Премини към съдържанието

    Препоръчан отговор

    geizer7    0

    Здравейте,
    От извесно време съм нападната от разни рекламни прозорци които се опитват да ми продават разни неща или да ми казват как да забогатея. Когато вляза в торент тракера арена например при всяко едно кликване върху страницата им и ми се отваря по един нов прозорец с реклами. Не казвам че сайта им е виновен, просто го давам за пример. И колкото и да се опитвах да се справя сама с проблема  нещо все не ми се получава. Сканирах със AdwCleaner и с JRT и съм ви прикачила резултатите, а също и снимка на един файл който ми се струва съмнителен. Сканирането го направих под сейфмод, незнам дали има значение. Преди това бях сканирала и със демоверсия на кашперски , но не ми се реши проблема. Също и със SpyHunter, всеки път намира някакъв мувис толбар но не успява да го премахне,  намерих регистрите и се опитах да ги изтрия ръчно, но не ми позволява, изписва ми грешка в изтриването.
     
     
    Ето и резултатите от сканирането с FRST64 - FRST.txt
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
    Ran by Катето (administrator) on GEIZER on 24-06-2015 18:27:32
    Running from C:\Users\Катето\Desktop
    Loaded Profiles: Катето (Available Profiles: Катето)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Английски (Съединени щати)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (BitTorrent Inc.) C:\Users\Катето\AppData\Roaming\uTorrent\uTorrent.exe
    (NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Registry Cleaner\RegistryCleaner.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    (NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    (eMing Software Inc.) C:\Program Files (x86)\PrivateFolder\PF_Pass.exe
    (Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe
    (Microsoft Corporation) C:\Windows\System32\mspaint.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-24] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
    HKLM-x32\...\Run: [PrivateFolder] => C:\Program Files (x86)\PrivateFolder\PF_Pass.exe [253504 2012-12-31] (eMing Software Inc.)
    HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
    HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\Run: [CONNMGRTRAY] => C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrLauncher.exe [363112 2011-03-03] ()
    HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\Run: [uTorrent] => C:\Users\Катето\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-06] (BitTorrent Inc.)
    HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3198224 2014-04-28] (Disc Soft Ltd)
    HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\Run: [NETGATERegistryCleaner] => C:\Program Files\NETGATE\Registry Cleaner\RegistryCleaner.exe [2303824 2013-07-11] (NETGATE Technologies s.r.o.)
    HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785280 2015-06-02] (Skype Technologies S.A.)
    HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\RunOnce: [Adobe Speed Launcher] => 1435156549
    HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\MountPoints2: G - G:\Lucius_setup.exe
    HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\MountPoints2: {584a3890-02fa-11e4-bdda-dc0ea157be6c} - G:\Lucius_setup.exe
    HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\MountPoints2: {606f82a9-2f38-11e4-9658-dc0ea157be6c} - G:\Startme.exe
    BootExecute: autocheck autochk * sh4native Sh4Removal
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: No Name -> {3B5800D1-67B0-464E-BE7D-8CB5FE3ABC2A} ->  No File
    BHO: No Name -> {3BF8D9AD-FE6F-4677-BA4A-2CE8BCF082BB} ->  No File
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Катето\AppData\Roaming\Mozilla\Firefox\Profiles\ufhrkess.default-1403927861999
    FF Homepage: https://www.google.bg/
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-24] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-11-26] (Nullsoft, Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
    FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1385416505-2382510173-1187103659-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Катето\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
    FF SearchPlugin: C:\Users\Катето\AppData\Roaming\Mozilla\Firefox\Profiles\ufhrkess.default-1403927861999\searchplugins\google-.xml [2015-06-24]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml [2015-01-09]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml [2015-01-09]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\Катето\AppData\Local\Google\Chrome\User Data\Default

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [813328 2014-04-28] (Disc Soft Ltd)
    R2 NGRegClnSrv; C:\Program Files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe [618832 2013-02-21] (NETGATE Technologies s.r.o.)
    R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [763840 2012-07-11] (Enigma Software Group USA, LLC.)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-13] (Microsoft Corporation)
    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2014-07-04] (Disc Soft Ltd)
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32152 2015-06-24] ()
    R1 PFolder; C:\Windows\System32\Drivers\PFolder64.sys [57832 2012-12-31] (eMing Software Inc.)
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-24 18:27 - 2015-06-24 18:28 - 00010482 _____ C:\Users\Катето\Desktop\FRST.txt
    2015-06-24 18:27 - 2015-06-24 18:27 - 00000000 ____D C:\FRST
    2015-06-24 18:26 - 2015-06-24 18:26 - 02109952 _____ (Farbar) C:\Users\Катето\Desktop\FRST64.exe
    2015-06-24 17:53 - 2015-06-24 17:53 - 00002194 _____ C:\Users\Катето\Desktop\AdwCleaner[s14].txt
    2015-06-24 17:53 - 2015-06-24 17:53 - 00000651 _____ C:\Users\Катето\Desktop\WebSearch.xml.vir
    2015-06-24 17:27 - 2015-06-24 17:27 - 02244096 _____ C:\Users\Катето\Desktop\AdwCleaner.exe
    2015-06-24 17:21 - 2015-06-24 17:21 - 00001474 _____ C:\Users\Катето\Desktop\JRT.txt
    2015-06-24 17:14 - 2015-06-24 17:14 - 00000207 _____ C:\Windows\tweaking.com-regbackup-GEIZER-Windows-7-Ultimate-(64-bit).dat
    2015-06-24 17:14 - 2015-06-24 17:14 - 00000000 ____D C:\RegBackup
    2015-06-24 17:12 - 2015-06-24 17:12 - 02950746 _____ (Malwarebytes Corporation) C:\Users\Катето\Desktop\JRT.exe
    2015-06-24 16:04 - 2010-05-13 18:34 - 00014232 _____ C:\Windows\SysWOW64\sh4native.exe
    2015-06-24 15:19 - 2015-06-24 15:19 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-06-24 15:19 - 2015-06-24 15:19 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
    2015-06-24 15:12 - 2015-06-24 15:12 - 00130048 _____ (CodePlex Community) C:\Users\Катето\Desktop\Microsoft.Win32.TaskScheduler.dll
    2015-06-24 15:08 - 2015-06-24 15:08 - 00554528 _____ (www.patchmypc.net) C:\Users\Катето\Desktop\PatchMyPC.exe
    2015-06-24 14:52 - 2015-06-24 14:52 - 28849904 _____ C:\Users\Катето\Desktop\vlc-2.2.1-win32.exe
    2015-06-24 14:20 - 2015-06-24 14:20 - 00275560 _____ C:\Windows\Minidump\062415-36301-01.dmp
    2015-06-24 14:20 - 2015-06-24 14:20 - 00032152 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
    2015-06-24 10:44 - 2015-06-24 10:44 - 00002290 _____ C:\Users\Катето\Desktop\SpyHunter.lnk
    2015-06-24 10:44 - 2015-06-24 10:44 - 00000000 ____D C:\Users\Катето\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
    2015-06-24 10:44 - 2015-06-24 10:44 - 00000000 ____D C:\sh4ldr
    2015-06-24 10:43 - 2015-06-24 10:43 - 00000350 _____ C:\Users\Катето\Desktop\проблем с thedailytrader.net - Google Търсене.URL
    2015-06-22 22:09 - 2015-06-24 14:34 - 00000000 ____D C:\Users\Катето\Desktop\Wayward.Pines
    2015-06-21 01:30 - 2015-06-21 01:32 - 00000000 ____D C:\Users\Катето\Desktop\Wayward.Pines.S01E02.HDTV.x264-LOL
    2015-06-20 10:34 - 2015-06-20 10:34 - 00275560 _____ C:\Windows\Minidump\062015-40841-01.dmp
    2015-06-20 10:34 - 2015-06-20 10:34 - 00000086 _____ C:\Windows\system32\crusader.log
    2015-06-20 10:32 - 2015-06-24 12:30 - 00000212 _____ C:\Windows\system32\.crusader
    2015-06-20 10:13 - 2015-06-24 12:27 - 00000000 ____D C:\Program Files\HitmanPro
    2015-06-19 22:31 - 2015-06-19 22:31 - 00000000 ____D C:\Users\Катето\Desktop\HitmanPro 3.7.3 Build 193
    2015-06-19 22:20 - 2015-06-19 22:23 - 00000000 ____D C:\Users\Катето\Desktop\Cinderella.2015.BDRip.x264-SPARKS
    2015-06-19 22:15 - 2015-06-19 22:18 - 00000000 ____D C:\Users\Катето\Desktop\Wayward.Pines.S01E01.HDTV.x264-2HD
    2015-06-19 22:10 - 2015-06-20 10:32 - 00000000 ____D C:\ProgramData\HitmanPro
    2015-06-18 22:32 - 2015-06-18 22:35 - 00000000 ____D C:\Users\Катето\Desktop\GirlHouse.2014.BRRip.XviD.AC3-EVO
    2015-06-17 22:42 - 2015-06-24 11:35 - 00000000 ____D C:\Users\Катето\Desktop\антивирус
    2015-06-17 22:40 - 2015-06-17 22:41 - 00000000 ____D C:\Users\Катето\Desktop\Get.Hard.2015.EXTENDED.HDRip.XviD.AC3-EVO
    2015-06-17 14:32 - 2015-06-17 14:32 - 00000000 ____D C:\Users\Катето\AppData\Roaming\InfraRecorder
    2015-06-16 23:06 - 2015-06-17 13:55 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
    2015-06-16 19:51 - 2015-06-16 19:51 - 00000000 ____D C:\Users\Катето\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InfraRecorder
    2015-06-16 19:51 - 2015-06-16 19:51 - 00000000 ____D C:\Program Files\InfraRecorder
    2015-06-16 19:50 - 2015-06-16 19:51 - 04153344 _____ C:\Users\Катето\Desktop\ir053_x64.msi
    2015-06-16 19:31 - 2015-06-16 19:31 - 00000246 _____ C:\Users\Катето\Desktop\Как лесно да почистим компютъра си от вируси - Data.BG Форуми.URL
    2015-06-14 10:22 - 2015-06-24 14:20 - 371511210 _____ C:\Windows\MEMORY.DMP
    2015-06-14 10:22 - 2015-06-24 14:20 - 00000000 ____D C:\Windows\Minidump
    2015-06-14 10:22 - 2015-06-14 10:22 - 00288000 _____ C:\Windows\Minidump\061415-28158-01.dmp
    2015-06-11 09:47 - 2015-05-25 21:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-06-11 09:47 - 2015-05-25 21:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-06-11 09:47 - 2015-05-25 21:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-06-11 09:47 - 2015-05-25 21:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-06-11 09:47 - 2015-05-25 21:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-06-11 09:47 - 2015-05-25 21:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2015-06-11 09:47 - 2015-05-25 21:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
    2015-06-11 09:47 - 2015-05-25 21:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-06-11 09:47 - 2015-05-25 21:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-06-11 09:47 - 2015-05-25 21:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-06-11 09:47 - 2015-05-25 21:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
    2015-06-11 09:47 - 2015-05-25 21:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-06-11 09:47 - 2015-05-25 21:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
    2015-06-11 09:47 - 2015-05-25 21:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-06-11 09:47 - 2015-05-25 21:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
    2015-06-11 09:47 - 2015-05-25 21:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-06-11 09:47 - 2015-05-25 21:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-06-11 09:47 - 2015-05-25 21:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
    2015-06-11 09:47 - 2015-05-25 21:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-06-11 09:47 - 2015-05-25 21:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 21:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-06-11 09:47 - 2015-05-25 21:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-06-11 09:47 - 2015-05-25 21:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-06-11 09:47 - 2015-05-25 21:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-06-11 09:47 - 2015-05-25 21:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
    2015-06-11 09:47 - 2015-05-25 21:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
    2015-06-11 09:47 - 2015-05-25 21:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-06-11 09:47 - 2015-05-25 21:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
    2015-06-11 09:47 - 2015-05-25 21:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
    2015-06-11 09:47 - 2015-05-25 21:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-06-11 09:47 - 2015-05-25 21:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
    2015-06-11 09:47 - 2015-05-25 20:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-06-11 09:47 - 2015-05-25 20:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-06-11 09:47 - 2015-05-25 20:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-06-11 09:47 - 2015-05-25 20:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-06-11 09:47 - 2015-05-25 20:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-06-11 09:47 - 2015-05-25 20:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 20:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
    2015-06-11 09:47 - 2015-05-25 19:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-06-11 09:47 - 2015-05-25 19:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-06-11 09:47 - 2015-05-25 19:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 19:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-06-11 09:47 - 2015-05-25 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-06-11 09:47 - 2015-04-29 21:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-06-11 09:47 - 2015-04-29 21:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2015-06-11 09:47 - 2015-04-29 21:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2015-06-11 09:47 - 2015-04-29 21:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2015-06-11 09:47 - 2015-04-29 21:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-06-11 09:47 - 2015-04-29 21:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-06-11 09:47 - 2015-04-29 21:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2015-06-11 09:47 - 2015-04-29 21:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2015-06-11 09:47 - 2015-04-29 21:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2015-06-11 09:47 - 2015-04-29 21:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-06-11 09:46 - 2015-05-25 20:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-06-11 09:46 - 2015-04-24 21:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
    2015-06-11 09:46 - 2015-04-24 20:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
    2015-06-11 09:46 - 2015-04-11 06:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
    2015-06-11 09:44 - 2015-06-01 22:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-06-11 09:44 - 2015-06-01 21:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-06-11 09:44 - 2015-05-27 17:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-06-11 09:44 - 2015-05-27 17:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-06-11 09:44 - 2015-05-23 06:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-06-11 09:44 - 2015-05-23 06:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-06-11 09:44 - 2015-05-23 06:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-06-11 09:44 - 2015-05-23 06:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-06-11 09:44 - 2015-05-23 06:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-06-11 09:44 - 2015-05-23 06:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-06-11 09:44 - 2015-05-23 06:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-06-11 09:44 - 2015-05-23 06:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-06-11 09:44 - 2015-05-23 06:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-06-11 09:44 - 2015-05-23 06:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-06-11 09:44 - 2015-05-23 06:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-06-11 09:44 - 2015-05-23 06:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-06-11 09:44 - 2015-05-23 06:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-06-11 09:44 - 2015-05-23 05:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-06-11 09:44 - 2015-05-23 05:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-06-11 09:44 - 2015-05-23 05:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-06-11 09:44 - 2015-05-23 05:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-06-11 09:44 - 2015-05-23 05:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-06-11 09:44 - 2015-05-23 05:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-06-11 09:44 - 2015-05-23 05:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-06-11 09:44 - 2015-05-23 05:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-06-11 09:44 - 2015-05-23 05:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-06-11 09:44 - 2015-05-23 05:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-06-11 09:44 - 2015-05-23 05:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-06-11 09:44 - 2015-05-23 05:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-06-11 09:44 - 2015-05-23 05:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-06-11 09:44 - 2015-05-22 22:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-06-11 09:44 - 2015-05-22 22:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-06-11 09:44 - 2015-05-22 22:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-06-11 09:44 - 2015-05-22 22:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-06-11 09:44 - 2015-05-22 22:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-06-11 09:44 - 2015-05-22 22:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-06-11 09:44 - 2015-05-22 22:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-06-11 09:44 - 2015-05-22 21:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-06-11 09:44 - 2015-05-22 21:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-06-11 09:44 - 2015-05-22 21:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-06-11 09:44 - 2015-05-22 21:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-06-11 09:44 - 2015-05-22 21:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-06-11 09:44 - 2015-05-22 21:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-06-11 09:44 - 2015-05-22 21:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-06-11 09:44 - 2015-05-22 21:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-06-11 09:44 - 2015-05-22 21:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-06-11 09:44 - 2015-05-22 21:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-06-11 09:44 - 2015-05-22 21:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-06-11 09:44 - 2015-05-22 21:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-06-11 09:44 - 2015-05-22 21:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-06-11 09:44 - 2015-05-22 21:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-06-11 09:44 - 2015-05-22 21:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-06-11 09:44 - 2015-05-22 21:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-06-11 09:44 - 2015-05-22 21:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-06-11 09:44 - 2015-05-22 21:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-06-11 09:44 - 2015-05-22 21:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-06-11 09:44 - 2015-05-22 20:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-06-11 09:44 - 2015-05-22 20:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-06-11 09:44 - 2015-05-22 20:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-06-11 09:44 - 2015-05-22 20:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-06-07 16:05 - 2015-06-07 16:06 - 00000000 ____D C:\Users\Катето\Desktop\The.Vampire.Diaries.S06E19.HDTV.x264-LOL
    2015-06-05 17:56 - 2015-05-22 21:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-06-05 17:56 - 2015-05-22 21:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-06-05 17:56 - 2015-05-22 21:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-06-05 17:56 - 2015-05-22 21:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-06-05 17:56 - 2015-05-22 21:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-06-05 17:56 - 2015-05-22 21:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-06-05 17:56 - 2015-05-22 21:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-06-05 17:56 - 2015-05-21 16:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-06-03 15:22 - 2015-06-03 15:22 - 00000000 ____D C:\Users\Катето\AppData\Local\GWX
    2015-05-28 09:23 - 2015-06-14 11:00 - 00000000 ____D C:\ProgramData\Kaspersky Lab

