Премини към съдържанието
Силвия Табакова

Голям проблем с intarsurf,oursurfing и съмнение за заразен компютър

Препоръчан отговор


Здравейте,

имам огромен проблем с лаптопа.Всъщност ,въобще не може да се ползва.

Нямям представа как /защото и дъщеря ми го ползва/,но са се инсталирали ред програми като:

intarsurf,oursurfing,Crossbrowse,RegClean-Pro,SpeedUp My PC  и други.Пробвах да ги деинсталирам ,но не успях,и при всяко деинсталиране се сдобивам с разни нови.

Всичко останало ми е разбутано.До сега ползвах Chrome ,но сега ми изчезнаха всички настройки.

От самото включване започват разни блокажи,скриптове,не намиране на програми и.....а екрана се пълни с разни реклами..Непрекъснато изписва:

Error

The specified module could not be found

Load Library(pythondill)failed

Error

C*Program files/Uniblue/SpeedMy PC/PYTHON27.DLL

и други...

Моля ви за помощ :help wanted3:  


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2015
Ran by Silvy (administrator) on SILVY-PC (21-08-2015 15:25:25)
Running from C:\Users\Silvy\Downloads
Loaded Profiles: Silvy (Available Profiles: Silvy)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(DTools LIMITED) C:\ProgramData\6WinManPro6\ProtectWindowsManager.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\ProgramData\ExtTag\ExtTag.exe
(XTab system) C:\Program Files\MiuiTab\ProtectService.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
() C:\Windows\System32\srvany.exe
() C:\Windows\KMService.exe
(Syntek America Inc.) C:\Windows\System32\StkCSrv.exe
() C:\Program Files\DC8122E2-1437418746-D543-6C80-001E8C61453C\hnsj9EF4.tmp
() C:\Program Files\DC8122E2-1437418746-D543-6C80-001E8C61453C\jnst84E2.tmp
() C:\ProgramData\ExtTag\mxyybgvn.exe
(OB) C:\Program Files\SavePass 1.1\e5c80545-bae7-429e-8c66-24b2aadbae3e-10.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BitTorrent Inc.) C:\Users\Silvy\AppData\Roaming\uTorrent\uTorrent.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Crossbrowse) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Dropbox, Inc.) C:\Users\Silvy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(SearchProtect) C:\Program Files\MiuiTab\CmdShell.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(XTab system) C:\Program Files\MiuiTab\HPNotify.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
() C:\Windows\System32\nethtsrv.exe
() C:\Windows\System32\netupdsrv.exe
(Pay By Ads LTD) C:\Users\Silvy\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrsetup.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Pay By Ads LTD) C:\Users\Silvy\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrsetup.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Pay By Ads LTD) C:\Users\Silvy\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrlte.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\Google\Update\Install\{BA737518-6F9B-4951-AE1B-B1DC54A33DD0}\44.0.2403.157_44.0.2403.155_chrome_updater.exe
(Google Inc.) C:\Windows\Temp\CR_4FB64.tmp\setup.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Pay By Ads LTD) C:\Users\Silvy\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrsetup.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-04-03] (CANON INC.)
HKLM\...\Run: [sSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\...\Run: [uTorrent] => C:\Users\Silvy\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-07] (BitTorrent Inc.)
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\...\Run: [speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [51712 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [53288576 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\...\Run: [EpicScale] => [X]
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\...\Run: [Dropbox Update] => C:\Users\Silvy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\...\Run: [GoogleChromeAutoLaunch_9D028DA769B8F8BA1EF2B2E5C45F19DE] => C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-05-12] (Crossbrowse)
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\...\Run: [Yahoo! Search] => C:\Users\Silvy\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrlte.exe [660736 2015-08-08] (Pay By Ads LTD)
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\...\Run: [OffersWizard update] => C:\Users\Silvy\AppData\Local\{11A54DED-6E3E-4122-BAED-0BFB8C5C73A9}\OffersWizard.exe [982016 2015-08-14] ()
AppInit_DLLs: C:\ProgramData\ExtTag\oxxgvhhm.dll => C:\ProgramData\ExtTag\oxxgvhhm.dll [120320 2015-08-12] ()
Startup: C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-07-20]
ShortcutTarget: crossbrowse.lnk -> C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse)
Startup: C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-08-02]
ShortcutTarget: Dropbox.lnk -> C:\Users\Silvy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-06-20]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2t2ZbjKcFXJ1MIte5fIRxZm7OiGFCTkSjrbfZRZpI_eD71KTg20y7jqJ4LatbsQ-BvIIuiauq1CXm8GnajegVCQjtD3o_J3BtiZp6IJXZ2Nj4aSFKJdbaGgrjTsmeBqK7o6Bb64_u4OnMVe-&q={searchTerms}
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.bg/
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437419518&z=f357ae5290211e393adf3ffgbz4c5m0z3g8t3zfb0e&from=ima&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&q={searchTerms}
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2t2ZbjKcFXJ1MIte5fIRxZm7OiGFCTkSjrbfZRZpI_eD71KTg20y7jqJ4LatbsQ-BvIIuiauq1CXm8GnajegVCQjtD3o_J3BtiZp6IJXZ2Nj4aSFKJdbaGgrjTsmeBqK7o6Bb64_u4OnMVe-&q={searchTerms}
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2t2ZbjKcFXJ1MIte5fIRxZm7OiGFCTkSjrbfZRZpI_eD71KTg20y7jqJ4LatbsQ-BvIIuiauq1CXm8GnajegVCQjtD3o_J3BtiZp6IJXZ2Nj4aSFKJdbaGgrjTsmeBqK7o6Bb64_u4OnMVe-&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&q={searchTerms}
SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2t2ZbjKcFXJ1MIte5fIRxZm7OiGFCTkSjrbfZRZpI_eD71KTg20y7jqJ4LatbsQ-BvIIuiauq1CXm8GnajegVCQjtD3o_J3BtiZp6IJXZ2Nj4aSFKJdbaGgrjTsmeBqK7o6Bb64_u4OnMVe-&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1625243576-869716123-3662650611-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1625243576-869716123-3662650611-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1625243576-869716123-3662650611-1000 -> {096B907D-AAF2-40E2-B273-0BD10CAB1969} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1625243576-869716123-3662650611-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1625243576-869716123-3662650611-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1625243576-869716123-3662650611-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1625243576-869716123-3662650611-1000 -> {7029578D-92B5-4DAA-8098-BCAA8414C1C4} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1625243576-869716123-3662650611-1000 -> {BCAA0611-F391-41C8-95A5-D6E87F4D77E5} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1625243576-869716123-3662650611-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1625243576-869716123-3662650611-1000 -> {ielnksrch} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}
BHO: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files\MiuiTab\SupTab.dll [2015-08-04] (Good Co. Limited)
BHO: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files\MiuiTab\SupTab.dll [2015-08-04] (Good Co. Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: PriceFountain -> {b608cc98-54de-4775-96c9-097de398500c} -> C:\Users\Silvy\AppData\Local\PriceFountain\PriceFountainIE.dll No File
Toolbar: HKU\S-1-5-21-1625243576-869716123-3662650611-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{1E4E8F1F-7CCA-44FE-9EBD-07493503D768}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{23DE7EFB-2F55-43BD-AEA8-1BCD1EC70945}: [NameServer] 52.17.204.69,8.8.8.8
Tcpip\..\Interfaces\{3095FECE-B308-4C35-896E-1C0CD667957A}: [NameServer] 52.17.204.69,8.8.8.8
Tcpip\..\Interfaces\{BD2F665A-784E-4B0C-B6C8-8962A37A73B0}: [NameServer] 52.17.204.69,8.8.8.8
Tcpip\..\Interfaces\{BD2F665A-784E-4B0C-B6C8-8962A37A73B0}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 52.17.204.69,8.8.8.8
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\findit.xml [2015-08-17]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mailru.xml [2014-08-26]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ozonru.xml [2014-08-26]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\priceru.xml [2014-08-26]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex-slovari.xml [2014-08-26]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex.xml [2014-08-26]
 
Chrome: 
=======
CHR Profile: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Search) - C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaadgepjkdffhjbkfjgnnffnfcffbg [2015-08-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Skype Click to Call) - C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-08-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-10]
CHR HKLM\...\Chrome\Extension: [aaaaadgepjkdffhjbkfjgnnffnfcffbg] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [125112 2015-08-04] (XTab system)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] () [File not signed]
R2 KMService; C:\Windows\system32\srvany.exe [8192 2010-06-16] () [File not signed]
R2 NetHttpService; C:\Windows\system32\nethtsrv.exe [350208 2015-07-31] () [File not signed]
R2 ServiceUpdater; C:\Windows\system32\netupdsrv.exe [191488 2015-07-31] () [File not signed]
R2 StkSSrv; C:\Windows\System32\StkCSrv.exe [24576 2007-04-19] (Syntek America Inc.)
R2 vicoqudu; C:\Program Files\DC8122E2-1437418746-D543-6C80-001E8C61453C\hnsj9EF4.tmp [165376 2015-07-20] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2014-03-12] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\6WinManPro6\ProtectWindowsManager.exe [708264 2015-08-10] (DTools LIMITED) <==== ATTENTION
R2 zejytose; C:\Program Files\DC8122E2-1437418746-D543-6C80-001E8C61453C\jnst84E2.tmp [199168 2015-07-20] () [File not signed]
R2 ExtTag; C:\ProgramData\ExtTag\ExtTag [X]
S2 qukyfeqy; C:\Program Files\DC8122E2-1437418746-D543-6C80-001E8C61453C\knsj5FC0.tmpfs [X]
S2 Util Coupon Time; "C:\Program Files\Coupon Time\bin\utilCouponTime.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R5 ACPI; C:\Windows\System32\drivers\ACPI.sys [274304 2010-11-21] (Microsoft Corporation)
R5 amdxata; C:\Windows\System32\drivers\amdxata.sys [22400 2014-03-12] (Advanced Micro Devices)
R5 atapi; C:\Windows\System32\drivers\atapi.sys [21584 2009-07-14] (Microsoft Corporation)
R5 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R5 CNG; C:\Windows\System32\Drivers\cng.sys [369848 2014-03-12] (Microsoft Corporation)
R5 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [19024 2009-07-14] (Microsoft Corporation)
S3 cpuz136; C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys [25320 2013-08-24] (CPUID)
R5 Disk; C:\Windows\System32\drivers\disk.sys [57424 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2014-05-17] (DT Soft Ltd)
R5 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58448 2009-07-14] (Microsoft Corporation)
R5 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [198208 2009-07-14] (Microsoft Corporation)
U5 Fs_Rec; C:\Windows\system32\Drivers\Fs_Rec.sys [19824 2014-03-12] (Microsoft Corporation)
R5 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [196328 2014-03-12] (Microsoft Corporation)
R5 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14208 2010-11-21] (Microsoft Corporation)
R5 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [67520 2014-03-12] (Microsoft Corporation)
R5 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [136640 2014-03-12] (Microsoft Corporation)
R5 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78208 2010-11-21] (Microsoft Corporation)
R5 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [13888 2009-07-14] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
R5 Mup; C:\Windows\System32\Drivers\mup.sys [49728 2009-07-14] (Microsoft Corporation)
R5 NDIS; C:\Windows\System32\drivers\ndis.sys [712048 2014-03-12] (Microsoft Corporation)
R1 nethfdrv; C:\Windows\system32\drivers\nethfdrv.sys [40528 2015-07-31] (nethfdrv)
R5 partmgr; C:\Windows\System32\drivers\partmgr.sys [56176 2014-03-12] (Microsoft Corporation)
R5 pci; C:\Windows\System32\drivers\pci.sys [153984 2010-11-21] (Microsoft Corporation)
R5 pciide; C:\Windows\System32\drivers\pciide.sys [12368 2009-07-14] (Microsoft Corporation)
R5 pcw; C:\Windows\System32\drivers\pcw.sys [43088 2009-07-14] (Microsoft Corporation)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1311232 2009-07-14] (NXP Semiconductors)
R5 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [173440 2010-11-21] (Microsoft Corporation)
R5 spldr; C:\Windows\system32\Drivers\spldr.sys [17472 2009-07-14] (Microsoft Corporation)
R3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1260672 2007-05-30] (Syntek)
R5 storflt; C:\Windows\System32\drivers\vmstorfl.sys [40704 2010-11-21] (Microsoft Corporation)
R5 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1294272 2014-03-12] (Microsoft Corporation)
R5 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [32832 2009-07-14] (Microsoft Corporation)
R5 volmgr; C:\Windows\System32\drivers\volmgr.sys [53120 2010-11-21] (Microsoft Corporation)
R5 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] (Microsoft Corporation)
R5 volsnap; C:\Windows\System32\drivers\volsnap.sys [245632 2010-11-21] (Microsoft Corporation)
R5 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [527064 2014-03-12] (Microsoft Corporation)
R1 {5663c04f-f294-4115-9114-b62be60538cb}Gw; C:\Windows\System32\drivers\{5663c04f-f294-4115-9114-b62be60538cb}Gw.sys [43152 2015-08-02] (StdLib)
R1 {92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw; C:\Windows\System32\drivers\{92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw.sys [43152 2015-08-04] (StdLib)
R1 {949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw; C:\Windows\System32\drivers\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw.sys [43152 2015-08-08] (StdLib)
R1 {b2b1c7de-2b5f-4688-b5b1-33172b6705e7}Gw; C:\Windows\System32\drivers\{b2b1c7de-2b5f-4688-b5b1-33172b6705e7}Gw.sys [43152 2015-07-18] (StdLib)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-21 15:23 - 2015-08-21 15:23 - 02173952 _____ (Farbar) C:\Users\Silvy\Downloads\FRST64 (4).exe
2015-08-21 15:23 - 2015-08-21 15:23 - 02173952 _____ (Farbar) C:\Users\Silvy\Downloads\FRST64 (3).exe
2015-08-21 15:22 - 2015-08-21 15:22 - 01677312 _____ (Farbar) C:\Users\Silvy\Downloads\FRST.exe
2015-08-21 15:20 - 2015-08-21 15:20 - 02173952 _____ (Farbar) C:\Users\Silvy\Downloads\FRST64 (2).exe
2015-08-21 15:17 - 2015-08-21 15:18 - 02173952 _____ (Farbar) C:\Users\Silvy\Downloads\FRST64 (1).exe
2015-08-21 15:16 - 2015-08-21 15:16 - 02173952 _____ (Farbar) C:\Users\Silvy\Downloads\FRST64.exe
2015-08-20 22:47 - 2015-08-20 22:47 - 00000687 _____ C:\awhF9CD.tmp
2015-08-16 08:53 - 2015-08-16 08:53 - 00000687 _____ C:\awh4146.tmp
2015-08-16 00:35 - 2015-08-16 00:35 - 00000687 _____ C:\awh5376.tmp
2015-08-15 00:33 - 2015-08-15 00:33 - 00000687 _____ C:\awh9CC8.tmp
2015-08-14 00:54 - 2015-08-14 00:54 - 00000000 ____D C:\Users\Silvy\AppData\Local\{11A54DED-6E3E-4122-BAED-0BFB8C5C73A9}
2015-08-12 18:05 - 2015-08-12 18:05 - 00000000 ____D C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-12 17:58 - 2015-08-12 17:58 - 00000687 _____ C:\awh3BFD.tmp
2015-08-10 22:21 - 2015-08-10 22:21 - 00000000 ____D C:\ProgramData\Systweak
2015-08-10 16:38 - 2015-08-13 16:41 - 00000364 _____ C:\Windows\Tasks\APSnotifierPP3.job
2015-08-10 16:38 - 2015-08-12 17:51 - 00000364 _____ C:\Windows\Tasks\APSnotifierPP2.job
2015-08-10 16:38 - 2015-08-10 17:01 - 00000366 _____ C:\Windows\Tasks\APSnotifierPP1.job
2015-08-10 16:36 - 2015-08-10 16:36 - 00613255 _____ (CMI Limited) C:\Users\Silvy\AppData\Local\nsc1F33.tmp
2015-08-10 16:08 - 2015-08-10 16:09 - 00000000 ____D C:\ProgramData\6WinManPro6
2015-08-10 16:08 - 2015-08-10 16:08 - 00000000 ____D C:\Program Files\FriendlyError
2015-08-10 09:52 - 2015-08-10 09:52 - 00000687 _____ C:\awh677B.tmp
2015-08-10 09:21 - 2015-08-10 09:21 - 00000687 _____ C:\awh41E2.tmp
2015-08-08 23:09 - 2015-08-08 23:09 - 00000000 ____D C:\Users\Silvy\AppData\Roaming\WinRAR
2015-08-08 22:58 - 2015-08-08 22:58 - 00000000 ____D C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-08-08 22:58 - 2015-08-08 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-08-08 22:58 - 2015-08-08 22:58 - 00000000 ____D C:\Program Files\WinRAR
2015-08-08 22:57 - 2015-08-08 22:57 - 00000000 ____D C:\Users\Silvy\AppData\Local\Pay-By-Ads
2015-08-08 22:57 - 2015-08-08 12:35 - 00043152 _____ (StdLib) C:\Windows\system32\Drivers\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw.sys
2015-08-08 22:56 - 2015-08-08 22:56 - 00000000 ____D C:\Users\Silvy\AppData\Local\{D36E4BCB-B3F0-4A5F-94C7-5B1EC70470A2}
2015-08-04 12:49 - 2015-08-04 02:30 - 00043152 _____ (StdLib) C:\Windows\system32\Drivers\{92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw.sys
2015-08-03 15:30 - 2015-08-21 00:17 - 00000089 _____ C:\Users\Silvy\AppData\Roaming\WB.CFG
2015-08-02 16:25 - 2015-08-02 16:25 - 00000000 ____D C:\Users\Silvy\AppData\Roaming\Mozilla
2015-08-02 16:22 - 2015-08-02 16:24 - 00000000 ____D C:\ProgramData\ExtTags
2015-08-02 16:22 - 2015-08-02 00:11 - 00043152 _____ (StdLib) C:\Windows\system32\Drivers\{5663c04f-f294-4115-9114-b62be60538cb}Gw.sys
2015-08-02 16:21 - 2015-08-19 14:56 - 00000000 ____D C:\ProgramData\ExtTag
2015-08-02 14:42 - 2015-08-02 14:42 - 00613255 _____ (CMI Limited) C:\Users\Silvy\AppData\Local\nsm1289.tmp
2015-08-02 14:37 - 2015-08-02 16:20 - 00000000 ____D C:\ProgramData\gWinManProg
2015-07-31 12:39 - 2015-07-31 12:39 - 00191488 _____ C:\Windows\system32\netupdsrv.exe
2015-07-31 12:39 - 2015-07-31 12:39 - 00040528 _____ (nethfdrv) C:\Windows\system32\Drivers\nethfdrv.sys
2015-07-31 12:38 - 2015-07-31 12:38 - 00437248 _____ C:\Windows\system32\hfpapi.dll
2015-07-31 12:38 - 2015-07-31 12:38 - 00350208 _____ C:\Windows\system32\nethtsrv.exe
2015-07-31 12:38 - 2015-07-31 12:38 - 00140288 _____ C:\Windows\system32\installd.exe
2015-07-31 12:38 - 2015-07-31 12:38 - 00108544 _____ C:\Windows\system32\hfnapi.dll
2015-07-29 08:33 - 2015-07-29 08:33 - 00613255 _____ (CMI Limited) C:\Users\Silvy\AppData\Local\nsxCD9D.tmp
2015-07-25 22:50 - 2015-07-25 22:51 - 00033736 _____ C:\Users\Silvy\Downloads\Addition.txt
2015-07-25 22:48 - 2015-08-21 15:25 - 00027801 _____ C:\Users\Silvy\Downloads\FRST.txt
2015-07-25 22:48 - 2015-08-21 15:25 - 00000000 ____D C:\FRST
2015-07-24 18:31 - 2015-07-24 18:31 - 00613255 _____ (CMI Limited) C:\Users\Silvy\AppData\Local\nsm6551.tmp
2015-07-22 17:22 - 2015-07-22 17:22 - 00021504 _____ C:\Users\Silvy\Downloads\Invoice (1).xls
2015-07-22 16:28 - 2015-07-22 16:28 - 00021504 _____ C:\Users\Silvy\Downloads\Invoice.xls
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-21 15:24 - 2014-05-16 23:32 - 00000000 ____D C:\Users\Silvy\AppData\Roaming\uTorrent
2015-08-21 15:14 - 2015-07-19 09:14 - 00002082 _____ C:\Windows\Tasks\e5c80545-bae7-429e-8c66-24b2aadbae3e-10_user.job
2015-08-21 15:03 - 2015-07-20 22:18 - 00000246 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2015-08-21 15:01 - 2015-07-20 22:18 - 00000266 _____ C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2015-08-21 14:59 - 2015-06-18 14:48 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1625243576-869716123-3662650611-1000UA.job
2015-08-21 14:59 - 2015-06-18 14:48 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1625243576-869716123-3662650611-1000Core.job
2015-08-21 14:58 - 2014-05-20 19:25 - 00000000 ____D C:\Users\Silvy\AppData\Roaming\Skype
2015-08-21 14:56 - 2014-05-20 22:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-21 10:11 - 2015-07-20 22:11 - 00001044 _____ C:\Windows\Tasks\Crossbrowse.job
2015-08-21 09:19 - 2014-05-20 22:27 - 00000982 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-21 09:19 - 2014-05-12 03:33 - 01969899 _____ C:\Windows\WindowsUpdate.log
2015-08-20 22:02 - 2015-07-19 09:34 - 00000364 _____ C:\Windows\Tasks\AmiUpdXp.job
2015-08-20 16:54 - 2015-06-12 07:30 - 00000000 ____D C:\Users\Silvy\Desktop\документи
2015-08-20 14:52 - 2015-07-20 22:18 - 00000254 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2015-08-17 19:10 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\NDF
2015-08-17 16:52 - 2014-11-25 18:11 - 00000000 ___RD C:\Users\Silvy\Dropbox
2015-08-17 16:51 - 2014-11-25 17:55 - 00000000 ____D C:\Users\Silvy\AppData\Roaming\Dropbox
2015-08-17 16:49 - 2015-07-20 22:18 - 00000260 _____ C:\Windows\Tasks\SpeedUpMyPC Startup.job
2015-08-17 16:49 - 2015-07-19 09:16 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-08-17 16:49 - 2009-07-14 07:34 - 00026144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-17 16:49 - 2009-07-14 07:34 - 00026144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-17 16:46 - 2014-05-16 23:15 - 00049782 _____ C:\Windows\setupact.log
2015-08-17 16:46 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-14 16:28 - 2015-02-15 22:11 - 00000000 ____D C:\Users\Silvy\Desktop\Prodavalnik
2015-08-13 14:56 - 2014-05-20 22:27 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-13 14:56 - 2014-05-20 22:27 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-12 17:50 - 2015-07-20 22:09 - 00000000 ____D C:\Users\Silvy\AppData\Roaming\mystartsearch
2015-08-12 17:50 - 2014-05-17 06:37 - 00018664 _____ C:\Windows\PFRO.log
2015-08-10 22:24 - 2015-07-19 09:14 - 00000000 ____D C:\Program Files\globalUpdate
2015-08-10 22:19 - 2015-07-20 22:17 - 00000000 ____D C:\Users\Silvy\AppData\Roaming\systweak
2015-08-10 18:24 - 2015-04-17 13:32 - 00000000 ____D C:\Users\Silvy\AppData\Roaming\Canon
2015-08-10 16:49 - 2015-07-20 21:59 - 00000000 ____D C:\Program Files\8f7c661b-cac3-4083-b69c-1847ac7e309a
2015-08-10 16:49 - 2015-07-19 09:14 - 00000000 ____D C:\Program Files\SavePass 1.1
2015-08-10 16:49 - 2014-06-18 15:42 - 00000000 ____D C:\Program Files\Apple Software Update
2015-08-10 16:45 - 2015-07-19 09:14 - 00000000 ____D C:\Program Files\DownChecker
2015-08-10 16:08 - 2015-07-20 22:10 - 00000000 ____D C:\Program Files\MiuiTab
2015-08-10 16:07 - 2014-05-11 18:39 - 00001725 _____ C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-10 15:17 - 2015-07-20 22:17 - 00000292 _____ C:\Windows\Tasks\Price Fountain.job
2015-08-10 12:02 - 2015-07-20 22:16 - 00000000 ____D C:\Program Files\OLBPre
2015-08-10 10:53 - 2015-07-20 22:16 - 00000000 ____D C:\Users\Silvy\AppData\Local\Chromium
2015-08-10 10:51 - 2015-07-20 22:00 - 00000000 ____D C:\Users\Silvy\AppData\Local\DC8122E2-1437429623-D543-6C80-001E8C61453C
2015-08-10 10:45 - 2014-05-20 22:27 - 00000000 ____D C:\Program Files\Google
2015-08-10 10:23 - 2014-05-20 22:28 - 00000000 ____D C:\ProgramData\Google
2015-08-10 10:23 - 2014-05-20 22:27 - 00000000 ____D C:\Users\Silvy\AppData\Local\Google
2015-08-10 09:25 - 2009-07-14 05:04 - 00000756 _____ C:\Windows\win.ini
2015-08-02 16:22 - 2015-07-19 09:34 - 00000000 ____D C:\Users\Silvy\AppData\Local\19462
2015-08-02 16:21 - 2014-05-11 18:39 - 00000000 ____D C:\Users\Silvy
2015-08-02 16:20 - 2015-07-20 22:18 - 00000000 ____D C:\Program Files\ASP
2015-08-02 16:20 - 2015-07-20 22:17 - 00000000 ____D C:\Program Files\RCP
2015-08-02 16:20 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\wfp
2015-08-02 16:18 - 2015-07-20 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector
2015-08-02 16:18 - 2015-07-20 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2015-08-02 16:18 - 2015-07-20 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2015-08-02 16:18 - 2015-07-20 22:12 - 00000000 ____D C:\Users\Silvy\AppData\Roaming\istartsurf
2015-08-02 16:18 - 2015-07-20 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-08-02 16:18 - 2015-07-20 22:03 - 00000000 ____D C:\Program Files\Java
2015-08-02 16:18 - 2015-07-19 09:13 - 00000000 ____D C:\Users\Silvy\AppData\Roaming\oursurfing
2015-08-02 16:18 - 2010-11-21 03:46 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-08-02 16:18 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\registration
2015-07-22 20:14 - 2015-04-17 13:31 - 00000000 ____D C:\ProgramData\CanonIJPLM
 
