfaces\{a5340c57-e453-40ab-bfb5-c36cda227066}: [DhcpNameServer] 192.168.1.1
        Internet Explorer:
        ==================
        BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-19] (Microsoft Corporation)
        BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-19] (Microsoft Corporation)
        BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-19] (Microsoft Corporation)
        BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-19] (Microsoft Corporation)
        Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
        Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
        Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
        Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
        FireFox:
        ========
        FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
        FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
        FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
        FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
        FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-19] (Microsoft Corporation)
        FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-19] (Microsoft Corporation)
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
        Chrome: 
        =======
        CHR DefaultProfile: Default
        CHR Profile: C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default [2017-09-24]
        CHR Extension: (Google Презентации) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-11]
        CHR Extension: (Google Документи) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-11]
        CHR Extension: (Google Диск) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-11]
        CHR Extension: (YouTube) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-11]
        CHR Extension: (Video Downloader professional) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-08-04]
        CHR Extension: (Електронни таблици от Google) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-11]
        CHR Extension: (Farmville 2 Beacon) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkkmnngogaccacpomdhdiahljbjihoc [2017-05-08]
        CHR Extension: (Google Документи офлайн) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-11]
        CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
        CHR Extension: (Gmail) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-11]
        CHR Extension: (Chrome Media Router) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
        CHR Extension: (JobBoxPro) - C:\Users\Стоянчо\Downloads\Нова папка (6)\jobboxpro [2017-01-25]
        CHR Profile: C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-09-14]
        CHR Profile: C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-11]
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
        R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-09-08] (Microsoft Corporation)
        R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [11867216 2017-09-23] () [File not signed]
        R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
        S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
        S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-05-04] (Enigma Software Group USA, LLC.)
        R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255584 2017-08-19] (Synaptics Incorporated)
        R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
        R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-30] (Microsoft Corporation)
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
        S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [22704 2016-05-04] ()
        R1 MpKsl1045740a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D1018B7D-39B5-48CE-97D7-3CAF92792300}\MpKsl1045740a.sys [44928 2017-09-24] (Microsoft Corporation)
        R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-03-18] (MediaTek Inc.)
        R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895224 2016-02-17] (Realtek )
        R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2015-09-13] (Ralink Technology, Corp.)
        S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
        S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
        S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2017-03-18] (Microsoft Corporation)
        S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
        R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
        R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
        R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-24 23:11 - 2017-09-24 23:12 - 000012716 _____ C:\Users\Стоянчо\Downloads\FRST.txt
        2017-09-24 23:10 - 2017-09-24 23:11 - 000000000 ____D C:\FRST
        2017-09-24 23:10 - 2017-09-24 23:10 - 002399744 _____ (Farbar) C:\Users\Стоянчо\Downloads\FRST64.exe
        2017-09-20 22:41 - 2017-09-20 22:43 - 000000000 ____D C:\Users\Стоянчо\Desktop\други
        2017-09-15 23:41 - 2017-09-15 23:41 - 017675071 _____ C:\Users\Стоянчо\Downloads\Milk and Honey- Didi(DVD Quality).mp4
        2017-09-13 07:05 - 2017-09-05 08:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
        2017-09-13 07:05 - 2017-09-05 08:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
        2017-09-13 07:05 - 2017-09-05 08:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
        2017-09-13 07:05 - 2017-09-05 08:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
        2017-09-13 07:05 - 2017-09-05 08:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
        2017-09-13 07:05 - 2017-09-05 08:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
        2017-09-13 07:05 - 2017-09-05 07:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
        2017-09-13 07:05 - 2017-09-05 07:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
        2017-09-13 07:05 - 2017-09-05 07:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
        2017-09-13 07:05 - 2017-09-05 07:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
        2017-09-13 07:05 - 2017-09-05 07:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
        2017-09-13 07:05 - 2017-09-05 07:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
        2017-09-13 07:05 - 2017-09-05 07:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
        2017-09-13 07:05 - 2017-09-05 07:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
        2017-09-13 07:05 - 2017-09-05 07:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
        2017-09-13 07:05 - 2017-09-05 07:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
        2017-09-13 07:05 - 2017-09-05 07:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
        2017-09-13 07:05 - 2017-09-05 07:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
        2017-09-13 07:05 - 2017-09-05 07:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
        2017-09-13 07:05 - 2017-09-05 07:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
        2017-09-13 07:05 - 2017-09-05 07:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
        2017-09-13 07:05 - 2017-09-05 07:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
        2017-09-13 07:05 - 2017-09-05 07:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
        2017-09-13 07:05 - 2017-09-05 07:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
        2017-09-13 07:05 - 2017-09-05 07:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
        2017-09-13 07:05 - 2017-09-05 07:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
        2017-09-13 07:05 - 2017-09-05 07:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
        2017-09-13 07:05 - 2017-09-05 07:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
        2017-09-13 07:05 - 2017-09-05 07:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
        2017-09-13 07:05 - 2017-09-05 07:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
        2017-09-13 07:05 - 2017-09-05 07:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
        2017-09-13 07:05 - 2017-09-05 07:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
        2017-09-13 07:05 - 2017-09-05 07:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
        2017-09-13 07:05 - 2017-09-05 07:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
        2017-09-13 07:05 - 2017-09-05 07:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
        2017-09-13 07:05 - 2017-09-05 07:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
        2017-09-13 07:05 - 2017-09-05 07:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
        2017-09-13 07:05 - 2017-09-05 07:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
        2017-09-13 07:05 - 2017-09-05 07:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
        2017-09-13 07:05 - 2017-09-05 07:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
        2017-09-13 07:05 - 2017-09-05 07:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
        2017-09-13 07:05 - 2017-09-05 07:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
        2017-09-13 07:05 - 2017-09-05 07:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
        2017-09-13 07:05 - 2017-09-05 07:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
        2017-09-13 07:05 - 2017-09-05 07:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
        2017-09-13 07:05 - 2017-09-05 07:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
        2017-09-13 07:05 - 2017-09-05 07:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
        2017-09-13 07:05 - 2017-09-05 07:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
        2017-09-13 07:05 - 2017-09-05 07:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
        2017-09-13 07:05 - 2017-09-05 07:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
        2017-09-13 07:05 - 2017-09-05 07:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
        2017-09-13 07:05 - 2017-09-05 07:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
        2017-09-13 07:05 - 2017-09-05 07:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
        2017-09-13 07:05 - 2017-09-05 07:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
        2017-09-13 07:05 - 2017-09-05 07:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
        2017-09-13 07:05 - 2017-09-05 07:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
        2017-09-13 07:05 - 2017-09-05 07:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
        2017-09-13 07:05 - 2017-09-05 07:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
        2017-09-13 07:05 - 2017-09-05 07:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
        2017-09-13 07:05 - 2017-09-05 07:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
        2017-09-13 07:05 - 2017-09-05 07:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
        2017-09-13 07:05 - 2017-09-05 07:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
        2017-09-13 07:05 - 2017-09-05 07:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
        2017-09-13 07:05 - 2017-09-05 07:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
        2017-09-13 07:05 - 2017-09-05 07:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
        2017-09-13 07:05 - 2017-09-05 07:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
        2017-09-13 07:05 - 2017-09-05 07:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
        2017-09-13 07:05 - 2017-09-05 07:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
        2017-09-13 07:05 - 2017-09-05 07:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
        2017-09-13 07:05 - 2017-09-05 07:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
        2017-09-13 07:05 - 2017-09-05 07:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
        2017-09-13 07:05 - 2017-09-05 07:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
        2017-09-13 07:05 - 2017-09-05 07:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
        2017-09-13 07:05 - 2017-09-05 07:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
        2017-09-13 07:05 - 2017-09-05 07:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
        2017-09-13 07:05 - 2017-09-05 07:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
        2017-09-13 07:05 - 2017-09-05 07:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
        2017-09-13 07:05 - 2017-09-05 07:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
        2017-09-13 07:05 - 2017-09-05 07:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