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-24 18:26 - 2014-04-10 09:33 - 00000000 ____D C:\Users\Катето\AppData\Roaming\uTorrent
    2015-06-24 18:24 - 2014-04-09 08:39 - 00000000 ____D C:\Users\Катето\AppData\Roaming\Skype
    2015-06-24 18:23 - 2014-04-09 09:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-06-24 18:05 - 2014-06-26 08:41 - 01098543 _____ C:\spyhunter.fix
    2015-06-24 18:05 - 2014-04-09 07:38 - 01630682 _____ C:\Windows\WindowsUpdate.log
    2015-06-24 18:02 - 2014-07-10 20:57 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1385416505-2382510173-1187103659-1000UA.job
    2015-06-24 17:43 - 2009-07-14 07:45 - 00029200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-06-24 17:43 - 2009-07-14 07:45 - 00029200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-06-24 17:40 - 2009-07-14 08:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-06-24 17:35 - 2014-04-10 09:51 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-06-24 17:35 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-06-24 17:35 - 2009-07-14 07:51 - 00049120 _____ C:\Windows\setupact.log
    2015-06-24 17:34 - 2014-08-09 16:46 - 00000000 ____D C:\AdwCleaner
    2015-06-24 16:34 - 2014-04-10 09:51 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-06-24 16:05 - 2010-11-21 06:47 - 00170314 _____ C:\Windows\PFRO.log
    2015-06-24 15:19 - 2014-08-25 06:56 - 00000000 ____D C:\Users\Катето\AppData\Local\Adobe
    2015-06-24 15:19 - 2014-04-10 10:07 - 00000000 ____D C:\Program Files (x86)\Adobe
    2015-06-24 14:40 - 2015-02-04 03:18 - 00000000 ____D C:\Users\Катето\Desktop\торенти
    2015-06-24 14:40 - 2015-02-04 03:07 - 00000000 ____D C:\Users\Катето\Desktop\Pretty.Little.Liars
    2015-06-24 14:38 - 2015-05-14 10:50 - 00000000 ____D C:\Users\Катето\Desktop\Game of Thrones
    2015-06-24 14:20 - 2014-06-26 18:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2015-06-24 12:29 - 2014-06-27 05:24 - 00000538 _____ C:\Windows\wininit.ini
    2015-06-24 12:29 - 2014-06-26 18:19 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2015-06-24 10:44 - 2014-06-26 08:41 - 00008192 _____ C:\shldr.mbr
    2015-06-24 00:23 - 2014-04-09 09:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-06-24 00:23 - 2014-04-09 09:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-06-24 00:23 - 2014-04-09 09:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-06-23 21:02 - 2014-07-10 20:57 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1385416505-2382510173-1187103659-1000Core.job
    2015-06-20 14:36 - 2015-05-17 23:44 - 00000000 ____D C:\Windows\System32\Tasks\Games
    2015-06-19 22:07 - 2015-05-23 00:40 - 00000000 ____D C:\Users\Катето\Desktop\Seventh.Son.2015.HDRip.XViD-juggs[ETRG]
    2015-06-17 11:22 - 2015-05-17 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-06-16 19:56 - 2014-04-10 09:42 - 00000000 ____D C:\Users\Катето\AppData\Roaming\ImgBurn
    2015-06-16 17:06 - 2014-04-09 08:39 - 00000000 ____D C:\ProgramData\Skype
    2015-06-14 12:03 - 2015-02-04 03:11 - 00000000 ____D C:\Users\Катето\Desktop\програми
    2015-06-14 11:00 - 2014-06-28 18:21 - 00000000 ____D C:\Windows\ELAMBKUP
    2015-06-12 04:53 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
    2015-06-12 03:39 - 2009-07-14 07:45 - 00268392 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-06-12 03:35 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2015-06-12 03:12 - 2014-04-09 09:29 - 00000000 ____D C:\Windows\system32\MRT
    2015-06-12 03:03 - 2014-04-09 07:47 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-06-07 22:27 - 2015-02-04 03:08 - 00000000 ____D C:\Users\Катето\Desktop\The.Vampire.Diaries
    2015-06-06 03:17 - 2014-12-31 11:57 - 00000000 ____D C:\Windows\system32\appraiser
    2015-06-06 03:17 - 2014-05-25 16:05 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-06-05 23:11 - 2015-03-18 03:33 - 00000000 ____D C:\Users\Катето\Desktop\Викторианска история
    2015-06-04 22:18 - 2015-01-14 15:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-06-04 16:42 - 2015-04-05 03:02 - 00000000 ____D C:\Users\Катето\Desktop\Хеликс
    2015-06-04 16:38 - 2015-05-12 01:29 - 00000000 ____D C:\Users\Катето\Desktop\Helix.S02E02.HDTV.x264-KILLERS
    2015-06-01 11:41 - 2014-08-01 09:26 - 00000211 _____ C:\ProgramData\acer.zip
    2015-05-28 14:27 - 2015-03-04 16:10 - 00000000 ____D C:\Users\Катето\AppData\Roaming\SkypeFall
    2015-05-28 09:25 - 2014-10-25 16:43 - 00000000 ____D C:\Users\Љ вҐв®
    2015-05-28 09:25 - 2014-08-13 17:34 - 00000000 ____D C:\Users\Guest
    2015-05-28 09:25 - 2014-08-13 17:34 - 00000000 ____D C:\Users\Administrator

    ==================== Files in the root of some directories =======

    2015-04-02 23:24 - 2015-04-02 23:25 - 0011640 _____ () C:\Users\Катето\AppData\Local\Temp-log.txt
    2014-08-01 09:26 - 2015-06-01 11:41 - 0000211 _____ () C:\ProgramData\acer.zip

    Some files in TEMP:
    ====================
    C:\Users\Катето\AppData\Local\Temp\Quarantine.exe
    C:\Users\Катето\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-06-23 19:30

    ==================== End of log ============================

    JRT.txt

    AdwCleanerS14.txt

    post-345305-0-18583700-1435158354_thumb.

    post-345305-0-31420100-1435158420_thumb.

    Addition.txt

    Редактирано от Maniac (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Maniac    1327

    Здравейте!

    Стъпка 1

    Моля, деинсталирайте: Private Folder Packages

    Стъпка 2

    Моля, изтеглете Malwarebytes Anti-Malware 2.1.6.1022 и я запазете на вашия десктоп.

    • Стартирайте файла mbam-setup-2.0.3.1025.exe и следвайте указанията за да инсталирате програмата.
    • След като инсталацията приключи се уверете че сте сложили отметка пред:
    • Launch Malwarebytes Anti-Malware
    • Отметката активираща пробния 14 дневен период също е маркиран по-подразбиране. Ако не желаете да тествате защитата в реално време на програмата през следващите 14 дни тогава премахнете отметката.
    • Натиснете бутона Finish.
    • Отидете до табът Settings > Detection and Protection > и под категорията Detection Options включете опцията "Scan for rootkits".
    • Отидете до табът Scan, сложете радио-бутона пред Threat Scan и след това натиснете бутона Scan Now >> . Ако е намерена актуализация тогава натиснете бутона Update Now.
    • Ще започне проверка за зловреден софтуер.
    • При някои инфекции можете да видите съобщението:
    • "Could not load DDA driver"
    • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
    • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
    • След като проверката приключи натиснете бутона Apply Actions.
    • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.
    • След рестарта, когато се появи десктопа MBAM ще се зареди още веднъж.
    • Отидете то табът History > Application Logs.
    • Отворете рапорта с последната дата и час и натиснете бутона "Copy to Clipboard"
    • Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.
    Стъпка 3

    Изтеглете fixlist.txt и го запазете в папката от която стартирахте FRST.exe.

    Стартирайте FRST.exe и натиснете бутона Fix веднъж!

    След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

     

    Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

    В следващия си коментар в тази тема, включете следните лог файлове:

    • Лог файл от FRST
    • Лог файл от Malwarebytes Anti-Malware

    fixlist.txt

    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    geizer7    0
    За съжаление не мога да си спомня паролата за Private Folder Packages а без нея не мога да я деинсталирам. :(

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    geizer7    0

     

    Какво да правя? Да премина ли към стъпка 2 или да се опитам да изтрия ръчно каквото мога от програмата

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    geizer7    0

    Понеже днеска си нямах друга работа, надявам се само да не съм сгрешила, успях да изтрия под сейфмод инсталационната папка на Private Folder Packages, след което изпълних стъпка 2 и 3 и ви прикачвам лог файловете

    Malwarebytes Anti-Malware.txt

    Fixlog.txt


    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Maniac    1327

    Моля, деинсталирайте вашия Malwarebytes Anti-Malware. След като приключите:

    • Моля, изтеглете Mbam-clean.exe от тук  и  го запомнете на до вашия десктоп .
    • Моля, затворете всички отворени приложения и временно спрете вашата антивирусна за да се избегнат всякакви конфликти при използването на инструмента.
    • Стартирайте файла Mbam-clean.exe и следвайте указанията на екрана.
    • След процедурата ще се изиска да рестартирате компютъра си, моля, направете го, това е много важно
    • Уверете се, че сте се активирали вашата антивирусна програма след рестарта
    След като приключите, изпълнете отново инструкциите ми по-горе, обновете го и направете сканиране от типа Threat Scan, без да изтегляте кей генератори, да го краквате и прочие глупости. Накрая, публикувайте лог файла си тук.
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Maniac    1327

    1. Изтеглете ComboFix от BleepingComputer

    и го запазете (бутон Save -> Save as) ComboFix на вашия десктоп:

    2exprgh.jpg

    След приключване на изтеглянето на ComboFix, иконката на програмата би трябвало да изглежда така:

    29eqjuq.jpg

    2. Затворете всички работещи приложения, отворени прозорци и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност, ако има такива.

    3. Стартирайте с двоен клик Combofix.exe. Изберете YES, за да се съгласите с условията за използване на програмата. Важно: По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.

    4. Ако получите предупреждение от UAC, съгласете се.

    5 ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на Combofix, моля да прочетете това: Manually restoring the Internet connection section.

    6 Когато работата на ComboFix приключи, ще се появи текстов документ (log) в Notepad:

    157m978.jpg

    Копирайте с (Copy) и поставете с (Paste) съдържанието на лога в следващия си коментар.

    Забележка: Ако се появи следното съобщение при отварянето на различни програми след завършване на сканирането с Combofix - "illegal operation on a registry key that has been marked for deletion." просто рестартирайте компютъра още веднъж и то ще изчезне.

    По време на сканирането не използвайте компютъра си !

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    geizer7    0

    Забелязах че след сканирането във дял С се появиха нови папки, които преди не бяха видими, като папката програм дата например, въпреки че бях настроила да ми се показват и скритите файлове и папки.

     

     

    ComboFix 15-06-27.01 - Катето 06.2015 г.  11:36:39.1.2 - x64
    Microsoft Windows 7 Ultimate   6.1.7601.1.1251.359.1033.18.3819.2849 [GMT 3:00]
    Running from: c:\users\¦рЄхЄю\Desktop\ComboFix.exe
    AV: Norton Security *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
    FW: Norton Security *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
    SP: Norton Security *Disabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Created a new restore point
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    c:\programdata\ntuser.pol
    c:\windows\msdownld.tmp
    c:\windows\PFRO.log
    c:\windows\wininit.ini
    .
    .
    (((((((((((((((((((((((((   Files Created from 2015-05-28 to 2015-06-28  )))))))))))))))))))))))))))))))
    .
    .
    2015-06-28 08:50 . 2015-06-28 08:50    --------    d-----w-    c:\users\Default\AppData\Local\temp
    2015-06-26 17:11 . 2015-06-26 19:28    136408    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-06-26 17:10 . 2015-04-14 06:37    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
    2015-06-26 17:10 . 2015-04-14 06:37    107736    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
    2015-06-26 17:10 . 2015-04-14 06:37    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
    2015-06-26 17:10 . 2015-06-26 17:10    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
    2015-06-26 17:10 . 2015-06-26 17:10    --------    d-----w-    c:\programdata\Malwarebytes
    2015-06-26 09:11 . 2015-06-26 09:11    --------    d-----w-    c:\program files (x86)\Common Files\Symantec Shared
    2015-06-26 08:48 . 2015-06-26 08:48    102616    ----a-w-    c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2015-06-26 08:48 . 2015-06-26 08:48    --------    d-----w-    c:\program files\Common Files\Symantec Shared
    2015-06-26 08:44 . 2015-06-26 08:44    --------    d-----w-    c:\windows\system32\drivers\NSx64
    2015-06-26 08:44 . 2015-06-26 08:44    --------    d-----w-    c:\program files (x86)\Norton Security
    2015-06-26 08:43 . 2015-06-26 08:43    --------    d-----w-    c:\program files (x86)\NortonInstaller
    2015-06-26 08:42 . 2015-06-26 09:00    --------    d-----w-    c:\programdata\Norton
    2015-06-25 15:50 . 2015-06-25 15:50    --------    d-----w-    C:\Rbackup
    2015-06-25 15:47 . 2015-06-25 15:50    --------    d-----w-    c:\program files\Perfect Uninstaller
    2015-06-25 15:33 . 2015-06-25 15:33    --------    d-----w-    c:\users\Катето\AppData\Roaming\ChemTable Software
    2015-06-25 15:32 . 2015-06-25 15:32    --------    d-----w-    c:\program files (x86)\Full Uninstall
    2015-06-25 15:32 . 2015-06-25 15:32    --------    d-----w-    c:\users\Катето\AppData\Local\ChemTable Software
    2015-06-25 08:08 . 2015-06-26 08:26    --------    d-----w-    c:\programdata\F-Secure
    2015-06-25 08:08 . 2015-06-26 08:25    --------    d-----w-    c:\users\Катето\AppData\Local\F-Secure
    2015-06-25 07:50 . 2015-06-12 07:50    12221144    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5BB419D-E924-45FF-B2BA-DA0E6349A227}\mpengine.dll
    2015-06-24 15:27 . 2015-06-25 17:11    --------    d-----w-    C:\FRST
    2015-06-24 14:14 . 2015-06-24 14:14    --------    d-----w-    C:\RegBackup
    2015-06-24 13:04 . 2010-05-13 15:34    14232    ----a-w-    c:\windows\SysWow64\sh4native.exe
    2015-06-24 11:20 . 2015-06-24 11:20    32152    ----a-w-    c:\windows\system32\drivers\hitmanpro37.sys
    2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe
    2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe
    2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe
    2015-06-24 07:44 . 2015-06-24 07:44    --------    d-----w-    C:\sh4ldr
    2015-06-20 07:13 . 2015-06-24 09:27    --------    d-----w-    c:\program files\HitmanPro
    2015-06-19 19:10 . 2015-06-20 07:32    --------    d-----w-    c:\programdata\HitmanPro
    2015-06-17 11:32 . 2015-06-17 11:32    --------    d-----w-    c:\users\Катето\AppData\Roaming\InfraRecorder
    2015-06-16 20:06 . 2015-06-26 08:04    --------    d---a-w-    C:\Kaspersky Rescue Disk 10.0
    2015-06-16 16:51 . 2015-06-16 16:51    --------    d-----w-    c:\program files\InfraRecorder
    2015-06-11 06:46 . 2015-04-24 18:17    633856    ----a-w-    c:\windows\system32\comctl32.dll
    2015-06-11 06:46 . 2015-04-24 17:56    530432    ----a-w-    c:\windows\SysWow64\comctl32.dll
    2015-06-11 06:46 . 2015-05-25 17:08    3206144    ----a-w-    c:\windows\system32\win32k.sys
    2015-06-11 06:46 . 2015-04-11 03:19    69888    ----a-w-    c:\windows\system32\drivers\stream.sys
    2015-06-05 14:56 . 2015-05-22 18:18    1021440    ----a-w-    c:\windows\system32\appraiser.dll
    2015-06-05 14:56 . 2015-05-22 18:18    700416    ----a-w-    c:\windows\system32\generaltel.dll
    2015-06-05 14:56 . 2015-05-22 18:18    757248    ----a-w-    c:\windows\system32\invagent.dll
    2015-06-05 14:56 . 2015-05-22 18:18    423424    ----a-w-    c:\windows\system32\devinv.dll
    2015-06-05 14:56 . 2015-05-22 18:18    45568    ----a-w-    c:\windows\system32\acmigration.dll
    2015-06-05 14:56 . 2015-05-22 18:13    1119232    ----a-w-    c:\windows\system32\aeinv.dll
    2015-06-05 14:56 . 2015-05-21 13:19    193536    ----a-w-    c:\windows\system32\aepic.dll
    2015-06-05 14:56 . 2015-05-22 18:18    227328    ----a-w-    c:\windows\system32\aepdu.dll
    2015-06-03 12:22 . 2015-06-03 12:22    --------    d-----w-    c:\users\Катето\AppData\Local\GWX
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe
    2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe
    2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe
    2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe
    2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe
    2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe
    2015-06-23 21:23 . 2014-04-09 06:07    778416    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
    2015-06-23 21:23 . 2014-04-09 06:07    142512    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-06-12 00:03 . 2014-04-09 04:47    140135120    ----a-w-    c:\windows\system32\MRT.exe
    2015-05-25 18:01 . 2015-06-11 06:47    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
    2015-05-01 13:17 . 2015-05-14 00:02    124112    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-01 13:16 . 2015-05-14 00:02    102608    ----a-w-    c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2015-04-20 03:17 . 2015-05-13 06:35    1647104    ----a-w-    c:\windows\system32\DWrite.dll
    2015-04-20 03:17 . 2015-05-13 06:35    1179136    ----a-w-    c:\windows\system32\FntCache.dll
    2015-04-20 02:56 . 2015-05-13 06:35    1250816    ----a-w-    c:\windows\SysWow64\DWrite.dll
    2015-04-18 03:10 . 2015-05-13 06:37    460800    ----a-w-    c:\windows\system32\certcli.dll
    2015-04-18 02:56 . 2015-05-13 06:37    342016    ----a-w-    c:\windows\SysWow64\certcli.dll
    2015-04-13 03:28 . 2015-05-13 06:36    328704    ----a-w-    c:\windows\system32\services.exe
    2015-04-08 03:29 . 2015-05-13 06:35    275456    ----a-w-    c:\windows\system32\InkEd.dll
    2015-04-08 03:29 . 2015-05-13 06:35    24576    ----a-w-    c:\windows\system32\jnwmon.dll
    2015-04-08 03:14 . 2015-05-13 06:35    216064    ----a-w-    c:\windows\SysWow64\InkEd.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CONNMGRTRAY"="c:\program files\Acer\Acer 3G Connection Manager\ConnMgrLauncher.exe" [2011-03-03 363112]
    "uTorrent"="c:\users\Катето\AppData\Roaming\uTorrent\uTorrent.exe" [2015-05-06 1694560]
    "DAEMON Tools Ultra Agent"="c:\program files (x86)\DAEMON Tools Ultra\DTAgent.exe" [2014-04-28 3198224]
    "NETGATERegistryCleaner"="c:\program files\NETGATE\Registry Cleaner\RegistryCleaner.exe" [2013-07-11 2303824]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-06-02 28785280]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-03 1021128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute    REG_MULTI_SZ       autocheck autochk *\0sh4native Sh4Removal
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
    @=""
    .
    R1 SDHookDriver;Hook Test Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
    R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 tsusbhub;tsusbhub;tsusbhub [x]
    S0 SymEFASI;Symantec Extended File Attributes (SI);c:\windows\system32\drivers\NSx64\1605000.07C\SYMEFASI64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1605000.07C\SYMEFASI64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\BASHDefs\20150625.001\BHDrvx64.sys;c:\program files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\BASHDefs\20150625.001\BHDrvx64.sys [x]
    S1 ccSet_NS;NS Settings Manager;c:\windows\system32\drivers\NSx64\1605000.07C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSx64\1605000.07C\ccSetx64.sys [x]
    S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\IPSDefs\20150626.001\IDSvia64.sys;c:\program files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\IPSDefs\20150626.001\IDSvia64.sys [x]
    S1 PFolder;PFolder;c:\windows\System32\Drivers\PFolder64.sys;c:\windows\SYSNATIVE\Drivers\PFolder64.sys [x]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NSx64\1605000.07C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1605000.07C\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NSx64\1605000.07C\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1605000.07C\SYMNETS.SYS [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
    S2 NGRegClnSrv;NETGATE Registry Cleaner Service;c:\program files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe;c:\program files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe [x]
    S2 NS;Norton Security;c:\program files (x86)\Norton Security\Engine\22.5.0.124\NS.exe;c:\program files (x86)\Norton Security\Engine\22.5.0.124\NS.exe [x]
    S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [x]
    S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtscsibus.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMPROTECTOR
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-09 21:23]
    .
    .
    --------- X64 Entries -----------
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearch Page = hxxp://www.google.com
    mDefault_Page_URL = about:blank
    mDefault_Search_URL = hxxp://www.google.com
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Катето\AppData\Roaming\Mozilla\Firefox\Profiles\ufhrkess.default-1403927861999\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.bg/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-PrivateFolder - c:\program files (x86)\PrivateFolder\PF_Pass.exe
    Wow6432Node-HKLM-Run-Andy - c:\program files\Andy\HandyAndy.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NS]
    "ImagePath"="\"c:\program files (x86)\Norton Security\Engine\22.5.0.124\NS.exe\" /s \"NS\" /m \"c:\program files (x86)\Norton Security\Engine\22.5.0.124\diMaster.dll\" /prefetch:1"
    "ImagePath"="\SystemRoot\system32\drivers\NSx64\1605000.07C\SYMNETS.SYS"
    "TrustedImagePaths"="c:\program files (x86)\Norton Security\Engine\22.5.0.124;c:\program files (x86)\Norton Security\Engine64\22.5.0.124"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-06-28  11:55:52
    ComboFix-quarantined-files.txt  2015-06-28 08:55
    .
    Pre-Run: 124 812 935 168 bytes free
    Post-Run: 124 626 305 024 bytes free
    .
    - - End Of File - - 5EA533D2B6C24A6FDC9B7CB6D9F1C48E
    A36C5E4F47E84449FF07ED3517B43A31
     