==================== Files in the root of some directories =======
 
2015-08-03 15:30 - 2015-08-21 00:17 - 0000089 _____ () C:\Users\Silvy\AppData\Roaming\WB.CFG
2015-08-10 16:36 - 2015-08-10 16:36 - 0613255 _____ (CMI Limited) C:\Users\Silvy\AppData\Local\nsc1F33.tmp
2015-07-20 22:48 - 2015-07-20 22:48 - 0613255 _____ (CMI Limited) C:\Users\Silvy\AppData\Local\nshC95E.tmp
2015-08-02 14:42 - 2015-08-02 14:42 - 0613255 _____ (CMI Limited) C:\Users\Silvy\AppData\Local\nsm1289.tmp
2015-07-24 18:31 - 2015-07-24 18:31 - 0613255 _____ (CMI Limited) C:\Users\Silvy\AppData\Local\nsm6551.tmp
2015-07-20 22:22 - 2015-07-20 22:22 - 0613255 _____ (CMI Limited) C:\Users\Silvy\AppData\Local\nsu81D1.tmp
2015-07-20 23:09 - 2015-07-20 23:09 - 0628688 _____ (CMI Limited) C:\Users\Silvy\AppData\Local\nsw39EF.tmp
2015-07-20 23:45 - 2015-07-20 23:45 - 0613255 _____ (CMI Limited) C:\Users\Silvy\AppData\Local\nsw9A33.tmp
2015-07-29 08:33 - 2015-07-29 08:33 - 0613255 _____ (CMI Limited) C:\Users\Silvy\AppData\Local\nsxCD9D.tmp
2015-06-12 07:38 - 2015-06-12 07:38 - 8795496 _____ (PearlMountain Technology Co., Ltd                           ) C:\ProgramData\CollageIt.exe
2014-09-26 09:11 - 2014-09-26 09:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-16 19:20 - 2015-03-16 19:21 - 2295104 _____ () C:\ProgramData\FreePDFTabletInstall.exe
 
Some files in TEMP:
====================
C:\Users\Silvy\AppData\Local\Temp\271.exe
C:\Users\Silvy\AppData\Local\Temp\3545.exe
C:\Users\Silvy\AppData\Local\Temp\9132.exe
C:\Users\Silvy\AppData\Local\Temp\amisetup1922__13312.exe
C:\Users\Silvy\AppData\Local\Temp\amisetup5383__13312.exe
C:\Users\Silvy\AppData\Local\Temp\BackupSetup.exe
C:\Users\Silvy\AppData\Local\Temp\bedhchejeb.exe
C:\Users\Silvy\AppData\Local\Temp\bedjbigfca.exe
C:\Users\Silvy\AppData\Local\Temp\bedjcaefca.exe
C:\Users\Silvy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi9klfq.dll
C:\Users\Silvy\AppData\Local\Temp\dsrsetup.exe
C:\Users\Silvy\AppData\Local\Temp\fsd3AC.exe
C:\Users\Silvy\AppData\Local\Temp\fsdC20.exe
C:\Users\Silvy\AppData\Local\Temp\mytmpinstaller.exe
C:\Users\Silvy\AppData\Local\Temp\nsh9633.exe
C:\Users\Silvy\AppData\Local\Temp\nst6E35.exe
C:\Users\Silvy\AppData\Local\Temp\nsz34CC.exe
C:\Users\Silvy\AppData\Local\Temp\of3w14478.exe
C:\Users\Silvy\AppData\Local\Temp\of3w90960.exe
C:\Users\Silvy\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\Silvy\AppData\Local\Temp\ose00000.exe
C:\Users\Silvy\AppData\Local\Temp\res.dll
C:\Users\Silvy\AppData\Local\Temp\setup.exe
C:\Users\Silvy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Silvy\AppData\Local\Temp\tmp11D6.tmp.exe
C:\Users\Silvy\AppData\Local\Temp\Trojan Killer 2.2.6.2 Full with Crack__10924_i1560732300_il1307368.exe
C:\Users\Silvy\AppData\Local\Temp\Trojan Killer 2.2.6.2 Full with Crack__10924_i1560732688_il1307368.exe
C:\Users\Silvy\AppData\Local\Temp\Uninstall.exe
C:\Users\Silvy\AppData\Local\Temp\zxupd11340.exe
C:\Users\Silvy\AppData\Local\Temp\zxupd46470.exe
C:\Users\Silvy\AppData\Local\Temp\zxupd48330.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe
[2010-11-21 00:29] - [2010-11-19 23:17] - 0285696 ____A (Microsoft Corporation) C3EB9EA34EBE459F13F3F890F56CE72A
 
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 00:29] - [2010-11-19 23:21] - 0812032 ____A (Microsoft Corporation) CF97D64D7EC169C53C93B0A192218B29
 
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION
 
 
nointegritychecks: ==> "IntegrityChecks" is disabled. <===== ATTENTION
 
 
LastRegBack: 2015-08-02 15:44
 
==================== End of log ============================

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

 

icon_zps423a0d9f.jpgМоля изтеглете ZHPcleaner и я запазете на вашия десктоп.

  • Стартирайте ZHPCleaner с десен клик върху файла и изберете от контекстното меню "Run as administrator"
  • Кликнете върху Ashampoo_Snap_20140819_13h09m50s_001__zp за да се съгласите с лицензионното споразумение.
  • Изберете бутона y3pI4LR.png.
  • Браузърите ще бъдат затворени автоматично.
  • Ще се отвори лог файл след приключването на проверката.
  • Публикувайте лог файла в следващия си коментар.
  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

post-361096-0-47223200-1440192962_thumb.

 

Здравейте,

 

icon_zps423a0d9f.jpgМоля изтеглете ZHPcleaner и я запазете на вашия десктоп.

  • Стартирайте ZHPCleaner с десен клик върху файла и изберете от контекстното меню "Run as administrator"
  • Кликнете върху Ashampoo_Snap_20140819_13h09m50s_001__zp за да се съгласите с лицензионното споразумение.
  • Изберете бутона y3pI4LR.png.
  • Браузърите ще бъдат затворени автоматично.
  • Ще се отвори лог файл след приключването на проверката.
  • Публикувайте лог файла в следващия си коментар.

 

Благодаря за бързия отговор,

след края на сканирането не се отваря нищо,никъде нямям текстови файлове.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Вижте дали ако кликнете на бутона Report ще се отвори лог файла.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Вижте дали ако кликнете на бутона Report ще се отвори лог файла.

~ ZHPCleaner v2015.8.20.329 by Nicolas Coolman (2015/08/20)
~ Run by Silvy (Administrator)  (22/08/2015 00:12:22)
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\Silvy\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Silvy\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
 
 
---\\  Services (5)
[R] FOUND : IHProtect Service  =>PUP.Optional.AgentODR
[R] FOUND : KMService  =>PUP.Optional.Office
[R] FOUND : NetHttpService  =>PUP.Optional.Amonetize
[R] FOUND : WindowsMangerProtect  =>PUP.Optional.Fuyu
[R] FOUND : IHProtect Service  =>PUP.Optional.MiuiTab
 
 
---\\  Browser internet (16)
FOUND Chrome Preferences: "http://feed.helperbar.com/" =>PUP.Optional.HelperBar
FOUND Chrome Preferences: "http://feed.safefinder.com/" =>PUP.Optional.SmartBar
FOUND Chrome Preferences: "http://feed.snapdo.com/" =>PUP.Optional.SmartBar
FOUND Chrome Preferences: "http://linkurystoragenorthus.blob.core.windows.net/" =>PUP.Optional.Linkury
FOUND Chrome Preferences: "http://search.safefinder.com/" =>PUP.Optional.SmartBar
FOUND IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL [http://www.mystartsearch.com/?type=hp&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z[...]] =>PUP.Optional.StartSearch
FOUND IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL [http://www.istartsurf.com/web/?type=ds&ts=1437419518&z=f357ae5290211e393adf3ffgb[...]] =>PUP.Optional.IsStart
FOUND IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page [http://www.mystartsearch.com/?type=hp&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z[...]] =>PUP.Optional.StartSearch
FOUND IE Params: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Default_Page_URL [http://www.mystartsearch.com/?type=hp&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z[...]] =>PUP.Optional.StartSearch
FOUND IE Params: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Start Page [http://www.mystartsearch.com/?type=hp&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z[...]] =>PUP.Optional.StartSearch
FOUND file: C:\Program Files\MiuiTab\SupTab.dll [Good Co. Limited - GoodTab]  =>PUP.Optional.MiuiTab
FOUND Quicklaunch: C:\Users\Silvy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk  [bad : http://www.mystartsearch.com/?type=sc&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX](Hijacker.Browser)
FOUND TaskBar: C:\Users\Silvy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk  [bad : http://www.mystartsearch.com/?type=sc&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX](Hijacker.Browser)
FOUND Startup\Programs: C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk  [bad : http://www.mystartsearch.com/?type=sc&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX](Hijacker.Browser)
FOUND SystemTools: C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk  [bad : http://www.mystartsearch.com/?type=sc&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX](Hijacker.Browser)
FOUND Programs: C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk  [bad : http://www.mystartsearch.com/?type=sc&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX](Hijacker.Browser)
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (21)
 
 
---\\  Scheduled automatic tasks. (26)
FOUND task: [Advanced System~Protector] [C:\Program Files\ASP\AspManager.exe] (PUP.Optional.AdvancedSystemProtector)
FOUND task: [Advanced System~Protector_startup] [C:\Program Files\ASP\AdvancedSystemProtector.exe] (PUP.Optional.AdvancedSystemProtector)
FOUND task: [AmiUpdXp] [C:\Users\Silvy\AppData\Local\19462\Updater.exe] (PUP.Optional.SoftwareUpdater)
FOUND task: [APSnotifierPP1] [C:\Program Files\AnyProtectEx\AnyProtect.exe (Not File) ] (PUP.Optional.AnyProtect)
FOUND task: [APSnotifierPP2] [C:\Program Files\AnyProtectEx\AnyProtect.exe (Not File) ] (PUP.Optional.AnyProtect)
FOUND task: [APSnotifierPP3] [C:\Program Files\AnyProtectEx\AnyProtect.exe (Not File) ] (PUP.Optional.AnyProtect)
FOUND task: [Crossbrowse] [C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe] (PUP.Optional.CrossBrowse)
FOUND task: [e5c80545-bae7-429e-8c66-24b2aadbae3e-10_user] [C:\Program Files\SavePass 1.1\e5c80545-bae7-429e-8c66-24b2aadbae3e-10.exe] (PUP.Optional.CrossRider)
FOUND task: [LaunchPreSignup] [C:\Program Files\OLBPre\OLBPre.exe] (PUP.Optional.MyPCBackup)
FOUND task: [Price Fountain] [C:\Users\Silvy\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE] (PUP.Optional.PriceFountain)
FOUND task: [RegClean Pro] [C:\Program Files\RCP\RegCleanPro.exe] (PUP.Optional.RegistryPowerCleaner)
FOUND task: [RegClean Pro_DEFAULT] [C:\Program Files\RCP\RegCleanPro.exe] (PUP.Optional.RegistryPowerCleaner)
FOUND task: [RegClean Pro_UPDATES] [C:\Program Files\RCP\RegCleanPro.exe] (PUP.Optional.RegistryPowerCleaner)
FOUND task: [speedUpMyPC Maintenance] [C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe] (PUP.Optional.SpeedUpMyPC)
FOUND task: [speedUpMyPC Startup] [C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe] (PUP.Optional.SpeedUpMyPC)
FOUND task: [Yahoo! Search Updater] [C:\Users\Silvy\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\..\updt.js,N/A,N/A,Enabled,Disabled,Stop On Battery Mode, No Start On Batteries,Silvy-PC\Silvy,Enabled,72:00:00,Scheduling data is not available in this format.,One Time  (Not File) ] (PUP.Optional.PaybyAds)
FOUND task: [AmiUpdXp] [C:\Windows\Tasks\AmiUpdXp.job] (PUP.Optional.SoftwareUpdater)
FOUND task: [APSnotifierPP1] [C:\Windows\Tasks\APSnotifierPP1.job] (PUP.Optional.AnyProtect)
FOUND task: [APSnotifierPP2] [C:\Windows\Tasks\APSnotifierPP2.job] (PUP.Optional.AnyProtect)
FOUND task: [APSnotifierPP3] [C:\Windows\Tasks\APSnotifierPP3.job] (PUP.Optional.AnyProtect)
FOUND task: [Crossbrowse] [C:\Windows\Tasks\Crossbrowse.job] (PUP.Optional.CrossBrowse)
FOUND task: [Price Fountain] [C:\Windows\Tasks\Price Fountain.job] (PUP.Optional.PriceFountain)
FOUND task: [RegClean Pro_DEFAULT] [C:\Windows\Tasks\RegClean Pro_DEFAULT.job] (PUP.Optional.RegistryPowerCleaner)
FOUND task: [RegClean Pro_UPDATES] [C:\Windows\Tasks\RegClean Pro_UPDATES.job] (PUP.Optional.RegistryPowerCleaner)
FOUND task: [speedUpMyPC Maintenance] [C:\Windows\Tasks\SpeedUpMyPC Maintenance.job] (PUP.Optional.SpeedUpMyPC)
FOUND task: [speedUpMyPC Startup] [C:\Windows\Tasks\SpeedUpMyPC Startup.job] (PUP.Optional.SpeedUpMyPC)
 
 
---\\  Explorer ( File, Folder) (307)
FOUND file: C:\Users\Silvy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Crossbrowse.lnk  [bad : C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe]  =>PUP.Optional.CrossBrowse
FOUND file: C:\Users\Silvy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk  [bad : C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe]  =>PUP.Optional.Uniblue
FOUND file: C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk  [bad : C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe]  =>PUP.Optional.CrossBrowse
FOUND file: C:\Program Files\MiuiTab\ProtectService.exe [XTab system - ProtectSvc.exe]  =>PUP.Optional.AgentODR
FOUND file: C:\Windows\System32\drivers\nethfdrv.sys [nethfdrv - nethfdrv]  =>PUP.Optional.Amonetize
FOUND file: C:\Windows\System32\nethtsrv.exe [© 2012-2014, All rights reserved. - ]  =>PUP.Optional.Amonetize
FOUND file: C:\ProgramData\6WinManPro6\ProtectWindowsManager.exe [DTools LIMITED - DTools]  =>PUP.Optional.Fuyu
FOUND file: C:\Windows\System32\drivers\{5663c04f-f294-4115-9114-b62be60538cb}Gw.sys [stdLib - StdLib]  =>PUP.Optional.LinkiDoo
FOUND file: C:\Windows\System32\drivers\{92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw.sys [stdLib - StdLib]  =>PUP.Optional.LinkiDoo
FOUND file: C:\Windows\System32\drivers\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw.sys [stdLib - StdLib]  =>PUP.Optional.LinkiDoo
FOUND file: C:\Windows\System32\drivers\{b2b1c7de-2b5f-4688-b5b1-33172b6705e7}Gw.sys [stdLib - StdLib]  =>PUP.Optional.LinkiDoo
FOUND file: C:\Program Files\MiuiTab\ProtectService.exe [XTab system - ProtectSvc.exe]  =>PUP.Optional.MiuiTab
FOUND folder: C:\Program Files\8f7c661b-cac3-4083-b69c-1847ac7e309a  =>PUP.Optional.CrossRider
FOUND file: C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [Crossbrowse - Crossbrowse]  =>PUP.Optional.CrossBrowse
FOUND file: C:\Users\Silvy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Crossbrowse.lnk    =>PUP.Optional.CrossBrowse
FOUND file: C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk    =>PUP.Optional.CrossBrowse
FOUND file: C:\Users\Silvy\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrlte.exe [Pay By Ads LTD - ]  =>PUP.Optional.PaybyAds
FOUND file: C:\Program Files\ASP\AspManager.exe [Copyright - ASP]  =>PUP.Optional.AdvancedSystemProtector
FOUND file: C:\Program Files\ASP\AdvancedSystemProtector.exe [Copyright - ASP]  =>PUP.Optional.AdvancedSystemProtector
FOUND file: C:\Users\Silvy\AppData\Local\19462\Updater.exe    =>PUP.Optional.SoftwareUpdater
FOUND file: C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe    =>PUP.Optional.CrossBrowse
FOUND file: C:\Program Files\SavePass 1.1\e5c80545-bae7-429e-8c66-24b2aadbae3e-10.exe [OB - SavePass 1.1 exe]  =>PUP.Optional.CrossRider
FOUND file: C:\Program Files\OLBPre\OLBPre.exe    =>PUP.Optional.MyPCBackup
FOUND file: C:\Users\Silvy\AppData\Roaming\PriceFountain\UpdateProc\UpdateTask.exe    =>PUP.Optional.PriceFountain
FOUND file: C:\Program Files\RCP\RegCleanPro.exe    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Windows\Tasks\AmiUpdXp.job    =>PUP.Optional.SoftwareUpdater
FOUND file: C:\Windows\Tasks\APSnotifierPP1.job    =>PUP.Optional.AnyProtect
FOUND file: C:\Windows\Tasks\APSnotifierPP2.job    =>PUP.Optional.AnyProtect
FOUND file: C:\Windows\Tasks\APSnotifierPP3.job    =>PUP.Optional.AnyProtect
FOUND file: C:\Windows\Tasks\Crossbrowse.job    =>PUP.Optional.CrossBrowse
FOUND file: C:\Windows\Tasks\Price Fountain.job    =>PUP.Optional.PriceFountain
FOUND file: C:\Windows\Tasks\RegClean Pro_DEFAULT.job    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Windows\Tasks\RegClean Pro_UPDATES.job    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job    =>PUP.Optional.SpeedUpMyPC
FOUND file: C:\Windows\Tasks\SpeedUpMyPC Startup.job    =>PUP.Optional.SpeedUpMyPC
FOUND file: C:\Windows\Tasks\e5c80545-bae7-429e-8c66-24b2aadbae3e-10_user.job    =>PUP.Optional.CrossRider
FOUND file: C:\Windows\Tasks\e5c80545-bae7-429e-8c66-24b2aadbae3e-3.job    =>PUP.Optional.CrossRider
FOUND file: C:\Windows\System32\Tasks\e5c80545-bae7-429e-8c66-24b2aadbae3e-10_user    =>PUP.Optional.CrossRider
FOUND folder: C:\Program Files\SavePass 1.1  =>PUP.Optional.CrossRider
FOUND file: C:\END    =>PUP.Optional.Conduit
FOUND file: C:\Windows\Prefetch\CROSSBROWSE.EXE-F6F882CE.pf    =>PUP.Optional.CrossBrowse
FOUND file: C:\Windows\Prefetch\GLOBALUPDATE.EXE-B66D5BF9.pf    =>PUP.Optional.GlobalUpdate
FOUND file: C:\Windows\Prefetch\GLOBALUPDATECRASHHANDLER.EXE-C9210A99.pf    =>PUP.Optional.GlobalUpdate
FOUND file: C:\Windows\Prefetch\OFFERSWIZARD.EXE-22157E4C.pf    =>PUP.Optional.OffersWizard
FOUND file: C:\Windows\Prefetch\OLBPRE.EXE-826AFBAE.pf    =>PUP.Optional.MyPCBackup
FOUND file: C:\Windows\Prefetch\PRICEFOUNTAINW.EXE-1E2B9377.pf    =>PUP.Optional.PriceFountain
FOUND file: C:\Windows\Prefetch\SPEEDUPMYPC.EXE-9A3B87D4.pf    =>PUP.Optional.SpeedUpMyPC
FOUND file: C:\Program Files\Mozilla Firefox\browser\searchplugins\findit.xml    =>PUP.Optional.SmartBar
FOUND file: C:\Users\Silvy\AppData\Local\Temp\dsrsetup.exe [Pay By Ads LTD - ]  =>PUP.Optional.PaybyAds
FOUND file: C:\Users\Silvy\AppData\Local\Temp\nsn5FE4.tmp\Zicjmwzibhmepg.exe [installMoon - GoHD Installer]  =>PUP.Optional.CrossRider
FOUND file: C:\Users\Silvy\AppData\Local\Temp\nsfA518.tmp\setup.exe [installMoon - GoHD Installer]  =>PUP.Optional.CrossRider
FOUND file: C:\Users\Silvy\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\Extracted\adv_109.exe [TMRG, Inc. - Additional Offer Setup]  =>PUP.Optional.RelevantKnowledge
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\globalupdate.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\globalupdateBroker.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\goopdate.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\psmachine.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\psuser.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\globalupdate.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\globalupdateBroker.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\goopdate.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\psmachine.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\psuser.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\globalupdate.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\globalupdateBroker.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\goopdate.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\psmachine.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\psuser.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\globalupdate.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\globalupdateBroker.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\goopdate.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\psmachine.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\psuser.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\globalupdate.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\globalupdateBroker.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\goopdate.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\psmachine.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\psuser.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\globalupdate.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\globalupdateBroker.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\goopdate.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\psmachine.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\psuser.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\nsc1F33.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
FOUND file: C:\Users\Silvy\AppData\Local\nshC95E.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
FOUND file: C:\Users\Silvy\AppData\Local\nsm1289.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
FOUND file: C:\Users\Silvy\AppData\Local\nsm6551.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
FOUND file: C:\Users\Silvy\AppData\Local\nsu81D1.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
FOUND file: C:\Users\Silvy\AppData\Local\nsw39EF.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
FOUND file: C:\Users\Silvy\AppData\Local\nsw9A33.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
FOUND file: C:\Users\Silvy\AppData\Local\nsxCD9D.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage    =>PUP.Optional.AkamaiHD
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage-journal    =>PUP.Optional.AkamaiHD
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_hdapp1008-a.akamaihd.net_0.localstorage    =>PUP.Optional.AkamaiHD
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_hdapp1008-a.akamaihd.net_0.localstorage-journal    =>PUP.Optional.AkamaiHD
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage    =>PUP.Optional.ShoppinGate
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal    =>PUP.Optional.ShoppinGate
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage    =>PUP.Optional.BestPriceNinja
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal    =>PUP.Optional.BestPriceNinja
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage    =>PUP.Optional.BoostSaves
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal    =>PUP.Optional.BoostSaves
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cdncache-a.akamaihd.net_0.localstorage    =>PUP.Optional.AkamaiHD
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cdncache-a.akamaihd.net_0.localstorage-journal    =>PUP.Optional.AkamaiHD
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage    =>PUP.Optional.BestPriceNinja
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal    =>PUP.Optional.BestPriceNinja
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage    =>PUP.Optional.SmartBar
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage-journal    =>PUP.Optional.SmartBar
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_searchsimple-a.akamaihd.net_0.localstorage    =>PUP.Optional.AkamaiHD
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_searchsimple-a.akamaihd.net_0.localstorage-journal    =>PUP.Optional.AkamaiHD
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage    =>PUP.Optional.BoostSaves
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal    =>PUP.Optional.BoostSaves
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage    =>PUP.Optional.StartSearch
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage-journal    =>PUP.Optional.StartSearch
FOUND file: C:\Users\Silvy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk    =>PUP.Optional.SpeedUpMyPC
FOUND file: C:\Users\Silvy\AppData\Local\Temp\nsw39EF.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
FOUND file: C:\Users\Silvy\AppData\Local\Temp\reimage.log    =>PUP.Optional.ReImageRepair
FOUND file: C:\Users\Silvy\AppData\Local\Temp\Uninstall.exe [Copyright 2013 - ]  =>PUP.Optional.Generic
FOUND file: C:\Program Files\DownChecker\uninstall.exe [DownChecker - DownChecker]  =>PUP.Optional.DownChecker
FOUND file: C:\Program Files\FriendlyError\tmpD63D.bat    =>PUP.Optional.FriendlyError
FOUND file: C:\Program Files\MiuiTab\BrowerWatchCH.dll [XTab - BrowerWa.dll]  =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\MiuiTab\BrowerWatchFF.dll [XTab - BrowerWa.dll]  =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\MiuiTab\BrowserAction.dll [skytech Co., Ltd. - Skytech]  =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\MiuiTab\conf    =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\MiuiTab\defsearchp@gmail.com!1.0.0.1039.xpi    =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\MiuiTab\ffsearch_toolbar!1.0.0.1031.xpi    =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\MiuiTab\HPNotify.exe [XTab system - SupHPNot.exe]  =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\MiuiTab\IeWatchDog.dll [search Protecter - SearchProtect for ie]  =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\MiuiTab\install.data    =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\MiuiTab\searchProvider.xml    =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\MiuiTab\SupTab.dll [Good Co. Limited - GoodTab]  =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\MiuiTab\SupTab_Bak.dll [Thinknice Co. Limited - SupTab setup package]  =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\MiuiTab\uninstall.exe [XTab - XTab]  =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\RCP\Chinese_rcp.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Chinese_uninst.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\CleanSchedule.exe    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Danish_rcp.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Danish_uninst.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Dutch_rcp.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Dutch_uninst.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\eng_rcp.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\eng_uninst.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\FileList.rcp    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Finnish_rcp_fi.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Finnish_uninst_fi.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\French_rcp.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\French_uninst.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\German_rcp.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\German_uninst.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\greek_rcp_el.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\greek_uninst_el.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\isxdl.dll [bjørnar Henden - ISX Download DLL]  =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Italian_rcp.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Italian_uninst.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Japanese_rcp.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Japanese_uninst.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\korean_rcp_ko.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\korean_uninst_ko.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\LicMgr.dll [RCP - RCP]  =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Norwegian_rcp.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Norwegian_uninst.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\polish_rcp_pl.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\polish_uninst_pl.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\portugese_rcp_pt.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\portugese_uninst_pt.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Portuguese_rcp.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Portuguese_uninst.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\RCPUninstall.exe [Copyright © 2014 - ]  =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\RegList.rcp    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\russian_rcp_ru.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\russian_uninst_ru.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Spanish_rcp.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\spanish_uninst.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Swedish_rcp.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\swedish_uninst.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\systweakasp.exe [systweak Inc - ASP]  =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\TPS.ico    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\TraditionalCn_rcp_zh-tw.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\traditionalcn_uninst_zh-tw.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\turkish_rcp_tr.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Turkish_uninst_tr.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\unins000.exe [ - Setup/Uninstall]  =>PUP.Optional.RegistryPowerCleaner
FOUND folder: C:\Program Files\Crossbrowse\Crossbrowse  =>PUP.Optional.CrossBrowse
FOUND folder: C:\Program Files\DownChecker\packages  =>PUP.Optional.DownChecker
FOUND folder: C:\Program Files\globalUpdate\CrashReports  =>PUP.Optional.GlobalUpdate
FOUND folder: C:\Program Files\MiuiTab\skin  =>PUP.Optional.MiuiTab
FOUND folder: C:\Program Files\MiuiTab\web  =>PUP.Optional.MiuiTab
FOUND folder: C:\Program Files\Uniblue\SpeedUpMyPC  =>PUP.Optional.Uniblue
FOUND folder: C:\Program Files\Crossbrowse  =>PUP.Optional.CrossBrowse
FOUND folder: C:\Program Files\DownChecker  =>PUP.Optional.DownChecker
FOUND folder: C:\Program Files\FriendlyError  =>PUP.Optional.FriendlyError
FOUND folder: C:\Program Files\globalUpdate  =>PUP.Optional.GlobalUpdate
FOUND folder: C:\Program Files\MiuiTab  =>PUP.Optional.MiuiTab
FOUND folder: C:\Program Files\OLBPre  =>PUP.Optional.MyPCBackup
FOUND folder: C:\Program Files\RCP  =>PUP.Optional.RegistryPowerCleaner
FOUND folder: C:\Program Files\Uniblue  =>PUP.Optional.Uniblue
FOUND file: C:\ProgramData\EpicScale\18508.dat [EpicScale Inc. - EpicScale module]  =>PUP.Optional.EpicScale
FOUND file: C:\ProgramData\EpicScale\32834.dat [EpicScale Inc. - EpicScale module]  =>PUP.Optional.EpicScale
FOUND file: C:\ProgramData\EpicScale\EpicScale.exe [EpicScale Inc. - EpicScale module]  =>PUP.Optional.EpicScale
FOUND file: C:\ProgramData\ExtTag\1fixcpa3.dll [Copyright © 2015 - ]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\34mtzcvd.dll [Copyright © 2015 - ]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\3eg1u4qy.fuo.dll [Copyright ©  2015 - AgentDll]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\conf.config    =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\Config.xml    =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\ExtTag.exe [Copyright ©  2015 - AgentMainService]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\ExtTag.exe.config    =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\gioae22v.dll [Copyright © 2015 - ]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\irsxecsu.dll [Copyright © 2015 - ]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\mxyybgvn.exe [Copyright ©  2014 - StproW]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\mxyybgvn.exe.config    =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\o4kzm5y1.exe [Copyright © 2015 - ]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\o4kzm5y1.exe.bck [Copyright © 2015 - ]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\o4kzm5y1.exe.config    =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\oxxgvhhm.dll [Copyright © 2015 - ]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\Timers.xml    =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\uninstall.exe [Groovelam - Groovelam]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\uq5ks3ec.dll [Copyright © 2015 - ]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\vytoem4m.dll [Copyright © 2015 - ]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\wt2nwsbg.exe [Copyright ©  2015 - VariablesSetter]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\wt2nwsbg.exe.config    =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\wwwlplmz.exe [Copyright © 2015 - ]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\wwwlplmz.exe.bck    =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\wwwlplmz.exe.config    =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\y4gdgm52.dll [Copyright © 2015 - ]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\zx323pzc.dll [Copyright © 2015 - ]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTags\ff.HP    =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTags\ff.NT    =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTags\snp.sc    =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [DTools LIMITED - Windows DTools]  =>PUP.Optional.Fuyu
FOUND folder: C:\ProgramData\APN\APN-Stub  =>Toolbar.Ask
FOUND folder: C:\ProgramData\EpicScale\0  =>PUP.Optional.EpicScale
FOUND folder: C:\ProgramData\ExtTag\ondemand  =>PUP.Optional.ExtTag
FOUND folder: C:\ProgramData\ExtTag\temp  =>PUP.Optional.ExtTag
FOUND folder: C:\ProgramData\IHProtectUpDate\update  =>PUP.Optional.AgentODR
FOUND folder: C:\ProgramData\Systweak\Advanced System~Protector  =>PUP.Optional.Systweak
FOUND folder: C:\ProgramData\WindowsMangerProtect\update  =>PUP.Optional.Fuyu
FOUND folder: C:\ProgramData\APN  =>Toolbar.Ask
FOUND folder: C:\ProgramData\EpicScale  =>PUP.Optional.EpicScale
FOUND folder: C:\ProgramData\ExtTag  =>PUP.Optional.ExtTag
FOUND folder: C:\ProgramData\ExtTags  =>PUP.Optional.ExtTag
FOUND folder: C:\ProgramData\IHProtectUpDate  =>PUP.Optional.AgentODR
FOUND folder: C:\ProgramData\Systweak  =>PUP.Optional.Systweak
FOUND folder: C:\ProgramData\WindowsMangerProtect  =>PUP.Optional.Fuyu
FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector\Advanced System~Protector.lnk    =>PUP.Optional.AdvancedSystemProtector
FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector\Register Advanced System~Protector.lnk    =>PUP.Optional.AdvancedSystemProtector
FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector\Uninstall Advanced System~Protector.lnk    =>PUP.Optional.AdvancedSystemProtector
FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse\Crossbrowse.lnk    =>PUP.Optional.CrossBrowse
FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Uninstall RegClean Pro.lnk    =>PUP.Optional.RegistryPowerCleaner
FOUND folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\SpeedUpMyPC  =>PUP.Optional.Uniblue
FOUND folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector  =>PUP.Optional.AdvancedSystemProtector
FOUND folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse  =>PUP.Optional.CrossBrowse
FOUND folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro  =>PUP.Optional.RegistryPowerCleaner
FOUND folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue  =>PUP.Optional.Uniblue
FOUND file: C:\Users\Silvy\AppData\Roaming\istartsurf\UninstallManager.exe [skytech Co., Ltd. - Skytech]  =>PUP.Optional.IsStart
FOUND file: C:\Users\Silvy\AppData\Roaming\mystartsearch\402.json    =>PUP.Optional.StartSearch
FOUND file: C:\Users\Silvy\AppData\Roaming\mystartsearch\MessageBox.xml    =>PUP.Optional.StartSearch
FOUND file: C:\Users\Silvy\AppData\Roaming\mystartsearch\uninstallDlg2.xml    =>PUP.Optional.StartSearch
FOUND file: C:\Users\Silvy\AppData\Roaming\oursurfing\UninstallManager.exe [skytech Co., Ltd. - Skytech]  =>PUP.Optional.OurSurfing
FOUND folder: C:\Users\Silvy\AppData\Roaming\AnyProtectEx\installer  =>PUP.Optional.AnyProtect
FOUND folder: C:\Users\Silvy\AppData\Roaming\AnyProtectEx\language  =>PUP.Optional.AnyProtect
FOUND folder: C:\Users\Silvy\AppData\Roaming\AnyProtectEx\logs  =>PUP.Optional.AnyProtect
FOUND folder: C:\Users\Silvy\AppData\Roaming\AnyProtectEx\scan_results  =>PUP.Optional.AnyProtect
FOUND folder: C:\Users\Silvy\AppData\Roaming\AnyProtectEx\swf  =>PUP.Optional.AnyProtect
FOUND folder: C:\Users\Silvy\AppData\Roaming\mystartsearch\images  =>PUP.Optional.StartSearch
FOUND folder: C:\Users\Silvy\AppData\Roaming\OpenCandy\C6FF6BB9A6B0403BBF27B64856787A6E  =>PUP.Optional.OpenCandy
FOUND folder: C:\Users\Silvy\AppData\Roaming\OpenCandy\OpenCandy_30759EAB54F94C8C91CD2F29296AE10D  =>PUP.Optional.OpenCandy
FOUND folder: C:\Users\Silvy\AppData\Roaming\PriceFountain\UpdateProc  =>PUP.Optional.PriceFountain
FOUND folder: C:\Users\Silvy\AppData\Roaming\systweak\Advanced System~Protector  =>PUP.Optional.Systweak
FOUND folder: C:\Users\Silvy\AppData\Roaming\systweak\regclean pro  =>PUP.Optional.Systweak
FOUND folder: C:\Users\Silvy\AppData\Roaming\AnyProtectEx  =>PUP.Optional.AnyProtect
FOUND folder: C:\Users\Silvy\AppData\Roaming\istartsurf  =>PUP.Optional.IsStart
FOUND folder: C:\Users\Silvy\AppData\Roaming\mystartsearch  =>PUP.Optional.StartSearch
FOUND folder: C:\Users\Silvy\AppData\Roaming\OpenCandy  =>PUP.Optional.OpenCandy
FOUND folder: C:\Users\Silvy\AppData\Roaming\oursurfing  =>PUP.Optional.OurSurfing
FOUND folder: C:\Users\Silvy\AppData\Roaming\PriceFountain  =>PUP.Optional.PriceFountain
FOUND folder: C:\Users\Silvy\AppData\Roaming\systweak  =>PUP.Optional.Systweak
FOUND folder: C:\Users\Silvy\AppData\Local\Crossbrowse\Crossbrowse  =>PUP.Optional.CrossBrowse
FOUND folder: C:\Users\Silvy\AppData\Local\globalUpdate\CrashReports  =>PUP.Optional.GlobalUpdate
FOUND folder: C:\Users\Silvy\AppData\Local\Pay-By-Ads\Yahoo! Search  =>PUP.Optional.PaybyAds
FOUND folder: C:\Users\Silvy\AppData\Local\Crossbrowse  =>PUP.Optional.CrossBrowse
FOUND folder: C:\Users\Silvy\AppData\Local\globalUpdate  =>PUP.Optional.GlobalUpdate
FOUND folder: C:\Users\Silvy\AppData\Local\Pay-By-Ads  =>PUP.Optional.PaybyAds
FOUND folder: C:\Program Files\ASP  =>PUP.Optional.AdvancedSystemProtector
 