        2017-09-13 07:05 - 2017-09-05 07:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
        2017-09-13 07:05 - 2017-09-05 07:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
        2017-09-13 07:05 - 2017-09-05 07:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
        2017-09-13 07:05 - 2017-09-05 07:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
        2017-09-13 07:05 - 2017-09-05 07:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
        2017-09-13 07:05 - 2017-09-05 07:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
        2017-09-13 07:05 - 2017-09-05 07:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
        2017-09-13 07:05 - 2017-09-05 07:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
        2017-09-13 07:05 - 2017-09-05 07:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
        2017-09-13 07:05 - 2017-09-05 07:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
        2017-09-13 07:05 - 2017-09-05 07:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
        2017-09-13 07:05 - 2017-09-05 07:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
        2017-09-13 07:05 - 2017-09-05 07:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
        2017-09-13 07:05 - 2017-09-05 07:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
        2017-09-13 07:05 - 2017-09-05 07:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
        2017-09-13 07:05 - 2017-09-05 07:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
        2017-09-13 07:05 - 2017-09-05 07:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
        2017-09-13 07:05 - 2017-09-05 07:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
        2017-09-13 07:04 - 2017-09-05 08:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
        2017-09-13 07:04 - 2017-09-05 08:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
        2017-09-13 07:04 - 2017-09-05 08:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
        2017-09-13 07:04 - 2017-09-05 08:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
        2017-09-13 07:04 - 2017-09-05 08:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
        2017-09-13 07:04 - 2017-09-05 08:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
        2017-09-13 07:04 - 2017-09-05 08:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
        2017-09-13 07:04 - 2017-09-05 08:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
        2017-09-13 07:04 - 2017-09-05 08:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
        2017-09-13 07:04 - 2017-09-05 08:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
        2017-09-13 07:04 - 2017-09-05 08:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
        2017-09-13 07:04 - 2017-09-05 08:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
        2017-09-13 07:04 - 2017-09-05 08:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
        2017-09-13 07:04 - 2017-09-05 08:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
        2017-09-13 07:04 - 2017-09-05 08:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
        2017-09-13 07:04 - 2017-09-05 08:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
        2017-09-13 07:04 - 2017-09-05 08:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
        2017-09-13 07:04 - 2017-09-05 08:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
        2017-09-13 07:04 - 2017-09-05 08:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
        2017-09-13 07:04 - 2017-09-05 07:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
        2017-09-13 07:04 - 2017-09-05 07:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
        2017-09-13 07:04 - 2017-09-05 07:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
        2017-09-13 07:04 - 2017-09-05 07:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
        2017-09-13 07:04 - 2017-09-05 07:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
        2017-09-13 07:04 - 2017-09-05 07:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
        2017-09-13 07:04 - 2017-09-05 07:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
        2017-09-13 07:04 - 2017-09-05 07:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
        2017-09-13 07:04 - 2017-09-05 07:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
        2017-09-13 07:04 - 2017-09-05 07:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
        2017-09-13 07:04 - 2017-09-05 07:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
        2017-09-13 07:04 - 2017-09-05 07:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
        2017-09-13 07:04 - 2017-09-05 07:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
        2017-09-13 07:04 - 2017-09-05 07:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
        2017-09-13 07:04 - 2017-09-05 07:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
        2017-09-13 07:04 - 2017-09-05 07:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
        2017-09-13 07:04 - 2017-09-05 07:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
        2017-09-13 07:04 - 2017-09-05 07:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
        2017-09-13 07:04 - 2017-09-05 07:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
        2017-09-13 07:04 - 2017-09-05 07:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
        2017-09-13 07:04 - 2017-09-05 07:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
        2017-09-13 07:04 - 2017-09-05 07:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
        2017-09-13 07:04 - 2017-09-05 07:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
        2017-09-13 07:04 - 2017-09-05 07:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
        2017-09-13 07:04 - 2017-09-05 07:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
        2017-09-13 07:04 - 2017-09-05 07:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
        2017-09-13 07:04 - 2017-09-05 07:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
        2017-09-13 07:04 - 2017-09-05 07:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
        2017-09-13 07:04 - 2017-09-05 07:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
        2017-09-13 07:04 - 2017-09-05 07:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
        2017-09-13 07:04 - 2017-09-05 07:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
        2017-09-13 07:04 - 2017-09-05 07:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
        2017-09-13 07:04 - 2017-09-05 07:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
        2017-09-13 07:04 - 2017-09-05 07:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
        2017-09-13 07:04 - 2017-09-05 07:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
        2017-09-13 07:04 - 2017-09-05 07:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
        2017-09-13 07:04 - 2017-09-05 07:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
        2017-09-13 07:04 - 2017-09-05 07:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
        2017-09-13 07:04 - 2017-09-05 07:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
        2017-09-13 07:04 - 2017-09-05 07:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
        2017-09-13 07:04 - 2017-09-05 07:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
        2017-09-13 07:04 - 2017-09-05 07:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
        2017-09-13 07:04 - 2017-09-05 07:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
        2017-09-13 07:04 - 2017-09-05 07:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
        2017-09-13 07:04 - 2017-09-05 07:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
        2017-09-13 07:04 - 2017-09-05 07:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
        2017-09-13 07:04 - 2017-09-05 07:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
        2017-09-13 07:04 - 2017-09-05 07:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
        2017-09-13 07:04 - 2017-09-05 07:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
        2017-09-13 07:04 - 2017-09-05 07:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
        2017-09-13 07:04 - 2017-09-05 07:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
        2017-09-13 07:03 - 2017-09-05 08:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
        2017-09-13 07:03 - 2017-09-05 08:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
        2017-09-13 07:03 - 2017-09-05 08:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
        2017-09-13 07:03 - 2017-09-05 08:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
        2017-09-13 07:03 - 2017-09-05 08:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
        2017-09-13 07:03 - 2017-09-05 08:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
        2017-09-13 07:03 - 2017-09-05 08:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
        2017-09-13 07:03 - 2017-09-05 08:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
        2017-09-13 07:03 - 2017-09-05 08:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
        2017-09-13 07:03 - 2017-09-05 08:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
        2017-09-13 07:03 - 2017-09-05 08:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
        2017-09-13 07:03 - 2017-09-05 08:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
        2017-09-13 07:03 - 2017-09-05 08:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
        2017-09-13 07:03 - 2017-09-05 08:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
        2017-09-13 07:03 - 2017-09-05 08:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
        2017-09-13 07:03 - 2017-09-05 08:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
        2017-09-13 07:03 - 2017-09-05 08:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
        2017-09-13 07:03 - 2017-09-05 08:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
        2017-09-13 07:03 - 2017-09-05 08:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
        2017-09-13 07:03 - 2017-09-05 08:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
        2017-09-13 07:03 - 2017-09-05 08:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
        2017-09-13 07:03 - 2017-09-05 08:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
        2017-09-13 07:03 - 2017-09-05 08:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
        2017-09-13 07:03 - 2017-09-05 08:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
        2017-09-13 07:03 - 2017-09-05 08:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
        2017-09-13 07:03 - 2017-09-05 08:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
        2017-09-13 07:03 - 2017-09-05 08:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
        2017-09-13 07:03 - 2017-09-05 08:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
        2017-09-13 07:03 - 2017-09-05 08:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
        2017-09-13 07:03 - 2017-09-05 08:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
        2017-09-13 07:03 - 2017-09-05 08:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
        2017-09-13 07:03 - 2017-09-05 08:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
        2017-09-13 07:03 - 2017-09-05 08:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
        2017-09-13 07:03 - 2017-09-05 08:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
        2017-09-13 07:03 - 2017-09-05 08:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
        2017-09-13 07:03 - 2017-09-05 08:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
        2017-09-13 07:03 - 2017-09-05 08:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
        2017-09-13 07:03 - 2017-09-05 08:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
        2017-09-13 07:03 - 2017-09-05 08:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
        2017-09-13 07:03 - 2017-09-05 07:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
        2017-09-13 07:03 - 2017-09-05 07:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
        2017-09-13 07:03 - 2017-09-05 07:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
        2017-09-13 07:03 - 2017-09-05 07:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
        2017-09-13 07:03 - 2017-09-05 07:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
        2017-09-13 07:03 - 2017-09-05 07:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