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Maniac    1327

    Стъпка 1

    Моля, изтеглете и стартирайте този инструмент. Следвайте инструкциите, за да завърши работата си.

    ftp://ftp.f-secure.com/support/tools/uitool/UninstallationTool.exe

    Стъпка 2

    Моля изтеглете icon1351185104.pngJunkware Removal Tool на вашия десктоп.

    • Спрете временно работата на защитните програми.
    • Стартирайте инструмента JRT.exe
    • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
    • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
    • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
    • Моля копирайте съдържанието на лог файла в следващия си пост.
    Стъпка 3
    • Изтеглете и стартирайте 6sv1DN9.jpgAdwCleaner.exe.
    • Натиснете бутона Scan.
    • AdwCleaner ще започне да проверява компютъра.
    • След като проверката приключи натиснете бутона Clean.
    • Програмата ще затвори всички излишни процеси и след почистването ще иска да рестартира машината. Съгласете се.
    • Ще се появи автоматично лог файл с името (AdwCleaner[s0].txt) в C:\Adwcleaner
    • Публикувайте съдържанието му в следващия си коментар.
    В следващия си коментар в тази тема, включете следните лог файлове:
    • Лог файл от Junkware Removal Tool
    • Лог файл от AdwCleaner
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    geizer7    0

    Позволих си да сканирам с  adwcleaner още 2 пъти веднага един след друг,  и в двата резултата ми намира C:\Users\Катето\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Homepage] : hxxp://websearch.coolsearches.info/?pid=21735&r=2015/03/31&hid=8210722968839278389&lg=EN&cc=GR&unqvl=85. Това означава ли че не може да го почисти? Уж след рестарта трябва да е изтрито, а него пак го има. Или аз съм в грешка? За съжаление познанията ми са колкото на обикновен потребител :(

    AdwCleanerR16.txt

    AdwCleanerR17.txt

    AdwCleanerR18.txt

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Maniac    1327

    Не, това категорично не означава, че не е възможно да се изчисти, а че е упорит зловредния софтуер.

    Моля, изтрийте вашето FRST.exe копие, изтеглете ново и генерирайте нови лог файлове. Публикувайте ги тук.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Maniac    1327

    Стъпка 1

    Моля, деинсталирайте: Google Update Helper

    Стъпка 2

    Изтеглете fixlist.txt и го запазете в папката от която стартирахте FRST.exe.

    Стартирайте FRST.exe и натиснете бутона Fix веднъж!

    След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

     

    Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

    fixlist.txt

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    geizer7    0

    Единственото което открих за програмата Google Update Helper е че е упомената в един текстов документ който съм прикачила. Може би е била изтрита от някой от скенерите или от антивирусната , незнам,  но никъде не я откривам. Прикачвам и файла от FRST64

    Add-Remove Programs.txt

    Fixlog.txt

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Maniac    1327

    • Моля изтеглете и стартирайте изпълнимия файл от линка отдолу:

      ESET OnlineScan

    • Сложете отметката предesetAcceptTerms.png
    • Натиснете бутона esetStart.png.
    • Сложете отметката пред Enable detection of potentially unwanted applications.
    • Сега кликнете на Advanced Settings и се уверете, че опцията Remove found threats не е маркирана, а следните са маркирани:
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
      • Изберете сега бутона Change и изберете само Operating memory и дял C:\
    fhSji42.png
    • Натиснете бутона Start.
    • ESET ще започне да сваля и инсталира актуализации за вирусните дефиниции и след това ще започне да сканира компютъра. Бъдете търпеливи, защото процеса е бавен и може да отнеме доста време.
    • След като проверката приключи натиснете бутонаesetListThreats.png
    • Сега натиснете бутона esetExport.png, и запазете файла на десктопа с име по избор като например (ESETScan.txt). Копирайте резултата в следващия си коментар.
    • Натиснете бутона esetBack.png и след това натиснете бутона esetFinish.png за да затворите приложението.
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    geizer7    0

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\EnJooyCCoupOoN\YQwuQCBBAwAyon.x64.dll.vir    a variant of Win64/Adware.MultiPlug.G application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\mozilla firefox\dbghelp.dll.vir    a variant of Win32/Adware.MultiPlug.IY application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SSaloePlues\Qu8xaGBTptX9YF.x64.dll.vir    a variant of Win64/Adware.MultiPlug.G application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\uanisallees\AmsWJ0bVddraTu.x64.dll.vir    a variant of Win64/Adware.MultiPlug.I application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\YoutUbeAdBlocke\JLVvAwM2UwwNw5.x64.dll.vir    a variant of Win64/Adware.MultiPlug.I application
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Chromatic Browser\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\torch\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\torch\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\torch\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\torch\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\torch\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Roaming\OpenCandy\6F0368E0ADC24DBB93EF22573D595C24\dm317c.exe.vir    a variant of Win32/OpenCandy.A potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Roaming\webssearches\UninstallManager.exe.vir    a variant of Win32/ELEX.CP potentially unwanted application
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js    JS/Kryptik.ATB trojan
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js    JS/Kryptik.ATB trojan
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js    JS/Adware.MultiPlug.B application
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js    JS/Kryptik.ATB trojan
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js    JS/Kryptik.ATB trojan
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js    JS/Adware.MultiPlug.B application
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js    JS/Kryptik.ATB trojan
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js    JS/Kryptik.ATB trojan
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js    JS/Adware.MultiPlug.B application
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js    JS/Kryptik.ATB trojan
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js    JS/Kryptik.ATB trojan
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js    JS/Adware.MultiPlug.B application
    C:\Users\Катето\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js    JS/Kryptik.ATB trojan
    C:\Users\Катето\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js    JS/Adware.MultiPlug.B application
    C:\Users\Катето\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js    JS/Adware.MultiPlug.B application
    C:\Users\Катето\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js    JS/Kryptik.ATB trojan
    C:\Users\Катето\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js    JS/Adware.MultiPlug.B application
    C:\Users\Катето\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js    JS/Kryptik.ATB trojan
    C:\Users\Катето\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js    JS/Adware.MultiPlug.B application
    C:\Users\Катето\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js    JS/Adware.MultiPlug.B application
    C:\Users\Катето\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js    JS/Kryptik.ATB trojan
    C:\Users\Катето\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js    JS/Adware.MultiPlug.B application
    C:\Users\Катето\AppData\Roaming\rmi\KMPlayer_v3.8.0.117.exe    Win32/OpenCandy potentially unsafe application
    C:\Users\Катето\AppData\Roaming\uTorrent\updates\3.4.1_30768.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application
    C:\Users\Катето\AppData\Roaming\uTorrent\updates\3.4.2_37754.exe    a variant of Win32/OpenCandy.C potentially unsafe application
    C:\Users\Катето\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe    a variant of Win32/OpenCandy.C potentially unsafe application
    C:\Windows\Installer\MSI5564.tmp    a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
     

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Maniac    1327

    Моля, повторете сканирането, но този път маркирайте Remove found threats.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    geizer7    0

    Забелязах че намерените файлове са поставени под карантина, след което има опция да бъдат изтрити оттам. Трябва ли да ги изтрия, или да ги оставя така ?

    ESETScan2.txt

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Maniac    1327

    Точно този резултат очакваме. Те са изтрити успешно.

    Това, което ме интересува на този етап е имаме ли някакви положителни резултати?

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    geizer7    0

    В началото успях да изтегля един филм, без да се отвори нито една реклама,  но като стигнах до субтитрите, пак се започна. При всеки клик на мишката по един нов прозорец. Не знам какъв е този вирус, но явно непрекъснато се възпроизвежда :(

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    geizer7    0

    Съвсем случайно намерих GoogleUpdateHelper за който говорехме преди няколко дена. Странно е че търсачката не го открива, нито пък в списъка със инсталираните програми е наличен. Файлът се намира в C:\Program Files (x86)\Google\Update \1.3.24.15 . GoogleUpdateHelper.msi - тип  пакет за инсталиране на windows. Ще бъде ли проблем ако изтрия цялата папка за по сигурно? И защо търсачката не го открива файла ? Качвам и снимка на съдържанието на папката.

    post-345305-0-28695000-1436106147_thumb.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Maniac    1327

    Деинсталирайте временно и Google Earth и ако все още съществува цялата тази папка:

    C:\Program Files (x86)\Google

    Накрая рестартирайте и стартирайте отново Junkware и AdwCleaner. Публикувайте резултатите и проверете за промяна в състоянието.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    • Горещи теми в момента