 
---\\  Registry ( Key, Value, Data) (148)
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F91A9A1-01BA-4c81-863D-3BA0751E1419} []  =>PUP.Optional.MiuiTab
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} []  =>PUP.Optional.MiuiTab
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b608cc98-54de-4775-96c9-097de398500c} []  =>PUP.Optional.PriceFountain
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F91A9A1-01BA-4c81-863D-3BA0751E1419} []  =>PUP.Optional.MiuiTab
FOUND key: HKLM\Software\Classes\CLSID\{1F91A9A1-01BA-4c81-863D-3BA0751E1419} [GoodTab Class]  =>PUP.Optional.MiuiTab
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} []  =>PUP.Optional.MiuiTab
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} []  =>PUP.Optional.MiuiTab
FOUND key: HKLM\Software\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} [LuckyTab Class]  =>PUP.Optional.MiuiTab
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b608cc98-54de-4775-96c9-097de398500c} []  =>PUP.Optional.PriceFountain
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b608cc98-54de-4775-96c9-097de398500c} []  =>PUP.Optional.PriceFountain
FOUND key: HKLM\Software\Classes\CLSID\{b608cc98-54de-4775-96c9-097de398500c} [PriceFountain]  =>PUP.Optional.PriceFountain
FOUND key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][bing] (PUP.Optional.StartSearch)
FOUND key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{096B907D-AAF2-40E2-B273-0BD10CAB1969} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][Yahoo! Search] (PUP.Optional.StartSearch)
FOUND key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][e] (PUP.Optional.StartSearch)
FOUND key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][mystartsearch] (PUP.Optional.StartSearch)
FOUND key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][Google] (PUP.Optional.StartSearch)
FOUND key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7029578D-92B5-4DAA-8098-BCAA8414C1C4} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][Ask Search] (PUP.Optional.StartSearch)
FOUND key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BCAA0611-F391-41C8-95A5-D6E87F4D77E5} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][Google] (PUP.Optional.StartSearch)
FOUND key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][Google] (PUP.Optional.StartSearch)
FOUND key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][search the web] (PUP.Optional.StartSearch)
FOUND key: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?type=ds&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg[...]][mystartsearch] (PUP.Optional.StartSearch)
FOUND key: [X64] HKLM\SOFTWARE\Clients\StartMenuInternet\Crossbrowse ["C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" http://www.mystartsearch.com/?type=sc&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX(Not File)]  =>PUP.Optional.StartSearch
FOUND data: HKLM\...\Crossbrowse\Shell\open\Command\\"C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" http://www.mystartsearch.com/?type=sc&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX(PUP.Optional.StartSearch)
FOUND data: HKLM\...\IEXPLORE.EXE\Shell\open\Command\\C:\Program Files\Internet Explorer\iexplore.exe http://www.oursurfing.com/?type=sc&ts=1437286377&z=f89574d1b5769d1295f03cdg5zbc7mbodbbq7cdm2w&from=amt&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX(PUP.Optional.OurSurfing)
FOUND value: HKLM\Software\Classes\.htm\OpenWithProgIDs\\CRSBRWSHTML []  =>PUP.Optional.CrossBrowse
FOUND value: HKLM\Software\Classes\.html\OpenWithProgIDs\\CRSBRWSHTML []  =>PUP.Optional.CrossBrowse
FOUND value: HKLM\Software\Classes\.shtml\OpenWithProgIDs\\CRSBRWSHTML []  =>PUP.Optional.CrossBrowse
FOUND value: HKLM\Software\Classes\.webp\OpenWithProgIDs\\CRSBRWSHTML []  =>PUP.Optional.CrossBrowse
FOUND value: HKLM\Software\Classes\.xht\OpenWithProgIDs\\CRSBRWSHTML []  =>PUP.Optional.CrossBrowse
FOUND key: HKCU\Software\WajIEnhance []  =>PUP.Optional.Wajam
FOUND key: HKCU\Software\WajIntEnhance []  =>PUP.Optional.Wajam
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service [C:\Program Files\MiuiTab\ProtectService.exe]  =>PUP.Optional.AgentODR
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\KMService [C:\Windows\System32\srvany.exe]  =>PUP.Optional.Office
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\nethfdrv [C:\Windows\System32\drivers\nethfdrv.sys]  =>PUP.Optional.Amonetize
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\NetHttpService [C:\Windows\System32\nethtsrv.exe]  =>PUP.Optional.Amonetize
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect [C:\ProgramData\6WinManPro6\ProtectWindowsManager.exe]  =>PUP.Optional.Fuyu
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{5663c04f-f294-4115-9114-b62be60538cb}Gw [C:\Windows\System32\drivers\{5663c04f-f294-4115-9114-b62be60538cb}Gw.sys]  =>PUP.Optional.LinkiDoo
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw [C:\Windows\System32\drivers\{92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw.sys]  =>PUP.Optional.LinkiDoo
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw [C:\Windows\System32\drivers\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw.sys]  =>PUP.Optional.LinkiDoo
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{b2b1c7de-2b5f-4688-b5b1-33172b6705e7}Gw [C:\Windows\System32\drivers\{b2b1c7de-2b5f-4688-b5b1-33172b6705e7}Gw.sys]  =>PUP.Optional.LinkiDoo
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service [C:\Program Files\MiuiTab\ProtectService.exe]  =>PUP.Optional.MiuiTab
FOUND key: HKLM\SOFTWARE\downchecker []  =>PUP.Optional.DownChecker
FOUND key: HKLM\SOFTWARE\SearchProtect []  =>PUP.Optional.SearchProtect
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\Currentversion\Uninstall\SearchProtect []  =>PUP.Optional.SearchProtect
FOUND key: HKCU\Software\Cinem Plus 2.4cV20.07-nv-ie []  =>Heuristic.CrossRider
FOUND key: HKCU\Software\CinemaPlus-3.2cV20.07-nv-ie []  =>Heuristic.CrossRider
FOUND key: HKCU\Software\SavePass 1.1-nv-ie []  =>Heuristic.CrossRider
FOUND key: HKCU\Software\Shop and Save Up-nv-ie []  =>Heuristic.CrossRider
FOUND value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9D028DA769B8F8BA1EF2B2E5C45F19DE ["C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window]  =>PUP.Optional.CrossBrowse
FOUND value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Yahoo! Search [C:\Users\Silvy\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrlte.exe]  =>PUP.Optional.PaybyAds
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\AnyProtect []  =>PUP.Optional.AnyProtect
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\APN PIP []  =>PUP.Optional.Conduit
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\ArenaHD []  =>PUP.Optional.CrossRider
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\CinemaPlus-3.2cV20.07-nv-ie []  =>PUP.Optional.CrossRider
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Crossbrowse []  =>PUP.Optional.CrossBrowse
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\CrossBrowser []  =>PUP.Optional.CrossBrowser
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\EpicScale []  =>PUP.Optional.EpicScale
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\globalUpdate []  =>PUP.Optional.GlobalUpdate
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\HighDefAction []  =>PUP.Optional.CrossRider
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\HomeTab []  =>PUP.Optional.CertifiedToolbar
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Linkey []  =>PUP.Optional.LinkeySearch
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\PriceFountain []  =>PUP.Optional.PriceFountain
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\SavePass 1.1 []  =>PUP.Optional.CrossRider
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\SavePass 1.1-nv-ie []  =>PUP.Optional.CrossRider
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\SearchProtectWS []  =>PUP.Optional.SearchProtect
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Shop and Save Up-nv-ie []  =>PUP.Optional.ShopSave
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\SimplyTech []  =>PUP.Optional.SimplyTech
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\systweak []  =>PUP.Optional.Systweak
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\TNT2 []  =>PUP.Optional.TidyNetwork
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\WajIEnhance []  =>PUP.Optional.Multiplug
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\WajIntEnhance []  =>PUP.Optional.Multiplug
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\YorkNewCin []  =>PUP.Optional.CrossRider
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Classes\keepmysearch []  =>PUP.Optional.Hotbar
FOUND key: HKCU\Software\AnyProtect []  =>PUP.Optional.AnyProtect
FOUND key: HKCU\Software\APN PIP []  =>PUP.Optional.Conduit
FOUND key: HKCU\Software\ArenaHD []  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\CinemaPlus-3.2cV20.07-nv-ie []  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Crossbrowse []  =>PUP.Optional.CrossBrowse
FOUND key: HKCU\Software\CrossBrowser []  =>PUP.Optional.CrossBrowser
FOUND key: HKCU\Software\EpicScale []  =>PUP.Optional.EpicScale
FOUND key: HKCU\Software\globalUpdate []  =>PUP.Optional.GlobalUpdate
FOUND key: HKCU\Software\HighDefAction []  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\HomeTab []  =>PUP.Optional.CertifiedToolbar
FOUND key: HKCU\Software\Linkey []  =>PUP.Optional.LinkeySearch
FOUND key: HKCU\Software\PriceFountain []  =>PUP.Optional.PriceFountain
FOUND key: HKCU\Software\SavePass 1.1 []  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\SavePass 1.1-nv-ie []  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\SearchProtectWS []  =>PUP.Optional.SearchProtect
FOUND key: HKCU\Software\Shop and Save Up-nv-ie []  =>PUP.Optional.ShopSave
FOUND key: HKCU\Software\SimplyTech []  =>PUP.Optional.SimplyTech
FOUND key: HKCU\Software\systweak []  =>PUP.Optional.Systweak
FOUND key: HKCU\Software\TNT2 []  =>PUP.Optional.TidyNetwork
FOUND key: HKCU\Software\WajIEnhance []  =>PUP.Optional.Multiplug
FOUND key: HKCU\Software\WajIntEnhance []  =>PUP.Optional.Multiplug
FOUND key: HKCU\Software\YorkNewCin []  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\AppDataLow\Software\Crossrider []  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP []  =>PUP.Optional.IMBooster
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar []  =>PUP.Optional.IMBooster
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey []  =>PUP.Optional.LinkeySearch
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect []  =>PUP.Optional.SearchProtect
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com []  =>PUP.Optional.Vosteran
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance []  =>PUP.Optional.Multiplug
FOUND key: HKLM\SOFTWARE\Classes\SpeedUpMyPC [url:SpeedUpMyPC Protocol]  =>PUP.Optional.SpeedUpMyPC
FOUND key: HKLM\SOFTWARE\Classes\protector_dll.protectorbho [Google Toolbar Notifier BHO]  =>PUP.Optional.BProtector
FOUND key: HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 [Google Toolbar Notifier BHO]  =>PUP.Optional.BProtector
FOUND key: HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [iTool]  =>Toolbar.Ask
FOUND key: HKLM\SOFTWARE\Classes\CRSBRWSHTML [Crossbrowse HTML Document]  =>PUP.Optional.CrossBrowse
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} [LuckyTab Class]  =>PUP.Optional.LuckyTab
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect []  =>PUP.Optional.Fuyu
FOUND key: HKLM\SOFTWARE\ArenaHD []  =>PUP.Optional.CrossRider
FOUND key: HKLM\SOFTWARE\Conduit []  =>PUP.Optional.Conduit
FOUND key: HKLM\SOFTWARE\Crossbrowse []  =>PUP.Optional.CrossBrowse
FOUND key: HKLM\SOFTWARE\GlobalUpdate []  =>PUP.Optional.GlobalUpdate
FOUND key: HKLM\SOFTWARE\HighDefAction []  =>PUP.Optional.CrossRider
FOUND key: HKLM\SOFTWARE\IHProtect []  =>PUP.Optional.AgentODR
FOUND key: HKLM\SOFTWARE\Iminent []  =>PUP.Optional.IMBooster
FOUND key: HKLM\SOFTWARE\istartsurfSoftware []  =>PUP.Optional.IsStart
FOUND key: HKLM\SOFTWARE\mystartsearchSoftware []  =>PUP.Optional.StartSearch
FOUND key: HKLM\SOFTWARE\oursurfingSoftware []  =>PUP.Optional.OurSurfing
FOUND key: HKLM\SOFTWARE\searchult []  =>PUP.Optional.Generic
FOUND key: HKLM\SOFTWARE\SupDp []  =>PUP.Optional.SupTab
FOUND key: HKLM\SOFTWARE\supTab []  =>PUP.Optional.SupTab
FOUND key: HKLM\SOFTWARE\supWindowsMangerProtect []  =>PUP.Optional.Fuyu
FOUND key: HKLM\SOFTWARE\Systweak []  =>PUP.Optional.Systweak
FOUND key: HKLM\SOFTWARE\Uniblue []  =>PUP.Optional.Uniblue
FOUND key: HKLM\SOFTWARE\WajIntEnhance []  =>PUP.Optional.Multiplug
FOUND key: HKLM\SOFTWARE\YorkNewCin []  =>PUP.Optional.CrossRider
FOUND key: HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 []  =>PUP.Optional.AdvancedSystemProtector
FOUND key: HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS []  =>PUP.Optional.AdvancedSystemProtector
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~9338DF9D_is1 [Advanced System Protector]  =>PUP.Optional.Systweak
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crossbrowse [The Crossbrowse Authors]  =>PUP.Optional.CrossBrowse
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP []  =>PUP.Optional.IMBooster
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar []  =>PUP.Optional.IMBooster
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall [istartsurf]  =>PUP.Optional.IsStart
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey []  =>PUP.Optional.LinkeySearch
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall [mystartsearch]  =>PUP.Optional.StartSearch
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\oursurfing uninstall [oursurfing]  =>PUP.Optional.OurSurfing
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1 []  =>PUP.Optional.RegistryPowerCleaner
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean-Pro_is1 [systweak.com]  =>PUP.Optional.RegistryPowerCleaner
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage []  =>PUP.Optional.Downware
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com []  =>PUP.Optional.Vosteran
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance []  =>PUP.Optional.Multiplug
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1 [uniblue Systems Limited]  =>PUP.Optional.Uniblue
FOUND key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\globalupdate.exe []  =>PUP.Optional.GlobalUpdate
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\crossbrowse.exe [C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe]  =>PUP.Optional.CrossBrowse
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{1F91A9A1-01BA-4c81-863D-3BA0751E1419}\InprocServer32 [C:\Program Files\MiuiTab\SupTab.dll]  =>PUP.Optional.MiuiTab
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}\InprocServer32 [C:\Program Files\MiuiTab\SupTab.dll]  =>PUP.Optional.LuckyTab
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{b608cc98-54de-4775-96c9-097de398500c}\InprocServer32 [C:\Users\Silvy\AppData\Local\PriceFountain\PriceFountainIE.dll (Not File)]  =>PUP.Optional.PriceFountain
 
 
---\\ Result of repair
~ Any repair made
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 52640
~ Items found : 731
~ Items cancelled : 0
~ Items repaired : 0
 
 
~ End of search in 12 minutes
===================
ZHPCleaner--21082015-23_54_49.txt
ZHPCleaner--22082015-00_24_38.txt
;)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Чудесно,

 

  • Сега стартирайте ZHPCleaner с десен клик върху файла и изберете от контекстното меню "Run as administrator"
  • Кликнете върху Ashampoo_Snap_20140819_13h09m50s_001__zp за да се съгласите с лицензионното споразумение.
  • Направете нова проверка и след като приключи натиснете бутона slm23Pe.png
  • Браузърите ще бъдат затворени автоматично.
  • Ще се отвори лог файл след прикючването на проверката.
  • Публикувайте лог файла в следващия си коментар.
  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

 

Чудесно,

 

  • Сега стартирайте ZHPCleaner с десен клик върху файла и изберете от контекстното меню "Run as administrator"
  • Кликнете върху Ashampoo_Snap_20140819_13h09m50s_001__zp за да се съгласите с лицензионното споразумение.
  • Направете нова проверка и след като приключи натиснете бутона slm23Pe.png
  • Браузърите ще бъдат затворени автоматично.
  • Ще се отвори лог файл след прикючването на проверката.
  • Публикувайте лог файла в следващия си коментар.