        2017-09-13 07:03 - 2017-09-05 07:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
        2017-09-13 07:03 - 2017-09-05 07:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
        2017-09-13 07:03 - 2017-09-05 07:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
        2017-09-13 07:03 - 2017-09-05 07:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
        2017-09-13 07:03 - 2017-09-05 07:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
        2017-09-13 07:03 - 2017-09-05 07:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
        2017-09-13 07:03 - 2017-09-05 07:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
        2017-09-13 07:03 - 2017-09-05 07:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
        2017-09-13 07:03 - 2017-09-05 07:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
        2017-09-13 07:03 - 2017-09-05 07:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
        2017-09-13 07:03 - 2017-09-05 07:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
        2017-09-13 07:03 - 2017-09-05 07:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
        2017-09-13 07:03 - 2017-09-05 07:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
        2017-09-13 07:03 - 2017-09-05 07:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
        2017-09-13 07:03 - 2017-09-05 07:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
        2017-09-13 07:03 - 2017-09-05 07:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
        2017-09-13 07:03 - 2017-09-05 07:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
        2017-09-13 07:03 - 2017-09-05 07:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
        2017-09-13 07:03 - 2017-09-05 07:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
        2017-09-13 07:03 - 2017-09-05 07:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
        2017-09-13 07:03 - 2017-09-05 07:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
        2017-09-13 07:03 - 2017-09-05 07:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
        2017-09-13 07:03 - 2017-09-05 07:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
        2017-09-13 07:03 - 2017-09-05 07:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
        2017-09-13 07:03 - 2017-09-05 07:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
        2017-09-13 07:03 - 2017-09-05 07:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
        2017-09-13 07:03 - 2017-09-05 07:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
        2017-09-13 07:03 - 2017-09-05 07:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
        2017-09-13 07:03 - 2017-09-05 07:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
        2017-09-13 07:03 - 2017-09-05 07:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
        2017-09-13 07:03 - 2017-09-05 07:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
        2017-09-13 07:03 - 2017-09-05 07:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
        2017-09-13 07:03 - 2017-09-05 07:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
        2017-09-13 07:03 - 2017-09-05 07:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
        2017-09-13 07:03 - 2017-09-05 07:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
        2017-09-13 07:03 - 2017-09-05 07:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
        2017-09-13 07:03 - 2017-09-05 07:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
        2017-09-13 07:03 - 2017-09-05 07:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
        2017-09-13 07:03 - 2017-09-05 07:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
        2017-09-13 07:03 - 2017-09-05 07:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
        2017-09-13 07:03 - 2017-09-05 07:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
        2017-09-13 07:03 - 2017-09-05 07:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
        2017-09-13 07:03 - 2017-09-05 07:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
        2017-09-13 07:03 - 2017-09-05 07:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
        2017-09-13 07:03 - 2017-09-05 07:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
        2017-09-13 07:03 - 2017-09-05 07:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
        2017-09-13 07:03 - 2017-09-05 07:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
        2017-09-13 07:03 - 2017-09-05 07:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
        2017-09-13 07:03 - 2017-09-05 07:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
        2017-09-13 07:03 - 2017-09-05 07:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
        2017-09-13 07:03 - 2017-09-05 07:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
        2017-09-13 07:03 - 2017-09-05 07:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
        2017-09-13 07:03 - 2017-09-05 07:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
        2017-09-13 07:03 - 2017-09-05 07:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
        2017-09-13 07:03 - 2017-09-05 07:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
        2017-09-13 07:03 - 2017-09-05 07:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
        2017-09-13 07:03 - 2017-09-05 07:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
        2017-09-13 07:03 - 2017-09-05 07:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
        2017-09-13 07:03 - 2017-09-05 07:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
        2017-09-13 07:03 - 2017-09-05 07:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
        2017-09-13 07:03 - 2017-09-05 07:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
        2017-09-13 07:03 - 2017-09-05 07:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
        2017-09-13 07:03 - 2017-09-05 07:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
        2017-09-13 07:03 - 2017-09-05 07:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
        2017-09-13 07:03 - 2017-09-05 07:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
        2017-09-13 07:03 - 2017-09-05 07:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
        2017-09-13 07:03 - 2017-09-05 07:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
        2017-09-13 07:03 - 2017-09-05 07:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
        2017-09-13 07:03 - 2017-09-05 07:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
        2017-09-13 07:03 - 2017-09-05 07:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
        2017-09-13 07:03 - 2017-09-05 07:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
        2017-09-13 07:03 - 2017-09-01 08:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
        2017-08-25 23:36 - 2017-09-13 21:06 - 000000000 ____D C:\Users\Стоянчо\Desktop\red
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-24 23:13 - 2017-02-05 23:56 - 000000000 ____D C:\ProgramData\Gramblr
        2017-09-24 22:54 - 2017-06-18 07:23 - 000000000 ____D C:\Users\Стоянчо\Desktop\яяь
        2017-09-24 20:10 - 2017-06-30 01:05 - 000004212 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{33349A0F-B0C0-4DB3-AFE6-0F51132F45D5}
        2017-09-24 19:38 - 2017-06-30 00:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
        2017-09-24 17:36 - 2017-06-30 01:05 - 000004276 _____ C:\WINDOWS\System32\Tasks\Software Updater
        2017-09-24 13:12 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\AppReadiness
        2017-09-24 13:06 - 2015-09-13 15:31 - 000000000 __SHD C:\Users\Стоянчо\IntelGraphicsProfiles
        2017-09-23 19:06 - 2015-09-13 15:01 - 000000000 ____D C:\Users\Стоянчо\AppData\Local\Packages
        2017-09-23 19:04 - 2015-09-25 17:35 - 000000000 ____D C:\Users\Стоянчо\AppData\Roaming\uTorrent
        2017-09-23 18:02 - 2017-07-18 10:48 - 000001085 _____ C:\Users\Стоянчо\Desktop\Нов текстов документ.txt
        2017-09-23 15:14 - 2017-02-05 23:57 - 000000000 ____D C:\Program Files\Gramblr
        2017-09-23 13:05 - 2017-06-30 01:03 - 002547028 _____ C:\WINDOWS\system32\PerfStringBackup.INI
        2017-09-23 13:05 - 2015-12-04 21:09 - 001132696 _____ C:\WINDOWS\system32\perfh002.dat
        2017-09-23 13:05 - 2015-12-04 21:09 - 000334978 _____ C:\WINDOWS\system32\perfc002.dat
        2017-09-23 13:00 - 2017-06-30 01:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
        2017-09-23 13:00 - 2017-03-18 14:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
        2017-09-23 07:37 - 2017-03-19 00:03 - 000000000 ___HD C:\Program Files\WindowsApps
        2017-09-22 07:46 - 2017-06-30 00:48 - 000000000 ____D C:\Users\Стоянчо
        2017-09-22 06:18 - 2017-07-27 20:57 - 000003382 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3274723310-3931731729-1199849900-1001
        2017-09-22 06:17 - 2015-09-13 15:03 - 000002401 _____ C:\Users\Стоянчо\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
        2017-09-22 06:17 - 2015-09-13 15:03 - 000000000 ___RD C:\Users\Стоянчо\OneDrive
        2017-09-19 06:55 - 2015-10-09 22:20 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
        2017-09-18 21:49 - 2017-03-19 00:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
        2017-09-14 02:24 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\rescache
        2017-09-14 02:16 - 2017-03-19 00:01 - 000000000 ____D C:\WINDOWS\INF
        2017-09-13 18:18 - 2015-09-13 15:01 - 000000000 __RHD C:\Users\Public\AccountPictures
        2017-09-13 18:15 - 2017-06-30 00:42 - 000381448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
        2017-09-13 07:44 - 2017-03-20 06:21 - 000000000 ____D C:\WINDOWS\system32\bg
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ___SD C:\WINDOWS\system32\F12
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\system32\setup
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
        2017-09-13 07:20 - 2015-09-13 17:14 - 000000000 ____D C:\WINDOWS\system32\MRT
        2017-09-13 07:16 - 2017-03-18 23:51 - 000000000 ____D C:\WINDOWS\CbsTemp
        2017-09-13 07:16 - 2015-09-13 17:14 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
        2017-09-02 18:15 - 2017-03-19 00:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
        2017-09-02 18:15 - 2017-03-19 00:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
        2017-08-29 06:58 - 2016-09-11 19:33 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
        2017-08-26 15:34 - 2017-08-05 17:48 - 000000000 ____D C:\Users\Стоянчо\Desktop\;[;.[plpl
        2017-08-25 07:37 - 2017-07-28 23:11 - 000000000 ____D C:\Users\Стоянчо\Desktop\dfere
        ==================== Files in the root of some directories =======
        2016-01-17 08:06 - 2017-07-17 07:19 - 000009216 _____ () C:\Users\Стоянчо\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
        2016-07-17 20:30 - 2016-07-17 20:30 - 000000036 _____ () C:\Users\Стоянчо\AppData\Local\housecall.guid.cache
        2015-09-13 15:16 - 2015-09-13 15:16 - 000000003 _____ () C:\Users\Стоянчо\AppData\Local\updater.log
        2015-09-13 15:16 - 2017-05-06 19:17 - 000000425 _____ () C:\Users\Стоянчо\AppData\Local\UserProducts.xml
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\WINDOWS\system32\winlogon.exe => File is digitally signed
        C:\WINDOWS\system32\wininit.exe => File is digitally signed
        C:\WINDOWS\explorer.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
        C:\WINDOWS\system32\svchost.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
        C:\WINDOWS\system32\services.exe => File is digitally signed
        C:\WINDOWS\system32\User32.dll => File is digitally signed
        C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
        C:\WINDOWS\system32\userinit.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
        C:\WINDOWS\system32\rpcss.dll => File is digitally signed
        C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
        C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
        C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-09-19 19:38
        ==================== End of FRST.txt ============================
         
        Addition.txt
         
        Благодаря предварително.
      • от doktorkartar
        Здравейте, мина доста време от както ползвах услугите ви и съм изключително доволен от това. Проблема е че възстанових един стар backup (от преди години) на системата и загубих защитата си. Като цяло системата ми работи добре и не мисля че има кой знае какво притеснително в нея но за всеки случай да я проверим.