    • Подобни теми

      • от RudeBoy
        Здравейте,
        Направих една голяма глупост - изтеглих и опитах да отворя кийген за една програма. Явно е бил фалшив, защото компютърът ми се напълни с какво ли не. Сканирах с Panda, премахна много неща, но има още. Като браузвам в нета, постоянно ми се отварят рекламни страници, при кликване на всеки линк. Отварят се дори и от само себе си, при затворен браузър. Имам системен диск, в краен случай съм готов да преинсталирам, но ако мога да се справя с ваша помощ, ще е чудесно  .
        Прикачвам логовете:
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2017
        Ran by mcpph (administrator) on DESKTOP-P7903MO (17-09-2017 12:39:55)
        Running from C:\Users\mcpph\Desktop
        Loaded Profiles: mcpph (Available Profiles: mcpph)
        Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
        Internet Explorer Version 11 (Default browser: Opera)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
        (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
        (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
        (@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
        (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
        () C:\ProgramData\WinSxA.exe
        (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
        (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
        (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
        (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
        (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Intel Corporation) C:\Program Files\Intel\STCServ\STCServ.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
        HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [144520 2017-07-19] (Panda Security, S.L.)
        HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
        HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
        HKU\S-1-5-21-3410296404-4140097037-1986194597-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
        HKU\S-1-5-21-3410296404-4140097037-1986194597-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\ENDLES~1.SCR [5133824 2015-12-01] (Extreme Internet Software)
        BootExecute: 
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
        Tcpip\..\Interfaces\{399be296-21bc-4c44-b88b-015636c079a7}: [DhcpNameServer] 192.168.100.1
        Internet Explorer:
        ==================
        HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
        FireFox:
        ========
        FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
        FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
        FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
        FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
        Opera: 
        =======
        OPR Extension: (Adguard AdBlocker) - C:\Users\mcpph\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2017-09-04]
        OPR Extension: (Quick Searcher) - C:\Users\mcpph\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-09-17]
        StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-12-29] (Foxit Software Inc.)
        S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [365040 2017-03-18] (Intel Corporation)
        S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
        S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
        R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [109024 2017-07-19] (Panda Security, S.L.)
        R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
        R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48784 2017-07-19] (Panda Security, S.L.)
        R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI) [File not signed]
        R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
        R2 STCServ; C:\Program Files\Intel\STCServ\STCServ.exe [8095456 2015-03-16] (Intel Corporation)
        S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
        S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
        R2 WinSxA; C:\ProgramData\WinSxA.exe [423080 2017-09-17] ()
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
        S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [33448 2016-12-07] ()
        S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
        S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] ()
        S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
        R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
        S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-09-17] (Malwarebytes)
        S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
        R1 NNSALPC; C:\Windows\system32\DRIVERS\NNSALPC.sys [106976 2017-04-07] (Panda Security, S.L.)
        R1 NNSHTTP; C:\Windows\system32\DRIVERS\NNSHTTP.sys [211936 2017-04-07] (Panda Security, S.L.)
        R1 NNSHTTPS; C:\Windows\system32\DRIVERS\NNSHTTPS.sys [121312 2017-04-07] (Panda Security, S.L.)
        R1 NNSIDS; C:\Windows\system32\DRIVERS\NNSIDS.sys [125920 2017-04-07] (Panda Security, S.L.)
        R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [89960 2017-03-17] (Panda Security, S.L.)
        R1 NNSPICC; C:\Windows\system32\DRIVERS\NNSPICC.sys [118240 2017-04-07] (Panda Security, S.L.)
        R1 NNSPIHSW; C:\Windows\system32\DRIVERS\NNSPIHSW.sys [91104 2017-04-07] (Panda Security, S.L.)
        R1 NNSPOP3; C:\Windows\system32\DRIVERS\NNSPOP3.sys [135648 2017-04-07] (Panda Security, S.L.)
        R1 NNSPROT; C:\Windows\system32\DRIVERS\NNSPROT.sys [336352 2017-04-07] (Panda Security, S.L.)
        R1 NNSPRV; C:\Windows\system32\DRIVERS\NNSPRV.sys [226272 2017-04-07] (Panda Security, S.L.)
        R1 NNSSMTP; C:\Windows\system32\DRIVERS\NNSSMTP.sys [123360 2017-04-07] (Panda Security, S.L.)
        R1 NNSSTRM; C:\Windows\system32\DRIVERS\NNSSTRM.sys [280032 2017-04-07] (Panda Security, S.L.)
        R1 NNSTLSC; C:\Windows\system32\DRIVERS\NNSTLSC.sys [125408 2017-04-07] (Panda Security, S.L.)
        R2 PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [179168 2017-07-19] (Panda Security, S.L.)
        R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [140256 2017-07-19] (Panda Security, S.L.)
        R1 PSINKNC; C:\Windows\system32\DRIVERS\PSINKNC.sys [207328 2017-07-19] (Panda Security, S.L.)
        R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [133600 2017-07-19] (Panda Security, S.L.)
        R2 PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [146912 2017-07-19] (Panda Security, S.L.)
        R2 PSINReg; C:\Windows\system32\DRIVERS\PSINReg.sys [117216 2017-07-19] (Panda Security, S.L.)
        U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [72648 2017-05-22] (Panda Security, S.L.)
        R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
        S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
        S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
        S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
        S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
        S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-17 12:39 - 2017-09-17 12:40 - 000010125 _____ C:\Users\mcpph\Desktop\FRST.txt
        2017-09-17 12:39 - 2017-09-17 12:39 - 002398720 _____ (Farbar) C:\Users\mcpph\Desktop\FRST64.exe
        2017-09-17 12:39 - 2017-09-17 12:39 - 000000000 ____D C:\FRST
        2017-09-17 12:08 - 2017-09-17 12:13 - 000001024 _____ C:\Windows\system32\Drivers\etc\hosts.bak
        2017-09-17 12:04 - 2017-09-17 12:05 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Zara
        2017-09-17 12:04 - 2017-09-17 12:04 - 000423080 _____ C:\ProgramData\WinSxA.exe
        2017-09-17 12:04 - 2017-09-17 12:04 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\spbggb0is40
        2017-09-17 12:04 - 2017-09-17 12:04 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\0sziqug0wpx
        2017-09-17 12:03 - 2017-09-17 12:07 - 000001654 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ореrа Вrоwsеr.lnk
        2017-09-16 08:28 - 2017-09-16 21:13 - 000000000 ____D C:\Users\mcpph\AppData\Local\Samsung
        2017-09-16 08:28 - 2017-09-16 08:28 - 000000000 ____D C:\Users\Public\Documents\NativeFus_Log
        2017-09-16 08:28 - 2017-09-16 08:28 - 000000000 ____D C:\Users\mcpph\Documents\samsung
        2017-09-16 08:27 - 2017-09-16 08:27 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
        2017-09-15 21:10 - 2017-09-16 21:13 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Samsung
        2017-09-15 21:10 - 2016-07-22 10:21 - 000164992 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
        2017-09-15 21:10 - 2016-07-22 10:21 - 000130688 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus.sys
        2017-09-15 21:09 - 2017-09-16 21:13 - 000000000 ____D C:\ProgramData\Samsung
        2017-09-15 21:09 - 2017-09-15 21:10 - 000000000 ____D C:\Program Files (x86)\Samsung
        2017-09-15 21:09 - 2016-05-18 14:49 - 004659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
        2017-09-15 21:09 - 2016-05-18 14:49 - 000144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
        2017-09-15 21:08 - 2017-09-15 21:08 - 000000000 ____D C:\Users\mcpph\AppData\Local\Downloaded Installations
        2017-09-12 15:13 - 2017-09-12 15:13 - 000000911 _____ C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ExifPro 2.1.lnk
        2017-09-12 09:35 - 2017-09-17 12:07 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
        2017-09-12 09:35 - 2017-09-12 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
        2017-09-12 09:35 - 2017-09-12 09:35 - 000000000 ____D C:\ProgramData\Malwarebytes
        2017-09-12 09:35 - 2017-09-12 09:35 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
        2017-09-12 09:35 - 2015-10-05 09:50 - 000109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
        2017-09-12 09:35 - 2015-10-05 09:50 - 000064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
        2017-09-12 09:35 - 2015-10-05 09:50 - 000025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
        2017-09-05 23:33 - 2017-09-05 23:33 - 000000000 ____D C:\Program Files\Reference Assemblies
        2017-09-05 23:33 - 2017-09-05 23:33 - 000000000 ____D C:\Program Files\MSBuild
        2017-09-05 23:33 - 2017-09-05 23:33 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
        2017-09-05 23:33 - 2017-09-05 23:33 - 000000000 ____D C:\Program Files (x86)\MSBuild
        2017-09-05 23:33 - 2017-02-10 11:26 - 001166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
        2017-09-05 23:33 - 2017-02-10 11:26 - 000124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
        2017-09-05 23:33 - 2017-02-10 11:26 - 000035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
        2017-09-05 23:33 - 2017-02-10 11:21 - 000778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
        2017-09-05 23:33 - 2017-02-10 11:21 - 000103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
        2017-09-05 23:33 - 2017-02-10 11:21 - 000035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
        2017-09-05 23:27 - 2017-09-05 23:27 - 000000000 ____D C:\Users\mcpph\AppData\Local\ElevatedDiagnostics
        2017-09-05 23:24 - 2017-09-05 23:24 - 000000000 ____D C:\Windows\SysWOW64\directx
        2017-09-05 23:21 - 2017-09-05 23:21 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\WinRAR
        2017-09-04 22:44 - 2017-09-04 22:45 - 000000000 _____ C:\Recovery.txt
        2017-09-04 19:29 - 2017-09-04 08:51 - 000000000 ____D C:\Windows\Panther
        2017-09-04 18:30 - 2017-09-04 18:30 - 000000000 _SHDL C:\Documents and Settings
        2017-09-04 18:29 - 2017-09-17 12:36 - 000000006 ____H C:\Windows\Tasks\SA.DAT
        2017-09-04 18:29 - 2017-09-17 09:31 - 000000000 ____D C:\Windows\system32\SleepStudy
        2017-09-04 18:29 - 2017-09-04 18:29 - 000000000 ____D C:\Windows\ServiceProfiles
        2017-09-04 18:29 - 2017-09-04 09:56 - 000267480 _____ C:\Windows\system32\FNTCACHE.DAT
        2017-09-04 17:53 - 2017-09-04 17:54 - 000000000 ____D C:\Users\mcpph\AppData\Local\Easy CD-DA Extractor
        2017-09-04 17:53 - 2017-09-04 17:53 - 000000000 ____D C:\ProgramData\TEMP
        2017-09-04 17:53 - 2017-09-04 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy CD-DA Extractor 16
        2017-09-04 17:53 - 2017-09-04 17:53 - 000000000 ____D C:\ProgramData\Easy CD-DA Extractor
        2017-09-04 17:53 - 2017-09-04 17:53 - 000000000 ____D C:\Program Files\Easy CD-DA Extractor 16
        2017-09-04 17:50 - 2017-09-04 17:50 - 000000000 ____D C:\Users\mcpph\AppData\Local\Kolor
        2017-09-04 17:50 - 2017-09-04 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolor
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Mozilla
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\IObit
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\LocalLow\Mozilla
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Local\Turbo.net
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Local\Mozilla
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Local\CrashDumps
        2017-09-04 14:36 - 2017-09-04 17:50 - 000000000 ____D C:\Program Files\Kolor
        2017-09-04 11:30 - 2017-09-04 11:30 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
        2017-09-04 11:23 - 2017-09-04 11:23 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Yamicsoft
        2017-09-04 11:23 - 2017-09-04 11:23 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yamicsoft
        2017-09-04 11:23 - 2017-09-04 11:23 - 000000000 ____D C:\Users\mcpph\AppData\Local\DBG
        2017-09-04 11:23 - 2017-09-04 11:23 - 000000000 ____D C:\Program Files\Yamicsoft
        2017-09-04 10:15 - 2017-09-04 10:15 - 000000000 ____D C:\Users\mcpph\Documents\Adobe
        2017-09-04 10:13 - 2017-09-04 10:13 - 000000000 ____D C:\Program Files\Common Files\Adobe
        2017-09-04 10:08 - 2017-09-04 10:13 - 000000000 ____D C:\Program Files\Adobe
        2017-09-04 10:08 - 2017-09-04 10:08 - 000001029 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk
        2017-09-04 10:08 - 2017-09-04 10:08 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
        2017-09-04 10:07 - 2017-09-04 10:13 - 000000000 ____D C:\ProgramData\Adobe
        2017-09-04 10:07 - 2017-09-04 10:07 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Macromedia
        2017-09-04 10:04 - 2017-09-04 10:04 - 000000000 ____D C:\Users\mcpph\AppData\Local\4kdownload.com
        2017-09-04 10:04 - 2017-09-04 10:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
        2017-09-04 10:04 - 2017-09-04 10:04 - 000000000 ____D C:\Program Files (x86)\4KDownload
        2017-09-04 09:58 - 2017-09-04 09:58 - 000001531 ____H C:\Windows\EPMBatch.ept
        2017-09-04 09:55 - 2017-09-16 21:13 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
        2017-09-04 09:55 - 2017-09-04 09:55 - 000000000 ___HD C:\Program Files (x86)\Temp
        2017-09-04 09:55 - 2017-09-04 09:55 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
        2017-09-04 09:55 - 2017-09-04 09:55 - 000000000 ____D C:\Program Files\Realtek
        2017-09-04 09:55 - 2017-09-04 09:55 - 000000000 ____D C:\Program Files (x86)\Realtek
        2017-09-04 09:55 - 2015-06-18 18:45 - 004496600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
        2017-09-04 09:55 - 2015-06-18 17:59 - 002862488 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
        2017-09-04 09:55 - 2015-06-17 19:47 - 002930904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
        2017-09-04 09:55 - 2015-06-17 14:45 - 003234520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
        2017-09-04 09:55 - 2015-06-15 17:39 - 001748184 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
        2017-09-04 09:55 - 2015-05-27 17:38 - 002825944 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
        2017-09-04 09:55 - 2015-05-26 11:59 - 000166616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
        2017-09-04 09:55 - 2015-05-25 15:18 - 003195416 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
        2017-09-04 09:55 - 2015-05-18 14:47 - 002702040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
        2017-09-04 09:55 - 2015-05-15 19:27 - 002918104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
        2017-09-04 09:55 - 2015-05-15 16:32 - 001316056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
        2017-09-04 09:55 - 2014-11-11 13:44 - 000631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
        2017-09-04 09:55 - 2014-06-09 10:59 - 000560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
        2017-09-04 09:55 - 2014-04-10 12:19 - 002041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
        2017-09-04 09:55 - 2014-01-08 15:25 - 000397592 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
        2017-09-04 09:55 - 2013-10-11 12:47 - 000113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
        2017-09-04 09:55 - 2012-06-08 16:21 - 000897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