 

~ ZHPCleaner v2015.8.20.329 by Nicolas Coolman (2015/08/20)
~ Run by Silvy (Administrator)  (22/08/2015 11:24:07)
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Silvy\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Silvy\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
 
 
---\\  Services (4)
CLOSED : IHProtect Service  =>PUP.Optional.AgentODR
CLOSED : KMService  =>PUP.Optional.Office
CLOSED : NetHttpService  =>PUP.Optional.Amonetize
CLOSED : WindowsMangerProtect  =>PUP.Optional.Fuyu
 
 
---\\  Browser internet (9)
REPLACED IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL [http://www.mystartsearch.com/?type=hp&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z[...]] =>PUP.Optional.StartSearch
REPLACED IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL [http://www.istartsurf.com/web/?type=ds&ts=1437419518&z=f357ae5290211e393adf3ffgb[...]] =>PUP.Optional.IsStart
REPLACED IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page [http://www.mystartsearch.com/?type=hp&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z[...]] =>PUP.Optional.StartSearch
REPLACED IE Params: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Default_Page_URL [http://www.mystartsearch.com/?type=hp&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z[...]] =>PUP.Optional.StartSearch
REPLACED IE Params: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Start Page [http://www.mystartsearch.com/?type=hp&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z[...]] =>PUP.Optional.StartSearch
REPLACED Quicklaunch: C:\Users\Silvy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk  [bad : http://www.mystartsearch.com/?type=sc&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX](Hijacker.Browser)
REPLACED TaskBar: C:\Users\Silvy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk  [bad : http://www.mystartsearch.com/?type=sc&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX](Hijacker.Browser)
REPLACED Startup\Programs: C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk  [bad : http://www.mystartsearch.com/?type=sc&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX](Hijacker.Browser)
REPLACED SystemTools: C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk  [bad : http://www.mystartsearch.com/?type=sc&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX](Hijacker.Browser)
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (21)
 
 
---\\  Scheduled automatic tasks. (10)
DELETED task: [AmiUpdXp] [C:\Windows\Tasks\AmiUpdXp.job (Not File) ]  =>PUP.Optional.SoftwareUpdater
DELETED task: [APSnotifierPP1] [C:\Windows\Tasks\APSnotifierPP1.job (Not File) ]  =>PUP.Optional.AnyProtect
DELETED task: [APSnotifierPP2] [C:\Windows\Tasks\APSnotifierPP2.job (Not File) ]  =>PUP.Optional.AnyProtect
DELETED task: [APSnotifierPP3] [C:\Windows\Tasks\APSnotifierPP3.job (Not File) ]  =>PUP.Optional.AnyProtect
DELETED task: [Crossbrowse] [C:\Windows\Tasks\Crossbrowse.job (Not File) ]  =>PUP.Optional.CrossBrowse
DELETED task: [Price Fountain] [C:\Windows\Tasks\Price Fountain.job (Not File) ]  =>PUP.Optional.PriceFountain
DELETED task: [RegClean Pro_DEFAULT] [C:\Windows\Tasks\RegClean Pro_DEFAULT.job (Not File) ]  =>PUP.Optional.RegistryPowerCleaner
DELETED task: [RegClean Pro_UPDATES] [C:\Windows\Tasks\RegClean Pro_UPDATES.job (Not File) ]  =>PUP.Optional.RegistryPowerCleaner
DELETED task: [speedUpMyPC Maintenance] [C:\Windows\Tasks\SpeedUpMyPC Maintenance.job (Not File) ]  =>PUP.Optional.SpeedUpMyPC
DELETED task: [speedUpMyPC Startup] [C:\Windows\Tasks\SpeedUpMyPC Startup.job (Not File) ]  =>PUP.Optional.SpeedUpMyPC
 
 
---\\  Explorer ( File, Folder) (159)
MOVED file: C:\Users\Silvy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Crossbrowse.lnk  [bad : C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe]  =>PUP.Optional.CrossBrowse
MOVED file: C:\Users\Silvy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk  [bad : C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe]  =>PUP.Optional.Uniblue
MOVED file: C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk  [bad : C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe]  =>PUP.Optional.CrossBrowse
MOVED file: C:\Program Files\MiuiTab\SupTab.dll [Good Co. Limited - GoodTab]  =>PUP.Optional.MiuiTab
MOVED file: C:\Program Files\MiuiTab\ProtectService.exe [XTab system - ProtectSvc.exe]  =>PUP.Optional.AgentODR
MOVED file: C:\Windows\System32\drivers\nethfdrv.sys [nethfdrv - nethfdrv]  =>PUP.Optional.Amonetize
MOVED file: C:\Windows\System32\nethtsrv.exe [© 2012-2014, All rights reserved. - ]  =>PUP.Optional.Amonetize
MOVED file: C:\ProgramData\6WinManPro6\ProtectWindowsManager.exe [DTools LIMITED - DTools]  =>PUP.Optional.Fuyu
MOVED file: C:\Windows\System32\drivers\{5663c04f-f294-4115-9114-b62be60538cb}Gw.sys [stdLib - StdLib]  =>PUP.Optional.LinkiDoo
MOVED file: C:\Windows\System32\drivers\{92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw.sys [stdLib - StdLib]  =>PUP.Optional.LinkiDoo
MOVED file: C:\Windows\System32\drivers\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw.sys [stdLib - StdLib]  =>PUP.Optional.LinkiDoo
MOVED file: C:\Windows\System32\drivers\{b2b1c7de-2b5f-4688-b5b1-33172b6705e7}Gw.sys [stdLib - StdLib]  =>PUP.Optional.LinkiDoo
MOVED file: C:\Users\Silvy\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrlte.exe [Pay By Ads LTD - ]  =>PUP.Optional.PaybyAds
MOVED file: C:\Windows\Tasks\AmiUpdXp.job    =>PUP.Optional.SoftwareUpdater
MOVED file: C:\Windows\Tasks\APSnotifierPP1.job    =>PUP.Optional.AnyProtect
MOVED file: C:\Windows\Tasks\APSnotifierPP2.job    =>PUP.Optional.AnyProtect
MOVED file: C:\Windows\Tasks\APSnotifierPP3.job    =>PUP.Optional.AnyProtect
MOVED file: C:\Windows\Tasks\Crossbrowse.job    =>PUP.Optional.CrossBrowse
MOVED file: C:\Windows\Tasks\Price Fountain.job    =>PUP.Optional.PriceFountain
MOVED file: C:\Windows\Tasks\RegClean Pro_DEFAULT.job    =>PUP.Optional.RegistryPowerCleaner
MOVED file: C:\Windows\Tasks\RegClean Pro_UPDATES.job    =>PUP.Optional.RegistryPowerCleaner
MOVED file: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job    =>PUP.Optional.SpeedUpMyPC
MOVED file: C:\Windows\Tasks\SpeedUpMyPC Startup.job    =>PUP.Optional.SpeedUpMyPC
MOVED file: C:\Windows\Tasks\e5c80545-bae7-429e-8c66-24b2aadbae3e-10_user.job    =>PUP.Optional.CrossRider
MOVED file: C:\Windows\Tasks\e5c80545-bae7-429e-8c66-24b2aadbae3e-3.job    =>PUP.Optional.CrossRider
MOVED file: C:\Windows\System32\Tasks\e5c80545-bae7-429e-8c66-24b2aadbae3e-10_user    =>PUP.Optional.CrossRider
MOVED file: C:\Program Files\SavePass 1.1\e5c80545-bae7-429e-8c66-24b2aadbae3e-10.exe [OB - SavePass 1.1 exe]  =>PUP.Optional.CrossRider
MOVED file: C:\END    =>PUP.Optional.Conduit
MOVED file: C:\Windows\Prefetch\CROSSBROWSE.EXE-F6F882CE.pf    =>PUP.Optional.CrossBrowse
MOVED file: C:\Windows\Prefetch\GLOBALUPDATE.EXE-B66D5BF9.pf    =>PUP.Optional.GlobalUpdate
MOVED file: C:\Windows\Prefetch\GLOBALUPDATECRASHHANDLER.EXE-C9210A99.pf    =>PUP.Optional.GlobalUpdate
MOVED file: C:\Windows\Prefetch\OFFERSWIZARD.EXE-22157E4C.pf    =>PUP.Optional.OffersWizard
MOVED file: C:\Windows\Prefetch\OLBPRE.EXE-826AFBAE.pf    =>PUP.Optional.MyPCBackup
MOVED file: C:\Windows\Prefetch\PRICEFOUNTAINW.EXE-1E2B9377.pf    =>PUP.Optional.PriceFountain
MOVED file: C:\Windows\Prefetch\SPEEDUPMYPC.EXE-9A3B87D4.pf    =>PUP.Optional.SpeedUpMyPC
MOVED file: C:\Program Files\Mozilla Firefox\browser\searchplugins\findit.xml    =>PUP.Optional.SmartBar
MOVED file: C:\Users\Silvy\AppData\Local\Temp\dsrsetup.exe [Pay By Ads LTD - ]  =>PUP.Optional.PaybyAds
MOVED file: C:\Users\Silvy\AppData\Local\Temp\nsn5FE4.tmp\Zicjmwzibhmepg.exe [installMoon - GoHD Installer]  =>PUP.Optional.CrossRider
MOVED file: C:\Users\Silvy\AppData\Local\Temp\nsfA518.tmp\setup.exe [installMoon - GoHD Installer]  =>PUP.Optional.CrossRider
MOVED file: C:\Users\Silvy\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\Extracted\adv_109.exe [TMRG, Inc. - Additional Offer Setup]  =>PUP.Optional.RelevantKnowledge
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\globalupdate.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\globalupdateBroker.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\goopdate.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\psmachine.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\psuser.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\globalupdate.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\globalupdateBroker.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\goopdate.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\psmachine.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\psuser.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\globalupdate.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\globalupdateBroker.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\goopdate.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\psmachine.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\psuser.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\globalupdate.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\globalupdateBroker.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\goopdate.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\psmachine.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\psuser.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\globalupdate.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\globalupdateBroker.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\goopdate.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\psmachine.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\psuser.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\globalupdate.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\globalupdateBroker.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\goopdate.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\psmachine.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\psuser.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\nsc1F33.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
MOVED file: C:\Users\Silvy\AppData\Local\nshC95E.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
MOVED file: C:\Users\Silvy\AppData\Local\nsm1289.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
MOVED file: C:\Users\Silvy\AppData\Local\nsm6551.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
MOVED file: C:\Users\Silvy\AppData\Local\nsu81D1.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
MOVED file: C:\Users\Silvy\AppData\Local\nsw39EF.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
MOVED file: C:\Users\Silvy\AppData\Local\nsw9A33.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
MOVED file: C:\Users\Silvy\AppData\Local\nsxCD9D.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage    =>PUP.Optional.AkamaiHD
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage-journal    =>PUP.Optional.AkamaiHD
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_hdapp1008-a.akamaihd.net_0.localstorage    =>PUP.Optional.AkamaiHD
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_hdapp1008-a.akamaihd.net_0.localstorage-journal    =>PUP.Optional.AkamaiHD
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage    =>PUP.Optional.ShoppinGate
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal    =>PUP.Optional.ShoppinGate
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage    =>PUP.Optional.BestPriceNinja
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal    =>PUP.Optional.BestPriceNinja
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage    =>PUP.Optional.BoostSaves
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal    =>PUP.Optional.BoostSaves
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cdncache-a.akamaihd.net_0.localstorage    =>PUP.Optional.AkamaiHD
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cdncache-a.akamaihd.net_0.localstorage-journal    =>PUP.Optional.AkamaiHD
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage    =>PUP.Optional.BestPriceNinja
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal    =>PUP.Optional.BestPriceNinja
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage    =>PUP.Optional.SmartBar
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage-journal    =>PUP.Optional.SmartBar
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_searchsimple-a.akamaihd.net_0.localstorage    =>PUP.Optional.AkamaiHD
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_searchsimple-a.akamaihd.net_0.localstorage-journal    =>PUP.Optional.AkamaiHD
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage    =>PUP.Optional.BoostSaves
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal    =>PUP.Optional.BoostSaves
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage    =>PUP.Optional.StartSearch
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage-journal    =>PUP.Optional.StartSearch
MOVED file: C:\Users\Silvy\AppData\Local\Temp\nsw39EF.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
MOVED file: C:\Users\Silvy\AppData\Local\Temp\reimage.log    =>PUP.Optional.ReImageRepair
MOVED file: C:\Users\Silvy\AppData\Local\Temp\Uninstall.exe [Copyright 2013 - ]  =>PUP.Optional.Generic
MOVED folder: C:\Program Files\8f7c661b-cac3-4083-b69c-1847ac7e309a  =>PUP.Optional.CrossRider
MOVED folder: C:\Program Files\SavePass 1.1  =>PUP.Optional.CrossRider
MOVED folder^: C:\Program Files\Crossbrowse  =>PUP.Optional.CrossBrowse
MOVED folder: C:\Program Files\DownChecker  =>PUP.Optional.DownChecker
MOVED folder: C:\Program Files\FriendlyError  =>PUP.Optional.FriendlyError
MOVED folder: C:\Program Files\globalUpdate  =>PUP.Optional.GlobalUpdate
MOVED folder: C:\Program Files\MiuiTab  =>PUP.Optional.MiuiTab
MOVED folder: C:\Program Files\OLBPre  =>PUP.Optional.MyPCBackup
MOVED folder: C:\Program Files\RCP  =>PUP.Optional.RegistryPowerCleaner
MOVED folder: C:\Program Files\Uniblue  =>PUP.Optional.Uniblue
MOVED folder: C:\ProgramData\APN  =>Toolbar.Ask
MOVED folder: C:\ProgramData\EpicScale  =>PUP.Optional.EpicScale
MOVED folder^: C:\ProgramData\ExtTag  =>PUP.Optional.ExtTag
MOVED folder: C:\ProgramData\ExtTags  =>PUP.Optional.ExtTag
MOVED folder: C:\ProgramData\IHProtectUpDate  =>PUP.Optional.AgentODR
MOVED folder: C:\ProgramData\Systweak  =>PUP.Optional.Systweak
MOVED folder: C:\ProgramData\WindowsMangerProtect  =>PUP.Optional.Fuyu
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector  =>PUP.Optional.AdvancedSystemProtector
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse  =>PUP.Optional.CrossBrowse
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro  =>PUP.Optional.RegistryPowerCleaner
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue  =>PUP.Optional.Uniblue
MOVED folder: C:\Users\Silvy\AppData\Roaming\AnyProtectEx  =>PUP.Optional.AnyProtect
MOVED folder: C:\Users\Silvy\AppData\Roaming\istartsurf  =>PUP.Optional.IsStart
MOVED folder: C:\Users\Silvy\AppData\Roaming\mystartsearch  =>PUP.Optional.StartSearch
MOVED folder: C:\Users\Silvy\AppData\Roaming\OpenCandy  =>PUP.Optional.OpenCandy
MOVED folder: C:\Users\Silvy\AppData\Roaming\oursurfing  =>PUP.Optional.OurSurfing
MOVED folder: C:\Users\Silvy\AppData\Roaming\PriceFountain  =>PUP.Optional.PriceFountain
MOVED folder: C:\Users\Silvy\AppData\Roaming\systweak  =>PUP.Optional.Systweak
MOVED folder^: C:\Users\Silvy\AppData\Local\Crossbrowse  =>PUP.Optional.CrossBrowse
MOVED folder: C:\Users\Silvy\AppData\Local\globalUpdate  =>PUP.Optional.GlobalUpdate
MOVED folder^: C:\Users\Silvy\AppData\Local\Pay-By-Ads  =>PUP.Optional.PaybyAds
MOVED folder: C:\Program Files\ASP  =>PUP.Optional.AdvancedSystemProtector
 
 
---\\  Registry ( Key, Value, Data) (158)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][bing] (PUP.Optional.StartSearch)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{096B907D-AAF2-40E2-B273-0BD10CAB1969} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][Yahoo! Search] (PUP.Optional.StartSearch)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][e] (PUP.Optional.StartSearch)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?type=dspp&ts=1437419376&z=33395c02f12c5b421b89a8fg7zeccm5z2g2tecac[...]][mystartsearch] (PUP.Optional.StartSearch)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][Google] (PUP.Optional.StartSearch)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7029578D-92B5-4DAA-8098-BCAA8414C1C4} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][Ask Search] (PUP.Optional.StartSearch)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BCAA0611-F391-41C8-95A5-D6E87F4D77E5} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][Google] (PUP.Optional.StartSearch)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][Google] (PUP.Optional.StartSearch)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][search the web] (PUP.Optional.StartSearch)
DELETED key: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?type=dspp&ts=1437419376&z=33395c02f12c5b421b89a8fg7zeccm5z2g2tecac[...]][mystartsearch] (PUP.Optional.StartSearch)
REPLACED data: HKLM\...\Crossbrowse\Shell\open\Command\\"C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" http://www.mystartsearch.com/?type=sc&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX(PUP.Optional.StartSearch)
REPLACED data: HKLM\...\IEXPLORE.EXE\Shell\open\Command\\C:\Program Files\Internet Explorer\iexplore.exe http://www.oursurfing.com/?type=sc&ts=1437286377&z=f89574d1b5769d1295f03cdg5zbc7mbodbbq7cdm2w&from=amt&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX(PUP.Optional.OurSurfing)
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F91A9A1-01BA-4c81-863D-3BA0751E1419} []  =>PUP.Optional.MiuiTab
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} []  =>PUP.Optional.MiuiTab
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b608cc98-54de-4775-96c9-097de398500c} []  =>PUP.Optional.PriceFountain
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F91A9A1-01BA-4c81-863D-3BA0751E1419} []  =>PUP.Optional.MiuiTab
DELETED key*: HKLM\Software\Classes\CLSID\{1F91A9A1-01BA-4c81-863D-3BA0751E1419} [GoodTab Class]  =>PUP.Optional.MiuiTab
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} []  =>PUP.Optional.MiuiTab
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} []  =>PUP.Optional.MiuiTab
DELETED key*: HKLM\Software\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} [LuckyTab Class]  =>PUP.Optional.MiuiTab
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b608cc98-54de-4775-96c9-097de398500c} []  =>PUP.Optional.PriceFountain
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b608cc98-54de-4775-96c9-097de398500c} []  =>PUP.Optional.PriceFountain
DELETED key*: HKLM\Software\Classes\CLSID\{b608cc98-54de-4775-96c9-097de398500c} [PriceFountain]  =>PUP.Optional.PriceFountain
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}] =>PUP.Optional.StartSearch
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{096B907D-AAF2-40E2-B273-0BD10CAB1969} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}] =>PUP.Optional.StartSearch
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}] =>PUP.Optional.StartSearch
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}] =>PUP.Optional.StartSearch
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}] =>PUP.Optional.StartSearch
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7029578D-92B5-4DAA-8098-BCAA8414C1C4} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}] =>PUP.Optional.StartSearch
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BCAA0611-F391-41C8-95A5-D6E87F4D77E5} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}] =>PUP.Optional.StartSearch
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}] =>PUP.Optional.StartSearch
DELETED key: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?type=ds&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&q={searchTerms}] =>PUP.Optional.StartSearch
DELETED key*: [X64] HKLM\SOFTWARE\Clients\StartMenuInternet\Crossbrowse []  =>PUP.Optional.StartSearch
DELETED key*: HKCU\Software\WajIEnhance []  =>PUP.Optional.Wajam
DELETED key*: HKCU\Software\WajIntEnhance []  =>PUP.Optional.Wajam
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service [C:\Program Files\MiuiTab\ProtectService.exe (Not File)]  =>PUP.Optional.AgentODR
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\KMService [C:\Windows\System32\srvany.exe]  =>PUP.Optional.Office
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\nethfdrv [C:\Windows\System32\drivers\nethfdrv.sys (Not File)]  =>PUP.Optional.Amonetize
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\NetHttpService [C:\Windows\System32\nethtsrv.exe (Not File)]  =>PUP.Optional.Amonetize
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect [C:\ProgramData\6WinManPro6\ProtectWindowsManager.exe (Not File)]  =>PUP.Optional.Fuyu
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\{5663c04f-f294-4115-9114-b62be60538cb}Gw [C:\Windows\System32\drivers\{5663c04f-f294-4115-9114-b62be60538cb}Gw.sys (Not File)]  =>PUP.Optional.LinkiDoo
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\{92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw [C:\Windows\System32\drivers\{92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw.sys (Not File)]  =>PUP.Optional.LinkiDoo
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw [C:\Windows\System32\drivers\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw.sys (Not File)]  =>PUP.Optional.LinkiDoo
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\{b2b1c7de-2b5f-4688-b5b1-33172b6705e7}Gw [C:\Windows\System32\drivers\{b2b1c7de-2b5f-4688-b5b1-33172b6705e7}Gw.sys (Not File)]  =>PUP.Optional.LinkiDoo
DELETED key*: HKLM\SOFTWARE\downchecker []  =>PUP.Optional.DownChecker
DELETED key*: HKLM\SOFTWARE\SearchProtect []  =>PUP.Optional.SearchProtect
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\Currentversion\Uninstall\SearchProtect []  =>PUP.Optional.SearchProtect
DELETED key*: HKCU\Software\Cinem Plus 2.4cV20.07-nv-ie []  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\CinemaPlus-3.2cV20.07-nv-ie []  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\SavePass 1.1-nv-ie []  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Shop and Save Up-nv-ie []  =>PUP.Optional.CrossRider
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\{5663c04f-f294-4115-9114-b62be60538cb}Gw [C:\Windows\System32\drivers\{5663c04f-f294-4115-9114-b62be60538cb}Gw.sys (Not File)]  =>PUP.Optional.LinkiDoo
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\{92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw [C:\Windows\System32\drivers\{92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw.sys (Not File)]  =>PUP.Optional.LinkiDoo
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw [C:\Windows\System32\drivers\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw.sys (Not File)]  =>PUP.Optional.LinkiDoo
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\{b2b1c7de-2b5f-4688-b5b1-33172b6705e7}Gw [C:\Windows\System32\drivers\{b2b1c7de-2b5f-4688-b5b1-33172b6705e7}Gw.sys (Not File)]  =>PUP.Optional.LinkiDoo
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service [C:\Program Files\MiuiTab\ProtectService.exe (Not File)]  =>PUP.Optional.AgentODR
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\nethfdrv [C:\Windows\System32\drivers\nethfdrv.sys (Not File)]  =>PUP.Optional.Amonetize
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect [C:\ProgramData\6WinManPro6\ProtectWindowsManager.exe (Not File)]  =>PUP.Optional.Fuyu
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\AnyProtect []  =>PUP.Optional.AnyProtect
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\APN PIP []  =>PUP.Optional.Conduit
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\ArenaHD []  =>PUP.Optional.CrossRider
DELETED key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\CinemaPlus-3.2cV20.07-nv-ie []  =>PUP.Optional.CrossRider
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Crossbrowse []  =>PUP.Optional.CrossBrowse
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\CrossBrowser []  =>PUP.Optional.CrossBrowser
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\EpicScale []  =>PUP.Optional.EpicScale
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\globalUpdate []  =>PUP.Optional.GlobalUpdate
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\HighDefAction []  =>PUP.Optional.CrossRider
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\HomeTab []  =>PUP.Optional.CertifiedToolbar
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Linkey []  =>PUP.Optional.LinkeySearch
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\PriceFountain []  =>PUP.Optional.PriceFountain
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\SavePass 1.1 []  =>PUP.Optional.CrossRider
DELETED key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\SavePass 1.1-nv-ie []  =>PUP.Optional.CrossRider
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\SearchProtectWS []  =>PUP.Optional.SearchProtect
DELETED key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Shop and Save Up-nv-ie []  =>PUP.Optional.ShopSave
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\SimplyTech []  =>PUP.Optional.SimplyTech
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\systweak []  =>PUP.Optional.Systweak
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\TNT2 []  =>PUP.Optional.TidyNetwork
DELETED key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\WajIEnhance []  =>PUP.Optional.Multiplug
DELETED key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\WajIntEnhance []  =>PUP.Optional.Multiplug
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\YorkNewCin []  =>PUP.Optional.CrossRider
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Classes\keepmysearch []  =>PUP.Optional.Hotbar
DELETED key: HKCU\Software\AnyProtect []  =>PUP.Optional.AnyProtect
DELETED key: HKCU\Software\APN PIP []  =>PUP.Optional.Conduit
DELETED key: HKCU\Software\ArenaHD []  =>PUP.Optional.CrossRider
DELETED key: HKCU\Software\Crossbrowse []  =>PUP.Optional.CrossBrowse
DELETED key: HKCU\Software\CrossBrowser []  =>PUP.Optional.CrossBrowser
DELETED key: HKCU\Software\EpicScale []  =>PUP.Optional.EpicScale
DELETED key: HKCU\Software\globalUpdate []  =>PUP.Optional.GlobalUpdate
DELETED key: HKCU\Software\HighDefAction []  =>PUP.Optional.CrossRider
DELETED key: HKCU\Software\HomeTab []  =>PUP.Optional.CertifiedToolbar
DELETED key: HKCU\Software\Linkey []  =>PUP.Optional.LinkeySearch
DELETED key: HKCU\Software\PriceFountain []  =>PUP.Optional.PriceFountain
DELETED key: HKCU\Software\SavePass 1.1 []  =>PUP.Optional.CrossRider
DELETED key: HKCU\Software\SearchProtectWS []  =>PUP.Optional.SearchProtect
DELETED key: HKCU\Software\SimplyTech []  =>PUP.Optional.SimplyTech
DELETED key: HKCU\Software\systweak []  =>PUP.Optional.Systweak
DELETED key: HKCU\Software\TNT2 []  =>PUP.Optional.TidyNetwork
DELETED key: HKCU\Software\YorkNewCin []  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\AppDataLow\Software\Crossrider []  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP []  =>PUP.Optional.IMBooster
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar []  =>PUP.Optional.IMBooster
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey []  =>PUP.Optional.LinkeySearch
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect []  =>PUP.Optional.SearchProtect
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com []  =>PUP.Optional.Vosteran
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance []  =>PUP.Optional.Multiplug
DELETED key*: HKLM\SOFTWARE\Classes\SpeedUpMyPC [url:SpeedUpMyPC Protocol]  =>PUP.Optional.SpeedUpMyPC
DELETED key*: HKLM\SOFTWARE\Classes\protector_dll.protectorbho [Google Toolbar Notifier BHO]  =>PUP.Optional.BProtector
DELETED key*: HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 [Google Toolbar Notifier BHO]  =>PUP.Optional.BProtector
DELETED key*: HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [iTool]  =>Toolbar.Ask
DELETED key*: HKLM\SOFTWARE\Classes\CRSBRWSHTML [Crossbrowse HTML Document]  =>PUP.Optional.CrossBrowse
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect []  =>PUP.Optional.Fuyu
DELETED key*: HKLM\SOFTWARE\ArenaHD []  =>PUP.Optional.CrossRider
DELETED key*: HKLM\SOFTWARE\Conduit []  =>PUP.Optional.Conduit
DELETED key*: HKLM\SOFTWARE\Crossbrowse []  =>PUP.Optional.CrossBrowse
DELETED key*: HKLM\SOFTWARE\GlobalUpdate []  =>PUP.Optional.GlobalUpdate
DELETED key*: HKLM\SOFTWARE\HighDefAction []  =>PUP.Optional.CrossRider
DELETED key*: HKLM\SOFTWARE\IHProtect []  =>PUP.Optional.AgentODR
DELETED key*: HKLM\SOFTWARE\Iminent []  =>PUP.Optional.IMBooster
DELETED key*: HKLM\SOFTWARE\istartsurfSoftware []  =>PUP.Optional.IsStart
DELETED key*: HKLM\SOFTWARE\mystartsearchSoftware []  =>PUP.Optional.StartSearch
DELETED key*: HKLM\SOFTWARE\oursurfingSoftware []  =>PUP.Optional.OurSurfing
DELETED key*: HKLM\SOFTWARE\searchult []  =>PUP.Optional.Generic
DELETED key*: HKLM\SOFTWARE\SupDp []  =>PUP.Optional.SupTab
DELETED key*: HKLM\SOFTWARE\supTab []  =>PUP.Optional.SupTab
DELETED key*: HKLM\SOFTWARE\supWindowsMangerProtect []  =>PUP.Optional.Fuyu
DELETED key*: HKLM\SOFTWARE\Systweak []  =>PUP.Optional.Systweak
DELETED key*: HKLM\SOFTWARE\Uniblue []  =>PUP.Optional.Uniblue
DELETED key*: HKLM\SOFTWARE\WajIntEnhance []  =>PUP.Optional.Multiplug
DELETED key*: HKLM\SOFTWARE\YorkNewCin []  =>PUP.Optional.CrossRider
DELETED key*: HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 []  =>PUP.Optional.AdvancedSystemProtector
DELETED key*: HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS []  =>PUP.Optional.AdvancedSystemProtector
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~9338DF9D_is1 [Advanced System Protector]  =>PUP.Optional.Systweak
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crossbrowse [The Crossbrowse Authors]  =>PUP.Optional.CrossBrowse
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP []  =>PUP.Optional.IMBooster
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar []  =>PUP.Optional.IMBooster
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall [istartsurf]  =>PUP.Optional.IsStart
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey []  =>PUP.Optional.LinkeySearch
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall [mystartsearch]  =>PUP.Optional.StartSearch
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\oursurfing uninstall [oursurfing]  =>PUP.Optional.OurSurfing
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1 []  =>PUP.Optional.RegistryPowerCleaner
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean-Pro_is1 [systweak.com]  =>PUP.Optional.RegistryPowerCleaner
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage []  =>PUP.Optional.Downware
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com []  =>PUP.Optional.Vosteran
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance []  =>PUP.Optional.Multiplug
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1 [uniblue Systems Limited]  =>PUP.Optional.Uniblue
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\globalupdate.exe []  =>PUP.Optional.GlobalUpdate
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\crossbrowse.exe [C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe]  =>PUP.Optional.CrossBrowse
DELETED key: HKLM\SOFTWARE\Classes\CLSID\{1F91A9A1-01BA-4c81-863D-3BA0751E1419}\InprocServer32 [C:\Program Files\MiuiTab\SupTab.dll (Not File)]  =>PUP.Optional.MiuiTab
DELETED key: HKLM\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}\InprocServer32 [C:\Program Files\MiuiTab\SupTab.dll (Not File)]  =>PUP.Optional.LuckyTab
DELETED key: HKLM\SOFTWARE\Classes\CLSID\{b608cc98-54de-4775-96c9-097de398500c}\InprocServer32 [C:\Users\Silvy\AppData\Local\PriceFountain\PriceFountainIE.dll (Not File)]  =>PUP.Optional.PriceFountain
DELETED value: HKLM\Software\Classes\.htm\OpenWithProgIDs\\CRSBRWSHTML []  =>PUP.Optional.CrossBrowse
DELETED value: HKLM\Software\Classes\.html\OpenWithProgIDs\\CRSBRWSHTML []  =>PUP.Optional.CrossBrowse
DELETED value: HKLM\Software\Classes\.shtml\OpenWithProgIDs\\CRSBRWSHTML []  =>PUP.Optional.CrossBrowse
DELETED value: HKLM\Software\Classes\.webp\OpenWithProgIDs\\CRSBRWSHTML []  =>PUP.Optional.CrossBrowse
DELETED value: HKLM\Software\Classes\.xht\OpenWithProgIDs\\CRSBRWSHTML []  =>PUP.Optional.CrossBrowse
DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9D028DA769B8F8BA1EF2B2E5C45F19DE ["C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window]  =>PUP.Optional.CrossBrowse
DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Yahoo! Search [C:\Users\Silvy\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrlte.exe]  =>PUP.Optional.PaybyAds
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
~ The system has been restarted.
 