        Не съм сигурен но мисля че тук ми дадохте един файл (по скоро съдържание на host) в който бяха добавени много сайтове който да се блокирват при опит за посещение.
        Примерно: 0.0.0.0 www.google.com
         
        Другото за което също не съм сигурен е дали вие ми дадохте филтър на adblock за Мозила . От него също бях много доволен.
        И последното което ме притеснява проблем със самата Мозила. Не знам дали е от вирус или от самата програма. Проблема се изразява в това че като натисна на падащото меню в адресната лента то не се отваря. Всъщност се отваря но не се вижда абсолютно нищо. Цялото е чисто бяло и не се виждат сайтовете. Същото е при всички падащи менюта от Мозила: Падащото меню за търсачките (какво сме търсили) както и падащото меню на запазените регистрации.
         
        Общо взето това са ми притесненията а останалото те първа ще излезе на яве след сканиранията
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-10-2017 01 Ran by eclips (administrator) on ECLIPS-PC (19-10-2017 21:33:45) Running from C:\Users\eclips\Desktop Loaded Profiles: eclips (Available Profiles: eclips & Guest) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe () C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe () D:\- MOI NE6TA\DLNA\Serviio\bin\ServiioService.exe () D:\- MOI NE6TA\DLNA\Serviio\bin\ServiioService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Transaction Software, D 81829 Munich) H:\TECDOC_CD\1_2014\db\tbmux32.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation) HKU\S-1-5-21-1144684173-3877916052-1330907298-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{1E0F611B-DAE1-48B6-8208-5A38B3F56DB9}: [DhcpNameServer] 62.221.132.211 85.130.60.11 Tcpip\..\Interfaces\{5A334197-46EE-4622-AD06-D1F2AE57959E}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1144684173-3877916052-1330907298-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1144684173-3877916052-1330907298-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10181_1360_171019__yaie HKU\S-1-5-21-1144684173-3877916052-1330907298-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-1144684173-3877916052-1330907298-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10181_1360_171019__yaie&p={searchTerms} BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2017-10-14] (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2017-10-14] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-17] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2017-10-14] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-17] (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2017-10-14] (Kaspersky Lab ZAO) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated) BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.11.9.dll [2010-11-09] (BitComet) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2017-10-14] (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2017-10-14] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-17] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2017-10-14] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-17] (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2017-10-14] (Kaspersky Lab ZAO) FireFox: ======== FF DefaultProfile: 7lwtatk8.default-1507842258539 FF ProfilePath: C:\Users\eclips\AppData\Roaming\Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539 [2017-10-19] FF NewTab: Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539 -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10181_1360_171019__yaff FF DefaultSearchEngine: Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539 -> Yahoo® FF SelectedSearchEngine: Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539 -> Yahoo® FF Homepage: Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539 -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10181_1360_171019__yaff FF Extension: (Search Shield Study) - C:\Users\eclips\AppData\Roaming\Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539\Extensions\@unified-urlbar-shield-study-opt-out-new-users.xpi [2017-10-13] FF Extension: (AdBlock) - C:\Users\eclips\AppData\Roaming\Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2017-10-14] FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\eclips\AppData\Roaming\Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-13] FF Extension: (Adblock Plus) - C:\Users\eclips\AppData\Roaming\Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-10-19] FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: (Kaspersky URL Advisor) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2017-10-14] [not signed] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: (Virtual Keyboard) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2017-10-14] [not signed] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: (Dangerous Websites Blocker) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2017-10-14] [not signed] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: (Anti-Banner) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2017-10-14] [not signed] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: (Safe Money) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2017-10-14] [not signed] FF HKU\S-1-5-21-1144684173-3877916052-1330907298-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: (McAfee Security Scan Plus) - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_170.dll [2017-10-18] () FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2013-12-10] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-17] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-18] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-17] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-17] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-14] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-11] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.) FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll [No File] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll [2010-08-24] (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2011-09-05] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013-04-09] (Nullsoft, Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-06-17] CHR crx: C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\default_apps\search.crx [2014-03-15] CHR crx: C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\default_apps\search.crx [2014-02-20] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed] R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2017-10-14] (Kaspersky Lab ZAO) S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com) S4 CyberLink PowerDVD 13 Media Server Monitor Service; D:\PROGRAMKI\Power DVD\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-05-03] (CyberLink) S4 CyberLink PowerDVD 13 Media Server Service; D:\PROGRAMKI\Power DVD\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-05-03] (CyberLink) R2 Leawo_service; C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe [1232880 2014-05-04] () R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S4 Samsung Link Service; D:\- MOI NE6TA\Samsung Link\Samsung Link.exe [604512 2014-05-19] (Copyright 2013 SAMSUNG) R2 Serviio; D:\- MOI NE6TA\DLNA\Serviio\bin\ServiioService.exe [413696 2016-10-17] () [File not signed] S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed] R2 Transbase TECDOC CD 1_2014 Service; H:\TECDOC_CD\1_2014\db\tbmux32.exe [360448 2013-02-25] (Transaction Software, D 81829 Munich) [File not signed] R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2013-12-18] (TuneUp Software) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-06-14] (VIA Technologies, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-10-16] (Microsoft Corporation) S2 Hamachi2Svc; H:\Programki\Hamachi\hamachi-2.exe -s [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2012-11-06] (Advanced Micro Devices) [File not signed] R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-11-20] (DT Soft Ltd) R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-10-19] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2017-10-14] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2017-10-14] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2017-10-14] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2017-10-14] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2017-10-14] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2017-10-14] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2017-10-14] (Kaspersky Lab ZAO) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [192952 2017-10-19] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-10-19] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [45504 2017-10-19] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-10-19] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2017-10-19] (Malwarebytes) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [60416 2013-10-16] (Microsoft Corporation) R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; D:\PROGRAMKI\Power DVD\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-05-03] (CyberLink Corp.) S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X] S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-19 21:33 - 2017-10-19 21:34 - 000021252 _____ C:\Users\eclips\Desktop\FRST.txt 2017-10-19 21:30 - 2017-10-19 21:30 - 002402816 _____ (Farbar) C:\Users\eclips\Desktop\FRST64.exe 2017-10-19 21:25 - 2017-10-19 21:25 - 019012622 _____ C:\Users\eclips\Desktop\unhackme.zip 2017-10-19 20:51 - 2017-10-19 20:51 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2017-10-19 20:51 - 2017-10-19 20:51 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2017-10-19 20:51 - 2017-10-19 20:51 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-10-19 20:50 - 2017-10-19 20:50 - 000045504 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-10-19 20:07 - 2017-10-19 20:51 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-10-19 20:07 - 2017-10-19 20:50 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-10-19 20:07 - 2017-10-19 20:07 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-10-19 20:07 - 2017-10-19 20:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-10-19 20:05 - 2017-10-19 20:05 - 000000000 ____D C:\Windows\system32\Drivers\etc\BACKUP 2017-10-19 16:27 - 2017-10-19 20:41 - 000000000 ____D C:\Users\eclips\Desktop\bsplayer_pro271.1081 2017-10-19 16:20 - 2017-10-19 16:20 - 000003164 _____ C:\Windows\System32\Tasks\klcp_update 2017-10-19 16:20 - 2017-10-19 16:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2017-10-19 16:20 - 2017-10-19 16:20 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2017-10-19 16:20 - 2017-07-30 13:50 - 003850240 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll 2017-10-19 16:20 - 2017-07-30 13:50 - 003799552 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll 2017-10-19 16:20 - 2015-12-18 12:00 - 000755200 _____ C:\Windows\system32\xvidcore.dll 2017-10-19 16:20 - 2015-12-18 12:00 - 000309248 _____ C:\Windows\system32\xvidvfw.dll 2017-10-19 16:20 - 2015-12-18 12:00 - 000282112 _____ C:\Windows\SysWOW64\xvidvfw.dll 2017-10-19 16:20 - 2015-10-24 19:00 - 000126976 _____ C:\Windows\system32\ff_vfw.dll 2017-10-19 16:20 - 2015-10-24 19:00 - 000112128 _____ C:\Windows\SysWOW64\ff_vfw.dll 2017-10-19 16:20 - 2012-07-21 13:55 - 000180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm 2017-10-19 16:20 - 2012-07-21 13:54 - 000122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm 2017-10-19 16:20 - 2011-12-07 20:37 - 000148992 _____ ( ) C:\Windows\system32\lagarith.dll 2017-10-19 16:20 - 2011-12-07 20:32 - 000216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll 2017-10-19 16:16 - 2017-10-19 16:18 - 052381992 _____ (KLCP ) C:\Users\eclips\Desktop\K-Lite_Codec_Pack_1359_Mega.exe 2017-10-19 15:58 - 2017-10-19 15:58 - 010563576 _____ C:\Users\eclips\Desktop\bsplayer271.setup.exe 2017-10-19 15:54 - 2017-10-19 15:58 - 000000000 ____D C:\Users\eclips\AppData\Roaming\Lavasoft 2017-10-19 15:54 - 2017-10-19 15:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2017-10-19 15:54 - 2017-10-19 15:58 - 000000000 ____D C:\Program Files (x86)\Lavasoft 2017-10-19 15:54 - 2017-10-19 15:54 - 000000000 ____D C:\Users\eclips\AppData\Local\Lavasoft 2017-10-19 15:53 - 2017-10-19 15:58 - 000000000 ____D C:\ProgramData\Lavasoft 2017-10-19 15:44 - 2017-10-19 16:29 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player PRO.lnk 2017-10-19 15:44 - 2017-10-19 16:29 - 000001147 _____ C:\Users\Public\Desktop\BS.Player PRO.lnk 2017-10-19 15:44 - 2017-10-19 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webteh 2017-10-19 15:37 - 2017-10-19 15:39 - 053285758 _____ (KLCP ) C:\Users\eclips\Desktop\K-Lite_Codec_Pack_1360_Mega.exe 2017-10-19 14:57 - 2017-10-19 14:57 - 000091280 _____ C:\Users\eclips\Desktop\WAR_2017.