        2017-09-04 09:55 - 2012-06-08 16:21 - 000753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
        2017-09-04 09:55 - 2012-03-08 11:47 - 000108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
        2017-09-04 09:55 - 2011-12-20 15:32 - 000331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
        2017-09-04 09:55 - 2011-12-16 14:57 - 000065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
        2017-09-04 09:55 - 2011-11-22 16:28 - 000014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
        2017-09-04 09:55 - 2010-09-27 09:34 - 000318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
        2017-09-04 09:55 - 2009-11-24 09:55 - 000518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
        2017-09-04 09:55 - 2009-11-24 09:55 - 000211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
        2017-09-04 09:55 - 2009-11-24 09:55 - 000198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
        2017-09-04 09:55 - 2009-11-24 09:55 - 000155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
        2017-09-04 09:55 - 2009-11-18 07:13 - 000060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
        2017-09-04 09:54 - 2017-09-13 19:40 - 000000000 ____D C:\Program Files\Recuva
        2017-09-04 09:54 - 2017-09-04 09:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
        2017-09-04 09:51 - 2017-09-17 12:32 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\vlc
        2017-09-04 09:51 - 2017-09-04 09:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
        2017-09-04 09:51 - 2017-09-04 09:51 - 000000000 ____D C:\Program Files (x86)\VideoLAN
        2017-09-04 09:50 - 2017-09-04 09:50 - 000000000 ____D C:\Users\mcpph\AppData\Local\Foxit Reader
        2017-09-04 09:49 - 2017-09-04 09:50 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Foxit Software
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\Users\Public\Foxit Software
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Foxit AgentInformation
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\ProgramData\Foxit Software
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\Program Files (x86)\Foxit Software
        2017-09-04 09:48 - 2017-09-04 09:48 - 000000000 ____D C:\Users\mcpph\AppData\Local\Viber
        2017-09-04 09:47 - 2017-09-16 12:23 - 000000000 ____D C:\Users\mcpph\Documents\ViberDownloads
        2017-09-04 09:45 - 2017-09-16 12:22 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\ViberPC
        2017-09-04 09:45 - 2017-09-04 09:45 - 000001033 _____ C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
        2017-09-04 09:45 - 2017-09-04 09:45 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
        2017-09-04 09:45 - 2017-09-04 09:45 - 000000000 ____D C:\Users\mcpph\AppData\Local\Viber Media S.à r.l
        2017-09-04 09:45 - 2017-09-04 09:45 - 000000000 ____D C:\Users\mcpph\AppData\Local\Package Cache
        2017-09-04 09:41 - 2017-09-04 09:41 - 000000691 _____ C:\Users\mcpph\Desktop\VIDEO.lnk
        2017-09-04 09:40 - 2017-09-04 09:40 - 000000716 _____ C:\Users\mcpph\Desktop\DOWNLOAD.lnk
        2017-09-04 09:40 - 2017-09-04 09:40 - 000000691 _____ C:\Users\mcpph\Desktop\AUDIO.lnk
        2017-09-04 09:40 - 2017-09-04 09:40 - 000000000 ____D C:\ProgramData\ShellIcons
        2017-09-04 09:39 - 2017-09-04 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
        2017-09-04 09:39 - 2017-09-04 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 12.5
        2017-09-04 09:39 - 2017-09-04 09:39 - 000000000 ____D C:\Program Files\Speccy
        2017-09-04 09:38 - 2017-09-04 09:38 - 000000000 ____D C:\Program Files (x86)\EaseUS
        2017-09-04 09:38 - 2017-08-08 17:49 - 004027072 _____ C:\Windows\system32\BootMan.exe
        2017-09-04 09:38 - 2017-08-08 17:49 - 003037376 _____ C:\Windows\SysWOW64\BootMan.exe
        2017-09-04 09:38 - 2016-12-07 13:26 - 000033448 _____ C:\Windows\system32\epmntdrv.sys
        2017-09-04 09:38 - 2016-07-11 10:01 - 000101984 _____ C:\Windows\system32\setupempdrvx64.exe
        2017-09-04 09:38 - 2016-07-11 10:01 - 000088160 _____ C:\Windows\SysWOW64\setupempdrv03.exe
        2017-09-04 09:38 - 2016-07-11 10:01 - 000010848 _____ C:\Windows\system32\EuGdiDrv.sys
        2017-09-04 09:38 - 2016-07-11 10:01 - 000010208 _____ C:\Windows\SysWOW64\EuGdiDrv.sys
        2017-09-04 09:38 - 2016-07-08 15:28 - 000248832 _____ C:\Windows\SysWOW64\epmntdrv.pdb
        2017-09-04 09:38 - 2016-01-14 10:05 - 000021496 _____ C:\Windows\SysWOW64\epmntdrv.sys
        2017-09-04 09:38 - 2014-11-18 14:46 - 000021088 _____ C:\Windows\SysWOW64\EuEpmGdi.dll
        2017-09-04 09:38 - 2014-11-18 14:46 - 000017504 _____ C:\Windows\system32\EuEpmGdi.dll
        2017-09-04 09:37 - 2017-09-04 09:37 - 000000000 ____D C:\Users\mcpph\AppData\Local\FastStone
        2017-09-04 09:37 - 2017-09-04 09:37 - 000000000 ____D C:\ProgramData\FastStone
        2017-09-04 09:36 - 2017-09-04 09:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture
        2017-09-04 09:36 - 2017-09-04 09:38 - 000000000 ____D C:\Program Files (x86)\FastStone Capture
        2017-09-04 09:31 - 2017-09-12 22:12 - 000004650 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
        2017-09-04 09:31 - 2017-09-12 21:38 - 000004422 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
        2017-09-04 09:30 - 2017-09-12 22:12 - 000000000 ____D C:\Users\mcpph\AppData\Local\Adobe
        2017-09-04 09:27 - 2017-09-04 09:37 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\FastStone
        2017-09-04 09:26 - 2017-09-04 09:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
        2017-09-04 09:26 - 2017-09-04 09:26 - 000000000 ____D C:\Program Files (x86)\FastStone Image Viewer
        2017-09-04 09:14 - 2017-09-09 17:38 - 000000000 ____D C:\Program Files\Opera
        2017-09-04 09:14 - 2017-09-09 07:08 - 000003958 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1504505679
        2017-09-04 09:14 - 2017-09-04 09:14 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Opera Software
        2017-09-04 09:14 - 2017-09-04 09:14 - 000000000 ____D C:\Users\mcpph\AppData\Local\Opera Software
        2017-09-04 09:12 - 2017-09-04 10:04 - 000003834 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
        2017-09-04 09:12 - 2017-09-04 09:12 - 000003604 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
        2017-09-04 09:12 - 2017-09-04 09:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
        2017-09-04 09:12 - 2017-09-04 09:12 - 000000000 ____D C:\ProgramData\Intel(R) Update Manager
        2017-09-04 09:11 - 2017-09-06 10:25 - 000000000 ____D C:\Users\mcpph\AppData\Local\Share Link
        2017-09-04 09:11 - 2017-09-04 10:04 - 000000000 ____D C:\ProgramData\Intel
        2017-09-04 09:11 - 2017-09-04 09:11 - 000003394 _____ C:\Windows\System32\Tasks\IntelBootstrapCCDashExe
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Connect Center
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\Program Files\WinRAR
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\Program Files (x86)\ASUS
        2017-09-04 09:09 - 2017-09-12 15:13 - 000000000 ____D C:\Program Files\ExifPro 2.1
        2017-09-04 09:09 - 2017-09-04 09:09 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\MiK
        2017-09-04 09:09 - 2017-09-04 09:09 - 000000000 ____D C:\Users\mcpph\AppData\Local\MicrosoftEdge
        2017-09-04 09:09 - 2017-09-04 09:09 - 000000000 ____D C:\ProgramData\MiK
        2017-09-04 09:06 - 2017-09-04 09:25 - 000000551 _____ C:\Users\mcpph\Desktop\PHOTOS.lnk
        2017-09-04 09:06 - 2017-09-04 09:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Endless Slideshow Screensaver
        2017-09-04 09:06 - 2017-09-04 09:06 - 000000000 ____D C:\Program Files (x86)\Endless Slideshow Screensaver
        2017-09-04 09:06 - 2015-12-01 16:11 - 005133824 _____ (Extreme Internet Software) C:\Windows\Endless-Slideshow.scr
        2017-09-04 09:06 - 2013-02-06 18:30 - 000337408 _____ (www.imageen.com) C:\Windows\dcrawlib.dll
        2017-09-04 09:06 - 2012-05-21 13:43 - 001274880 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\libeay32.dll
        2017-09-04 09:06 - 2012-05-21 13:43 - 000330752 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\ssleay32.dll
        2017-09-04 09:06 - 2007-06-23 08:29 - 000084992 _____ C:\Windows\jbiglib.dll
        2017-09-04 09:06 - 2005-08-30 07:00 - 003919872 _____ C:\Windows\imagemagick.dll
        2017-09-04 08:59 - 2017-09-04 14:36 - 000000000 ____D C:\ProgramData\Package Cache
        2017-09-04 08:59 - 2017-09-04 08:59 - 000000000 ___RD C:\Program Files (x86)\Skype
        2017-09-04 08:59 - 2017-09-04 08:59 - 000000000 ____D C:\Users\mcpph\Tracing
        2017-09-04 08:59 - 2017-09-04 08:59 - 000000000 ____D C:\ProgramData\Skype
        2017-09-04 08:59 - 2017-09-04 08:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
        2017-09-04 08:49 - 2017-09-04 08:49 - 000002870 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
        2017-09-04 08:49 - 2017-09-04 08:49 - 000002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Protection.lnk
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Panda Security
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Protection
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\Program Files\CCleaner
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\Program Files (x86)\Panda Security
        2017-09-04 08:49 - 2017-07-19 05:31 - 000207328 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINKNC.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000179168 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINAflt.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000146912 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProt.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000140256 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINFile.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000133600 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProc.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000117216 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINReg.sys
        2017-09-04 08:49 - 2017-05-22 08:01 - 000072648 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
        2017-09-04 08:48 - 2017-09-04 08:49 - 000000000 ____D C:\ProgramData\Panda Security
        2017-09-04 08:43 - 2017-09-04 08:43 - 000000716 _____ C:\Users\mcpph\Desktop\SOFTWARE.lnk
        2017-09-04 08:40 - 2017-09-09 18:51 - 000000000 ____D C:\Wallpaper
        2017-09-04 08:37 - 2017-09-04 08:37 - 000004608 _____ C:\Windows\SECOH-QAD.exe
        2017-09-04 08:37 - 2017-09-04 08:37 - 000003584 _____ C:\Windows\SECOH-QAD.dll
        2017-09-04 08:37 - 2017-09-04 08:37 - 000003476 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
        2017-09-04 08:37 - 2017-09-04 08:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
        2017-09-04 08:37 - 2017-09-04 08:37 - 000000000 ____D C:\Program Files\KMSpico
        2017-09-04 08:37 - 2010-12-06 05:16 - 000090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
        2017-09-04 08:36 - 2017-09-17 12:39 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Skype
        2017-09-04 08:36 - 2017-09-17 12:20 - 001259196 _____ C:\Windows\system32\PerfStringBackup.INI
        2017-09-04 08:36 - 2017-09-04 08:51 - 000000000 ___RD C:\Users\mcpph\OneDrive
        2017-09-04 08:36 - 2017-09-04 08:36 - 000000000 ____D C:\Users\mcpph\AppData\Local\Comms
        2017-09-04 08:35 - 2017-09-04 09:12 - 000000000 ____D C:\Program Files (x86)\Intel
        2017-09-04 08:35 - 2017-09-04 09:11 - 000000000 ____D C:\Program Files\Intel
        2017-09-04 08:35 - 2017-09-04 08:36 - 000000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
        2017-09-04 08:35 - 2017-09-04 08:35 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
        2017-09-04 08:35 - 2017-09-04 08:35 - 000000000 ____D C:\Intel
        2017-09-04 08:35 - 2017-09-04 08:35 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
        2017-09-04 08:35 - 2017-09-04 08:23 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
        2017-09-04 08:35 - 2017-09-04 08:23 - 000000000 __SHD C:\Users\mcpph\IntelGraphicsProfiles
        2017-09-04 08:35 - 2017-03-18 08:35 - 000095216 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
        2017-09-04 08:35 - 2017-03-18 08:35 - 000091120 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
        2017-09-04 08:34 - 2017-09-04 17:49 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Adobe
        2017-09-04 08:34 - 2017-09-04 17:47 - 000000000 ____D C:\Users\mcpph\AppData\Local\Packages
        2017-09-04 08:34 - 2017-09-04 08:35 - 000000000 ____D C:\Users\mcpph\AppData\Local\ConnectedDevicesPlatform
        2017-09-04 08:34 - 2017-09-04 08:34 - 000000000 __RHD C:\Users\Public\AccountPictures
        2017-09-04 08:34 - 2017-09-04 08:34 - 000000000 ____D C:\Users\mcpph\AppData\Local\VirtualStore
        2017-09-04 08:34 - 2017-09-04 08:34 - 000000000 ____D C:\Users\mcpph\AppData\Local\TileDataLayer
        2017-09-04 08:34 - 2017-09-04 08:34 - 000000000 ____D C:\Users\mcpph\AppData\Local\Publishers
        2017-09-04 08:33 - 2017-09-13 19:41 - 000000000 ____D C:\Users\mcpph
        2017-09-04 08:33 - 2017-09-04 08:33 - 000000020 ___SH C:\Users\mcpph\ntuser.ini
        2017-09-04 08:33 - 2017-09-04 08:33 - 000000000 ____D C:\ProgramData\USOShared
        2017-09-04 08:32 - 2017-07-12 07:39 - 000942592 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
        2017-09-04 08:32 - 2017-03-18 23:56 - 002233344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
        2017-09-04 08:32 - 2017-03-18 07:59 - 004164608 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0002.dll
        2017-09-04 08:32 - 2017-03-18 07:55 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0002.dll
        2017-09-04 08:32 - 2017-03-18 07:54 - 001914368 _____ (Microsoft Corporation) C:\Windows\system32\MLS2.dll
        2017-09-04 08:32 - 2017-03-18 07:43 - 004164608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsLexicons0002.dll
        2017-09-04 08:32 - 2017-03-18 07:40 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsData0002.dll
        2017-09-04 08:32 - 2017-03-18 07:39 - 001868288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MLS2.dll
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-17 12:36 - 2017-03-18 14:40 - 000524288 _____ C:\Windows\system32\config\BBI
        2017-09-17 12:22 - 2017-03-19 00:01 - 000000000 ____D C:\Windows\INF
        2017-09-12 22:12 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\SysWOW64\Macromed
        2017-09-12 22:12 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\Macromed
        2017-09-05 23:33 - 2017-03-18 23:51 - 000000000 ____D C:\Windows\CbsTemp
        2017-09-05 08:03 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\appcompat
        2017-09-04 19:28 - 2017-03-19 00:03 - 000028672 _____ C:\Windows\system32\config\BCD-Template
        2017-09-04 18:30 - 2017-03-18 14:40 - 000000000 ____D C:\Windows\system32\Sysprep
        2017-09-04 18:29 - 2017-03-19 05:31 - 000000000 ____D C:\Windows\HoloShell
        2017-09-04 18:29 - 2017-03-19 00:03 - 000000000 ___RD C:\Windows\PrintDialog
        2017-09-04 18:29 - 2017-03-19 00:03 - 000000000 ___RD C:\Windows\MiracastView
        2017-09-04 18:29 - 2017-03-19 00:03 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
        2017-09-04 18:29 - 2017-03-18 14:40 - 000032768 _____ C:\Windows\system32\config\ELAM
        2017-09-04 17:47 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\AppReadiness
        2017-09-04 11:34 - 2017-03-19 00:03 - 000000000 ___HD C:\Program Files\WindowsApps
        2017-09-04 10:07 - 2017-03-19 00:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
        2017-09-04 08:49 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
        2017-09-04 08:49 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\GroupPolicy
        2017-09-04 08:47 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\Cursors
        2017-09-04 08:33 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\WinBioDatabase
        2017-09-04 08:33 - 2017-03-19 00:03 - 000000000 ____D C:\ProgramData\USOPrivate
        2017-09-04 08:32 - 2017-03-19 05:30 - 000000000 ____D C:\Windows\OCR
        2017-09-04 08:32 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\spool
        2017-09-04 08:32 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\FxsTmp
        2017-09-04 08:31 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\rescache
        2017-09-04 08:31 - 2017-03-19 00:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
        ==================== Files in the root of some directories =======
        2017-09-17 12:04 - 2017-09-17 12:04 - 000423080 _____ () C:\ProgramData\WinSxA.exe
        Files to move or delete:
        ====================
        C:\ProgramData\WinSxA.exe