 
---\\ Statistics
~ Items scanned : 618
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 340
 
 
~ End of clean in 4 minutes
===================
ZHPCleaner-[R]-22082015-11_28_31.txt
ZHPCleaner--21082015-23_54_49.txt
ZHPCleaner--22082015-00_24_38.txt
ZHPCleaner--22082015-11_23_46.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добра работа, програмата е почистила доста боклуци, но редом с тях е заминал и активатора за офис пакета ви:

 

DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\KMService [C:\Windows\System32\srvany.exe]  =>PUP.Optional.Office

 

Тъй като в правилата на форума е забранено да се дискутират и разпространяват нелегални инструменти ще оставя на вас как да постъпите. Имате 4 възможности.

 

1. Да си намерите активатора сама (но с риск да попаднете на нещо, което не трябва и да се заразите отново).

2. Да оставите тази задача на познат, който има опит с тези неща.

3. Да си закупите Microsoft Office.

4. Да деинсталирате Microsoft Office и да инсталирате безплатния пакет LibreOffice 5.0.0, който по нищо не му отстъпва.

 

Сега за да продължим с почистването следвайте следните стъпки:

 

 

СТЪПКА 1

 

  • Изтеглете и стартирайтe 6sv1DN9.jpgAdwCleaner.exe.
  • Натиснете бутона Scan.
  • AdwCleaner ще започне да проверява компютъра.
  • След като проверката приключи натиснете бутона Clean.
  • Програмата ще затвори всички излишни процеси и след почистването ще иска да рестартира машината. Съгласете се.
  • Ще се появи автоматично лог файл с името (AdwCleaner[s0].txt) в C:\Adwcleaner
  • Публикувайте съдържанието му в следващия си коментар.

 

 

СТЪПКА 2

 

 

Моля изтеглете icon1351185104.png Junkware Removal Tool на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

 

 

СТЪПКА 3

 

Направете нова проверка с FRST като се уверите, че има отметка пред Addition.txt преди да натиснете бутона SCAN.

Прикачете новите два лог файла - FRST.txt и Addition.txt в следващия си коментар.

 

 

Поздрави!

  • Харесва ми 3

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стъпка 1


Стъпка 2

 

Стъпка 3 :yanim: 

AdwCleanerC1.txt

AdwCleanerS1.txt

JRT.txt

FRST.txt

Addition.txt

Редактирано от Силвия Табакова (преглед на промените)
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сега изтеглете KKdS6sj.pngfixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

След това пишете как е положението.

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сега изтеглете KKdS6sj.pngfixlist.txt и го запазете в папката от която стартирахте FRST.exe.

Стартирайте FRST.exe и натиснете бутона Fix веднъж!

След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

 

Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

След това пишете как е положението.

След рестарта изчезна Chrome ,за сега всичко друго ми се вижда  ок :)

Fixlog.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

В какъв смисъл изчезна Chrome? Няма ред в скрипта, който да е изтрил каквото и да е свързано с Chrome... Има ли я програмата в Control Panel-a => Uninstall a program? И стартира ли ако стартирате изпълнимия и файл от инсталационната папка в C:\Program Files\Google\Chrome\Application\chrome.exe ?

 

Също така забелязах, че са изключени опциите за проверка на цифровите подписи на драйверите. Вие ли сте го направили? Питам, защото това не винаги е знак на зловредна активност. Много драйвери, които са бета или работят със специфичен хардуер изискват забраната на проверката за цифров подпис.

 

Виждате ли долу вдясно воден знам в който се споменава, че в момента работите в Test Mode като този на картинката отдолу?

 

Windows_7_Test_Mode_Desktop_Watermark.pn

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

В какъв смисъл изчезна Chrome? Няма ред в скрипта, който да е изтрил каквото и да е свързано с Chrome... Има ли я програмата в Control Panel-a => Uninstall a program? И стартира ли ако стартирате изпълнимия и файл от инсталационната папка в C:\Program Files\Google\Chrome\Application\chrome.exe ?

 

Също така забелязах, че са изключени опциите за проверка на цифровите подписи на драйверите. Вие ли сте го направили? Питам, защото това не винаги е знак на зловредна активност. Много драйвери, които са бета или работят със специфичен хардуер изискват забраната на проверката за цифров подпис.

 

Виждате ли долу вдясно воден знам в който се споменава, че в момента работите в Test Mode като този на картинката отдолу?

 

Windows_7_Test_Mode_Desktop_Watermark.pn

Здравейте,

с малко закъсение ...

Няма воден знак за Test Mode.

"че са изключени опциите за проверка на цифровите подписи на драйверите"-това нямам идея как се прави...може ли малко инфо,

За Chrome в папката просо няма chrome.exe :wors:

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Интересен проблем...според лог файла Windows-a трябва да е в TEST mode. Както и да е.

Изчезването на изпълнимия файл на chrome.exe също е мистерия или бъг в FRST при почистването на group policies-те. Ще видим тази работа.

Засега пробвайте да изтеглите и инсталирате последната версия на Google Chrome от този линк и пишете за резултата.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Много благодаря,Google Chrome го извадих от C:\Program Files\Google\Chrome...,там вече всичко е ок .


Бихте ли ми препоръчали ,за в бъдеще някаква( безплатна) антивирусна програма.

Безкрайно съм Ви благодарна за помощта.Не мога да повярвам че имам работещ компютър. :wors:  :clap:

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Много благодаря,Google Chrome го извадих от C:\Program Files\Google\Chrome...,там вече всичко е ок .

 

Нещо не можах да свържа нещата...нали писахте, че в папката C:\Program Files\Google\Chrome\Application\chrome.exе, липсва chrome.exe? Как така сте го извадили от там тогава? Според мен просто ви е изчезнал прекия път на браузъра на десктопа и сте си създали нов, така ли е?

 

Ако да, тогава можете да не се занимавате с преинсталиране на браузъра.

 

Преди да ви препоръчам каквото и да е обаче нека да направим и последни няколко проверки.

 

 

 

СТЪПКА 1

 

 

Моля изтеглете Malwarebytes Anti-Malware 2.1.8.1057 Final и я запазете на вашия десктоп.

  • Стартирайте файла mbam-setup-2.1.8.1057.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи се уверете че сте сложили отметка пред:
  • Launch Malwarebytes Anti-Malware
  • Отметката активираща пробния 14 дневен период също е маркиран по-подразбиране. Ако не желаете да тествате защитата в реално време на програмата през следващите 14 дни тогава премахнете отметката. Т.е. премахнете първата отметка:

DkgJ7Zr.png

  • Натиснете бутона Finish.
  • Отидете до табът Settings > Detection and Protection > и под категорията Detection Options включете опцията "Scan for rootkits".
  • Отидете до табът Scan, сложете радио-бутона пред Threat Scan и след това натиснете бутона Scan Now >> . Ако е намерена актуализация тогава натиснете бутона Update Now.
  • Ще започне проверка за зловреден софтуер.
  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи натиснете бутона Apply Actions.
  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.
  • След рестарта, когато се появи десктопа MBAM ще се зареди още веднъж.
  • Отидете то табът History > Application Logs.

65ZBqkR.jpg

  • Отворете рапорта с последната дата и час и натиснете бутона "Copy to Clipboard"
  • Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.

 

 

СТЪПКА 2

 

 

1.Изтеглете Hitman Pro.

За 32-битова система - dEMD6.gif.

За 64-битова система - Download-button3.gif

2.Стартирайте програмата.

3.След като сте стартирали програмата като кликнете върху иконата 5vo5F.jpg и натиснете бутона „Напред“ като се съгласите с лицензионното споразумение (EULA).

4.Сложете отметка пред "Не, искам да завърша еднократно сканиране на компютъра".

5.Натиснете бутона „Напред“.

6.Програмата ще започне да сканира. Времето за сканиране е около 2 минути.

7.След завършване на сканирането от списъка с намерените неща (ако има такива) изберете Apply to all => Ignore.

8.Натиснете "Next" и след това натиснете "Изнеси резултата в XML file" и запазете лог файла на десктопа.

9.Архивирайте файла и го прикачете в следващия си коментар или копирайте съдържанието му в следващия си коментар.

 

Забележка: Ако няма падащо меню, където да изберете ignore както на снимката:

 

6-scanfin-choose.jpg

 

Тогава просто затворете програмата след края на проверката (без да премахвате нищо)...след това отворете C:\Programdata\HitmanPro\Logs, отворете и публикувайте съдържанието на лог файла в следващия си коментар.

 

 

 

СТЪПКА 3

 

 

emsisoft_emergency_kit.pnglogo.png

  • Моля изтеглете EmsisoftEmergencyKit, стартирайте exe файла и посочете къде да се разархивира програмата - например в (C:\EEK), натискайки бутона Extract.
  • Стартирайте иконата на файла Start Emsisoft Emergency Kit от десктопа за да стартирате приложението.
  • Натиснете бутона"Yes", когато бъдете подканени да обновите дефинициите на програмата.

EKK.gif

  • След като процеса по обновяването на дефинициите приключи натиснете бутона "Scan".
  • Натиснете бутона "Yes", когато бъдете попитани дали да програмата да включи засичането на потенциално нежелани приложения (Potentially Unwanted Applications).
  • Сега вече изберете бутона Custom Scan. Премахнете от списъка всички дялове без C:\ (т.е. нека да остане само дял C:\ в списъка).
  • Натиснете Next за да започне проверката.
  • Когато проверката приключи натиснете бутона View Report.
  • Копирайте съдържанието на лог файла в следващия си коментар.

 

 

Поздрави!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
Стъпка 1
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 25.8.2015 г.
Scan Time: 00:19 ч.
Logfile: 
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.08.24.06
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Silvy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328575
Time Elapsed: 38 min, 24 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 10
PUP.Optional.CrossRider.A, HKU\S-1-5-18\SOFTWARE\Cinem Plus 2.4cV20.07-nv, Quarantined, [dfc7e22a43482e087849909e1ce7d927], 
PUP.Optional.CrossRider.A, HKU\S-1-5-18\SOFTWARE\Cinem Plus 2.4cV20.07-nv-ie, Quarantined, [7e288d7fc8c394a201c01816c53e7888], 
PUP.Optional.CinemaPlus.A, HKU\S-1-5-18\SOFTWARE\CinemaPlus-3.2cV20.07-nv, Quarantined, [edb9907cb6d5d5610b3080ba5ea5bb45], 
PUP.Optional.CinemaPlus.A, HKU\S-1-5-18\SOFTWARE\CinemaPlus-3.2cV20.07-nv-ie, Quarantined, [abfbb8543b5010263b0018228f747e82], 
PUP.Optional.GoHD.A, HKU\S-1-5-18\SOFTWARE\GoHD-nv, Quarantined, [20860b01d9b293a3bf53cbd510f45da3], 
PUP.Optional.SavePass.A, HKU\S-1-5-18\SOFTWARE\SavePass 1.1-nv, Quarantined, [8a1cb557216a0036b80a1434b350bf41], 
PUP.Optional.SavePass.A, HKU\S-1-5-18\SOFTWARE\SavePass 1.1-nv-ie, Quarantined, [e6c068a439523204cef42d1b7f84a25e], 
PUP.Optional.ShopAndSave.A, HKU\S-1-5-18\SOFTWARE\Shop and Save Up-nv, Quarantined, [faac55b797f458de6fb7663a60a48878], 
PUP.Optional.ShopAndSave.A, HKU\S-1-5-18\SOFTWARE\Shop and Save Up-nv-ie, Quarantined, [3e68d23ad7b40a2c53d3a000f014e11f], 
PUP.Optional.OutBrowse.A, HKU\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\OB, Quarantined, [4d5930dc880345f1bd6e9423828211ef], 
 
Registry Values: 11
PUP.Optional.CrossBrowse.A, HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS, Crossbrowse, Quarantined, [44626ba1395240f67c5c23f959aa12ee]
PUP.Optional.CrossBrowse.A, HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS|StubPath, "C:\Program Files\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level, Quarantined, [3f67da328ffc75c1dafe1705679c26da]
PUP.Optional.CrossBrowse.A, HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS|Localized Name, Crossbrowse, Quarantined, [079f2ddf93f8fb3b0ecad547f70cc739]
PUP.Optional.Linkury.A, HKU\S-1-5-21-1625243576-869716123-3662650611-1000\ENVIRONMENT|SNP, http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFRec&co=BG&userid=c83b5484-9cbe-ce3a-d273-785389a932c6&searchtype=sc&installDate=02.08.2015&barcodeid=50045888&channelid=888, Quarantined, [6442b458454662d46e43c1f24fb559a7]
PUP.Optional.Linkury.A, HKU\S-1-5-21-1625243576-869716123-3662650611-1000\ENVIRONMENT|SNF, C:\ProgramData\ExtTags\snp.sc, Quarantined, [624418f4c9c2b680f0c0357e18ec7789]
PUP.Optional.OutBrowse.A, HKU\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\OB|monitype25, 7/20/15 21:58:31, Quarantined, [4d5930dc880345f1bd6e9423828211ef]
PUP.Optional.OutBrowse.A, HKU\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\OB|monitype20, 7/20/15 21:59:8, Quarantined, [53536ba15b3079bdac7fad0ac93b718f]
PUP.Optional.OutBrowse.A, HKU\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\OB|monitype22, 7/20/15 21:59:8, Quarantined, [6640c943216aa88e42e95c5b4abac739]
PUP.Optional.OutBrowse.A, HKU\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\OB|monitype24, 7/20/15 21:59:8, Quarantined, [b9ed1bf1eba04ceaa4874e697e86738d]
PUP.Optional.OutBrowse.A, HKU\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\OB|monitype27, 7/20/15 21:59:8, Quarantined, [4b5b3dcf0b80f44208236e490103b34d]
PUP.Optional.OutBrowse.A, HKU\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\OB|monitype21, 7/20/15 22:0:44, Quarantined, [b7efc24a860595a1e645bdfab84c7789]
 
Registry Data: 5
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({ielnksrch}),Replaced,[b2f4c349b6d50333948af962e61f9b65]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{23DE7EFB-2F55-43BD-AEA8-1BCD1EC70945}|NameServer, 52.17.204.69,8.8.8.8, Good: (), Bad: (52.17.204.69,8.8.8.8),Replaced,[2f77d03c4447ec4a44dfdb810bfa748c]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3095FECE-B308-4C35-896E-1C0CD667957A}|NameServer, 52.17.204.69,8.8.8.8, Good: (), Bad: (52.17.204.69,8.8.8.8),Replaced,[f3b3c349b3d849ed0320ea72b4517090]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{BD2F665A-784E-4B0C-B6C8-8962A37A73B0}|NameServer, 52.17.204.69,8.8.8.8, Good: (), Bad: (52.17.204.69,8.8.8.8),Replaced,[75317c90dab13ff73ce7abb117ee13ed]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}|NameServer, 52.17.204.69,8.8.8.8, Good: (), Bad: (52.17.204.69,8.8.8.8),Replaced,[4e589379fc8f2d09948f24385baa55ab]
 
Folders: 2
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config, Quarantined, [b7efa06ce9a2db5b406085c828db46ba], 
PUP.Optional.MultiPlug.A, C:\Program Files\DC8122E2-1437418746-D543-6C80-001E8C61453C, Quarantined, [f9ad6f9d1972a88e03c8971aa46041bf], 
 
Files: 54
PUP.Optional.APNToolBar.A, C:\ProgramData\FreePDFTabletInstall.exe, Quarantined, [6a3c0804d0bbfb3be4e47332d92856aa], 
PUP.Optional.PayByAds.A, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\dsrlte.exe, Quarantined, [772fb25aafdc6ec837a7a6995ca459a7], 
PUP.Optional.PayByAds.A, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\dsrsetup.exe, Quarantined, [099df21af49738fea63809367b8545bb], 
PUP.Optional.SavePass.A, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\e5c80545-bae7-429e-8c66-24b2aadbae3e-10.exe, Quarantined, [d9cdf6162e5d2511ba3985def60bfa06], 
PUP.Optional.ModGoog, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\psmachine.dll, Quarantined, [6541c745adde270f5de8ccc2f20fd22e], 
PUP.Optional.ModGoog, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\psuser.dll, Quarantined, [eabc0a026f1c50e64005b9d51be613ed], 
PUP.Optional.GoHD.A, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\setup.exe, Quarantined, [9c0a0606e1aa41f5e61aa1989a6744bc], 
PUP.Optional.Linkury.PrxySvrRST, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.exe, Quarantined, [0b9ba26a4f3cb18557a58b396e939b65], 
PUP.Optional.ModGoog, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\globalupdate.exe, Quarantined, [e9bd7d8f96f5d066162f2a6469989b65], 
PUP.Optional.ModGoog, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\globalupdateBroker.exe, Quarantined, [fcaa83895a31241252f3a2ec37ca4bb5], 
PUP.Optional.ModGoog, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\globalupdateCrashHandler.exe, Quarantined, [2b7b63a95734cf67fa4b008e3dc4926e], 
PUP.Optional.ModGoog, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\globalupdateOnDemand.exe, Quarantined, [e2c4f5170d7ee65063e2048a8c756e92], 
PUP.Optional.ModGoog, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\goopdate.dll, Quarantined, [891d58b4c2c9f6403b0aa1ede41d0cf4], 
PUP.Optional.ModGoog, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\goopdateres_en.dll, Quarantined, [80263cd0f992d5613510226c7a872ed2], 
PUP.Optional.AnyProtect, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\nshC95E.tmp, Quarantined, [2185d933f2996acc3550adda2ad8a65a], 
PUP.Optional.AnyProtect, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\nsm1289.tmp, Quarantined, [bfe7709c2b60df573d48bdca9171d030], 
PUP.Optional.AnyProtect, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\nsm6551.tmp, Quarantined, [505688846427092dea9baddaeb17f30d], 
PUP.Optional.AnyProtect, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\nsu81D1.tmp, Quarantined, [4a5c6aa2157611259ce96522f9093dc3], 
PUP.Optional.AnyProtect, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\nsw39EF.tmp, Quarantined, [a5014dbf93f8c57193f145427a88758b], 
PUP.Optional.AnyProtect, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\nsw9A33.tmp, Quarantined, [f6b0de2ef79477bfc8bde2a52bd7619f], 
PUP.Optional.AnyProtect, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\nsxCD9D.tmp, Quarantined, [4a5cda32c6c5cc6a31547017ec169769], 
PUP.Optional.XTab.A, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ProtectService.exe, Quarantined, [a7ffff0dddae003610d85dfd2dd4b64a], 
PUP.Optional.WProtectManager.A, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ProtectWindowsManager.exe, Quarantined, [2c7a3eceb3d8a294dc577d1113f2bd43], 
PUP.Optional.AnyProtect, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\nsc1F33.tmp, Quarantined, [5b4b35d70a8139fd6d18434415ed34cc], 
PUP.Optional.NetFilter, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\nethfdrv.sys, Quarantined, [35713ad2f596033372f761cd1be6f40c], 
PUP.Optional.Amonetize, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\nethtsrv.exe, Quarantined, [367054b8a8e379bded7a791913eeb14f], 
PUP.Optional.ModGoog, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\npglobalupdateUpdate4.dll, Quarantined, [c7dfc646cebd0630172e9df1af520000], 
PUP.Optional.GoHD.A, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Zicjmwzibhmepg.exe, Quarantined, [c2e47f8dcac1d06604fc5edb3ec30bf5], 
PUP.Optional.EpicScale, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\EpicScale\18508.dat, Quarantined, [dcca53b9f69538fef159146855ac649c], 
PUP.Optional.EpicScale, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\EpicScale\32834.dat, Quarantined, [06a057b5f497b3837eccbfbdb051d927], 
PUP.Optional.EpicScale, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\EpicScale\EpicScale.exe, Quarantined, [2e78b458246774c263e71c603dc4b44c], 
PUP.Optional.EpicScale, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\EpicScale\0\EpicScale.dat, Quarantined, [05a1a9636a210c2a1b2f3f3d728ffe02], 
PUP.Optional.EpicScale, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\EpicScale\0\EpicScale.exe, Quarantined, [b9edd13b3556c5717ad099e3bc45f907], 
PUP.Optional.EpicScale, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\EpicScale\0\EpicScale64.exe, Quarantined, [b1f566a61972112572d8d5a76e93c040], 
PUP.Optional.EpicScale, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\EpicScale\0\Nova.dat, Quarantined, [4c5a1fed117a70c66cdeb9c311f033cd], 
PUP.Optional.Linkury.PrxySvrRST, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\ExtTag.exe, Quarantined, [1294be4eeba0f343e7154e761ce5bd43], 
PUP.Optional.RegistryReviver.A, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\OpenCandy\OpenCandy_30759EAB54F94C8C91CD2F29296AE10D\RegistryReviverSetup_3.0.1.144_CO2.exe, Quarantined, [396d73992b6065d1ddd76e3aa35ea55b], 
PUP.Optional.RegistryReviver.A, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\OpenCandy\OpenCandy_30759EAB54F94C8C91CD2F29296AE10D\RegistryReviverSetup_AFD_p4v1.exe, Quarantined, [5a4cdd2fd0bbd165e6cef5b3bd443bc5], 
PUP.Optional.WProtectManager.A, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\WindowsMangerProtect\ProtectWindowsManager.exe, Quarantined, [604610fcb7d44ee87eb5b9d5ba4beb15], 
PUP.Optional.ConvertAd, C:\Program Files\DC8122E2-1437418746-D543-6C80-001E8C61453C\hnsj9EF4.tmp, Quarantined, [acfa030976151f17b41481497e831ee2], 
PUP.Optional.RegCleanPro, C:\Users\Silvy\rcpsetup_23450.exe, Quarantined, [c3e367a53655082eb49a1c303ac6c33d], 
PUP.Optional.APNToolBar.A, C:\Users\Silvy\Documents\APNSetup.exe, Quarantined, [f4b29f6d0b80d165ecdb50553fc2867a], 
PUP.Optional.APNToolBar.A, C:\Users\Silvy\Documents\APNSetup1.exe, Quarantined, [9b0b0c002d5e989e3a8d9f0642bfb14f], 
PUP.Optional.Bershnet, C:\Users\Silvy\Desktop\документи\Trojan Killer 2.2.6.2 Full with Crack_10924_i34353252_il345.exe.zip, Quarantined, [abfb26e6d5b61a1c01f3dfe64cb845bb], 
PUP.Optional.Bershnet, C:\Users\Silvy\Desktop\документи\Trojan+Killer+2.2.6.2+Full+with+Crack_10924_i34353252_il345.exe.zip, Quarantined, [33734bc197f488ae7480c203b45031cf], 
PUP.Optional.Bershnet, C:\Users\Silvy\Desktop\документи\Trojan+Killer+2.2.6.2+Full+with+Crack_10924_i34353252_il345.exe\Trojan Killer 2.2.6.2 Full with Crack_10924_i34353252_il345.exe, Quarantined, [e2c4dd2fdead6fc74aaa00c5c83c6898], 
PUP.Optional.Bershnet, C:\Users\Silvy\Desktop\документи\Trojan+Killer+2.2.6.2+Full+with+Crack_10924_i34353252_il345.exe\Trojan Killer 2.2.6.2 Full with Crack_10924_i34353252_il345.exe.zip, Quarantined, [bcea2ddf35568ea8c133daebea1add23], 
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\ver.xml, Quarantined, [b7efa06ce9a2db5b406085c828db46ba], 
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\data.xml, Quarantined, [b7efa06ce9a2db5b406085c828db46ba], 
PUP.Optional.MultiPlug.A, C:\Program Files\DC8122E2-1437418746-D543-6C80-001E8C61453C\jnst84E2.tmp, Quarantined, [f9ad6f9d1972a88e03c8971aa46041bf], 
PUP.Optional.MultiPlug.A, C:\Program Files\DC8122E2-1437418746-D543-6C80-001E8C61453C\knseE147.tmp, Quarantined, [f9ad6f9d1972a88e03c8971aa46041bf], 
PUP.Optional.MultiPlug.A, C:\Program Files\DC8122E2-1437418746-D543-6C80-001E8C61453C\rnsm74B1.exe, Quarantined, [f9ad6f9d1972a88e03c8971aa46041bf], 
PUP.Optional.MultiPlug.A, C:\Program Files\DC8122E2-1437418746-D543-6C80-001E8C61453C\Uninstall.exe, Quarantined, [f9ad6f9d1972a88e03c8971aa46041bf], 
PUP.Optional.MultiPlug.A, C:\Program Files\DC8122E2-1437418746-D543-6C80-001E8C61453C\vnsr4DE3.tmp, Quarantined, [f9ad6f9d1972a88e03c8971aa46041bf], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стъпка 3

Emsisoft Emergency Kit - Version 10.0
Last update: 25.8.2015 г. 16:04:58
User account: Silvy-PC\Silvy
 
Scan settings:
 
Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, I:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 25.8.2015 г. 16:34:07
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} detected: Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E} detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SU detected: Application.Toolbar (A)
Value: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
C:\AdwCleaner\Quarantine\C\ProgramData\ExtTag\ExtTag.exe.vir detected: Application.Win32.AdLink (A)
C:\AdwCleaner\Quarantine\C\Users\Silvy\AppData\Local\DC8122E2-1437429623-D543-6C80-001E8C61453C\onss80EA.tmp.vir detected: Gen:Variant.Adware.Symmi.53460 (B)
C:\AdwCleaner\Quarantine\C\Users\Silvy\AppData\Local\DC8122E2-1437429623-D543-6C80-001E8C61453C\rnss80E9.exe.vir detected: Gen:Variant.Adware.Mikey.19982 (B)
C:\AdwCleaner\Quarantine\C\Users\Silvy\AppData\Local\DC8122E2-1437429623-D543-6C80-001E8C61453C\snss80E8.tmp.vir detected: Trojan.GenericKD.2512006 (B)
C:\AdwCleaner\Quarantine\C\Windows\system32\hfnapi.dll.vir detected: Gen:Variant.Adware.Netfilter.2 (B)
C:\AdwCleaner\Quarantine\C\Users\Silvy\AppData\Local\pay-by-ads\Yahoo! Search\1.3.26.12\dsrsetup.exe.vir detected: Gen:Variant.Application.Strictor.64185 (B)
C:\AdwCleaner\Quarantine\C\Windows\system32\hfpapi.dll.vir detected: Gen:Variant.Adware.Netfilter.2 (B)
C:\AdwCleaner\Quarantine\C\Windows\system32\installd.exe.vir detected: Gen:Variant.Adware.Netfilter.2 (B)
C:\AdwCleaner\Quarantine\C\Windows\system32\netupdsrv.exe.vir detected: Gen:Variant.Adware.Netfilter.2 (B)
C:\FRST\Quarantine\C\Users\Silvy\AppData\Local\{11A54DED-6E3E-4122-BAED-0BFB8C5C73A9}\OffersWizard.exe detected: Gen:Variant.Zusy.149774 (B)
C:\FRST\Quarantine\C\Users\Silvy\AppData\Local\{D36E4BCB-B3F0-4A5F-94C7-5B1EC70470A2}\OffersWizard.exe detected: Gen:Variant.Zusy.149774 (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\1fixcpa3.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Crossbrowse.DIR\Crossbrowse\Application\39.6.2171.95\Installer\setup.exe detected: Application.Win32.AdBrowse (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Crossbrowse.DIR\Crossbrowse\Application\39.6.2171.95\Installer\chrmstp.exe detected: Application.Win32.AdBrowse (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Crossbrowse.DIR\Crossbrowse\Application\39.6.2171.95\delegate_execute.exe detected: Application.Win32.AdBrowse (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Crossbrowse.DIR\Crossbrowse\Application\39.6.2171.95\nacl64.exe detected: Application.Win32.AdBrowse (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Crossbrowse.DIR\Crossbrowse\Application\utility.exe detected: Adware.Crossrider.EJ (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\1fixcpa3.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\34mtzcvd.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\gioae22v.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\irsxecsu.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\mxyybgvn.exe detected: Application.Win32.AdLink (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\oxxgvhhm.dll detected: Adware.Mplug.LR (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\uninstall.exe detected: Application.Win32.AdLink (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\wt2nwsbg.exe detected: Adware.Smartbar.AD (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\uq5ks3ec.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\vytoem4m.dll detected: Adware.Mplug.LR (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\zx323pzc.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\y4gdgm52.dll detected: Adware.Smartbar.AD (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\BrowerWatchFF.dll detected: Application.SearchProtect.CU (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\BrowerWatchCH.dll detected: Application.SearchProtect.CU (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\CmdShell.exe detected: Application.SearchProtect.CU (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\BrowserAction.dll detected: Adware.Agent.PUE (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\ffsearch_toolbar!1.0.0.1031.xpi detected: Application.Win32.InstallTool (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\HPNotify.exe detected: Application.SearchProtect.CU (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\IeWatchDog.dll detected: Application.SearchProtect.CU (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\SupTab_Bak.dll detected: Application.Win32.AdTab (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\mxyybgvn.exe detected: Application.Win32.AdLink (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Pay-By-Ads.DIR\Yahoo! Search\1.3.26.12\hlpr64.exe detected: Application.InstallTool (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Pay-By-Ads.DIR\Yahoo! Search\1.3.26.12\dsrsetup.exe detected: Gen:Variant.Application.Strictor.64185 (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Pay-By-Ads.DIR\Yahoo! Search\1.3.26.12\kmfolnnb.dll detected: Gen:Variant.Mikey.18740 (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\PriceFountain\UpdateProc\UpdateTask.exe detected: Adware.Generic.1255287 (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\SupTab.dll detected: Application.SearchProtect.CU (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\{5663c04f-f294-4115-9114-b62be60538cb}Gw.sys detected: Adware.BrowseFox.V (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw.sys detected: Adware.BrowseFox.V (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\{92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw.sys detected: Adware.BrowseFox.V (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\{b2b1c7de-2b5f-4688-b5b1-33172b6705e7}Gw.sys detected: Adware.BrowseFox.V (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Pay-By-Ads.DIR\Yahoo! Search\1.3.26.12\hdRi5bkk.dll detected: Gen:Variant.Mikey.17861 (B)
C:\Users\Silvy\pc-wizard_2013.2.12-setup.exe detected: Application.Win32.AdProtect (A)
C:\Windows.old\Program Files\Gophoto.it\gophotoit11.crx -> js/zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\ggagiiobgjmfpdadhecbofeoelcpidec\10.26.4.512_0\APISupport\APISupport.dll detected: Application.Toolbar (A)
C:\Windows.old\Users\Home\Downloads\123\Windows 7 Loader eXtreme Edition v3.503\w7lxe.exe detected: Riskware.Win32.Hacktool (A)
D:\all D\Pictures\глобул мув\download\App.apk -> assets/config.xml detected: Android.Trojan.FakeInst.EL (B)
D:\all D\Pictures\глобул мув\download\GTA_Vice_City.apk -> assets/config.xml detected: Android.Trojan.FakeInst.HA (B)
 
Scanned 224979
Found 69
 
Scan end: 25.8.2015 г. 17:29:15
Scan time: 0:55:08

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

В адресната лента на Windows Explorer въведете => C:\Programdata\HitmanPro\Logs => натиснете Enter

Сега вече качете лог файла на следния адрес => http://dox.abv.bg/files/share и публикувайте линка за изтегляне в следващия си коментар.

Благодаря! ;)

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Почти сме готови.

 

 

Сега изтеглете KKdS6sj.pngfixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

 

Не забравяйте да публикувате лог файла и от последната програма - EmsisoftEmergencyKit. Има леки промени в инструкциите ми относно сканирането с нея. Моля вижте ги. Тъй като няма Full Scan в новата версия на инструмента ще се наложи да изберете Custom Scan и да изберете само дял C:\ като премахнете останалите дялове от списъка.

 

Поздрави! ;)

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
Emsisoft Emergency Kit - Version 10.0
Last update: 25.8.2015 г. 16:04:58
User account: Silvy-PC\Silvy
 
Scan settings:
 
Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 26.8.2015 г. 08:02:10
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} detected: Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} detected: Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E} detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SU detected: Application.Toolbar (A)
Value: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
C:\AdwCleaner\Quarantine\C\ProgramData\ExtTag\ExtTag.exe.vir detected: Application.Win32.AdLink (A)
C:\AdwCleaner\Quarantine\C\Users\Silvy\AppData\Local\DC8122E2-1437429623-D543-6C80-001E8C61453C\onss80EA.tmp.vir detected: Gen:Variant.Adware.Symmi.53460 (B)
C:\AdwCleaner\Quarantine\C\Users\Silvy\AppData\Local\DC8122E2-1437429623-D543-6C80-001E8C61453C\rnss80E9.exe.vir detected: Gen:Variant.Adware.Mikey.19982 (B)
C:\AdwCleaner\Quarantine\C\Users\Silvy\AppData\Local\DC8122E2-1437429623-D543-6C80-001E8C61453C\snss80E8.tmp.vir detected: Trojan.GenericKD.2512006 (B)
C:\AdwCleaner\Quarantine\C\Windows\system32\hfnapi.dll.vir detected: Gen:Variant.Adware.Netfilter.2 (B)
C:\AdwCleaner\Quarantine\C\Windows\system32\installd.exe.vir detected: Gen:Variant.Adware.Netfilter.2 (B)
C:\AdwCleaner\Quarantine\C\Users\Silvy\AppData\Local\pay-by-ads\Yahoo! Search\1.3.26.12\dsrsetup.exe.vir detected: Gen:Variant.Application.Strictor.64185 (B)
C:\AdwCleaner\Quarantine\C\Windows\system32\hfpapi.dll.vir detected: Gen:Variant.Adware.Netfilter.2 (B)
C:\AdwCleaner\Quarantine\C\Windows\system32\netupdsrv.exe.vir detected: Gen:Variant.Adware.Netfilter.2 (B)
C:\FRST\Quarantine\C\Users\Silvy\AppData\Local\{11A54DED-6E3E-4122-BAED-0BFB8C5C73A9}\OffersWizard.exe detected: Gen:Variant.Zusy.149774 (B)
C:\FRST\Quarantine\C\Users\Silvy\AppData\Local\{D36E4BCB-B3F0-4A5F-94C7-5B1EC70470A2}\OffersWizard.exe detected: Gen:Variant.Zusy.149774 (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\1fixcpa3.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Crossbrowse.DIR\Crossbrowse\Application\39.6.2171.95\Installer\chrmstp.exe detected: Application.Win32.AdBrowse (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Crossbrowse.DIR\Crossbrowse\Application\39.6.2171.95\Installer\setup.exe detected: Application.Win32.AdBrowse (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Crossbrowse.DIR\Crossbrowse\Application\39.6.2171.95\delegate_execute.exe detected: Application.Win32.AdBrowse (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Crossbrowse.DIR\Crossbrowse\Application\39.6.2171.95\nacl64.exe detected: Application.Win32.AdBrowse (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Crossbrowse.DIR\Crossbrowse\Application\utility.exe detected: Adware.Crossrider.EJ (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\1fixcpa3.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\34mtzcvd.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\gioae22v.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\mxyybgvn.exe detected: Application.Win32.AdLink (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\irsxecsu.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\oxxgvhhm.dll detected: Adware.Mplug.LR (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\uq5ks3ec.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\uninstall.exe detected: Application.Win32.AdLink (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\vytoem4m.dll detected: Adware.Mplug.LR (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\wt2nwsbg.exe detected: Adware.Smartbar.AD (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\y4gdgm52.dll detected: Adware.Smartbar.AD (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\zx323pzc.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\BrowerWatchFF.dll detected: Application.SearchProtect.CU (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\CmdShell.exe detected: Application.SearchProtect.CU (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\BrowerWatchCH.dll detected: Application.SearchProtect.CU (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\BrowserAction.dll detected: Adware.Agent.PUE (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\HPNotify.exe detected: Application.SearchProtect.CU (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\ffsearch_toolbar!1.0.0.1031.xpi detected: Application.Win32.InstallTool (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\IeWatchDog.dll detected: Application.SearchProtect.CU (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\SupTab_Bak.dll detected: Application.Win32.AdTab (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\mxyybgvn.exe detected: Application.Win32.AdLink (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Pay-By-Ads.DIR\Yahoo! Search\1.3.26.12\hdRi5bkk.dll detected: Gen:Variant.Mikey.17861 (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Pay-By-Ads.DIR\Yahoo! Search\1.3.26.12\dsrsetup.exe detected: Gen:Variant.Application.Strictor.64185 (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Pay-By-Ads.DIR\Yahoo! Search\1.3.26.12\hlpr64.exe detected: Application.InstallTool (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Pay-By-Ads.DIR\Yahoo! Search\1.3.26.12\kmfolnnb.dll detected: Gen:Variant.Mikey.18740 (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\PriceFountain\UpdateProc\UpdateTask.exe detected: Adware.Generic.1255287 (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\SupTab.dll detected: Application.SearchProtect.CU (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\{92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw.sys detected: Adware.BrowseFox.V (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\{5663c04f-f294-4115-9114-b62be60538cb}Gw.sys detected: Adware.BrowseFox.V (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw.sys detected: Adware.BrowseFox.V (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\{b2b1c7de-2b5f-4688-b5b1-33172b6705e7}Gw.sys detected: Adware.BrowseFox.V (B)
C:\Users\Silvy\pc-wizard_2013.2.12-setup.exe detected: Application.Win32.AdProtect (A)
C:\Windows.old\Program Files\Gophoto.it\gophotoit11.crx -> js/zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\ggagiiobgjmfpdadhecbofeoelcpidec\10.26.4.512_0\APISupport\APISupport.dll detected: Application.Toolbar (A)
C:\Windows.old\Users\Home\Downloads\123\Windows 7 Loader eXtreme Edition v3.503\w7lxe.exe detected: Riskware.Win32.Hacktool (A)
 
Scanned 217068
Found 70
 
Scan end: 26.8.2015 г. 09:13:21
Scan time: 1:11:11

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Моля първо изпълнете скрипта за FRST от предишния ми коментар и след това повторете проверката с Emsisoft, защото предполагам, че след почистването с FRST лог файла на Emsisoft ще изглежда значително по-добре.

 

Т.е. изпълнете скрипта за FRST и публикувайте Fixlog.txt и след това направете нова проверка и публикувайте новия лог от Emsisoft и след това ще ви дам финално съвети и приключваме.

 

 

Поздрави!

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Почти сме готови.

 

 

Сега изтеглете KKdS6sj.pngfixlist.txt и го запазете в папката от която стартирахте FRST.exe.

Стартирайте FRST.exe и натиснете бутона Fix веднъж!

След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

 

Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

 

Не забравяйте да публикувате лог файла и от последната програма - EmsisoftEmergencyKit. Има леки промени в инструкциите ми относно сканирането с нея. Моля вижте ги. Тъй като няма Full Scan в новата версия на инструмента ще се наложи да изберете Custom Scan и да изберете само дял C:\ като премахнете останалите дялове от списъка.

 

Поздрави! ;)

Fix result of Farbar Recovery Scan Tool (x86) Version:25-08-2015 02
Ran by Silvy (2015-08-26 11:17:03) Run:2
Running from C:\FRST
Loaded Profiles: Silvy (Available Profiles: Silvy)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}
DeleteKey: HKLM\SOFTWARE\Microsoft\Tracing\dchecker_RASAPI32
DeleteKey: HKLM\SOFTWARE\Microsoft\Tracing\dchecker_RASMANCS
DeleteKey: HKLM\SOFTWARE\Microsoft\Tracing\updateCouponTime_RASAPI32
DeleteKey: HKLM\SOFTWARE\Microsoft\Tracing\updateCouponTime_RASMANCS
DeleteKey: HKLM\SOFTWARE\Microsoft\Tracing\utilCouponTime_RASAPI32
DeleteKey: HKLM\SOFTWARE\Microsoft\Tracing\utilCouponTime_RASMANCS
DeleteKey: HKLM\SOFTWARE\Reg\Clean
DeleteKey: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
DeleteKey: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
DeleteKey: HKU\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
DeleteKey: HKU\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Reg\Clean
end
*****************
 
HKLM\SOFTWARE\Classes\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E} => key not found. 
HKLM\SOFTWARE\Microsoft\Tracing\dchecker_RASAPI32 => key not found. 
HKLM\SOFTWARE\Microsoft\Tracing\dchecker_RASMANCS => key not found. 
HKLM\SOFTWARE\Microsoft\Tracing\updateCouponTime_RASAPI32 => key not found. 
HKLM\SOFTWARE\Microsoft\Tracing\updateCouponTime_RASMANCS => key not found. 
HKLM\SOFTWARE\Microsoft\Tracing\utilCouponTime_RASAPI32 => key not found. 
HKLM\SOFTWARE\Microsoft\Tracing\utilCouponTime_RASMANCS => key not found. 
HKLM\SOFTWARE\Reg\Clean => key not found. 
HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_ => key not found. 
HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_ => key not found. 
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} => key not found. 
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Reg\Clean => key not found. 
 
==== End of Fixlog 11:17:32 ====

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от Rada Beliata
      Здравейте, 
      Все още не съм успяла да си купя нов комп. С мъж-о ползваме неговия, преди няколко дена като пътувахме и ползвахме различен доставчик чрез телефон за връзка с мобилен  интернет изведнъж при отваряне на ИЕ (IE) вместо гугъл се появи Vivakom . Не можах по никакъв начин да го махна. Сега пи всеки опит да отворя Интернет Експлоер ми се появява страница на Виваком( не ползваме този доставчик на услуги нито като телефони , нито като домашен Интернет) . Нямам и идея от къде се настани и защо не успявам да го махна. Изтеглих  instrumenta Malwаrebytes , нищо не показа, после изтеглих и AdwCleaner , но и след тези ми действия това нахално "нещо" стои . Явно аз не съм в час какво трябва да направя. Моля за помощта ви и предварително благодаря!
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.09.2018
      Ran by User (administrator) on USER-PC (28-09-2018 22:57:32)
      Running from C:\Users\User\Downloads
      Loaded Profiles: User (Available Profiles: User)
      Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
      Internet Explorer Version 11 (Default browser: IE)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
      (AMD) C:\Windows\System32\atiesrxx.exe
      (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
      (AMD) C:\Windows\System32\atieclxx.exe
      (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
      (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
      (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
      (VoipConnect) C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe
      (Viber Media S.à r.l.) C:\Users\User\AppData\Local\Viber\Viber.exe
      () C:\ProgramData\MobileBrServ\mbbService.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (© 2015 Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      (Intel Corporation) C:\Windows\System32\igfxEM.exe
      (Intel Corporation) C:\Windows\System32\igfxHK.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
      (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
      (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
      (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
      (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
      (Microsoft Corporation) C:\Windows\System32\mspaint.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
      HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-12-05] (IDT, Inc.)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2795248 2013-10-25] (Synaptics Incorporated)
      HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
      HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
      HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
      HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
      HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-05-18] (Advanced Micro Devices, Inc.)
      HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company)
      HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832 2013-11-01] (IVT Corporation)
      Winlogon\Notify\igfxcui: igfxdev.dll [X]
      HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\...\Run: [*LABAL*] => [X]
      HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\...\Run: [VoipConnect] => C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe [36547168 2016-05-14] (VoipConnect)
      HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\...\Run: [Viber] => C:\Users\User\AppData\Local\Viber\Viber.exe [35790408 2018-09-17] (Viber Media S.à r.l.)
      HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\...\Run: [BingSvc] => C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
      HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [50100160 2018-03-02] (Skype Technologies S.A.)
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{4F635613-A958-44D2-ABE6-D3CC1A3DABC3}: [DhcpNameServer] 192.168.8.1 192.168.8.1
      Tcpip\..\Interfaces\{7019DF92-BFEA-4C0F-A4AA-C467798353EB}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
      HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      DPF: HKLM-x32 {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://online.bulbank.bg/capicom.cab
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
      FireFox:
      ========
      FF DefaultProfile: aewkzmml.default
      FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\aewkzmml.default [2018-03-10]
      FF NetworkProxy: Mozilla\Firefox\Profiles\aewkzmml.default -> autoconfig_url", "hxxp://aiidatapro.net/proxy2.js"
      FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] [Legacy]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-14] ()
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-14] ()
      FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
      Chrome: 
      =======
      CHR DefaultProfile: Default
      CHR HomePage: Default -> msn.com
      CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
      CHR DefaultSearchKeyword: Default -> bing.com
      CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
      CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2018-09-28]
      CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
      CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
      CHR Extension: (Skype Calling) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-09-06]
      CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
      CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
      CHR Extension: (Bing) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2018-09-28]
      CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
      CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-09-19]
      CHR Extension: (Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-03]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
      CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
      CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-19]
      CHR HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
      R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
      R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1706744 2013-11-01] (IVT Corporation)
      R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-11-01] (IVT Corporation)
      R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
      R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
      S2 JWC; C:\Jeppesen\JWC\JWC.exe [658016 2014-10-06] (Jeppesen)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
      R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242256 2014-08-20] ()
      R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
      R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
      R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2013-12-05] (IDT, Inc.) [File not signed]
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [35936 2013-04-10] (Advanced Micro Devices, Inc.)
      S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [33968 2012-12-19] (IVT Corporation)
      S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [33968 2012-12-19] (IVT Corporation)
      R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
      R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)
      R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
      R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-25] (Disc Soft Ltd)
      R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)
      R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [200232 2018-09-27] (Malwarebytes)
      R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [118584 2018-09-28] (Malwarebytes)
      R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [58400 2018-09-28] (Malwarebytes)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260384 2018-09-28] (Malwarebytes)
      R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [100664 2018-09-28] (Malwarebytes)
      R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
      R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
      R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.)
      R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
      R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
      S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [444632 2013-09-26] (Realsil Semiconductor Corporation)
      R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-25] (Synaptics Incorporated)
      S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
      S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
      S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
      S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
      S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
      S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
      S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
      S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
      S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-09-28 22:57 - 2018-09-28 22:59 - 000019536 _____ C:\Users\User\Downloads\FRST.txt
      2018-09-28 22:57 - 2018-09-28 22:57 - 000000000 ____D C:\FRST
      2018-09-28 22:56 - 2018-09-28 22:56 - 002414080 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
      2018-09-28 22:38 - 2018-09-28 22:38 - 000118584 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
      2018-09-28 22:38 - 2018-09-28 22:38 - 000100664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
      2018-09-28 22:38 - 2018-09-28 22:38 - 000058400 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2018-09-28 22:35 - 2018-09-28 22:35 - 000260384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2018-09-28 22:27 - 2018-09-28 22:29 - 000000000 ____D C:\AdwCleaner
      2018-09-28 22:27 - 2018-09-28 22:27 - 007592144 _____ (Malwarebytes) C:\Users\User\Downloads\adwcleaner_7.2.4.0.exe
      2018-09-27 23:44 - 2018-09-27 23:44 - 000200232 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2018-09-27 23:44 - 2018-09-27 23:44 - 000000000 ____D C:\Users\User\AppData\Local\mbamtray
      2018-09-27 23:44 - 2018-09-27 23:44 - 000000000 ____D C:\Users\User\AppData\Local\mbam
      2018-09-27 23:43 - 2018-09-27 23:43 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2018-09-27 23:43 - 2018-09-27 23:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2018-09-27 23:43 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
      2018-09-27 23:42 - 2018-09-27 23:43 - 080334792 _____ (Malwarebytes ) C:\Users\User\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.463-1.0.6985.exe
      2018-09-27 17:21 - 2018-09-27 17:21 - 000515494 _____ C:\Users\User\Downloads\20180621_BEG_Vacation Regulation for BEG FCM & CCM.pdf
      2018-09-27 11:00 - 2018-09-27 11:01 - 000656891 _____ C:\Users\User\Documents\viewtickets.pdf
      2018-09-26 13:36 - 2018-09-26 13:37 - 000000000 ____D C:\Users\User\AppData\Local\Viber
      2018-09-16 10:51 - 2018-09-16 10:51 - 000022032 _____ C:\Users\User\Desktop\molba-za-napuskane-na-rabota-na-osnovanie-chl325-t1-ot-kt.pdf
      2018-09-14 22:21 - 2018-09-14 22:21 - 000018446 _____ C:\Users\User\Downloads\Новата такса + нов фонд ремонт.xlsx
      2018-09-14 22:19 - 2018-09-14 22:19 - 000018453 _____ C:\Users\User\Downloads\Новата такса.xlsx
      2018-09-12 18:35 - 2018-08-31 18:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
      2018-09-12 18:35 - 2018-08-31 18:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
      2018-09-12 18:35 - 2018-08-30 04:47 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
      2018-09-12 18:35 - 2018-08-30 04:10 - 001424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
      2018-09-12 18:35 - 2018-08-28 08:50 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
      2018-09-12 18:35 - 2018-08-24 22:47 - 000398424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2018-09-12 18:35 - 2018-08-24 21:47 - 000350296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
      2018-09-12 18:35 - 2018-08-24 02:05 - 025736704 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2018-09-12 18:35 - 2018-08-24 01:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2018-09-12 18:35 - 2018-08-24 01:56 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2018-09-12 18:35 - 2018-08-24 01:45 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2018-09-12 18:35 - 2018-08-24 01:44 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2018-09-12 18:35 - 2018-08-24 01:43 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2018-09-12 18:35 - 2018-08-24 01:43 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2018-09-12 18:35 - 2018-08-24 01:43 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2018-09-12 18:35 - 2018-08-24 01:43 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2018-09-12 18:35 - 2018-08-24 01:37 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2018-09-12 18:35 - 2018-08-24 01:36 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2018-09-12 18:35 - 2018-08-24 01:34 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2018-09-12 18:35 - 2018-08-24 01:34 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2018-09-12 18:35 - 2018-08-24 01:33 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2018-09-12 18:35 - 2018-08-24 01:33 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2018-09-12 18:35 - 2018-08-24 01:33 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2018-09-12 18:35 - 2018-08-24 01:33 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2018-09-12 18:35 - 2018-08-24 01:27 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2018-09-12 18:35 - 2018-08-24 01:24 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2018-09-12 18:35 - 2018-08-24 01:19 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2018-09-12 18:35 - 2018-08-24 01:18 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2018-09-12 18:35 - 2018-08-24 01:17 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2018-09-12 18:35 - 2018-08-24 01:15 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2018-09-12 18:35 - 2018-08-24 01:15 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2018-09-12 18:35 - 2018-08-24 01:13 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2018-09-12 18:35 - 2018-08-24 01:12 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2018-09-12 18:35 - 2018-08-24 01:03 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2018-09-12 18:35 - 2018-08-24 01:01 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2018-09-12 18:35 - 2018-08-24 01:01 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2018-09-12 18:35 - 2018-08-24 01:00 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2018-09-12 18:35 - 2018-08-24 00:59 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2018-09-12 18:35 - 2018-08-24 00:59 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2018-09-12 18:35 - 2018-08-24 00:52 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2018-09-12 18:35 - 2018-08-24 00:40 - 001555456 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2018-09-12 18:35 - 2018-08-24 00:28 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2018-09-12 18:35 - 2018-08-24 00:27 - 020279296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
      2018-09-12 18:35 - 2018-08-24 00:25 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
      2018-09-12 18:35 - 2018-08-24 00:15 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
      2018-09-12 18:35 - 2018-08-24 00:14 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
      2018-09-12 18:35 - 2018-08-24 00:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
      2018-09-12 18:35 - 2018-08-24 00:14 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
      2018-09-12 18:35 - 2018-08-24 00:13 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
      2018-09-12 18:35 - 2018-08-24 00:12 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
      2018-09-12 18:35 - 2018-08-24 00:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
      2018-09-12 18:35 - 2018-08-24 00:09 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
      2018-09-12 18:35 - 2018-08-24 00:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
      2018-09-12 18:35 - 2018-08-24 00:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
      2018-09-12 18:35 - 2018-08-24 00:06 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
      2018-09-12 18:35 - 2018-08-24 00:06 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
      2018-09-12 18:35 - 2018-08-24 00:00 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
      2018-09-12 18:35 - 2018-08-23 23:56 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
      2018-09-12 18:35 - 2018-08-23 23:56 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
      2018-09-12 18:35 - 2018-08-23 23:55 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
      2018-09-12 18:35 - 2018-08-23 23:54 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
      2018-09-12 18:35 - 2018-08-23 23:53 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
      2018-09-12 18:35 - 2018-08-23 23:52 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
      2018-09-12 18:35 - 2018-08-23 23:51 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
      2018-09-12 18:35 - 2018-08-23 23:51 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
      2018-09-12 18:35 - 2018-08-23 23:48 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
      2018-09-12 18:35 - 2018-08-23 23:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
      2018-09-12 18:35 - 2018-08-23 23:44 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
      2018-09-12 18:35 - 2018-08-23 23:44 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
      2018-09-12 18:35 - 2018-08-23 23:44 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
      2018-09-12 18:35 - 2018-08-23 23:30 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
      2018-09-12 18:35 - 2018-08-23 23:27 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
      2018-09-12 18:35 - 2018-08-23 23:24 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 001888768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
      2018-09-12 18:35 - 2018-08-13 18:53 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
      2018-09-12 18:35 - 2018-08-13 18:53 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
      2018-09-12 18:35 - 2018-08-13 18:41 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 001241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
      2018-09-12 18:35 - 2018-08-12 23:32 - 000378464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
      2018-09-12 18:35 - 2018-08-12 23:31 - 001894496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
      2018-09-12 18:35 - 2018-08-12 23:31 - 000289376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
      2018-09-12 18:35 - 2018-08-12 23:28 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
      2018-09-12 18:35 - 2018-08-12 23:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
      2018-09-12 18:35 - 2018-08-10 18:59 - 005552816 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2018-09-12 18:35 - 2018-08-10 18:59 - 000154800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
      2018-09-12 18:35 - 2018-08-10 18:58 - 000385120 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
      2018-09-12 18:35 - 2018-08-10 18:58 - 000263776 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
      2018-09-12 18:35 - 2018-08-10 18:58 - 000096864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
      2018-09-12 18:35 - 2018-08-10 18:57 - 000708272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
      2018-09-12 18:35 - 2018-08-10 18:57 - 000631624 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
      2018-09-12 18:35 - 2018-08-10 18:56 - 001664296 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
      2018-09-12 18:35 - 2018-08-10 18:45 - 000309424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
      2018-09-12 18:35 - 2018-08-10 18:44 - 003961440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
      2018-09-12 18:35 - 2018-08-10 18:42 - 001315512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
      2018-09-12 18:35 - 2018-08-10 18:39 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
      2018-09-12 18:35 - 2018-08-10 18:27 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
      2018-09-12 18:35 - 2018-08-10 18:22 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
      2018-09-12 18:35 - 2018-08-10 18:22 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
      2018-09-12 18:35 - 2018-08-10 18:22 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
      2018-09-12 18:35 - 2018-08-10 18:21 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
      2018-09-12 18:35 - 2018-08-10 18:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
      2018-09-12 18:35 - 2018-08-10 18:17 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
      2018-09-12 18:35 - 2018-08-10 18:17 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
      2018-09-12 18:35 - 2018-08-10 18:17 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
      2018-09-12 18:35 - 2018-08-10 18:15 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
      2018-09-12 18:35 - 2018-08-10 18:13 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
      2018-09-12 18:35 - 2018-08-10 18:13 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
      2018-09-12 18:35 - 2018-08-10 18:13 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
      2018-09-12 18:35 - 2018-08-10 18:13 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
      2018-09-12 18:35 - 2018-08-10 18:12 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
      2018-09-12 18:35 - 2018-08-10 18:12 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
      2018-09-12 18:35 - 2018-08-10 18:12 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
      2018-09-12 18:35 - 2018-08-10 18:12 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
      2018-09-12 18:35 - 2018-08-10 18:12 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
      2018-09-12 18:35 - 2018-08-10 18:12 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
      2018-09-12 18:35 - 2018-08-10 18:10 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
      2018-09-12 18:35 - 2018-08-10 18:10 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
      2018-09-12 18:35 - 2018-08-10 18:10 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
      2018-09-12 18:35 - 2018-08-10 18:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
      2018-09-12 18:35 - 2018-08-10 18:09 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
      2018-09-12 18:35 - 2018-08-10 18:09 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
      2018-09-12 18:35 - 2018-07-29 18:55 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
      2018-09-12 18:35 - 2018-07-18 18:18 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
      2018-09-12 18:35 - 2018-06-27 16:20 - 000419648 _____ C:\Windows\SysWOW64\locale.nls
      2018-09-12 18:35 - 2018-06-27 16:19 - 000419648 _____ C:\Windows\system32\locale.nls
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-09-28 22:44 - 2009-07-14 07:45 - 000031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-09-28 22:44 - 2009-07-14 07:45 - 000031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-09-28 22:35 - 2016-08-05 16:18 - 000003620 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
      2018-09-28 22:34 - 2013-11-20 10:44 - 000001077 _____ C:\Windows\SysWOW64\bscs.ini
      2018-09-28 22:32 - 2016-08-05 16:18 - 000000061 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI
      2018-09-28 22:31 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-09-28 13:43 - 2016-08-05 16:20 - 000000713 _____ C:\Windows\SysWOW64\REMOTEDEVICE.INI
      2018-09-28 12:07 - 2009-07-14 08:13 - 000783606 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-09-28 12:07 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
      2018-09-27 23:43 - 2014-12-09 01:10 - 000000000 ____D C:\ProgramData\Malwarebytes
      2018-09-27 23:33 - 2017-06-11 18:30 - 000000000 ____D C:\Users\User\Documents\ViberDownloads
      2018-09-27 10:07 - 2017-06-11 18:28 - 000000000 ____D C:\Users\User\AppData\Roaming\ViberPC
      2018-09-26 17:00 - 2016-08-05 16:22 - 000000680 _____ C:\Windows\SysWOW64\SHORTCUT.INI
      2018-09-26 13:44 - 2014-12-30 12:03 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
      2018-09-26 13:42 - 2017-03-06 15:12 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2018-09-19 18:08 - 2014-12-09 00:49 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-09-19 18:08 - 2014-12-09 00:49 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-09-16 10:47 - 2016-10-20 11:15 - 000000000 ____D C:\Program Files (x86)\TeamViewer
      2018-09-14 20:15 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\rescache
      2018-09-14 18:44 - 2018-03-13 14:57 - 000004458 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
      2018-09-14 18:44 - 2014-08-21 19:10 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2018-09-14 18:44 - 2014-08-21 19:10 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2018-09-14 18:44 - 2014-08-21 19:10 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2018-09-14 18:44 - 2014-08-21 19:10 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2018-09-14 18:44 - 2014-08-21 19:10 - 000000000 ____D C:\Windows\system32\Macromed
      2018-09-14 17:41 - 2014-08-18 17:35 - 000110008 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
      2018-09-14 17:38 - 2009-07-14 07:45 - 000410984 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-09-12 23:27 - 2014-08-18 19:28 - 000000000 ____D C:\Windows\system32\MRT
      2018-09-12 23:23 - 2014-08-18 19:28 - 139184408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
      2018-09-12 23:20 - 2014-08-18 17:35 - 000767916 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
      2018-09-01 11:30 - 2018-03-31 21:36 - 000000000 ____D C:\Users\User\Desktop\Flying Book R.I
      ==================== Files in the root of some directories =======
      2016-05-14 21:19 - 2016-05-14 21:19 - 000000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
      2017-07-13 23:04 - 2017-07-13 23:04 - 000000000 _____ () C:\Users\User\AppData\Local\{08496EBD-3675-4FFD-9190-C60ED46C2602}
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-09-26 14:18
      ==================== End of FRST.txt ============================
       