(subs.sab.bz).rar 2017-10-17 23:41 - 2013-12-10 14:50 - 000955888 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2017-10-17 23:41 - 2013-12-10 14:50 - 000839152 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2017-10-17 23:40 - 2017-10-17 23:40 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2017-10-17 23:39 - 2017-10-17 23:39 - 000000000 ____D C:\Users\eclips\AppData\Roaming\Sun 2017-10-17 23:38 - 2017-10-17 23:38 - 000000000 ____D C:\Users\eclips\AppData\LocalLow\Oracle 2017-10-14 20:33 - 2017-10-14 20:33 - 000032774 _____ C:\Users\eclips\Desktop\IT_2017_NEW_HD_TS_60FPS_x264_HQ_CPG.(subs.sab.bz).rar 2017-10-14 19:44 - 2017-10-17 23:33 - 000000000 ____D C:\Program Files\Common Files\AV 2017-10-14 19:44 - 2017-10-14 19:44 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2017-10-14 19:16 - 2017-10-14 19:16 - 008250832 _____ (Malwarebytes) C:\Users\eclips\Downloads\adwcleaner_7.0.3.1.exe 2017-10-14 19:12 - 2017-10-17 23:33 - 000002334 _____ C:\Users\eclips\Desktop\Safe Money.lnk 2017-10-14 19:12 - 2017-10-14 19:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2017-10-14 19:12 - 2017-10-14 19:11 - 000001124 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2017-10-14 19:11 - 2017-10-14 19:43 - 000625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2017-10-14 19:11 - 2017-10-14 19:43 - 000115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2017-10-14 19:11 - 2017-10-14 19:11 - 000000000 ____D C:\Windows\ELAMBKUP 2017-10-14 19:11 - 2017-10-14 19:11 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab 2017-10-14 19:11 - 2013-05-06 09:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2017-10-14 16:17 - 2017-10-19 20:41 - 000000000 ____D C:\ProgramData\NVIDIA 2017-10-14 16:17 - 2017-10-14 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2017-10-14 16:16 - 2009-07-10 07:01 - 000539168 _____ (NVIDIA Corporation) C:\Windows\system32\NVUNINST.EXE 2017-10-14 16:15 - 2009-12-03 18:43 - 000000000 ____D C:\Users\eclips\Downloads\VGA_Win7-64(190.38)e 2017-10-14 16:15 - 2009-07-14 11:54 - 015005696 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 011327776 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2017-10-14 16:15 - 2009-07-14 11:54 - 010854400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 009375232 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 007565824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 002617856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 002258976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 002169376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 001983488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 001723424 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 001706528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 001291776 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 001044992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 000930272 _____ (Microsoft Corporation) C:\Windows\system32\dpinst.exe 2017-10-14 16:15 - 2009-07-14 11:54 - 000539168 _____ (NVIDIA Corporation) C:\Windows\system32\nvudisp.exe 2017-10-14 16:15 - 2009-07-14 11:54 - 000167936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod157.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 000167936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 000011168 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvBridge.kmd 2017-10-14 16:15 - 2009-07-14 11:54 - 000010161 _____ C:\Windows\system32\nvdisp.nvu 2017-10-14 16:14 - 2017-10-14 16:15 - 153992488 _____ C:\Users\eclips\Downloads\VGA_Win7-64(190.38)e.zip 2017-10-14 16:13 - 2017-10-19 21:13 - 000000000 ____D C:\Users\eclips\AppData\LocalLow\Mozilla 2017-10-13 22:03 - 2017-10-13 22:03 - 000033952 _____ C:\Users\eclips\Downloads\the.flash.2014.s04e01.hdtv.x264(subsunacs.net).rar 2017-10-13 01:17 - 2017-10-13 01:17 - 000000000 ____D C:\ProgramData\MB2Migration 2017-10-13 01:17 - 2017-10-13 01:17 - 000000000 ____D C:\Program Files\Malwarebytes 2017-10-13 01:12 - 2017-10-14 15:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-10-13 00:34 - 2017-10-18 00:30 - 005818880 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2017-10-13 00:04 - 2017-10-13 00:04 - 000000000 ____D C:\Users\eclips\Desktop\Стари данни Firefox 2017-10-13 00:01 - 2017-10-13 01:17 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2017-10-12 23:30 - 2017-10-13 00:35 - 000000000 ____D C:\Users\eclips\AppData\Local\Dropbox 2017-10-12 23:30 - 2017-10-12 23:30 - 000000000 ____D C:\ProgramData\Dropbox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-19 21:33 - 2014-07-01 19:48 - 000000000 ____D C:\FRST 2017-10-19 21:15 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\tracing 2017-10-19 20:49 - 2009-07-14 07:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-10-19 20:49 - 2009-07-14 07:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-10-19 20:43 - 2014-02-12 12:17 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2017-10-19 20:41 - 2013-11-19 23:28 - 000065536 _____ C:\Windows\system32\Ikeext.etl 2017-10-19 20:41 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-10-19 20:40 - 2013-11-19 19:37 - 000000000 ____D C:\Users\eclips\AppData\Roaming\BitComet 2017-10-19 20:06 - 2013-12-07 21:43 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-10-19 19:14 - 2014-05-28 13:04 - 000000000 ____D C:\AdwCleaner 2017-10-19 16:28 - 2013-11-19 23:49 - 000000000 ____D C:\Users\eclips\AppData\Roaming\BSplayer Pro 2017-10-19 16:27 - 2013-11-19 23:49 - 000000000 ____D C:\Program Files (x86)\Webteh 2017-10-19 16:23 - 2013-11-19 23:49 - 000000000 ____D C:\Users\eclips\AppData\Roaming\BSplayer 2017-10-18 19:40 - 2014-02-13 20:08 - 000000000 ____D C:\ADCDA2 2017-10-18 11:24 - 2013-12-18 22:51 - 000000000 ____D C:\Users\eclips\AppData\Roaming\Skype 2017-10-18 00:30 - 2013-12-10 11:19 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-10-18 00:30 - 2013-11-20 11:44 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-10-18 00:30 - 2013-11-20 11:44 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-10-18 00:30 - 2013-11-20 11:44 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-10-18 00:30 - 2013-11-20 11:44 - 000000000 ____D C:\Windows\system32\Macromed 2017-10-17 23:42 - 2014-01-21 17:33 - 000000000 ____D C:\Program Files (x86)\Java 2017-10-17 23:41 - 2014-01-21 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-10-17 23:41 - 2013-12-10 14:50 - 000000000 ____D C:\Program Files\Java 2017-10-17 23:40 - 2013-12-10 14:50 - 000319552 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2017-10-17 23:40 - 2013-12-10 14:50 - 000206912 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2017-10-17 23:40 - 2013-12-10 14:50 - 000206912 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2017-10-17 23:39 - 2014-09-01 14:38 - 000270912 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2017-10-17 23:39 - 2014-09-01 14:38 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2017-10-17 23:39 - 2014-01-21 17:34 - 000000000 ____D C:\ProgramData\Oracle 2017-10-14 21:22 - 2013-12-04 16:02 - 000000000 ____D C:\Users\eclips\AppData\Roaming\vlc 2017-10-14 19:43 - 2013-06-10 12:27 - 000029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys 2017-10-14 19:43 - 2013-06-06 17:38 - 000178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys 2017-10-14 19:43 - 2013-05-06 09:22 - 000458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys 2017-10-14 19:43 - 2013-05-05 22:42 - 000029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys 2017-10-14 19:43 - 2013-05-05 22:42 - 000029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys 2017-10-14 19:28 - 2013-11-20 17:22 - 000000000 ____D C:\Windows\pss 2017-10-14 19:11 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf 2017-10-14 18:40 - 2014-01-05 21:34 - 000000000 ____D C:\Users\eclips\AppData\Roaming\Dropbox 2017-10-14 16:24 - 2009-07-14 08:13 - 000785366 _____ C:\Windows\system32\PerfStringBackup.INI 2017-10-14 16:17 - 2014-05-12 23:13 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-10-14 16:17 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\Help 2017-10-14 15:37 - 2013-12-10 11:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-10-13 22:40 - 2013-11-19 23:41 - 000000000 ____D C:\ProgramData\AMD 2017-10-13 00:01 - 2013-12-07 21:44 - 000000000 ____D C:\Users\eclips\AppData\Roaming\Malwarebytes 2017-10-13 00:01 - 2013-12-07 21:43 - 000000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2017-10-13 00:00 - 2013-11-19 21:24 - 000000000 ____D C:\ProgramData\TuneUp Software ==================== Files in the root of some directories ======= 2014-01-04 21:14 - 2014-01-04 21:14 - 001615904 ____R () C:\Users\eclips\AppData\Local\ASbs.ac 2014-05-12 11:02 - 2014-05-12 11:02 - 000585728 _____ () C:\Users\eclips\AppData\Local\file__0.localstorage 2013-11-19 22:07 - 2013-11-19 22:07 - 000000017 ____R () C:\Users\eclips\AppData\Local\resmon.resmoncfg 2014-09-14 20:59 - 2014-09-15 21:08 - 010807116 _____ () C:\ProgramData\OfflineCatalogue_1_2014_TECDOC_CD.log 2014-09-14 21:05 - 2014-09-14 21:05 - 000006106 _____ () C:\ProgramData\UninstallOfflineCatalogue.log Some files in TEMP: ==================== 2014-09-15 19:44 - 2011-02-11 18:36 - 023454528 ____N ( ) C:\Users\eclips\AppData\Local\Temp\AdbeRdr_en_US.exe 2014-09-07 14:19 - 2014-09-07 14:19 - 007850088 _____ (Microsoft Corporation) C:\Users\eclips\AppData\Local\Temp\BingBarSetup-Partner.exe 2017-10-13 22:07 - 2017-10-13 22:07 - 016739360 _____ () C:\Users\eclips\AppData\Local\Temp\BitBEFB.tmp.exe 2017-10-14 18:40 - 2017-10-14 18:40 - 000043008 _____ () C:\Users\eclips\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprkbc9q.dll 2014-01-31 06:29 - 2014-01-31 06:29 - 000341120 _____ (Gretech Corporation) C:\Users\eclips\AppData\Local\Temp\ExPromo.exe 2014-07-01 12:48 - 2014-09-29 20:15 - 000035224 _____ () C:\Users\eclips\AppData\Local\Temp\i4jdel0.exe 2014-07-28 08:15 - 2014-07-28 08:15 - 000918440 _____ (Oracle Corporation) C:\Users\eclips\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe 2017-09-08 19:04 - 2017-09-08 19:04 - 001856576 _____ (Oracle Corporation) C:\Users\eclips\AppData\Local\Temp\jre-8u151-windows-au.exe 2014-07-29 18:48 - 2014-07-29 18:48 - 000021888 _____ () C:\Users\eclips\AppData\Local\Temp\ochelper.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-10-18 20:24 ==================== End of FRST.txt ============================  