        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\SysWOW64\explorer.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\SysWOW64\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\SysWOW64\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\SysWOW64\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-09-04 18:29
        ==================== End of FRST.txt ============================
        Addition.txt
        Panda_report.txt
      • от pesho66
        Привет Имам проблем с дяловете на хард дисковете , вероятно става въпрос за някои вирус .Темата е пренасочена от Инфо за проблема
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
        Ran by BigUser (administrator) on BIGUSER-PC (03-09-2017 11:52:48)
        Running from C:\Users\BigUser\Downloads
        Loaded Profiles: BigUser (Available Profiles: BigUser)
        Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
        Internet Explorer Version 8 (Default browser: FF)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (AMD) C:\Windows\System32\atiesrxx.exe
        (AMD) C:\Windows\System32\atieclxx.exe
        (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
        (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
        (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
        (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
        (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
        (Transaction Software, D 81737 Munich) C:\BMWgroup\ETKLokal\transbase\tbmux32.exe
        (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
        (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
        (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
        HKU\S-1-5-21-2627889718-3068437435-1976458178-1000\...\Run: [Viber] => C:\Users\BigUser\AppData\Local\Viber\Viber.exe [30896208 2017-08-22] (Viber Media S.à r.l.)
        HKU\S-1-5-21-2627889718-3068437435-1976458178-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17420464 2012-07-13] (Skype Technologies S.A.)
        HKU\S-1-5-21-2627889718-3068437435-1976458178-1000\...\MountPoints2: G - G:\setup.exe
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
        Tcpip\..\Interfaces\{0C599813-3678-49A7-B4FE-517D8BC490A4}: [DhcpNameServer] 192.168.0.1
        Internet Explorer:
        ==================
        HKU\S-1-5-21-2627889718-3068437435-1976458178-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yandex.ru/?win=260&clid=2255931
        SearchScopes: HKU\S-1-5-21-2627889718-3068437435-1976458178-1000 -> DefaultScope d2356acc-c842-11e6-bdf2-00262d527177 URL = hxxps://yandex.ru/search/?win=260&clid=2255932&text={searchTerms}
        SearchScopes: HKU\S-1-5-21-2627889718-3068437435-1976458178-1000 -> d2356acc-c842-11e6-bdf2-00262d527177 URL = hxxps://yandex.ru/search/?win=260&clid=2255932&text={searchTerms}
        BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
        BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
        BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
        BHO-x32: Instair -> {0D778FDC-FAD7-4B1D-AB88-7A76A562D65C} -> C:\Program Files\Instair\Instair.dll [2016-12-23] ()
        BHO-x32: QuickStores-Toolbar -> {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
        BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
        BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
        Toolbar: HKLM-x32 - QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
        Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
        Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
        Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
        Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
        Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
        Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
        Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
        Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
        Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
        FireFox:
        ========
        FF ProfilePath: C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2017-09-03]
        FF NewTab: Mozilla\Firefox\Profiles\nahd6ha2.default -> chrome://fvd.speeddial/content/fvd_about_blank.html
        FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Яндекс
        FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Яндекс
        FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> chrome://fvd.speeddial/content/fvd_about_blank.html
        FF Extension: (AdBlocker Ultimate) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-12-28]
        FF Extension: (Instair) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\contact@instair.net [2016-12-23] [not signed]
        FF Extension: (Nimbus Screen Capture - editable screenshots.) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2016-12-23]
        FF Extension: (Speed Dial [FVD] - New Tab Page, Sync...) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\pavel.sherbakov@gmail.com [2017-09-02]
        FF Extension: (Save as PDF) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2016-12-23]
        FF Extension: (Google Translator for Firefox) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\translator@zoli.bod.xpi [2017-02-12]
        FF Extension: (Google  Image Search) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2016-12-23]
        FF Extension: (DownThemAll!) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-12-23]
        FF SearchPlugin: C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-143319.xml [2016-12-22]
        FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
        FF Plugin: @videolan.org/vlc,version=3.0.0-git -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-06-17] (VideoLAN)
        FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-27] (Google, Inc.)
        FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
        FF Plugin-x32: @mobilityflow.com/tvp,version=1.0.1 -> C:\Program Files (x86)\Mobilityflow\Torrent Video Player\npvlc.dll [2012-11-19] (VideoLAN)
        FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-07-24] (Nitro PDF)
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-01] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-01] (Google Inc.)
        FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2007-05-10] (Adobe Systems Inc.)
        FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
        Chrome:
        =======
        CHR DefaultProfile: Default
        CHR HomePage: Default -> yandex.ru/?__PARAM__from=chromehp
        CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT2481034&SearchSource=48","hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={6189A548-5277-11E2-A19C-005056C00008}","hxxp://www.delta-search.com/?affID=119292&babsrc=HP_ss&mntrId=6ada26500000000000002eeee680fd43","hxxp://www.yandex.ru/?win=125&clid=2041421","hxxp://isearch.omiga-plus.com/?type=hp&ts=1405529599&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ATNSAF254578V","hxxp://isearch.omiga-plus.com/?type=hp&ts=1405530061&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ATNSAF254578V","hxxp://www.mystartsearch.com/?type=hp&ts=1418069766&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ATNSAF254578V"
        CHR DefaultSearchURL: Default -> hxxps://yandex.ru/search/?__PARAM__from=chromesearch&text={searchTerms}
        CHR DefaultSearchKeyword: Default -> yandex.ru
        CHR DefaultSuggestURL: Default -> hxxps://suggest.yandex.net/suggest-ff.cgi?uil=ru&part={searchTerms}
        CHR Session Restore: Default -> is enabled.
        CHR Profile: C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default [2017-01-11]
        CHR Extension: (Google Презентации) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-22]
        CHR Extension: (Google Диск) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-22]
        CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-12-22]
        CHR Extension: (YouTube) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-22]
        CHR Extension: (Adblock Plus) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-22]
        CHR Extension: (Google Търсене) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-12-22]
        CHR Extension: (Електронни таблици от Google) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-22]
        CHR Extension: (Google Документи офлайн) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-22]
        CHR Extension: (AdBlock) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-07]
        CHR Extension: (Запазване в Google Диск) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2016-12-22]
        CHR Extension: (Numerics Calculator & Converter) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2016-12-22]
        CHR Extension: (Google Карти) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-12-22]
        CHR Extension: (Save to Pocket) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-12-22]
        CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-22]
        CHR Extension: (Gmail) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-22]
        CHR Extension: (Chrome Media Router) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-22]
        CHR HKLM-x32\...\Chrome\Extension: [geidjeefddhgefeplhdlegoldlgiodon] - hxxp://clients2.google.com/service/update2/crx
        CHR HKLM-x32\...\Chrome\Extension: [lgdnilodcpljomelbbnpgdogdbmclbni] - hxxp://clients2.google.com/service/update2/crx
        CHR HKLM-x32\...\Chrome\Extension: [pjfkgjlnocfakoheoapicnknoglipapd] - hxxp://clients2.google.com/service/update2/crx
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-24] (Nitro PDF Software)
        S2 SwOffScheduler; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2011-05-28] (Airytec) [File not signed]
        S2 SwOffWeb; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2011-05-28] (Airytec) [File not signed]
        R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
        R2 Transbase; C:\BMWgroup\ETKLokal\transbase\tbmux32.exe [385024 2004-08-05] (Transaction Software, D 81737 Munich) [File not signed]
        S2 Transbase TECDOC CD 1_2015 Service; F:\TECDOC_CD\1_2015\db\tbmux32.exe [360448 2014-05-08] (Transaction Software, D 81829 Munich) [File not signed]
        R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
        R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
        R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
        S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 esgiguard; F:\My Programs\Антиспам-програми Firewalls\SpyHunter\esgiguard.sys [15920 2016-08-25] (Enigma Software Group USA, LLC.)
        S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2011-11-07] ()
        S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2014-07-23] (Windows (R) Win 7 DDK provider)
        U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
        S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2016-04-19] (Western Digital Technologies)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-03 11:52 - 2017-09-03 11:53 - 000015913 _____ C:\Users\BigUser\Downloads\FRST.txt
        2017-09-03 11:52 - 2017-09-03 11:52 - 000000000 ____D C:\FRST
        2017-09-03 11:50 - 2017-09-03 11:50 - 002395648 _____ (Farbar) C:\Users\BigUser\Downloads\FRST64.exe
        2017-09-03 11:45 - 2017-09-03 11:46 - 000008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
        2017-09-02 21:11 - 2017-09-02 21:11 - 000002515 _____ C:\Users\Public\Desktop\Skype.lnk
        2017-09-02 21:11 - 2017-09-02 21:11 - 000000000 ___RD C:\Program Files (x86)\Skype
        2017-09-02 21:11 - 2017-09-02 21:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
        2017-09-02 21:08 - 2017-09-02 21:08 - 000000000 ____D C:\Windows\system32\appmgmt
        2017-09-02 20:54 - 2017-09-02 21:07 - 000000000 ____D C:\Users\BigUser\Desktop\b
        2017-09-02 16:04 - 2017-09-02 16:05 - 000000000 ____D C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Pro
        2017-09-02 16:04 - 2017-09-02 16:04 - 000002007 _____ C:\Users\BigUser\AppData\Roaming\Microsoft\Windows\Start Menu\ScreenHunter 5.1 Pro.lnk
        2017-09-02 16:04 - 2017-09-02 16:04 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 5 Pro
        2017-09-02 16:04 - 2017-09-02 16:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 5 Pro
        2017-09-01 13:25 - 2017-09-01 13:25 - 000000000 ____D C:\Users\BigUser\AppData\Local\Viber Media S.à r.l
        2017-09-01 13:24 - 2017-09-01 13:25 - 000000000 ____D C:\Users\BigUser\AppData\Local\Viber
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-03 11:52 - 2009-07-14 07:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
        2017-09-03 11:52 - 2009-07-14 07:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
        2017-09-03 11:48 - 2009-07-14 08:13 - 000781782 _____ C:\Windows\system32\PerfStringBackup.INI
        2017-09-03 11:48 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
        2017-09-03 11:45 - 2016-12-22 15:11 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\ViberPC
        2017-09-03 11:44 - 2016-12-22 15:11 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\Skype
        2017-09-03 11:44 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
        2017-09-03 10:59 - 2016-12-22 14:56 - 000000000 ____D C:\Program Files (x86)\Steam
        2017-09-03 10:24 - 2016-12-23 21:46 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\Nitro PDF
        2017-09-03 10:06 - 2017-03-05 01:31 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\vlc
        2017-09-02 21:20 - 2016-12-22 14:40 - 000000000 ____D C:\Users\BigUser\Documents\ViberDownloads
        2017-09-02 21:11 - 2016-12-22 15:11 - 000000000 ____D C:\ProgramData\Skype
        2017-09-02 20:54 - 2016-12-22 14:25 - 000000000 ____D C:\Users\BigUser
        2017-09-02 11:19 - 2016-12-26 23:20 - 000000000 ____D C:\BMWScan140
        2017-09-01 17:37 - 2017-02-26 23:56 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\uTorrent
        2017-09-01 17:37 - 2017-02-26 23:56 - 000000000 ____D C:\Users\BigUser\AppData\LocalLow\uTorrent
        2017-09-01 13:20 - 2016-12-22 14:50 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
        2017-09-01 13:20 - 2016-12-22 14:50 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
        2017-09-01 13:13 - 2016-12-22 14:50 - 000003430 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
        2017-09-01 13:13 - 2016-12-22 14:50 - 000003302 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
        ==================== Files in the root of some directories =======
        2016-12-22 15:25 - 2014-04-29 18:36 - 000000036 _____ () C:\Users\BigUser\AppData\Local\installLang.ini
        2016-12-25 21:14 - 2016-12-26 20:40 - 012390794 _____ () C:\ProgramData\OfflineCatalogue_1_2015_TECDOC_CD.log
        Some files in TEMP:
        ====================
        2010-11-18 23:27 - 2010-11-18 23:27 - 000587776 _____ (Igor Pavlov) C:\Users\BigUser\AppData\Local\Temp\7za.exe
        2016-12-26 18:35 - 2013-09-04 16:01 - 023454528 ____N (                                   ) C:\Users\BigUser\AppData\Local\Temp\AdbeRdr_en_US.exe
        2016-12-22 15:29 - 2016-12-22 15:29 - 000059904 _____ () C:\Users\BigUser\AppData\Local\Temp\bitool.dll
        2013-07-29 01:22 - 2013-07-29 01:22 - 000107520 _____ () C:\Users\BigUser\AppData\Local\Temp\KEYGEN-FFF.exe
        2016-12-22 15:27 - 2013-10-16 23:55 - 000036864 _____ (noOrg) C:\Users\BigUser\AppData\Local\Temp\lanbox.exe
        2015-07-31 07:06 - 2015-07-31 07:06 - 000242864 ____R (Microsoft Corporation) C:\Users\BigUser\AppData\Local\Temp\ose00000.exe
        2014-11-08 11:33 - 2015-01-08 00:48 - 000601088 _____ () C:\Users\BigUser\AppData\Local\Temp\Quarantine.exe
        2010-03-31 22:17 - 2010-03-31 22:17 - 000435544 _____ (AB-Tools.com                                                ) C:\Users\BigUser\AppData\Local\Temp\QuickStores_Unlocker.exe
        2012-11-02 12:08 - 2012-11-02 12:08 - 000118784 _____ () C:\Users\BigUser\AppData\Local\Temp\xmlUpdater.exe
        2016-12-22 15:33 - 2016-09-08 18:01 - 000237920 _____ () C:\Users\BigUser\AppData\Local\Temp\YandexWorking.exe
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\SysWOW64\wininit.exe => File is digitally signed
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\SysWOW64\explorer.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\SysWOW64\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\SysWOW64\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\SysWOW64\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-04-04 01:52
        ==================== End of FRST.txt ============================
         