      Addition.txt

    • от rvp
      здравейте,
       
      Проблема е че след рестарт или изключване процесът отива на 100% и трябва да го спирам ръчно. ето логовете:
       
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.09.2018 03
      Ran by kpacko (administrator) on KPACKO-MOBILEPC (07-09-2018 10:02:30)
      Running from C:\Users\kpacko\Desktop
      Loaded Profiles: kpacko (Available Profiles: kpacko)
      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (Microsoft Corporation) C:\Windows\System32\wlanext.exe
      (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
      (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
      (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
      () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
      (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
      (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
      (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
      () C:\Users\kpacko\AppData\Roaming\WinRAR\Precomp\precomp.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
      HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
      HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] ()
      HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-07-06] (Apple Inc.)
      HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
      HKU\S-1-5-21-2772379611-2548023608-3356451699-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
      IFEO\LogTransport2.exe: [Debugger] 0
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows.vbs [2018-02-26] ()
      GroupPolicy: Restriction ? <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{EDC66EE9-FC63-456B-9263-6FA1362BFECA}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{F056F4A9-7DE8-4608-90FE-D6F4B68785AC}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-2772379611-2548023608-3356451699-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:NewsFeed
      FireFox:
      ========
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
      Chrome: 
      =======
      CHR NewTab: Default ->  Active:"chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
      CHR Session Restore: Default -> is enabled.
      CHR Profile: C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default [2018-09-07]
      CHR Extension: (Презентации) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
      CHR Extension: (Документи) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
      CHR Extension: (Google Диск) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-15]
      CHR Extension: (Auto Copy) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bijpdibkloghppkbmhcklkogpjaenfkg [2018-01-11]
      CHR Extension: (YouTube) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-15]
      CHR Extension: (Forecastfox (fix version)) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\boljdehmejbffnfiiicckjhafabdepnd [2018-08-05]
      CHR Extension: (uBlock Origin) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-08-27]
      CHR Extension: (Таблици) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
      CHR Extension: (Google Документи офлайн) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
      CHR Extension: (Speed Dial 2 Нов раздел) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2018-03-28]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
      CHR Extension: (Gmail) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-15]
      CHR Extension: (Chrome Media Router) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-07]
      CHR Profile: C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\System Profile [2018-04-26]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
      R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc.)
      S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-04-04] ()
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-08-13] (TeamViewer GmbH)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-07-17] (Microsoft Corporation)
      R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-04-04] (Intel® Corporation)
      R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
      R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 CisUtMonitor; C:\Windows\System32\DRIVERS\CisUtMonitor.sys [54192 2017-07-04] (CrystalIdea Software)
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2017-09-16] (DT Soft Ltd)
      R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-12-11] (Intel Corporation)
      R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [59240 2018-03-16] (NVIDIA Corporation)
      U4 AdobeARMservice; no ImagePath
      U3 SwitchBoard; no ImagePath
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-09-07 10:02 - 2018-09-07 10:03 - 000009284 _____ C:\Users\kpacko\Desktop\FRST.txt
      2018-09-07 10:02 - 2018-09-07 10:02 - 000000000 ____D C:\FRST
      2018-09-07 10:01 - 2018-09-07 10:01 - 002413056 _____ (Farbar) C:\Users\kpacko\Desktop\FRST64.exe
      2018-09-06 22:25 - 2018-09-06 13:48 - 000083968 _____ C:\Users\kpacko\Desktop\Working_Schedule_01-10_Sep_Update_4.xls
      2018-09-04 00:43 - 2018-08-03 18:55 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
      2018-09-04 00:43 - 2018-08-02 06:18 - 000096864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
      2018-09-04 00:43 - 2018-08-02 06:07 - 000263776 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
      2018-09-04 00:43 - 2018-08-02 06:02 - 001665320 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
      2018-09-04 00:43 - 2018-08-02 05:58 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
      2018-09-04 00:43 - 2018-08-02 05:58 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
      2018-09-04 00:43 - 2018-08-02 05:58 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
      2018-09-04 00:43 - 2018-08-02 05:58 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
      2018-09-04 00:43 - 2018-08-02 05:58 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
      2018-09-04 00:43 - 2018-08-02 05:58 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
      2018-09-04 00:43 - 2018-08-02 05:45 - 003959984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
      2018-09-04 00:43 - 2018-08-02 05:43 - 001315512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
      2018-09-04 00:43 - 2018-08-02 05:42 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
      2018-09-04 00:43 - 2018-08-02 05:42 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
      2018-09-04 00:43 - 2018-08-02 05:42 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
      2018-09-04 00:43 - 2018-08-02 05:42 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
      2018-09-04 00:43 - 2018-08-02 05:42 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
      2018-09-04 00:43 - 2018-08-02 05:42 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:26 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
      2018-09-04 00:43 - 2018-08-02 05:26 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
      2018-09-04 00:43 - 2018-08-02 05:26 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
      2018-09-04 00:43 - 2018-08-02 05:25 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
      2018-09-04 00:43 - 2018-08-02 05:22 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
      2018-09-04 00:43 - 2018-08-02 05:21 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
      2018-09-04 00:43 - 2018-08-02 05:21 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
      2018-09-04 00:43 - 2018-08-02 05:17 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
      2018-09-04 00:43 - 2018-08-02 05:17 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
      2018-09-04 00:43 - 2018-08-02 05:17 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
      2018-09-04 00:43 - 2018-08-02 05:16 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
      2018-09-04 00:43 - 2018-08-02 05:16 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
      2018-09-04 00:43 - 2018-08-02 05:16 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
      2018-09-04 00:43 - 2018-08-02 05:16 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
      2018-09-04 00:43 - 2018-08-02 05:16 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
      2018-09-04 00:43 - 2018-08-02 05:16 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
      2018-09-04 00:43 - 2018-08-02 05:16 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
      2018-09-04 00:43 - 2018-08-02 05:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
      2018-09-04 00:43 - 2018-08-02 05:11 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
      2018-09-04 00:43 - 2018-08-02 05:11 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
      2018-09-04 00:43 - 2018-08-02 05:11 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
      2018-09-04 00:43 - 2018-08-02 05:10 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
      2018-09-04 00:43 - 2018-08-02 05:10 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
      2018-09-04 00:43 - 2018-07-20 02:53 - 000396936 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2018-09-04 00:43 - 2018-07-20 01:58 - 000350272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
      2018-09-04 00:43 - 2018-07-19 07:48 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2018-09-04 00:43 - 2018-07-19 07:47 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2018-09-04 00:43 - 2018-07-19 07:35 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2018-09-04 00:43 - 2018-07-19 07:34 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2018-09-04 00:43 - 2018-07-19 07:33 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2018-09-04 00:43 - 2018-07-19 07:33 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2018-09-04 00:43 - 2018-07-19 07:33 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2018-09-04 00:43 - 2018-07-19 07:32 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2018-09-04 00:43 - 2018-07-19 07:30 - 005778432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2018-09-04 00:43 - 2018-07-19 07:26 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2018-09-04 00:43 - 2018-07-19 07:25 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2018-09-04 00:43 - 2018-07-19 07:23 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2018-09-04 00:43 - 2018-07-19 07:22 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
      2018-09-04 00:43 - 2018-07-19 07:22 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2018-09-04 00:43 - 2018-07-19 07:22 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2018-09-04 00:43 - 2018-07-19 07:22 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2018-09-04 00:43 - 2018-07-19 07:21 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2018-09-04 00:43 - 2018-07-19 07:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
      2018-09-04 00:43 - 2018-07-19 07:14 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2018-09-04 00:43 - 2018-07-19 07:11 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2018-09-04 00:43 - 2018-07-19 07:05 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
      2018-09-04 00:43 - 2018-07-19 07:05 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2018-09-04 00:43 - 2018-07-19 07:04 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
      2018-09-04 00:43 - 2018-07-19 07:04 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2018-09-04 00:43 - 2018-07-19 07:04 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
      2018-09-04 00:43 - 2018-07-19 07:03 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2018-09-04 00:43 - 2018-07-19 07:03 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
      2018-09-04 00:43 - 2018-07-19 07:01 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
      2018-09-04 00:43 - 2018-07-19 07:00 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2018-09-04 00:43 - 2018-07-19 07:00 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2018-09-04 00:43 - 2018-07-19 06:58 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2018-09-04 00:43 - 2018-07-19 06:58 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
      2018-09-04 00:43 - 2018-07-19 06:57 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
      2018-09-04 00:43 - 2018-07-19 06:56 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
      2018-09-04 00:43 - 2018-07-19 06:56 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2018-09-04 00:43 - 2018-07-19 06:55 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
      2018-09-04 00:43 - 2018-07-19 06:55 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
      2018-09-04 00:43 - 2018-07-19 06:54 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
      2018-09-04 00:43 - 2018-07-19 06:47 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2018-09-04 00:43 - 2018-07-19 06:46 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2018-09-04 00:43 - 2018-07-19 06:46 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
      2018-09-04 00:43 - 2018-07-19 06:45 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2018-09-04 00:43 - 2018-07-19 06:45 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2018-09-04 00:43 - 2018-07-19 06:43 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2018-09-04 00:43 - 2018-07-19 06:43 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2018-09-04 00:43 - 2018-07-19 06:42 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
      2018-09-04 00:43 - 2018-07-19 06:41 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
      2018-09-04 00:43 - 2018-07-19 06:41 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
      2018-09-04 00:43 - 2018-07-19 06:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
      2018-09-04 00:43 - 2018-07-19 06:38 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
      2018-09-04 00:43 - 2018-07-19 06:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
      2018-09-04 00:43 - 2018-07-19 06:35 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
      2018-09-04 00:43 - 2018-07-19 06:32 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
      2018-09-04 00:43 - 2018-07-19 06:31 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2018-09-04 00:43 - 2018-07-19 06:30 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
      2018-09-04 00:43 - 2018-07-19 06:28 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
      2018-09-04 00:43 - 2018-07-19 06:28 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
      2018-09-04 00:43 - 2018-07-19 06:28 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
      2018-09-04 00:43 - 2018-07-19 06:27 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
      2018-09-04 00:43 - 2018-07-19 06:20 - 001554944 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2018-09-04 00:43 - 2018-07-19 06:09 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
      2018-09-04 00:43 - 2018-07-19 06:09 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2018-09-04 00:43 - 2018-07-19 06:06 - 001329152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
      2018-09-04 00:43 - 2018-07-19 06:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
      2018-09-04 00:43 - 2018-07-13 22:19 - 001894080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
      2018-09-04 00:43 - 2018-07-13 22:19 - 000377024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
      2018-09-04 00:43 - 2018-07-13 22:19 - 000287936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
      2018-09-04 00:43 - 2018-07-08 19:08 - 000383680 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
      2018-09-04 00:43 - 2018-07-08 19:02 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
      2018-09-04 00:43 - 2018-07-08 19:01 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
      2018-09-04 00:43 - 2018-07-08 18:47 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
      2018-09-04 00:43 - 2018-07-08 18:42 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
      2018-09-04 00:43 - 2018-07-06 19:09 - 000947904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
      2018-09-04 00:43 - 2018-07-06 19:03 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
      2018-09-04 00:43 - 2018-07-06 18:48 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
      2018-09-04 00:43 - 2018-06-29 18:55 - 000695808 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll
      2018-09-04 00:43 - 2018-06-29 18:55 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
      2018-09-04 00:43 - 2018-06-29 18:55 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
      2018-09-04 00:43 - 2018-06-29 18:40 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscdll.dll
      2018-09-04 00:43 - 2018-06-29 18:14 - 000516096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
      2018-09-04 00:43 - 2018-06-29 18:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscapi.dll
      2018-09-04 00:43 - 2018-06-27 19:01 - 000114368 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
      2018-09-04 00:43 - 2018-06-27 18:55 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
      2018-09-04 00:43 - 2018-06-27 18:55 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
      2018-09-04 00:43 - 2018-06-27 18:54 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
      2018-09-04 00:43 - 2018-06-27 18:54 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
      2018-09-04 00:43 - 2018-06-27 18:43 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
      2018-09-04 00:43 - 2018-06-27 18:42 - 002366464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
      2018-09-04 00:43 - 2018-06-27 18:42 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
      2018-09-04 00:43 - 2018-06-27 18:41 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
      2018-09-04 00:43 - 2018-06-27 18:21 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
      2018-09-04 00:43 - 2018-06-27 18:16 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
      2018-09-04 00:43 - 2018-06-16 08:11 - 000467856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
      2018-09-04 00:43 - 2018-06-13 19:20 - 014185984 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
      2018-09-04 00:43 - 2018-06-13 19:19 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
      2018-09-04 00:43 - 2018-06-13 18:55 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
      2018-09-04 00:43 - 2018-06-13 18:54 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
      2018-09-04 00:43 - 2018-06-08 19:21 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
      2018-09-04 00:43 - 2018-06-08 19:20 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
      2018-09-04 00:43 - 2018-06-08 19:19 - 000357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
      2018-09-04 00:43 - 2018-06-08 19:19 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
      2018-09-04 00:43 - 2018-06-08 19:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
      2018-09-04 00:43 - 2018-06-08 18:55 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
      2018-09-04 00:43 - 2018-06-08 18:55 - 000330240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
      2018-09-04 00:43 - 2018-06-08 18:54 - 000269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
      2018-09-04 00:43 - 2018-06-08 18:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
      2018-09-04 00:43 - 2018-06-07 19:19 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
      2018-09-04 00:43 - 2018-06-07 18:57 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
      2018-09-04 00:43 - 2018-06-07 18:49 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
      2018-09-04 00:43 - 2018-06-07 18:34 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
      2018-09-04 00:43 - 2018-05-15 06:44 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
      2018-09-04 00:43 - 2018-05-15 06:24 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
      2018-09-04 00:43 - 2018-05-15 06:23 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
      2018-09-04 00:43 - 2018-05-15 06:13 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
      2018-09-04 00:43 - 2018-05-15 06:13 - 000782848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
      2018-09-04 00:43 - 2018-05-15 06:13 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
      2018-09-04 00:43 - 2018-05-15 06:01 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
      2018-09-04 00:43 - 2018-05-15 06:01 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
      2018-09-04 00:43 - 2018-05-12 05:07 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
      2018-09-04 00:43 - 2018-05-12 05:07 - 000033152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
      2018-09-04 00:43 - 2018-05-12 05:07 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
      2018-09-04 00:43 - 2018-05-12 00:19 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
      2018-09-04 00:43 - 2018-05-11 03:40 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
      2018-09-04 00:43 - 2018-05-11 03:40 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000998912 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000918296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000065880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000021848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000019288 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000018776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000015192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000013152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
      2018-09-04 00:43 - 2018-04-25 19:02 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
      2018-09-04 00:43 - 2018-04-25 18:18 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
      2018-09-04 00:43 - 2018-04-23 02:40 - 000582144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
      2018-09-04 00:43 - 2018-04-18 19:03 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
      2018-09-04 00:43 - 2018-04-18 19:03 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\hhsetup.dll
      2018-09-04 00:43 - 2018-04-18 18:51 - 000523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
      2018-09-04 00:43 - 2018-04-18 18:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhsetup.dll
      2018-09-04 00:43 - 2018-04-18 18:41 - 000016896 _____ (Microsoft Corporation) C:\Windows\hh.exe
      2018-09-04 00:43 - 2018-04-18 18:35 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hh.exe
      2018-09-04 00:43 - 2018-04-11 19:38 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
      2018-09-04 00:43 - 2018-04-11 19:36 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
      2018-09-04 00:43 - 2018-04-10 19:36 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
      2018-09-04 00:43 - 2018-04-10 19:36 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
      2018-09-04 00:43 - 2018-04-10 19:34 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
      2018-09-04 00:43 - 2018-04-10 19:33 - 001241600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
      2018-09-04 00:43 - 2018-04-10 19:32 - 000487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
      2018-09-04 00:43 - 2018-04-10 19:00 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
      2018-09-04 00:43 - 2018-04-10 18:48 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
      2018-09-04 00:43 - 2018-04-10 18:47 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
      2018-09-04 00:43 - 2018-04-10 18:47 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
      2018-09-04 00:43 - 2018-04-07 19:41 - 000371392 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
      2018-09-04 00:43 - 2018-03-14 20:16 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
      2018-09-04 00:43 - 2018-03-14 20:12 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
      2018-09-04 00:43 - 2018-03-14 20:12 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
      2018-09-04 00:43 - 2018-03-14 20:12 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
      2018-09-04 00:43 - 2018-03-14 20:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
      2018-09-04 00:43 - 2018-03-14 19:57 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
      2018-09-04 00:43 - 2018-03-14 19:57 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
      2018-09-04 00:43 - 2018-03-14 19:57 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
      2018-09-04 00:43 - 2018-03-14 19:57 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
      2018-09-04 00:43 - 2018-03-14 19:53 - 002651648 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
      2018-09-04 00:43 - 2018-03-14 19:53 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
      2018-09-04 00:43 - 2018-03-14 19:52 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
      2018-09-04 00:43 - 2018-03-14 19:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
      2018-09-04 00:43 - 2018-03-14 19:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
      2018-09-04 00:43 - 2018-03-14 19:52 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
      2018-09-04 00:43 - 2018-03-14 19:52 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
      2018-09-04 00:43 - 2018-03-06 21:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
      2018-09-04 00:43 - 2018-03-06 21:07 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
      2018-09-04 00:43 - 2018-02-22 06:28 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
      2018-09-04 00:43 - 2018-02-22 06:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
      2018-09-04 00:43 - 2018-02-10 21:35 - 000367296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000334528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000185024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000122560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
      2018-09-04 00:43 - 2018-02-10 21:35 - 000068288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000064192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
      2018-09-04 00:43 - 2018-02-10 21:35 - 000063168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000060608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000036032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000031936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000020160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000015040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000012096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
      2018-09-04 00:43 - 2018-02-10 21:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
      2018-09-04 00:43 - 2018-02-10 21:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\racpldlg.dll
      2018-09-04 00:43 - 2018-02-10 21:11 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
      2018-09-04 00:43 - 2018-02-10 20:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
      2018-09-04 00:43 - 2018-02-10 20:25 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
      2018-09-04 00:43 - 2018-02-10 20:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
      2018-09-04 00:43 - 2018-02-10 20:25 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
      2018-09-04 00:43 - 2018-01-12 19:40 - 000407040 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
      2018-09-04 00:43 - 2018-01-12 19:27 - 004834816 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
      2018-09-04 00:43 - 2018-01-12 19:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
      2018-09-04 00:43 - 2018-01-12 19:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
      2018-09-04 00:43 - 2018-01-11 19:41 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
      2018-09-04 00:43 - 2018-01-11 19:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
      2018-09-04 00:43 - 2018-01-01 05:21 - 000288488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
      2018-09-04 00:43 - 2018-01-01 05:21 - 000213736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
      2018-09-04 00:43 - 2018-01-01 05:18 - 001741312 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 001361408 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000961024 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000439296 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000366592 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
      2018-09-04 00:43 - 2018-01-01 05:18 - 000264704 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistHttpTrans.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapPeerProxy.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapAuthProxy.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
      2018-09-04 00:43 - 2018-01-01 05:04 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
      2018-09-04 00:43 - 2018-01-01 05:00 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
      2018-09-04 00:43 - 2018-01-01 05:00 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDist.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
      2018-09-04 00:43 - 2018-01-01 04:59 - 000309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
      2018-09-04 00:43 - 2018-01-01 04:55 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
      2018-09-04 00:43 - 2018-01-01 04:55 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
      2018-09-04 00:43 - 2018-01-01 04:55 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
      2018-09-04 00:43 - 2018-01-01 04:55 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
      2018-09-04 00:43 - 2018-01-01 04:55 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
      2018-09-04 00:43 - 2018-01-01 04:50 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
      2018-09-04 00:43 - 2018-01-01 04:47 - 000244224 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe
      2018-09-04 00:43 - 2018-01-01 04:46 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\vmictimeprovider.dll
      2018-09-04 00:43 - 2018-01-01 04:43 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
      2018-09-04 00:43 - 2018-01-01 04:43 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
      2018-09-04 00:43 - 2018-01-01 04:43 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
      2018-09-04 00:43 - 2018-01-01 04:43 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapPeerProxy.dll
      2018-09-04 00:43 - 2018-01-01 04:43 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapAuthProxy.dll
      2018-09-04 00:43 - 2018-01-01 04:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshqos.dll
      2018-09-04 00:43 - 2018-01-01 04:41 - 000754176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
      2018-09-04 00:43 - 2017-12-05 20:36 - 000625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
      2018-09-04 00:43 - 2017-12-05 20:36 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
      2018-09-04 00:43 - 2017-12-05 20:36 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
      2018-09-04 00:43 - 2017-12-05 20:36 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
      2018-09-04 00:43 - 2017-12-05 20:36 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
      2018-09-04 00:43 - 2017-12-05 20:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
      2018-09-04 00:43 - 2017-12-05 20:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
      2018-09-04 00:43 - 2017-12-05 20:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
      2018-09-04 00:43 - 2017-12-05 20:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
      2018-09-04 00:43 - 2017-12-05 20:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
      2018-09-04 00:43 - 2017-12-05 20:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
      2018-09-04 00:43 - 2017-12-05 19:04 - 000404992 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
      2018-09-04 00:43 - 2017-12-05 18:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
      2018-09-04 00:42 - 2018-08-03 18:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
      2018-09-04 00:42 - 2018-08-02 06:20 - 000708272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
      2018-09-04 00:42 - 2018-08-02 06:06 - 000156256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
      2018-09-04 00:42 - 2018-08-02 06:05 - 005553760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2018-09-04 00:42 - 2018-08-02 06:00 - 000633080 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
      2018-09-04 00:42 - 2018-08-02 05:59 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
      2018-09-04 00:42 - 2018-08-02 05:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
      2018-09-04 00:42 - 2018-08-02 05:59 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
      2018-09-04 00:42 - 2018-08-02 05:58 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
      2018-09-04 00:42 - 2018-08-02 05:58 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
      2018-09-04 00:42 - 2018-08-02 05:57 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
      2018-09-04 00:42 - 2018-08-02 05:57 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
      2018-09-04 00:42 - 2018-08-02 05:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
      2018-09-04 00:42 - 2018-08-02 05:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
      2018-09-04 00:42 - 2018-08-02 05:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
      2018-09-04 00:42 - 2018-08-02 05:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
      2018-09-04 00:42 - 2018-07-19 09:15 - 025745408 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2018-09-04 00:42 - 2018-07-19 07:04 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
      2018-09-04 00:42 - 2018-07-08 19:02 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
      2018-09-04 00:42 - 2018-07-08 19:02 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
      2018-09-04 00:42 - 2018-07-08 19:01 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
      2018-09-04 00:42 - 2018-07-08 18:42 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
      2018-09-04 00:42 - 2018-07-08 18:41 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
      2018-09-04 00:42 - 2018-07-08 18:41 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
      2018-09-04 00:42 - 2018-07-08 18:13 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
      2018-09-04 00:42 - 2018-07-07 18:24 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
      2018-09-04 00:42 - 2018-07-06 19:03 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
      2018-09-04 00:42 - 2018-07-06 18:48 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
      2018-09-04 00:42 - 2018-06-29 18:55 - 000137728 _____ (Microsoft Corporation) C:\Windows\system32\CscMig.dll
      2018-09-04 00:42 - 2018-06-27 18:55 - 003246592 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
      2018-09-04 00:42 - 2018-06-27 18:55 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
      2018-09-04 00:42 - 2018-06-27 18:42 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
      2018-09-04 00:42 - 2018-06-21 06:33 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
      2018-09-04 00:42 - 2018-06-21 06:09 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
      2018-09-04 00:42 - 2018-06-16 08:24 - 000459632 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
      2018-09-04 00:42 - 2018-06-16 08:11 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
      2018-09-04 00:42 - 2018-06-13 19:23 - 000140992 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
      2018-09-04 00:42 - 2018-06-13 19:18 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
      2018-09-04 00:42 - 2018-06-08 19:20 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
      2018-09-04 00:42 - 2018-06-08 19:20 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
      2018-09-04 00:42 - 2018-06-08 18:55 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
      2018-09-04 00:42 - 2018-06-08 18:44 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
      2018-09-04 00:42 - 2018-06-08 18:28 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
      2018-09-04 00:42 - 2018-06-08 16:05 - 002860032 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
      2018-09-04 00:42 - 2018-06-08 16:05 - 001602048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
      2018-09-04 00:42 - 2018-06-08 16:05 - 000783872 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
      2018-09-04 00:42 - 2018-06-08 16:05 - 000612352 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
      2018-09-04 00:42 - 2018-06-08 16:05 - 000470016 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
      2018-09-04 00:42 - 2018-06-08 16:05 - 000443392 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
      2018-09-04 00:42 - 2018-06-08 16:05 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
      2018-09-04 00:42 - 2018-06-08 16:05 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
      2018-09-04 00:42 - 2018-06-07 19:20 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
      2018-09-04 00:42 - 2018-06-07 19:19 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
      2018-09-04 00:42 - 2018-06-07 19:19 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
      2018-09-04 00:42 - 2018-05-15 07:16 - 001681088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
      2018-09-04 00:42 - 2018-05-15 06:44 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
      2018-09-04 00:42 - 2018-05-15 06:44 - 001159680 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
      2018-09-04 00:42 - 2018-05-15 06:44 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
      2018-09-04 00:42 - 2018-05-15 06:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
      2018-09-04 00:42 - 2018-05-12 00:19 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
      2018-09-04 00:42 - 2018-05-02 18:32 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
      2018-09-04 00:42 - 2018-05-02 18:32 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
      2018-09-04 00:42 - 2018-05-02 18:32 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
      2018-09-04 00:42 - 2018-05-02 18:32 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
      2018-09-04 00:42 - 2018-05-02 18:32 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
      2018-09-04 00:42 - 2018-05-02 18:32 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
      2018-09-04 00:42 - 2018-05-02 18:32 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
      2018-09-04 00:42 - 2018-04-23 03:00 - 000876032 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
      2018-09-04 00:42 - 2018-04-11 19:38 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
      2018-09-04 00:42 - 2018-04-11 19:36 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
      2018-09-04 00:42 - 2018-04-10 19:35 - 001735168 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
      2018-09-04 00:42 - 2018-03-10 20:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
      2018-09-04 00:42 - 2018-03-06 21:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
      2018-09-04 00:42 - 2018-03-06 21:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
      2018-09-04 00:42 - 2018-03-06 21:10 - 000170176 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
      2018-09-04 00:42 - 2018-03-06 21:07 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
      2018-09-04 00:42 - 2018-02-10 21:35 - 000023744 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
      2018-09-04 00:42 - 2018-02-10 21:11 - 003665920 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
      2018-09-04 00:42 - 2018-02-10 21:11 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
      2018-09-04 00:42 - 2018-02-10 20:36 - 000108032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msra.exe
      2018-09-04 00:42 - 2018-02-10 20:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdchange.exe
      2018-09-04 00:42 - 2018-02-10 20:26 - 000653312 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
      2018-09-04 00:42 - 2018-02-10 20:26 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
      2018-09-04 00:42 - 2018-01-01 05:18 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000863232 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
      2018-09-04 00:42 - 2018-01-01 05:18 - 000705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
      2018-09-04 00:42 - 2018-01-01 05:18 - 000303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
      2018-09-04 00:42 - 2018-01-01 05:18 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\vmicres.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
      2018-09-04 00:42 - 2018-01-01 05:18 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
      2018-09-04 00:42 - 2018-01-01 05:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
      2018-09-04 00:42 - 2018-01-01 05:00 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
      2018-09-04 00:42 - 2018-01-01 05:00 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
      2018-09-04 00:42 - 2018-01-01 05:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\traffic.dll
      2018-09-04 00:42 - 2018-01-01 05:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
      2018-09-04 00:42 - 2018-01-01 04:46 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\IcCoinstall.dll
      2018-09-04 00:42 - 2018-01-01 04:43 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
      2018-09-04 00:42 - 2017-12-05 20:36 - 001484288 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
      2018-09-04 00:42 - 2017-12-05 20:36 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
      2018-09-04 00:42 - 2017-12-05 20:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
      2018-08-13 10:45 - 2018-08-13 10:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
      2018-08-13 10:45 - 2018-08-13 10:45 - 000000000 ____D C:\Program Files\qBittorrent
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-09-07 10:02 - 2017-09-16 15:50 - 000000000 ____D C:\Users\kpacko\AppData\Roaming\qBittorrent
      2018-09-07 07:53 - 2009-07-14 07:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-09-07 07:53 - 2009-07-14 07:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-09-07 07:51 - 2009-07-14 08:13 - 000772130 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-09-07 07:51 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
      2018-09-07 07:49 - 2017-09-15 22:54 - 000002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-09-07 07:45 - 2017-09-16 17:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer
      2018-09-07 07:45 - 2017-09-15 18:18 - 000000000 ____D C:\ProgramData\NVIDIA
      2018-09-07 07:45 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-09-07 00:19 - 2017-10-22 09:50 - 000000000 ____D C:\Users\kpacko\AppData\Local\CrashDumps
      2018-09-06 23:59 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\rescache
      2018-09-04 22:42 - 2017-09-17 23:54 - 000000000 ____D C:\Users\kpacko\AppData\Roaming\FileZilla
      2018-09-04 00:58 - 2009-07-14 07:45 - 000295648 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-09-04 00:56 - 2017-09-16 19:15 - 000000000 ____D C:\Windows\system32\appraiser
      2018-09-04 00:56 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\PolicyDefinitions
      2018-09-04 00:51 - 2017-07-17 23:37 - 000756356 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
      2018-09-02 00:28 - 2017-10-02 14:41 - 000000000 ____D C:\Users\kpacko\AppData\Roaming\ViberPC
      2018-09-02 00:27 - 2018-07-02 00:59 - 000000000 ____D C:\Users\kpacko\AppData\Local\Viber
      2018-09-02 00:26 - 2017-10-02 14:41 - 000000000 ____D C:\Users\kpacko\Documents\ViberDownloads
      2018-08-19 17:49 - 2017-11-02 01:00 - 000001018 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
      2018-08-08 00:53 - 2017-10-02 09:30 - 000000000 ____D C:\Users\kpacko\AppData\Local\ElevatedDiagnostics
      2018-08-08 00:53 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\NDF
      ==================== Files in the root of some directories =======
      2018-05-04 13:56 - 2018-05-01 20:53 - 001527138 _____ () C:\Users\kpacko\AppData\Roaming\ccseetup542pro.exe
      2018-05-04 13:56 - 2018-04-30 15:50 - 015816144 ____R (Piriform Ltd) C:\Users\kpacko\AppData\Roaming\ccsetup542pro.exe
      2018-05-04 13:56 - 2018-03-12 20:36 - 001371485 _____ () C:\Users\kpacko\AppData\Roaming\ccsetup542proo.exe
      2018-05-04 13:56 - 2018-03-12 20:34 - 000211375 _____ () C:\Users\kpacko\AppData\Roaming\ccsetup542prro.exe
      2017-11-30 16:35 - 2018-02-22 12:29 - 000007603 _____ () C:\Users\kpacko\AppData\Local\Resmon.ResmonCfg
      Some files in TEMP:
      ====================
      2018-04-30 12:09 - 2018-04-30 12:09 - 011491456 _____ (Raxco Software, Inc.                                        ) C:\Users\kpacko\AppData\Local\Temp\PD140p_x64.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-09-06 23:52
      ==================== End of FRST.txt ============================
      Addition.txt
    • от мирослав24
      Здравейте,сблъсках се със следния проблем-неизвестно лице или лица правят опити за проникване в мои акаунти в електронни  пощи и  сайтове където съм се регистрирал.Получих писмо от единия сайт че е правен опит за вписване с моето потребителско име,но с грешна парола,и аналогично съобщение от е-майл провайдър.Ползвам десктоп компютър и лаптоп и не знам дали някое от устройствата не е със зловреден софтуер.Видимо нямам проблеми с машините,освен че и на двата компютъра като исках да си сменя паролата на един сайт,ми излезе прозорец с искане да си напиша електронната поща с който съм регистриран в сайта и като я написах след това ми излезе втори прозорец с подкана да напиша и паролата си за съответната поща.Нищо не смених в крайна сметка докато не установя къде е проблема.Изпращам резултатите от сканиране с FRST на настолния компютър :
       