        Addition.txt
      • от Rada Beliata
        Здравейте, тази сутрин, отваряйки си компа установих, че се е самонастанила непоискана от мен търсачка Bing мястото на стандартния ми Google. Не зная да не би проблема да е по-голям и за това не пробвам да я чистя , а директно пускам тук файловете от сканирането:
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
        Ran by User (administrator) on USER-PC (06-11-2017 14:32:42)
        Running from C:\Users\User\Desktop
        Loaded Profiles: User (Available Profiles: User & Guest)
        Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
        Internet Explorer Version 11 (Default browser: Chrome)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
        (AMD) C:\Windows\System32\atiesrxx.exe
        (AMD) C:\Windows\System32\atieclxx.exe
        (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
        (Microsoft Corporation) C:\Windows\System32\wlanext.exe
        (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
        (Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
        () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
        (Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
        (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
        (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
        (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
        (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
        (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
        (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe
        (Viber Media S.à r.l.) C:\Users\User\AppData\Local\Viber\Viber.exe
        (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
        (© 2015 Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe
        (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
        (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
        (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
        (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
        () C:\Program Files (x86)\SoundTouch\SoundTouchHelper\SoundTouchHelper.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Bose Corporation) C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Microsoft Corporation) C:\Windows\System32\dllhost.exe
        ==================== Registry (Whitelisted) ===========================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-16] (Dell Inc.)
        HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
        HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
        HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
        HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [1836328 2007-09-20] (Nero AG)
        HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1611160 2011-03-28] (CANON INC.)
        HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-20] (Wondershare)
        HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
        HKLM-x32\...\Run: [SoundTouchHelper] => C:\Program Files (x86)\SoundTouch\SoundTouchHelper\SoundTouchHelper.exe [952832 2017-09-18] ()
        HKLM-x32\...\Run: [SoundTouch Music Server] => C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.lnk [2172 2017-09-26] ()
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [googletalk] => C:\Users\User\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-30] (Google Inc.)
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2007-09-20] (Nero AG)
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\User\AppData\Local\Akamai\netsession_win.exe"
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [Viber] => C:\Users\User\AppData\Local\Viber\Viber.exe [38871120 2017-10-24] (Viber Media S.à r.l.)
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [BingSvc] => C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Policies\Explorer: [] 
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\MountPoints2: {b89e904f-c580-11e0-ae91-806e6f6e6963} - E:\setup.exe
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
        Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
        Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
        Tcpip\..\Interfaces\{61285D62-0825-4C6A-8F7B-F187EF6B7C4E}: [DhcpNameServer] 192.168.0.1
        Tcpip\..\Interfaces\{BEC2B3B5-8A62-4C8D-947B-942060F59681}: [NameServer] 10.250.238.3 10.250.238.4
        Tcpip\..\Interfaces\{E2C5FBF5-BC9E-4F83-8514-C9EC7DB41090}: [DhcpNameServer] 192.168.1.1
        Internet Explorer:
        ==================
        HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
        HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
        SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
        SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
        SearchScopes: HKU\.DEFAULT -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
        SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
        SearchScopes: HKU\S-1-5-21-2108872990-2365937994-3429966836-1000 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ADFA_en
        SearchScopes: HKU\S-1-5-21-2108872990-2365937994-3429966836-1000 -> {01331362-9AB4-4EF8-B80F-17A753AABA26} URL = hxxps://www.google.com/search?q={searchTerms}
        SearchScopes: HKU\S-1-5-21-2108872990-2365937994-3429966836-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ADFA_en
        BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
        BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
        BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-08-19] (Oracle Corporation)
        Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
        DPF: HKLM-x32 {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://e-fibank.bg/EBank/CAPICOM/capicom.cab
        DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
        Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)
        FireFox:
        ========
        FF DefaultProfile: 0nh7i0xu.default-1396792165575
        FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 [2017-10-19]
        FF DefaultSearchEngine: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> Bing 
        FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> Bing 
        FF SelectedSearchEngine: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> Bing 
        FF Homepage: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=en-us
        hxxps://www.malwarebytes.org/restorebrowser//?u=10b253f49536d7c82625e2601c9d32eb&c=1000_2&src=hp&inst=1471229042
        FF Keyword.URL: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q=
        FF Extension: (Bing Search) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575\Extensions\bingsearch.full@microsoft.com.xpi [2017-09-10]
        FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575\searchplugins\bing-.xml [2017-09-10]
        FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575\searchplugins\google-.xml [2016-05-02]
        FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
        FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
        FF Plugin-x32: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-08-19] (Oracle Corporation)
        FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\new_plugin\npjp2.dll [No File]
        FF Plugin-x32: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-08-19] (Oracle Corporation)
        FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
        FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
        FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
        FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
        FF Plugin HKU\S-1-5-21-2108872990-2365937994-3429966836-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
        FF Plugin HKU\S-1-5-21-2108872990-2365937994-3429966836-1000: @talk.google.com/O1DPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
        FF Plugin HKU\S-1-5-21-2108872990-2365937994-3429966836-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
        FF Plugin HKU\S-1-5-21-2108872990-2365937994-3429966836-1000: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
        FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
        FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
        FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
        FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
        Chrome: 
        =======
        CHR DefaultProfile: Profile 1
        CHR HomePage: Profile 1 -> msn.com
        CHR StartupUrls: Profile 1 -> "hxxp://www.google.com"
        CHR NewTab: Profile 1 ->  Active:"chrome-extension://fcfenmboojpjinhpgggodefccipikbpd/newTab.html", Not-active:"chrome-extension://mallpejgeafdahhflmliiahjdpgbegpk/stubby.html"
        CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-07-03]
        CHR Extension: (Google Translate) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-20]
        CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
        CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
        CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
        CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-07]
        CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
        CHR Extension: (Dropbox for Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-01-31]
        CHR Extension: (Email Game) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehbobaphhmjpchjknfpcnlhcbkjbclge [2015-07-19]
        CHR Extension: (Gmail Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-07-19]
        CHR Extension: (Google Calendar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-14]
        CHR Extension: (Dnevnik.bg) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgpgbimpbapjogkgkgmdkcdimopnnljb [2015-07-19]
        CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
        CHR Extension: (Pin It Button) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-24]
        CHR Extension: (Facebook Invite All) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2016-01-31]
        CHR Extension: (Download Master) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf [2016-01-31]
        CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
        CHR Extension: (MultiHighlighter) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifbglmlbpgpbflnkfpclkmckoollbn [2015-09-04]