         
         
        Addition.txt
      • от Филипов
        Не е мой. Поради това мога да се забавя с реакцията. Нещо иска да поправя компютъра / упдейтва драйвери.
        Едното го премахмах от Add/Remove Programs и се замени от друг подобен боклук.
        Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2017
        Ran by User 1 (administrator) on HOME-5D870EAA9B (01-09-2017 21:38:43)
        Running from C:\Documents and Settings\User 1\Desktop
        Loaded Profiles: User 1 & UpdatusUser (Available Profiles: User 1 & UpdatusUser)
        Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
        Internet Explorer Version 8 (Default browser: FF)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (VIA Technologies, Inc.) C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
        (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
        (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
        () C:\Documents and Settings\User 1\Application Data\System Monitor\sm.exe
        (Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
        (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
        (Jawego) C:\Program Files\PC Protector Plus\PCProtectorPlus.exe
        (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
        (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
        (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
        (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [AudioDeck] => C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe [528384 2007-08-09] (VIA Technologies, Inc.)
        HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
        HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
        HKLM\...\Run: [PC Protector Plus_startup] => C:\Program Files\PC Protector Plus\PCProtectorPlus.exe [6239680 2016-09-26] (Jawego)
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [25479680 2017-03-20] (Skype Technologies S.A.)
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\Run: [SMReminder] => C:\Documents and Settings\User 1\Application Data\System Monitor\sm.exe [2959312 2017-08-30] ()
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\Run: [securedriverupdaterDUReminder] => C:\Program Files\Secure Driver Updater\SDU.exe -rem
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\MountPoints2: {350a9c3e-b665-11e6-a11e-0008c7399231} - D:\LGAutoRun.exe
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\MountPoints2: {c9e26fc6-0281-11e3-9c1b-000b6a1cfcf7} - CMD /C START SysConfig.{645FF040-5081-101B-9F08-00AA002F954E}\sysconfig-x932851.dat
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
        Tcpip\..\Interfaces\{ED529269-1461-4DBF-ADAD-F0E66CE70B2A}: [DhcpNameServer] 192.168.1.1
        Internet Explorer:
        ==================
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://gbg.bg/
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
        URLSearchHook: [S-1-5-21-1757981266-1275210071-1644491937-1004] ATTENTION => Default URLSearchHook is missing
        BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
        DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
        Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
        Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
        FireFox:
        ========
        FF ProfilePath: C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750 [2017-09-01]
        FF Session Restore: C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750 -> is enabled.
        FF Extension: (Enhancer for YouTube™) - C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2017-06-19]
        FF Extension: (YouTube Video and Audio Downloader) - C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2017-06-20]
        FF Extension: (Low Quality Flash) - C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750\Extensions\low_quality_flash@pie2k.com [2017-06-19]
        FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
        FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-18] [not signed]
        FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-09-01] ()
        FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
        FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
        FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
        FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
        FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
        Chrome:
        =======
        CHR DefaultProfile: Default
        CHR HKLM\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
        CHR HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-09-01] (Adobe Systems Incorporated) [File not signed]
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
        S3 DrvAgent32; C:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2013-08-17] (Phoenix Technologies) [File not signed]
        S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
        R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
        R3 N100; C:\WINDOWS\System32\DRIVERS\n100325.sys [128000 2001-08-17] (Compaq Computer Corporation)
        S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
        S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [33512 2013-02-14] (AnchorFree Inc)
        R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [26880 2002-12-27] (VIA Technologies, Inc.)
        R3 VIAudio; C:\WINDOWS\System32\drivers\vinyl97.sys [207488 2007-06-27] (VIA Technologies, Inc.)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-01 21:38 - 2017-09-01 21:39 - 000008769 _____ C:\Documents and Settings\User 1\Desktop\FRST.txt
        2017-09-01 21:38 - 2017-09-01 21:38 - 000000000 ____D C:\FRST
        2017-09-01 21:32 - 2017-09-01 21:32 - 001792512 _____ (Farbar) C:\Documents and Settings\User 1\Desktop\FRST.exe
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000780 _____ C:\Documents and Settings\All Users\Desktop\PC Protector Plus.lnk
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000326 _____ C:\WINDOWS\Tasks\PC Protector Plus_runnag.job
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Program Files\PC Protector Plus
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\User 1\Local Settings\Application Data\Jawego
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\User 1\Application Data\PCPRJ
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\User 1\Application Data\Jawego
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PC Protector Plus
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Jawego
        2017-09-01 20:57 - 2016-09-26 17:26 - 000022464 _____ C:\WINDOWS\system32\pcplusnative32.exe
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-01 21:39 - 2013-08-11 14:47 - 000000000 ____D C:\Documents and Settings\User 1\Local Settings\Temp
        2017-09-01 21:37 - 2013-08-11 16:29 - 000000000 ____D C:\Documents and Settings\User 1\Application Data\Skype
        2017-09-01 21:23 - 2013-08-11 15:11 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
        2017-09-01 21:15 - 2015-01-05 17:01 - 000000986 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
        2017-09-01 20:57 - 2017-06-20 16:22 - 000000000 ____D C:\Documents and Settings\User 1\Application Data\System Monitor
        2017-09-01 20:53 - 2014-02-16 19:52 - 000003564 _____ C:\WINDOWS\wincmd.ini
        2017-09-01 20:52 - 2016-12-17 02:04 - 000000982 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d257f0bb9fdf30.job
        2017-09-01 20:52 - 2015-01-05 17:01 - 000000982 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
        2017-09-01 20:52 - 2014-06-19 14:26 - 000000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
        2017-09-01 20:52 - 2013-08-11 14:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
        2017-09-01 20:52 - 2008-04-14 12:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
        2017-09-01 20:51 - 2013-08-11 14:47 - 000000178 ___SH C:\Documents and Settings\User 1\ntuser.ini
        2017-09-01 20:51 - 2013-08-11 14:43 - 000032540 _____ C:\WINDOWS\SchedLgU.Txt
        2017-09-01 16:23 - 2017-08-01 10:23 - 005763072 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
        2017-09-01 16:23 - 2013-08-11 15:11 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
        2017-09-01 16:23 - 2013-08-11 15:11 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
        2017-09-01 16:23 - 2013-08-11 14:34 - 000000000 ____D C:\WINDOWS\system32\Macromed
        2017-08-08 15:00 - 2014-06-19 14:26 - 000000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
        ==================== Files in the root of some directories =======
        2014-12-11 13:44 - 2014-12-11 13:44 - 000031611 ____C () C:\Program Files\third-party_attributions.txt
        2015-09-20 04:55 - 2017-05-03 22:21 - 000009728 _____ () C:\Documents and Settings\User 1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\WINDOWS\explorer.exe => File is digitally signed
        C:\WINDOWS\system32\winlogon.exe => File is digitally signed
        C:\WINDOWS\system32\svchost.exe => File is digitally signed
        C:\WINDOWS\system32\services.exe => File is digitally signed
        C:\WINDOWS\system32\User32.dll => File is digitally signed
        C:\WINDOWS\system32\userinit.exe => File is digitally signed
        C:\WINDOWS\system32\rpcss.dll => File is digitally signed
        C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
        C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
        ==================== End of FRST.txt ============================
        Addition.txt
      • от мирослав24
        Здравейте,
        имам проблеми с компютъра-много трудно използвам клавиатурата,особено ако пиша директно в браузъра,за да се напише буква трябва да натискам няколко пъти съответния бутон и често не се изписва съответната буква а се изпълнява друга функция-или се отваря някоя икона от десктопа или се затваря браузъра.Така е с виртуалната и с наличната и с външна.Много трудно се отварят програмите по причина че се отварят за части от секундата и се затварят сами.Успях частично да сканирам с ЕСЕТ онлайн скенер,като заби почти на привършване,ето и лога :
        C:\ProgramData\Panda Security\Panda Cloud Antivirus\Download\0x04011000\CloudAntivirus.exe    a variant of Win32/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.B potentially unwanted application,a variant of Win64/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.C potentially unwanted application,a variant of Win32/Toolbar.Visicom.E potentially unwanted application,a variant of Win64/NetFilter.A potentially unsafe application,a variant of Win32/NetFilter.A potentially unsafe application    
        C:\Users\All Users\Panda Security\Panda Cloud Antivirus\Download\0x04011000\CloudAntivirus.exe    a variant of Win32/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.B potentially unwanted application,a variant of Win64/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.C potentially unwanted application,a variant of Win32/Toolbar.Visicom.E potentially unwanted application,a variant of Win64/NetFilter.A potentially unsafe application,a variant of Win32/NetFilter.A potentially unsafe application    
        C:\Users\GERGANA\AppData\Roaming\uTorrent\uTorrent.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    
        C:\Users\GERGANA\Desktop\avc-free.exe    a variant of Win32/FusionCore.L potentially unwanted application    
        Успях да подкарам и FRST
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2017
        Ran by GERGANA (administrator) on GERGANA-PC (13-08-2017 17:35:14)
        Running from C:\Users\GERGANA\Desktop
        Loaded Profiles: GERGANA (Available Profiles: GERGANA)
        Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
        Internet Explorer Version 11 (Default browser: Chrome)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
        (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
        (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
        (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
        (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
        (BitTorrent Inc.) C:\Users\GERGANA\AppData\Roaming\uTorrent\uTorrent.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [SBRegRebootCleaner] => C:\VIPRERESCUE\SBRC.exe [202128 2013-09-30] (ThreatTrack Security, Inc.)
        HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [2154592 2017-07-31] (QIHU 360 SOFTWARE CO. LIMITED)
        Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
        Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2015-01-08]
        ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
        BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 84.54.128.100 84.54.128.9
        Tcpip\..\Interfaces\{050FEA5C-3630-4D0F-A8E4-8EC183BF8AE8}: [DhcpNameServer] 84.54.128.100 84.54.128.9
        Tcpip\..\Interfaces\{94C064C5-8139-44AB-810C-1E9D0A2F024F}: [DhcpNameServer] 84.54.128.100 84.54.128.9
        Tcpip\..\Interfaces\{C9DE01DF-38AF-422C-8292-00BF45A44DE5}: [DhcpNameServer] 217.18.252.131 87.246.20.11
        Internet Explorer:
        ==================
        BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2017-07-26] (Qihu 360 Software Co., Ltd.)
        BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation)
        BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
        FireFox:
        ========
        FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
        FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
        FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
        FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
        FF Plugin-x32: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)
        FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
        FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
        Chrome: 
        =======
        CHR DefaultProfile: Default
        CHR Profile: C:\Users\GERGANA\AppData\Local\Google\Chrome\User Data\Default [2017-08-13]
        CHR Extension: (Adblock Plus) - C:\Users\GERGANA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
        CHR Extension: (AdBlocker Ultimate) - C:\Users\GERGANA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2017-01-22]
        CHR Extension: (Chrome Media Router) - C:\Users\GERGANA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-04]
        CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
        Opera: 
        =======
        OPR StartupUrls: "hxxp://google.bg/"
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
        S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
        R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
        R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [929888 2017-07-26] (QIHU 360 SOFTWARE CO. LIMITED)
        S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed]
        R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [175040 2017-06-09] (360.cn)
        R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [86248 2017-07-26] (360.cn)
        R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2017-07-26] (360.cn)
        R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2017-07-26] (360.cn)
        R3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [49088 2017-06-09] (360.cn)
        R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [423360 2017-06-09] (360.cn)
        R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [190400 2017-06-09] (360.cn)
        R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
        S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
        S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
        R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-11] (Intel Corporation)
        S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [119680 2009-11-17] (TCT International Mobile Ltd)
        R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-19] (Qualcomm Atheros Co., Ltd.)
        S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-08-13 17:35 - 2017-08-13 17:35 - 000008280 _____ C:\Users\GERGANA\Desktop\FRST.txt
        2017-08-13 17:34 - 2017-08-13 17:35 - 000000000 ____D C:\FRST
        2017-08-13 17:32 - 2017-08-13 17:32 - 002395648 _____ (Farbar) C:\Users\GERGANA\Desktop\FRST64.exe
        2017-08-13 17:20 - 2017-08-13 17:20 - 000002738 _____ C:\Users\GERGANA\Desktop\есет сканиране.txt
        2017-08-13 16:54 - 2017-08-13 16:54 - 006754944 _____ (ESET spol. s r.o.) C:\Users\GERGANA\Desktop\esetonlinescanner_enu.exe
        2017-08-13 16:54 - 2017-08-13 16:54 - 000000000 ____D C:\Users\GERGANA\AppData\Local\ESET
        2017-08-09 18:00 - 2017-08-09 18:00 - 391386202 _____ C:\Windows\MEMORY.DMP
        2017-08-09 18:00 - 2017-08-09 18:00 - 000281272 _____ C:\Windows\Minidump\080917-15880-01.dmp
        2017-08-06 22:30 - 2017-08-06 22:30 - 000109864 _____ C:\Users\GERGANA\AppData\Local\GDIPFONTCACHEV1.DAT
        2017-08-06 20:52 - 2017-08-06 20:52 - 000409576 _____ C:\Windows\system32\FNTCACHE.DAT
        2017-08-04 22:57 - 2017-08-04 22:57 - 000002071 _____ C:\Users\GERGANA\Desktop\Cleanup.lnk
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-08-13 17:35 - 2013-12-11 15:23 - 000000000 ____D C:\Users\GERGANA\AppData\Roaming\uTorrent
        2017-08-13 17:34 - 2016-05-09 19:36 - 000000000 __SHD C:\$360Section
        2017-08-13 17:34 - 2016-05-09 19:32 - 000000000 ____D C:\ProgramData\360Quarant
        2017-08-13 12:59 - 2016-05-09 19:30 - 000000000 ____D C:\Users\GERGANA\AppData\LocalLow\360WD
        2017-08-13 12:54 - 2009-07-14 07:45 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
        2017-08-13 12:54 - 2009-07-14 07:45 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
        2017-08-13 12:48 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
        2017-08-09 18:00 - 2014-10-14 19:33 - 000000000 ____D C:\Windows\Minidump
        2017-08-09 17:56 - 2016-05-27 01:36 - 000000000 ____D C:\Users\GERGANA\AppData\Roaming\Skype
        2017-08-09 17:41 - 2016-05-08 15:52 - 000594316 _____ C:\Windows\system32\perfh002.dat
        2017-08-09 17:41 - 2016-05-08 15:52 - 000096648 _____ C:\Windows\system32\perfc002.dat
        2017-08-09 17:41 - 2009-07-14 08:13 - 001365408 _____ C:\Windows\system32\PerfStringBackup.INI
        2017-08-09 17:41 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
        2017-08-08 09:50 - 2016-06-30 21:37 - 000001149 _____ C:\Users\Public\Desktop\360 Total Security.lnk
        2017-08-08 09:50 - 2016-05-09 19:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
        2017-08-06 19:41 - 2014-05-30 07:32 - 000003718 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
        2017-08-06 19:41 - 2014-05-30 07:32 - 000003476 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
        2017-08-06 19:41 - 2013-12-11 16:41 - 000003430 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
        2017-08-06 19:41 - 2013-12-11 16:41 - 000003302 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
        2017-08-03 22:08 - 2013-12-11 16:42 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
        2017-07-27 09:04 - 2009-07-14 08:08 - 000032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
        2017-07-26 13:36 - 2016-05-09 19:30 - 000086248 _____ (360.cn) C:\Windows\SysWOW64\Drivers\360AvFlt.sys
        2017-07-26 13:36 - 2016-05-09 19:29 - 000330472 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys
        2017-07-26 13:36 - 2016-05-09 19:29 - 000086248 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys
        ==================== Files in the root of some directories =======
        2014-03-20 23:13 - 2017-05-28 13:47 - 000011776 _____ () C:\Users\GERGANA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
        2016-06-16 17:44 - 2016-06-16 17:44 - 000000036 _____ () C:\Users\GERGANA\AppData\Local\housecall.guid.cache
        2013-12-17 20:46 - 2014-09-03 23:44 - 000007668 _____ () C:\Users\GERGANA\AppData\Local\resmon.resmoncfg
        2014-02-02 00:20 - 2014-02-02 00:20 - 000000000 _____ () C:\ProgramData\0x0304A000.sfl
        Some files in TEMP:
        ====================
        2017-08-06 21:00 - 2017-08-07 18:05 - 058782680 _____ (Skype Technologies S.A.) C:\Users\GERGANA\AppData\Local\Temp\SkypeSetup.exe
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\SysWOW64\wininit.exe => File is digitally signed
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\SysWOW64\explorer.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\SysWOW64\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\SysWOW64\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\SysWOW64\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-08-13 16:40
        ==================== End of FRST.txt ============================
        Addition.txt
      • от alexalm
        Здравейте,
        имам лаптоп Lenovo IdeaPad Y700-15ISK
        вчера вечерта забелязах, че докато съм в интерент системата зпочна да се забавя, да мисли много докато отврая нещо... Пуснах windows defender  да сканира и намери 4 вируса - изтрих ги, като цяло всичко изглежда добре но днес пак ми намери един троянски кон + мисля че може да вижда като вируси кейгени, които съм използвала за инсталиране на Photoshop и Illustartor - HackTool:Win32/Keygen.
        Нямам диск за операционната система.
        Моля да проверим дали системата ми е чиста.
         