        CHR Extension: (OokiCookie) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjmnhgnkikbajikhhbplekfmljhdhjm [2015-07-19]
        CHR Extension: (word highlight) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooabkmkhabkahcjbgpiajffckeibpdoa [2015-07-19]
        CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
        CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-03]
        CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-11-06]
        CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
        CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
        CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-02]
        CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-20]
        CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-02]
        CHR Extension: (Adobe Acrobat) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-26]
        CHR Extension: (Bing) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-11-06]
        CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
        CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
        CHR Extension: (FromDocToPDF) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2017-11-05]
        CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
        CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-30]
        CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-29]
        CHR Extension: (10b253f49536d7c82625e2601c9d32eb_2) - C:\Program Files (x86)\Google\Chrome\Application\10b253f49536d7c82625e2601c9d32eb_2 [2016-08-18]
        CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-03]
        CHR HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
        CHR HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
        S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-04-12] (Macrovision Europe Ltd.) [File not signed]
        R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
        R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
        R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
        R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
        R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-09-20] (Nero AG)
        R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
        S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
        R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-16] (Dell Inc.) [File not signed]
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [46960 2016-08-20] ()
        R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
        R1 MpKsl1dabfb16; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B742210-A60B-40E6-8C1C-30273624352C}\MpKsl1dabfb16.sys [58120 2017-11-06] (Microsoft Corporation)
        R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
        S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
        S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
        S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
        S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
        S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
        S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
        S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
        S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
        S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-11-06 14:32 - 2017-11-06 14:36 - 000022793 _____ C:\Users\User\Desktop\FRST.txt
        2017-11-06 14:32 - 2017-11-06 14:32 - 000000000 ____D C:\FRST
        2017-11-06 14:31 - 2017-11-06 14:31 - 002403328 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
        2017-10-29 13:08 - 2017-10-29 13:09 - 000000000 ____D C:\Users\User\AppData\Local\Viber
        2017-10-26 21:08 - 2017-10-26 21:08 - 000182233 _____ C:\Users\User\Desktop\Гръбначните изкривявания - Част VI_ Загуба на шийна лордоза (Forward Head Posture syndrome) _ Любомир Иванов.html
        2017-10-26 21:08 - 2017-10-26 21:08 - 000000000 ____D C:\Users\User\Desktop\Гръбначните изкривявания - Част VI_ Загуба на шийна лордоза (Forward Head Posture syndrome) _ Любомир Иванов_files
        2017-10-17 10:55 - 2017-10-17 10:55 - 000136163 _____ C:\Users\User\Desktop\Актуална цена за присъединяване.pdf
        2017-10-12 20:26 - 2017-10-12 20:26 - 000056320 _____ C:\Users\User\Desktop\Таксуване (1).xls
        2017-10-12 19:09 - 2017-10-12 19:09 - 000056320 _____ C:\Users\User\Desktop\Таксуване.xls
        2017-10-11 21:32 - 2017-09-13 17:33 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
        2017-10-11 21:32 - 2017-09-13 17:32 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
        2017-10-11 21:32 - 2017-09-13 17:32 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
        2017-10-11 21:32 - 2017-09-13 17:32 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
        2017-10-11 21:32 - 2017-09-13 17:32 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
        2017-10-11 21:32 - 2017-09-13 17:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000886272 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000448512 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
        2017-10-11 21:32 - 2017-09-13 17:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
        2017-10-11 21:32 - 2017-09-13 17:10 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:05 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
        2017-10-11 21:32 - 2017-09-13 17:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
        2017-10-11 21:32 - 2017-09-13 17:00 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
        2017-10-11 21:32 - 2017-09-13 17:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
        2017-10-11 21:32 - 2017-09-13 17:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
        2017-10-11 21:32 - 2017-09-13 16:57 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
        2017-10-11 21:32 - 2017-09-13 16:56 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
        2017-10-11 21:32 - 2017-09-13 16:53 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
        2017-10-11 21:32 - 2017-09-13 16:53 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
        2017-10-11 21:32 - 2017-09-13 16:53 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
        2017-10-11 21:32 - 2017-09-13 16:52 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
        2017-10-11 21:32 - 2017-09-13 16:52 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
        2017-10-11 21:32 - 2017-09-13 16:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
        2017-10-11 21:32 - 2017-09-13 16:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
        2017-10-11 21:32 - 2017-09-13 16:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
        2017-10-11 21:32 - 2017-09-13 16:46 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
        2017-10-11 21:32 - 2017-09-13 16:46 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
        2017-10-11 21:32 - 2017-09-13 16:46 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 16:46 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 16:46 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 16:46 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 16:46 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
        2017-10-11 21:32 - 2017-09-09 02:45 - 000395984 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
        2017-10-11 21:32 - 2017-09-09 01:47 - 000347344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
        2017-10-11 21:32 - 2017-09-08 17:34 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
        2017-10-11 21:32 - 2017-09-08 17:30 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
        2017-10-11 21:32 - 2017-09-08 17:14 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
        2017-10-11 21:32 - 2017-09-08 17:13 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
        2017-10-11 21:32 - 2017-09-08 17:13 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
        2017-10-11 21:32 - 2017-09-08 17:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
        2017-10-11 21:32 - 2017-09-08 17:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
        2017-10-11 21:32 - 2017-09-08 17:10 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
        2017-10-11 21:32 - 2017-09-08 17:10 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
        2017-10-11 21:32 - 2017-09-08 17:00 - 003222016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
        2017-10-11 21:32 - 2017-09-08 17:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
        2017-10-11 21:32 - 2017-09-08 17:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
        2017-10-11 21:32 - 2017-09-08 16:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
        2017-10-11 21:32 - 2017-09-08 16:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
        2017-10-11 21:32 - 2017-09-08 16:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
        2017-10-11 21:32 - 2017-09-08 16:20 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
        2017-10-11 21:32 - 2017-09-08 16:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
        2017-10-11 21:32 - 2017-09-07 23:38 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
        2017-10-11 21:32 - 2017-09-07 23:37 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
        2017-10-11 21:32 - 2017-09-07 23:19 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
        2017-10-11 21:32 - 2017-09-07 23:18 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
        2017-10-11 21:32 - 2017-09-07 23:18 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
        2017-10-11 21:32 - 2017-09-07 23:17 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
        2017-10-11 21:32 - 2017-09-07 23:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
        2017-10-11 21:32 - 2017-09-07 23:15 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
        2017-10-11 21:32 - 2017-09-07 23:08 - 025729536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
        2017-10-11 21:32 - 2017-09-07 23:08 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
        2017-10-11 21:32 - 2017-09-07 23:07 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
        2017-10-11 21:32 - 2017-09-07 23:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
        2017-10-11 21:32 - 2017-09-07 23:01 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
        2017-10-11 21:32 - 2017-09-07 23:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
        2017-10-11 21:32 - 2017-09-07 23:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
        2017-10-11 21:32 - 2017-09-07 23:00 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
        2017-10-11 21:32 - 2017-09-07 22:52 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
        2017-10-11 21:32 - 2017-09-07 22:48 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
        2017-10-11 21:32 - 2017-09-07 22:40 - 005982208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
        2017-10-11 21:32 - 2017-09-07 22:39 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
        2017-10-11 21:32 - 2017-09-07 22:38 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