        Благодаря предварително!
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
        Ran by Vesi (administrator) on DESKTOP-KT0311H (26-08-2017 11:22:49)
        Running from C:\Users\Vesi\Desktop
        Loaded Profiles: Vesi (Available Profiles: Vesi)
        Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
        Internet Explorer Version 11 (Default browser: FF)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
        (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
        () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
        (Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
        (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
        (@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
        (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
        (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
        (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
        (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
        (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
        (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
        (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
        (Intel Corporation) C:\Windows\System32\igfxEM.exe
        (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
        (Intel Corporation) C:\Windows\System32\igfxHK.exe
        () C:\Windows\System32\igfxTray.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
        (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
        (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
        (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
        (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
        (Viber Media S.à r.l.) C:\Users\Vesi\AppData\Local\Viber\Viber.exe
        (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
        (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
        (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
        (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
        (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
        () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
        (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
        (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
        (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
        () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
        (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
        () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
        () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\Video.UI.exe
        (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8400.41055.0_x64__8wekyb3d8bbwe\HxOutlook.exe
        (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8400.41055.0_x64__8wekyb3d8bbwe\HxTsr.exe
        () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1862.0_x64__8wekyb3d8bbwe\Calculator.exe
        (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
        (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
        (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
        (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
        (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
        (Microsoft Corporation) C:\Windows\System32\dllhost.exe
        (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
        (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
        (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
        (Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
        (Microsoft Corporation) C:\Windows\System32\dllhost.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
        HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-01-22] (Realtek Semiconductor)
        HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-01-22] (Realtek Semiconductor)
        HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-01-22] (Realtek Semiconductor)
        HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-01-22] (Realtek Semiconductor)
        HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
        HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
        HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
        HKU\S-1-5-21-3436498861-2500663078-494777252-1001\...\Run: [uTorrent] => C:\Users\Vesi\AppData\Roaming\uTorrent\uTorrent.exe [2146496 2017-07-03] (BitTorrent Inc.)
        HKU\S-1-5-21-3436498861-2500663078-494777252-1001\...\Run: [Viber] => C:\Users\Vesi\AppData\Local\Viber\Viber.exe [30867536 2017-08-03] (Viber Media S.à r.l.)
        HKU\S-1-5-21-3436498861-2500663078-494777252-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27815896 2017-07-28] (Skype Technologies S.A.)
        HKU\S-1-5-21-3436498861-2500663078-494777252-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-07-03] (Disc Soft Ltd)
        HKU\S-1-5-21-3436498861-2500663078-494777252-1001\...\MountPoints2: {5543fe8a-5cfb-11e7-82e3-ccb0daa79f6a} - "E:\Autoplay.exe" -auto
        IFEO\OSppSvc.exe: [Debugger] KMS-R@1nHook.exe
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
        Tcpip\Parameters: [DhcpNameServer] 172.16.1.1
        Tcpip\..\Interfaces\{69341f9f-82fc-48be-8c8d-204136e485b0}: [DhcpNameServer] 172.16.1.1
        Internet Explorer:
        ==================
        BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-15] (Microsoft Corporation)
        Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
        Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
        Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
        Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
        FireFox:
        ========
        FF DefaultProfile: gpgj94ro.default
        FF ProfilePath: C:\Users\Vesi\AppData\Roaming\Mozilla\Firefox\Profiles\gpgj94ro.default [2017-08-26]
        FF Homepage: Mozilla\Firefox\Profiles\gpgj94ro.default -> hxxps://www.google.bg
        FF Extension: (Adblock Plus) - C:\Users\Vesi\AppData\Roaming\Mozilla\Firefox\Profiles\gpgj94ro.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
        FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-26] ()
        FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
        FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
        FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-26] ()
        FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
        FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
        FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
        FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
        FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
        R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
        R2 AtherosSvc; C:\WINDOWS\system32\AdminService.exe [347064 2016-08-12] (Windows (R) Win 7 DDK provider)
        S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [623072 2016-06-01] (Intel Corporation)
        R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [176640 2015-09-22] () [File not signed]
        S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-07-03] (Disc Soft Ltd)
        R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
        R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373736 2016-06-01] (Intel Corporation)
        S2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2016-12-27] () [File not signed]
        R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
        R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
        R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
        S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
        R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
        S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
        R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI) [File not signed]
        R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [267360 2017-01-23] (Synaptics Incorporated)
        R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10884848 2017-05-23] (TeamViewer GmbH)
        R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
        R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-12-27] (Disc Soft Ltd)
        R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-12-27] (Disc Soft Ltd)
        R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] ()
        R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-08-26] (Malwarebytes)
        R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-08-26] (Malwarebytes)
        R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-08-26] (Malwarebytes)
        R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2017-08-26] (Malwarebytes)
        R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-08-26] (Malwarebytes)
        R1 MpKsl40c82695; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{461EC048-3160-430F-8E36-C01F014B6662}\MpKsl40c82695.sys [44928 2017-08-25] (Microsoft Corporation)
        R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
        S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
        R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
        R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2344448 2017-03-18] (Qualcomm Atheros, Inc.)
        R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
        R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3128600 2016-08-18] (Realtek Semiconductor Corp.)
        S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
        R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72800 2017-01-23] (Synaptics Incorporated)
        S3 TTDrv; D:\Programs\KOPLAYER\vbox\TTDrv.sys [261104 2015-12-22] (Oracle Corporation)
        S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
        R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
        R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
        U4 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2016-12-28] (Basil Projects)
        R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-08-26 11:22 - 2017-08-26 11:23 - 000015866 _____ C:\Users\Vesi\Desktop\FRST.txt
        2017-08-26 11:22 - 2017-08-26 11:22 - 002395648 _____ (Farbar) C:\Users\Vesi\Desktop\FRST64.exe
        2017-08-26 11:22 - 2017-08-26 11:22 - 000000000 ____D C:\FRST
        2017-08-26 10:33 - 2017-08-26 10:33 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
        2017-08-26 10:33 - 2017-08-26 10:33 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
        2017-08-26 10:33 - 2017-08-26 10:33 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
        2017-08-26 10:33 - 2017-08-26 10:33 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
        2017-08-26 10:32 - 2017-08-26 10:32 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
        2017-08-26 10:32 - 2017-08-26 10:32 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
        2017-08-26 10:32 - 2017-08-26 10:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
        2017-08-26 10:32 - 2017-08-26 10:32 - 000000000 ____D C:\ProgramData\Malwarebytes
        2017-08-26 10:32 - 2017-08-26 10:32 - 000000000 ____D C:\Program Files\Malwarebytes
        2017-08-26 10:32 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
        2017-08-26 10:30 - 2017-08-26 10:31 - 066347240 _____ (Malwarebytes ) C:\Users\Vesi\Downloads\mb3-setup-consumer-3.2.2.2018.exe
        2017-08-26 10:21 - 2017-08-26 10:21 - 000000000 ____D C:\ProgramData\McAfee
        2017-08-20 15:21 - 2017-08-20 15:22 - 000000000 ____D C:\Users\Vesi\Documents\rexultati izsledvaniq
        2017-08-20 15:20 - 2017-08-20 15:20 - 000000696 _____ C:\Users\Vesi\Desktop\vayana - Shortcut.lnk
        2017-08-20 15:15 - 2017-08-20 15:17 - 000000000 ____D C:\Users\Vesi\Desktop\sait pictures
        2017-08-19 20:07 - 2017-08-19 20:07 - 005833448 _____ C:\Users\Vesi\Desktop\cover.pdf
        2017-08-13 22:05 - 2017-08-01 05:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
        2017-08-13 22:05 - 2017-08-01 05:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
        2017-08-13 22:05 - 2017-08-01 05:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
        2017-08-13 22:05 - 2017-08-01 05:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
        2017-08-13 22:05 - 2017-08-01 05:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
        2017-08-13 22:05 - 2017-08-01 05:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
        2017-08-13 22:05 - 2017-08-01 05:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
        2017-08-13 22:05 - 2017-08-01 05:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
        2017-08-13 22:05 - 2017-08-01 05:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
        2017-08-13 22:05 - 2017-08-01 05:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
        2017-08-13 22:05 - 2017-08-01 05:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
        2017-08-13 22:05 - 2017-08-01 05:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
        2017-08-13 22:05 - 2017-08-01 05:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
        2017-08-13 22:05 - 2017-08-01 05:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
        2017-08-13 22:05 - 2017-08-01 05:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
        2017-08-13 22:05 - 2017-08-01 05:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
        2017-08-13 22:05 - 2017-08-01 05:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
        2017-08-13 22:05 - 2017-08-01 05:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
        2017-08-13 22:05 - 2017-08-01 05:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
        2017-08-13 22:05 - 2017-08-01 05:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
        2017-08-13 22:05 - 2017-08-01 05:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
        2017-08-13 22:05 - 2017-08-01 05:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
        2017-08-13 22:05 - 2017-08-01 05:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
        2017-08-13 22:05 - 2017-08-01 05:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
        2017-08-13 22:05 - 2017-08-01 05:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
        2017-08-13 22:05 - 2017-08-01 05:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
        2017-08-13 22:05 - 2017-08-01 05:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
        2017-08-13 22:05 - 2017-08-01 05:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
        2017-08-13 22:05 - 2017-08-01 05:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
        2017-08-13 22:05 - 2017-08-01 05:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
        2017-08-13 22:05 - 2017-08-01 05:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
        2017-08-13 22:05 - 2017-08-01 05:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
        2017-08-13 22:05 - 2017-08-01 05:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
        2017-08-13 22:05 - 2017-08-01 05:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
        2017-08-13 22:05 - 2017-08-01 05:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
        2017-08-13 22:05 - 2017-08-01 05:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
        2017-08-13 22:05 - 2017-08-01 05:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
        2017-08-13 22:05 - 2017-08-01 04:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
        2017-08-13 22:05 - 2017-08-01 04:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
        2017-08-13 22:05 - 2017-08-01 04:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
        2017-08-13 22:05 - 2017-08-01 04:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
        2017-08-13 22:05 - 2017-08-01 04:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
        2017-08-13 22:05 - 2017-08-01 04:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
        2017-08-13 22:05 - 2017-08-01 04:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
        2017-08-13 22:05 - 2017-08-01 04:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
        2017-08-13 22:05 - 2017-08-01 04:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
        2017-08-13 22:05 - 2017-08-01 04:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
        2017-08-13 22:05 - 2017-07-28 08:25 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
        2017-08-13 22:05 - 2017-07-28 08:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
        2017-08-13 22:05 - 2017-07-28 08:23 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
        2017-08-13 22:05 - 2017-07-28 08:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
        2017-08-13 22:05 - 2017-07-28 08:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
        2017-08-13 22:05 - 2017-07-28 08:16 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
        2017-08-13 22:05 - 2017-07-28 08:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
        2017-08-13 22:05 - 2017-07-28 08:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
        2017-08-13 22:05 - 2017-07-28 08:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
        2017-08-13 22:05 - 2017-07-28 08:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
        2017-08-13 22:05 - 2017-07-28 08:10 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
        2017-08-13 22:05 - 2017-07-28 08:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
        2017-08-13 22:05 - 2017-07-28 08:09 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
        2017-08-13 22:05 - 2017-07-28 08:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
        2017-08-13 22:05 - 2017-07-28 07:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
        2017-08-13 22:05 - 2017-07-28 07:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
        2017-08-13 22:05 - 2017-07-28 07:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
        2017-08-13 22:05 - 2017-07-28 07:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
        2017-08-13 22:05 - 2017-07-28 07:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
        2017-08-13 22:05 - 2017-07-28 07:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
        2017-08-13 22:05 - 2017-07-28 07:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
        2017-08-13 22:05 - 2017-07-28 07:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
        2017-08-13 22:05 - 2017-07-28 07:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
        2017-08-13 22:05 - 2017-07-28 07:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
        2017-08-13 22:05 - 2017-07-28 07:33 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
        2017-08-13 22:05 - 2017-07-28 07:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
        2017-08-13 22:05 - 2017-07-28 07:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
        2017-08-13 22:05 - 2017-07-28 07:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
        2017-08-13 22:05 - 2017-07-28 07:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
        2017-08-13 22:05 - 2017-07-28 07:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
        2017-08-13 22:05 - 2017-07-28 07:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
        2017-08-13 22:05 - 2017-07-28 07:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
        2017-08-13 22:05 - 2017-07-28 07:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
        2017-08-13 22:05 - 2017-07-28 07:21 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
        2017-08-13 22:05 - 2017-07-28 07:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
        2017-08-13 22:05 - 2017-07-28 07:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
        2017-08-13 22:05 - 2017-07-28 07:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
        2017-08-13 22:05 - 2017-07-28 07:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
        2017-08-13 22:05 - 2017-07-28 07:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
        2017-08-13 22:05 - 2017-07-28 07:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
        2017-08-13 22:05 - 2017-07-28 07:19 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
        2017-08-13 22:05 - 2017-07-28 07:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
        2017-08-13 22:05 - 2017-07-28 07:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
        2017-08-13 22:05 - 2017-07-28 07:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
        2017-08-13 22:05 - 2017-07-28 07:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
        2017-08-13 22:05 - 2017-07-28 07:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
        2017-08-13 22:05 - 2017-07-28 07:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
        2017-08-13 22:05 - 2017-07-28 07:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
        2017-08-13 22:05 - 2017-07-28 07:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
        2017-08-13 22:05 - 2017-07-28 07:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
        2017-08-13 22:05 - 2017-07-28 07:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
        2017-08-13 22:05 - 2017-07-28 07:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
        2017-08-13 22:05 - 2017-07-28 07:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
        2017-08-13 22:05 - 2017-07-28 07:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
        2017-08-13 22:05 - 2017-07-28 07:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
        2017-08-13 22:05 - 2017-07-28 07:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
        2017-08-13 22:05 - 2017-07-28 07:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
        2017-08-13 22:05 - 2017-07-28 07:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
        2017-08-13 22:05 - 2017-07-28 07:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
        2017-08-13 22:05 - 2017-07-28 07:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
        2017-08-13 22:05 - 2017-07-28 07:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
        2017-08-13 22:05 - 2017-07-28 07:12 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
        2017-08-13 22:05 - 2017-07-28 07:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
        2017-08-13 22:05 - 2017-07-28 07:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
        2017-08-13 22:05 - 2017-07-28 07:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
        2017-08-13 22:05 - 2017-07-28 07:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
        2017-08-13 22:05 - 2017-07-28 07:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
        2017-08-13 22:05 - 2017-07-28 07:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
        2017-08-13 22:05 - 2017-07-28 07:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
        2017-08-13 22:05 - 2017-07-28 07:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
        2017-08-13 22:05 - 2017-07-28 07:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
        2017-08-13 22:05 - 2017-07-28 07:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
        2017-08-13 22:05 - 2017-07-28 07:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
        2017-08-13 22:05 - 2017-07-28 07:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
        2017-08-13 22:05 - 2017-07-28 07:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
        2017-08-13 22:05 - 2017-07-28 07:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
        2017-08-13 22:05 - 2017-07-28 07:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
        2017-08-13 22:05 - 2017-07-28 07:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
        2017-08-13 22:05 - 2017-07-28 07:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
        2017-08-13 22:05 - 2017-07-28 07:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
        2017-08-13 22:05 - 2017-07-28 07:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
        2017-08-13 22:05 - 2017-07-28 07:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
        2017-08-13 22:05 - 2017-07-28 07:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
        2017-08-13 22:05 - 2017-07-28 07:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
        2017-08-13 22:05 - 2017-07-28 07:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
        2017-08-13 22:04 - 2017-08-01 05:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
        2017-08-13 22:04 - 2017-08-01 05:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
        2017-08-13 22:04 - 2017-08-01 05:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
        2017-08-13 22:04 - 2017-08-01 05:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
        2017-08-13 22:04 - 2017-08-01 05:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
        2017-08-13 22:04 - 2017-08-01 05:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
        2017-08-13 22:04 - 2017-08-01 05:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
        2017-08-13 22:04 - 2017-08-01 05:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
        2017-08-13 22:04 - 2017-08-01 05:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
        2017-08-13 22:04 - 2017-08-01 05:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
        2017-08-13 22:04 - 2017-08-01 05:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
        2017-08-13 22:04 - 2017-08-01 05:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
        2017-08-13 22:04 - 2017-08-01 05:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
        2017-08-13 22:04 - 2017-08-01 05:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
        2017-08-13 22:04 - 2017-08-01 04:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
        2017-08-13 22:04 - 2017-08-01 04:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
        2017-08-13 22:04 - 2017-08-01 04:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
        2017-08-13 22:04 - 2017-08-01 04:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
        2017-08-13 22:04 - 2017-08-01 04:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
        2017-08-13 22:04 - 2017-08-01 04:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
        2017-08-13 22:04 - 2017-08-01 04:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
        2017-08-13 22:04 - 2017-08-01 04:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
        2017-08-13 22:04 - 2017-08-01 04:41 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
        2017-08-13 22:04 - 2017-08-01 04:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
        2017-08-13 22:04 - 2017-08-01 04:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
        2017-08-13 22:04 - 2017-08-01 04:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
        2017-08-13 22:04 - 2017-08-01 04:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
        2017-08-13 22:04 - 2017-08-01 04:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
        2017-08-13 22:04 - 2017-08-01 04:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
        2017-08-13 22:04 - 2017-08-01 04:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
        2017-08-13 22:04 - 2017-08-01 04:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
        2017-08-13 22:04 - 2017-08-01 04:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
        2017-08-13 22:04 - 2017-08-01 04:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
        2017-08-13 22:04 - 2017-08-01 04:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
        2017-08-13 22:04 - 2017-08-01 04:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
        2017-08-13 22:04 - 2017-08-01 04:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
        2017-08-13 22:04 - 2017-08-01 04:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
        2017-08-13 22:04 - 2017-08-01 04:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
        2017-08-13 22:04 - 2017-08-01 04:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
        2017-08-13 22:04 - 2017-08-01 04:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
        2017-08-13 22:04 - 2017-08-01 04:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
        2017-08-13 22:04 - 2017-08-01 04:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
        2017-08-13 22:04 - 2017-08-01 04:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
        2017-08-13 22:04 - 2017-08-01 04:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
        2017-08-13 22:04 - 2017-08-01 04:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
        2017-08-13 22:04 - 2017-08-01 04:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
        2017-08-13 22:04 - 2017-08-01 04:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
        2017-08-13 22:04 - 2017-08-01 04:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
        2017-08-13 22:04 - 2017-08-01 04:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
        2017-08-13 22:04 - 2017-07-28 08:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
        2017-08-13 22:04 - 2017-07-28 08:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
        2017-08-13 22:04 - 2017-07-28 08:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
        2017-08-13 22:04 - 2017-07-28 08:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
        2017-08-13 22:04 - 2017-07-28 08:22 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
        2017-08-13 22:04 - 2017-07-28 08:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
        2017-08-13 22:04 - 2017-07-28 08:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
        2017-08-13 22:04 - 2017-07-28 08:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
        2017-08-13 22:04 - 2017-07-28 08:15 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
        2017-08-13 22:04 - 2017-07-28 08:15 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
        2017-08-13 22:04 - 2017-07-28 08:14 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
        2017-08-13 22:04 - 2017-07-28 08:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
        2017-08-13 22:04 - 2017-07-28 08:13 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
        2017-08-13 22:04 - 2017-07-28 08:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
        2017-08-13 22:04 - 2017-07-28 08:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
        2017-08-13 22:04 - 2017-07-28 08:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
        2017-08-13 22:04 - 2017-07-28 08:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
        2017-08-13 22:04 - 2017-07-28 08:12 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
        2017-08-13 22:04 - 2017-07-28 08:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
        2017-08-13 22:04 - 2017-07-28 08:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
        2017-08-13 22:04 - 2017-07-28 08:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
        2017-08-13 22:04 - 2017-07-28 08:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
        2017-08-13 22:04 - 2017-07-28 07:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
        2017-08-13 22:04 - 2017-07-28 07:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
        2017-08-13 22:04 - 2017-07-28 07:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
        2017-08-13 22:04 - 2017-07-28 07:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
        2017-08-13 22:04 - 2017-07-28 07:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
        2017-08-13 22:04 - 2017-07-28 07:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
        2017-08-13 22:04 - 2017-07-28 07:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
        2017-08-13 22:04 - 2017-07-28 07:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
        2017-08-13 22:04 - 2017-07-28 07:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
        2017-08-13 22:04 - 2017-07-28 07:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
        2017-08-13 22:04 - 2017-07-28 07:25 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
        2017-08-13 22:04 - 2017-07-28 07:25 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
        2017-08-13 22:04 - 2017-07-28 07:25 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
        2017-08-13 22:04 - 2017-07-28 07:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
        2017-08-13 22:04 - 2017-07-28 07:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
        2017-08-13 22:04 - 2017-07-28 07:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
        2017-08-13 22:04 - 2017-07-28 07:24 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
        2017-08-13 22:04 - 2017-07-28 07:23 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
        2017-08-13 22:04 - 2017-07-28 07:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
        2017-08-13 22:04 - 2017-07-28 07:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
        2017-08-13 22:04 - 2017-07-28 07:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
        2017-08-13 22:04 - 2017-07-28 07:22 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
        2017-08-13 22:04 - 2017-07-28 07:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
        2017-08-13 22:04 - 2017-07-28 07:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
        2017-08-13 22:04 - 2017-07-28 07:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
        2017-08-13 22:04 - 2017-07-28 07:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
        2017-08-13 22:04 - 2017-07-28 07:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
        2017-08-13 22:04 - 2017-07-28 07:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
        2017-08-13 22:04 - 2017-07-28 07:21 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
        2017-08-13 22:04 - 2017-07-28 07:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
        2017-08-13 22:04 - 2017-07-28 07:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
        2017-08-13 22:04 - 2017-07-28 07:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
        2017-08-13 22:04 - 2017-07-28 07:20 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
        2017-08-13 22:04 - 2017-07-28 07:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
        2017-08-13 22:04 - 2017-07-28 07:19 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
        2017-08-13 22:04 - 2017-07-28 07:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
        2017-08-13 22:04 - 2017-07-28 07:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
        2017-08-13 22:04 - 2017-07-28 07:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
        2017-08-13 22:04 - 2017-07-28 07:19 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
        2017-08-13 22:04 - 2017-07-28 07:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
        2017-08-13 22:04 - 2017-07-28 07:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
        2017-08-13 22:04 - 2017-07-28 07:18 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
        2017-08-13 22:04 - 2017-07-28 07:18 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
        2017-08-13 22:04 - 2017-07-28 07:18 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
        2017-08-13 22:04 - 2017-07-28 07:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
        2017-08-13 22:04 - 2017-07-28 07:17 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
        2017-08-13 22:04 - 2017-07-28 07:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
        2017-08-13 22:04 - 2017-07-28 07:17 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
        2017-08-13 22:04 - 2017-07-28 07:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
        2017-08-13 22:04 - 2017-07-28 07:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
        2017-08-13 22:04 - 2017-07-28 07:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
        2017-08-13 22:04 - 2017-07-28 07:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
        2017-08-13 22:04 - 2017-07-28 07:15 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
        2017-08-13 22:04 - 2017-07-28 07:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
        2017-08-13 22:04 - 2017-07-28 07:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
        2017-08-13 22:04 - 2017-07-28 07:13 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
        2017-08-13 22:04 - 2017-07-28 07:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
        2017-08-13 22:04 - 2017-07-28 07:13 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
        2017-08-13 22:04 - 2017-07-28 07:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
        2017-08-13 22:04 - 2017-07-28 07:12 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
        2017-08-13 22:04 - 2017-07-28 07:12 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
        2017-08-13 22:04 - 2017-07-28 07:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
        2017-08-13 22:04 - 2017-07-28 07:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
        2017-08-13 22:04 - 2017-07-28 07:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
        2017-08-13 22:04 - 2017-07-28 07:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
        2017-08-13 22:04 - 2017-07-28 07:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
        2017-08-13 22:04 - 2017-07-28 07:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
        2017-08-13 22:04 - 2017-07-28 07:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
        2017-08-13 22:04 - 2017-07-28 07:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
        2017-08-13 22:04 - 2017-07-28 07:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
        2017-08-13 22:04 - 2017-07-28 07:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
        2017-08-13 22:04 - 2017-07-28 07:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
        2017-08-13 22:04 - 2017-07-28 07:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
        2017-08-13 22:04 - 2017-07-28 07:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
        2017-08-13 22:04 - 2017-07-28 07:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
        2017-08-13 22:04 - 2017-07-28 07:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
        2017-08-13 22:04 - 2017-07-28 07:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
        2017-08-13 22:04 - 2017-07-28 07:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
        2017-08-13 22:04 - 2017-07-28 07:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
        2017-08-13 21:39 - 2017-08-13 21:41 - 000000000 ____D C:\Users\Vesi\AppData\Local\Viber
        2017-07-27 20:00 - 2017-07-27 20:00 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3436498861-2500663078-494777252-1001
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-08-26 11:21 - 2016-12-26 14:48 - 000000000 ____D C:\Users\Vesi\AppData\Roaming\Skype
        2017-08-26 10:00 - 2017-07-02 21:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
        2017-08-26 09:58 - 2016-12-26 18:40 - 000000000 ____D C:\Users\Vesi\AppData\Local\Adobe
        2017-08-26 09:57 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
        2017-08-26 09:57 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
        2017-08-26 09:54 - 2016-12-29 16:44 - 000000000 ____D C:\Users\Vesi\AppData\LocalLow\Mozilla
        2017-08-26 09:53 - 2017-05-31 20:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
        2017-08-26 09:36 - 2016-12-27 19:22 - 000000000 ____D C:\Users\Vesi\AppData\Local\Microsoft Windows
        2017-08-26 09:33 - 2017-02-16 19:16 - 000000000 ____D C:\Users\Vesi\AppData\Roaming\ViberPC
        2017-08-26 09:32 - 2017-05-31 20:06 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
        2017-08-26 09:32 - 2016-12-26 15:11 - 000000000 __SHD C:\Users\Vesi\IntelGraphicsProfiles
        2017-08-25 23:17 - 2016-12-26 15:00 - 000000000 ____D C:\Users\Vesi\AppData\Roaming\uTorrent
        2017-08-25 19:54 - 2017-02-16 19:16 - 000000000 ____D C:\Users\Vesi\Documents\ViberDownloads
        2017-08-25 17:51 - 2017-03-19 00:03 - 000000000 ___HD C:\Program Files\WindowsApps
        2017-08-25 17:51 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\AppReadiness
        2017-08-18 19:10 - 2016-12-26 17:05 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
        2017-08-16 22:50 - 2017-07-19 19:58 - 006963200 _____ C:\Users\Vesi\Desktop\Vayana_edited.indd
        2017-08-16 21:45 - 2017-07-22 21:01 - 001377627 _____ C:\Users\Vesi\Desktop\identichnost.pdf
        2017-08-16 19:42 - 2017-01-01 17:17 - 000017290 _____ C:\Users\Vesi\Desktop\Сметки апартамент.xlsx
        2017-08-14 18:40 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\rescache
        2017-08-14 18:30 - 2017-05-31 20:22 - 000897226 _____ C:\WINDOWS\system32\PerfStringBackup.INI
        2017-08-14 18:30 - 2017-03-19 00:01 - 000000000 ____D C:\WINDOWS\INF
        2017-08-14 18:26 - 2016-04-27 08:37 - 000000000 __RHD C:\Users\Public\AccountPictures
        2017-08-14 18:24 - 2017-05-31 20:02 - 005058928 _____ C:\WINDOWS\system32\FNTCACHE.DAT
        2017-08-14 18:22 - 2017-05-31 20:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
        2017-08-14 18:22 - 2016-12-29 12:10 - 000000000 ____D C:\ProgramData\NVIDIA
        2017-08-13 22:56 - 2017-03-18 14:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
        2017-08-13 22:55 - 2017-03-19 00:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
        2017-08-13 22:55 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
        2017-08-13 22:55 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
        2017-08-13 22:55 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
        2017-08-13 22:55 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\system32\oobe
        2017-08-13 22:55 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
        2017-08-13 22:55 - 2017-03-19 00:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
        2017-08-13 22:55 - 2017-03-19 00:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
        2017-08-13 22:12 - 2017-03-18 23:51 - 000000000 ____D C:\WINDOWS\CbsTemp
        2017-08-13 22:09 - 2016-12-27 18:48 - 000000000 ____D C:\WINDOWS\system32\MRT
        2017-08-13 22:07 - 2016-12-27 18:48 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
        2017-08-13 21:47 - 2017-05-31 20:21 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
        2017-08-13 21:46 - 2016-12-30 17:24 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
        2017-08-13 21:41 - 2016-12-26 23:18 - 000000000 ____D C:\ProgramData\Skype
        2017-08-07 19:11 - 2016-12-26 14:44 - 000000000 ____D C:\Users\Vesi\AppData\Local\Packages
        2017-07-31 18:15 - 2017-03-19 00:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
        2017-07-31 18:15 - 2017-03-19 00:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
        2017-07-27 20:00 - 2016-12-26 14:47 - 000002360 _____ C:\Users\Vesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
        2017-07-27 20:00 - 2016-12-26 14:47 - 000000000 ___RD C:\Users\Vesi\OneDrive
        ==================== Files in the root of some directories =======
        2016-12-26 19:39 - 2017-07-24 22:24 - 000000034 _____ () C:\Users\Vesi\AppData\Roaming\AdobeWLCMCache.dat
        2017-01-07 22:47 - 2017-07-23 14:23 - 000000112 _____ () C:\Users\Vesi\AppData\Roaming\JP2K CS6 Prefs
        2016-12-27 19:05 - 2017-04-12 19:49 - 000007597 _____ () C:\Users\Vesi\AppData\Local\Resmon.ResmonCfg
        2017-05-31 20:06 - 2017-05-31 20:06 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
        2017-05-31 20:07 - 2017-05-31 20:07 - 000000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
        Some files in TEMP:
        ====================
        2017-07-04 20:43 - 2017-07-04 20:43 - 000790488 _____ (Disc Soft Ltd.) C:\Users\Vesi\AppData\Local\Temp\dt_B73C.tmp.exe
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\WINDOWS\system32\winlogon.exe => File is digitally signed
        C:\WINDOWS\system32\wininit.exe => File is digitally signed
        C:\WINDOWS\explorer.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
        C:\WINDOWS\system32\svchost.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
        C:\WINDOWS\system32\services.exe => File is digitally signed
        C:\WINDOWS\system32\User32.dll => File is digitally signed
        C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
        C:\WINDOWS\system32\userinit.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
        C:\WINDOWS\system32\rpcss.dll => File is digitally signed
        C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
        C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
        C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-08-25 20:24
        ==================== End of FRST.txt ============================
        Addition.txt
    • Разглеждащи в момента   0 потребители

      Няма регистрирани потребители разглеждащи тази страница.

    • Дарение

    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.