        2017-10-11 21:32 - 2017-09-07 22:37 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
        2017-10-11 21:32 - 2017-09-07 22:33 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
        2017-10-11 21:32 - 2017-09-07 22:32 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
        2017-10-11 21:32 - 2017-09-07 22:29 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
        2017-10-11 21:32 - 2017-09-07 22:27 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
        2017-10-11 21:32 - 2017-09-07 22:13 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
        2017-10-11 21:32 - 2017-09-07 22:10 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
        2017-10-11 21:32 - 2017-09-07 22:10 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
        2017-10-11 21:32 - 2017-09-07 22:08 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
        2017-10-11 21:32 - 2017-09-07 22:08 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
        2017-10-11 21:32 - 2017-09-07 21:44 - 015262720 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
        2017-10-11 21:32 - 2017-09-07 21:40 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
        2017-10-11 21:32 - 2017-09-07 21:27 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
        2017-10-11 21:32 - 2017-09-07 21:27 - 001548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
        2017-10-11 21:32 - 2017-09-07 21:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
        2017-10-11 21:32 - 2017-09-07 21:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
        2017-10-11 21:32 - 2017-09-07 21:10 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
        2017-10-11 21:32 - 2017-09-07 21:10 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
        2017-10-11 21:32 - 2017-09-07 21:10 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
        2017-10-11 21:32 - 2017-09-07 21:09 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
        2017-10-11 21:32 - 2017-09-07 21:04 - 020267008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
        2017-10-11 21:32 - 2017-09-07 21:03 - 002292736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
        2017-10-11 21:32 - 2017-09-07 21:03 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
        2017-10-11 21:32 - 2017-09-07 21:02 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
        2017-10-11 21:32 - 2017-09-07 20:59 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
        2017-10-11 21:32 - 2017-09-07 20:58 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
        2017-10-11 21:32 - 2017-09-07 20:58 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
        2017-10-11 21:32 - 2017-09-07 20:58 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
        2017-10-11 21:32 - 2017-09-07 20:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
        2017-10-11 21:32 - 2017-09-07 20:44 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
        2017-10-11 21:32 - 2017-09-07 20:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
        2017-10-11 21:32 - 2017-09-07 20:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
        2017-10-11 21:32 - 2017-09-07 20:40 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
        2017-10-11 21:32 - 2017-09-07 20:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
        2017-10-11 21:32 - 2017-09-07 20:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
        2017-10-11 21:32 - 2017-09-07 20:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
        2017-10-11 21:32 - 2017-09-07 20:29 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
        2017-10-11 21:32 - 2017-09-07 20:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
        2017-10-11 21:32 - 2017-09-07 20:26 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
        2017-10-11 21:32 - 2017-09-07 20:25 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
        2017-10-11 21:32 - 2017-09-07 20:25 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
        2017-10-11 21:32 - 2017-09-07 20:17 - 013677568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
        2017-10-11 21:32 - 2017-09-07 20:01 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
        2017-10-11 21:32 - 2017-09-07 19:57 - 001316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
        2017-10-11 21:32 - 2017-09-07 19:57 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
        2017-10-11 21:32 - 2017-09-07 17:31 - 002851328 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
        2017-10-11 21:32 - 2017-09-07 17:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
        2017-10-11 21:32 - 2017-09-07 16:55 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
        2017-10-11 21:32 - 2017-09-07 16:55 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
        2017-10-11 21:32 - 2017-09-07 16:55 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
        2017-10-11 21:32 - 2017-08-19 17:28 - 004121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
        2017-10-11 21:32 - 2017-08-19 17:28 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
        2017-10-11 21:32 - 2017-08-19 17:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
        2017-10-11 21:32 - 2017-08-19 17:10 - 003209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
        2017-10-11 21:32 - 2017-08-19 17:10 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
        2017-10-11 21:32 - 2017-08-19 17:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
        2017-10-11 21:32 - 2017-08-19 17:08 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
        2017-10-11 21:32 - 2017-08-19 17:08 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
        2017-10-11 21:32 - 2017-08-19 16:57 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
        2017-10-11 21:32 - 2017-08-19 16:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
        2017-10-11 21:32 - 2017-08-14 19:35 - 001032192 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
        2017-10-11 21:32 - 2017-08-14 19:35 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
        2017-10-11 21:32 - 2017-08-14 19:35 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
        2017-10-11 21:32 - 2017-08-13 23:45 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-11-06 14:26 - 2015-06-24 14:51 - 000000000 ____D C:\Users\User\Documents\ViberDownloads
        2017-11-06 14:26 - 2011-04-12 10:47 - 000000000 ____D C:\Users\User\AppData\Roaming\Skype
        2017-11-06 14:17 - 2011-05-26 17:50 - 000001004 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2108872990-2365937994-3429966836-1000UA.job
        2017-11-06 13:32 - 2009-07-14 06:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
        2017-11-06 13:32 - 2009-07-14 06:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
        2017-11-06 13:22 - 2009-07-14 07:13 - 000785786 _____ C:\Windows\system32\PerfStringBackup.INI
        2017-11-06 13:22 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
        2017-11-06 13:20 - 2016-04-14 22:13 - 000000000 ____D C:\Users\User\AppData\Roaming\ViberPC
        2017-11-06 13:17 - 2016-03-27 23:35 - 000065536 _____ C:\Windows\system32\Ikeext.etl
        2017-11-06 13:17 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
        2017-11-05 18:17 - 2011-05-26 17:50 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2108872990-2365937994-3429966836-1000Core.job
        2017-11-05 10:53 - 2017-04-13 22:27 - 000000000 ___RD C:\Program Files (x86)\Skype
        2017-11-05 10:53 - 2011-04-12 10:46 - 000000000 ____D C:\ProgramData\Skype
        2017-11-05 10:47 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\tracing
        2017-10-31 11:15 - 2011-04-12 20:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer
        2017-10-26 19:48 - 2017-07-25 10:39 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
        2017-10-25 19:32 - 2017-07-22 20:42 - 000000000 ____D C:\Users\User\AppData\Roaming\SoundTouch
        2017-10-25 19:32 - 2017-07-22 20:41 - 000000000 ____D C:\Program Files (x86)\SoundTouch
        2017-10-24 15:23 - 2013-01-16 17:48 - 000000000 ____D C:\ProgramData\CanonIJPLM
        2017-10-19 09:39 - 2016-12-19 08:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
        2017-10-19 09:39 - 2016-12-05 20:28 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
        2017-10-12 17:12 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache
        2017-10-12 16:22 - 2009-07-14 06:45 - 002338848 _____ C:\Windows\system32\FNTCACHE.DAT
        2017-10-11 22:02 - 2011-04-12 11:16 - 000762140 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
        ==================== Files in the root of some directories =======
        2011-07-27 22:59 - 2011-07-27 22:59 - 000000000 ____H () C:\Users\User\AppData\Local\BIT7DB1.tmp
        2011-11-10 16:05 - 2011-11-10 16:05 - 000004096 ____H () C:\Users\User\AppData\Local\keyfile3.drm
        2011-07-27 22:59 - 2011-07-27 22:59 - 000000000 _____ () C:\Users\User\AppData\Local\{BE08E1F6-7B92-4E51-B565-F383E741847C}
        2011-07-28 14:34 - 2011-07-28 14:35 - 000000000 _____ () C:\Users\User\AppData\Local\{D390E0A7-E0A7-4120-9348-F90CD935A202}
        2011-04-12 12:27 - 2011-04-12 12:27 - 000000056 ____H () C:\ProgramData\ezsidmv.dat
        2016-03-12 22:11 - 2016-03-12 22:11 - 000000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
        Some files in TEMP:
        ====================
        2017-09-10 14:36 - 2017-09-10 14:36 - 001118360 _____ (© 2015 Microsoft Corporation) C:\Users\User\AppData\Local\Temp\BSvcProcessor.exe
        2017-09-10 14:36 - 2017-09-10 14:36 - 000170128 _____ (© 2015 Microsoft Corporation) C:\Users\User\AppData\Local\Temp\BSvcUpdater.exe
        2017-08-05 17:18 - 2017-10-06 16:51 - 058881488 _____ (Skype Technologies S.A.) C:\Users\User\AppData\Local\Temp\SkypeSetup.exe
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\SysWOW64\wininit.exe => File is digitally signed
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\SysWOW64\explorer.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\SysWOW64\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\SysWOW64\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\SysWOW64\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-10-31 11:55
        ==================== End of FRST.txt ============================
         
        Благодаря предваротелно за съдействието
         
        Addition.txt
      • от N1K17Y
        Теглих съмнителни торенти и мисля, че системата ми е заразена 
         
        Addition.txt
      • от Wrath
        Добър ден ! Днес забелязах, че имам чужди опити за логини във всичките си абв акаунти. От Нидерландия, Алжир, Оман и така нататък. Верятно да е фалшвиш ип адрес, но винаги има все пак.  Опитите за влизане са несполучливи понеже няма как да ми улучат паролата , но все пак се притесних. Ще съм супер благодарен за малко помощ ! 
        Addition.txt
        FRST.txt
    • Разглеждащи в момента   0 потребители

      Няма регистрирани потребители разглеждащи тази страница.

    • Дарение

    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.