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.08.2018
      Ran by User1 (administrator) on PC1 (30-08-2018 15:49:50)
      Running from C:\Documents and Settings\User1\Desktop
      Loaded Profiles: User1 (Available Profiles: User1 & User2 & Administrator)
      Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
      Internet Explorer Version 8 (Default browser: IE)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
      (Comodo) C:\Program Files\Comodo\Dragon\dragon_updater.exe
      () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe
      () C:\WINDOWS\tsnpstd3.exe
      () C:\WINDOWS\vsnpstd3.exe
      () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe
      (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
      (BitTorrent, Inc.) C:\Program Files\uTorrent\uTorrent.exe
      (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
      (MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
      (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
      (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
      (Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [tsnpstd3] => C:\WINDOWS\tsnpstd3.exe [262144 2006-06-19] ()
      HKLM\...\Run: [snpstd3] => C:\WINDOWS\vsnpstd3.exe [827392 2006-09-19] ()
      HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe [8063200 2016-07-18] ()
      HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
      HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
      HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [Messenger (Yahoo!)] => "F:\SKYPE_~1\yahoo\Messenger\YahooMessenger.exe" -quiet
      HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [395640 2011-05-02] (BitTorrent, Inc.)
      HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-20] (Piriform Ltd)
      HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [Google Update] => C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-12-02] (Google Inc.)
      HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
      HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
      HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [1447936 2018-07-27] (Adobe Systems Incorporated)
      Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2018-03-28]
      ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
      Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk [2018-08-30]
      ShortcutTarget: VPN Client.lnk -> C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\..\Interfaces\{0227FD86-8C54-4C88-8029-3F44137A8ADF}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{1524681E-CD57-4084-9846-709C0A2CC0ED}: [NameServer] 192.168.100.40,192.168.100.140
      Internet Explorer:
      ==================
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKU\S-1-5-21-220523388-412668190-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_152\bin\ssv.dll [2017-12-08] (Oracle Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_152\bin\jp2ssv.dll [2017-12-08] (Oracle Corporation)
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
      FireFox:
      ========
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-12-08] ()
      FF Plugin: @java.com/DTPlugin,version=11.152.2 -> C:\Program Files\Java\jre1.8.0_152\bin\dtplugin\npDeployJava1.dll [2017-12-08] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.152.2 -> C:\Program Files\Java\jre1.8.0_152\bin\plugin2\npjp2.dll [2017-12-08] (Oracle Corporation)
      FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
      FF Plugin HKU\S-1-5-21-220523388-412668190-1417001333-1003: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\User1\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
      FF Plugin HKU\S-1-5-21-220523388-412668190-1417001333-1003: @talk.google.com/O1DPlugin -> C:\Documents and Settings\User1\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
      FF Plugin HKU\S-1-5-21-220523388-412668190-1417001333-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-02] (Google Inc.)
      FF Plugin HKU\S-1-5-21-220523388-412668190-1417001333-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-02] (Google Inc.)
      FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\User1\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
      FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\User1\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-07-27] (Adobe Systems Incorporated) [File not signed]
      S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
      R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.)
      R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
      R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
      R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2060848 2016-02-05] (Comodo)
      R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
      R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
      S3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
      R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
      R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [602112 2007-06-04] (Hewlett-Packard Co.) [File not signed]
      S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170912 2013-01-12] (Oracle Corporation)
      R2 LanmanServer; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
      R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
      R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe [664040 2016-07-18] ()
      S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [95744 2008-05-19] (Microsoft Corporation) [File not signed]
      S3 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
      R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
      R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
      R3 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
      R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
      R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
      S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [File not signed]
      R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
      R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
      S3 Wmi; C:\WINDOWS\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation) [File not signed]
      S2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
      R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-06-18] (Advanced Micro Devices)
      S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
      R3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
      R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2010-03-23] (Cisco Systems, Inc.) [File not signed]
      R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
      R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.129.0\gzflt.sys [175008 2016-04-28] (BitDefender LLC)
      R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-01-19] (HP)
      R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-01-19] (HP)
      R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-19] (HP)
      R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
      R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RtkHDAud.sys [4368896 2006-08-15] (Realtek Semiconductor Corp.) [File not signed]
      R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
      R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
      R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
      R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
      S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
      R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
      R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed]
      R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [57856 2006-07-11] (NVIDIA Corporation)
      R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [20480 2006-07-11] (NVIDIA Corporation)
      R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
      S3 SNPSTD3; C:\WINDOWS\System32\DRIVERS\snpstd3.sys [10252544 2007-03-27] (Sonix Co. Ltd.)
      R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
      R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
      S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [428832 2016-04-28] (BitDefender S.R.L.)
      S3 usbaudio; C:\WINDOWS\System32\drivers\usbaudio.sys [60160 2013-07-17] (Microsoft Corporation) [File not signed]
      R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-09] (Microsoft Corporation) [File not signed]
      R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed]
      S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-03] (Microsoft Corporation) [File not signed]
      R3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
      S3 catchme; \??\C:\DOCUME~1\User1\LOCALS~1\Temp\catchme.sys [X]
      S4 IntelIde; no ImagePath
      S2 StarOpen; no ImagePath
      S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam32.sys [X]
      S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard32.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-30 15:49 - 2018-08-30 15:50 - 000014109 _____ C:\Documents and Settings\User1\Desktop\FRST.txt
      2018-08-30 15:15 - 2018-08-30 15:15 - 001773568 _____ (Farbar) C:\Documents and Settings\User1\Desktop\FRST.exe
      2018-08-10 12:36 - 2018-08-10 12:40 - 000000000 ____D C:\Documents and Settings\User2\Desktop\куче Анжело 0887999938
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-30 15:50 - 2015-07-18 13:46 - 000000000 ____D C:\Documents and Settings\User1\Local Settings\temp
      2018-08-30 15:49 - 2018-03-26 11:31 - 000000000 ____D C:\FRST
      2018-08-30 15:48 - 2011-05-02 12:46 - 000000000 ____D C:\Documents and Settings\User1\Application Data\uTorrent
      2018-08-30 15:31 - 2011-05-02 12:44 - 000000000 ____D C:\Program Files\Opera
      2018-08-30 14:58 - 2016-02-20 13:25 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MCShield
      2018-08-30 14:58 - 2015-06-22 14:14 - 000000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
      2018-08-30 14:58 - 2015-06-22 14:14 - 000000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
      2018-08-30 14:58 - 2011-05-02 10:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2018-08-30 14:57 - 2018-03-27 15:50 - 000032638 _____ C:\WINDOWS\SchedLgU.Txt
      2018-08-30 14:57 - 2011-05-02 12:10 - 000000178 ___SH C:\Documents and Settings\User1\ntuser.ini
      2018-08-30 14:57 - 2011-05-02 12:10 - 000000000 ____D C:\Documents and Settings\User1
      2018-08-30 14:55 - 2013-03-08 15:11 - 000001078 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-412668190-1417001333-1003UA.job
      2018-08-30 14:47 - 2015-04-26 09:48 - 000000000 ____D C:\Documents and Settings\User2\Application Data\Skype
      2018-08-30 14:47 - 2011-05-02 13:28 - 000000000 ____D C:\Documents and Settings\User2\Local Settings\Temp
      2018-08-30 12:55 - 2013-03-08 15:11 - 000001026 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-412668190-1417001333-1003Core.job
      2018-08-30 07:50 - 2001-08-23 12:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
      2018-08-25 12:48 - 2017-01-16 13:16 - 000000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
      2018-08-25 12:48 - 2011-05-02 10:10 - 000000000 ____D C:\WINDOWS\system32\Macromed
      2018-08-09 12:25 - 2011-05-16 16:38 - 000000000 ____D C:\Program Files\Recuva
      2018-08-02 14:29 - 2013-12-09 13:51 - 000000000 ____D C:\Documents and Settings\User2\Desktop\образци PDF
      ==================== Files in the root of some directories =======
      2011-05-02 13:33 - 2014-09-24 16:20 - 000014848 _____ () C:\Documents and Settings\User1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2014-01-01 13:07 - 2014-01-01 13:07 - 000000036 _____ () C:\Documents and Settings\User1\Local Settings\Application Data\housecall.guid.cache
      2011-05-15 13:35 - 2011-05-15 13:35 - 000000056 _____ () C:\Documents and Settings\All Users\Application Data\ezsidmv.dat
      2017-09-02 12:57 - 2018-04-11 15:32 - 000021736 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => MD5 is legit
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => MD5 is legit
      C:\WINDOWS\system32\dnsapi.dll => MD5 is legit
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
      ==================== End of FRST.txt ============================
      Addition.txt
    • от d1cho
      Привет преди два дни ми изпищя windows defender-a и антивируснта програма,пише, че гадината е Trojan:Win32/Killav.DR. Компютрите са в мрежа, единя е с vista business 64 bit, a другия с windows 10 32bit. Този с vistata не ми да ва да включа защитната стена и да инсталриам антивирусна. Мъчих компютъра с windows 10 с различни антивирусни понеже ми позволява да инсталриам,но само ги слага под карантина,а мен ме е страх да ги трия понеже имаме софтуер за работа и ме тревожи да не би да повредя нещо и да замине информацията.
      Моля за съдействие, понеже е почти невъзможно да се работи на компютрите.
      Ето тоша ми е от лог файла на компѝтъра с вистата FRST.txt
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
      Ran by DBPROTOOLS (administrator) on DBPROTOOLS-PC (17-08-2018 10:17:44)
      Running from C:\Users\DBPROTOOLS\Desktop
      Loaded Profiles: DBPROTOOLS (Available Profiles: DBPROTOOLS)
      Platform: Windows Vista (TM) Business Service Pack 2 (X64) Language: English (United States)
      Internet Explorer Version 7 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      () C:\Windows\zqmeyojeujuakpbxqoc.exe
      (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
      () C:\Users\DBPROTOOLS\AppData\Local\Temp\zeoucgp.exe
      () C:\Users\DBPROTOOLS\AppData\Local\Temp\zeoucgp.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
      (Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
      HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-23] (Brother Industries, Ltd.)
      HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.)
      HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.)
      HKLM-x32\...\Run: [mqzelo] => C:\Windows\fuoewkdwkxgksvfzq.exe [503808 2018-08-17] ()
      HKLM-x32\...\Run: [qapanwkyhpts] => C:\Users\DBPROTOOLS\AppData\Local\Temp\fuoewkdwkxgksvfzq.exe [503808 2018-08-16] () <==== ATTENTION
      HKLM-x32\...\RunOnce: [zeoucgp] => mebupgcypfryjpcztshe.exe .
      HKLM-x32\...\RunOnce: [tcqamuhucjm] => C:\Users\DBPROTOOLS\AppData\Local\Temp\zqmeyojeujuakpbxqoc.exe . [503808 2018-08-16] () <==== ATTENTION
      HKLM\...\Policies\Explorer\Run: [oufmvaku] => C:\Windows\zqmeyojeujuakpbxqoc.exe [503808 2018-08-16] ()
      HKLM\...\Policies\Explorer\Run: [bemqw] => C:\Users\DBPROTOOLS\AppData\Local\Temp\fuoewkdwkxgksvfzq.exe [503808 2018-08-16] ()
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\Run: [fmygqwhsy] => C:\Windows\oezqjysmbpzenrcxpm.exe [503808 2018-08-17] ()
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\Run: [mqzelo] => C:\Users\DBPROTOOLS\AppData\Local\Temp\ymfulyqivhpszbkd.exe [503808 2018-08-16] () <==== ATTENTION
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\RunOnce: [ygtcnugszf] => fuoewkdwkxgksvfzq.exe .
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\RunOnce: [zeoucgp] => C:\Users\DBPROTOOLS\AppData\Local\Temp\oezqjysmbpzenrcxpm.exe . [503808 2018-08-16] () <==== ATTENTION
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\Policies\system: [DisableRegistryTools] 1
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\MountPoints2: {175dbd82-9a45-11e8-861a-0019990d7d87} - E:\tyquftktfbz.bat
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\MountPoints2: {1b56a57f-9a44-11e8-a149-8748c642f7d2} - E:\setup.exe
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
      Tcpip\..\Interfaces\{16F65250-913D-4F56-B2DA-49AF5C765191}: [DhcpNameServer] 192.168.0.1 192.168.0.1
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
      SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      SearchScopes: HKU\S-1-5-21-3181692578-1277306937-1901717452-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-04-11] (Microsoft Corporation)
      Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-04-11] (Microsoft Corporation)
      Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-04-11] (Microsoft Corporation)
      Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-04-11] (Microsoft Corporation)
      FireFox:
      ========
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-06] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-06] (Google Inc.)
      Chrome: 
      =======
      CHR Profile: C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default [2018-08-17]
      CHR Extension: (Slides) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-07]
      CHR Extension: (Docs) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-07]
      CHR Extension: (Google Drive) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-07]
      CHR Extension: (YouTube) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-07]
      CHR Extension: (Sheets) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-07]
      CHR Extension: (Google Docs Offline) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-07]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-07]
      CHR Extension: (Gmail) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-07]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-08-13] (TeamViewer GmbH)
      S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
      S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
      S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-17 10:17 - 2018-08-17 10:18 - 000008964 _____ C:\Users\DBPROTOOLS\Desktop\FRST.txt
      2018-08-17 10:16 - 2018-08-17 10:17 - 000000000 ____D C:\FRST
      2018-08-17 10:15 - 2018-08-17 10:15 - 002412544 _____ (Farbar) C:\Users\DBPROTOOLS\Desktop\FRST64.exe
      2018-08-17 09:35 - 2018-08-17 09:36 - 046625016 _____ (Microsoft Corporation) C:\Users\DBPROTOOLS\Downloads\Windows-KB890830-x64-V5.63.exe
      2018-08-16 12:03 - 2018-08-16 12:03 - 000000000 ____D C:\ProgramData\AVG
      2018-08-16 12:02 - 2018-08-16 11:36 - 007460520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\DBPROTOOLS\Desktop\avg_antivirus_free_setup.exe
      2018-08-15 16:13 - 2018-08-15 16:33 - 000038147 _____ C:\Users\DBPROTOOLS\Documents\ПРОТОКОЛ КОНСИГНАЦИЯ.odt
      2018-08-15 10:04 - 2018-08-17 10:18 - 000000272 ____H C:\Windows\SysWOW64\dacaawxyupgsitlnmqkmj.vgd
      2018-08-15 10:04 - 2018-08-17 10:18 - 000000272 ____H C:\Windows\dacaawxyupgsitlnmqkmj.vgd
      2018-08-15 10:04 - 2018-08-17 10:18 - 000000272 ____H C:\Program Files (x86)\dacaawxyupgsitlnmqkmj.vgd
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\ymfulyqivhpszbkd.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\smlgdwusldranvkjfgxwqy.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\oezqjysmbpzenrcxpm.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\mebupgcypfryjpcztshe.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\fuoewkdwkxgksvfzq.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\busmiaxumdqykrfdyyomf.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\zqmeyojeujuakpbxqoc.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\zqmeyojeujuakpbxqoc.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\ymfulyqivhpszbkd.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\smlgdwusldranvkjfgxwqy.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\oezqjysmbpzenrcxpm.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\mebupgcypfryjpcztshe.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\fuoewkdwkxgksvfzq.exe
      2018-08-15 10:03 - 2018-08-15 10:03 - 000503808 __RSH C:\Windows\SysWOW64\busmiaxumdqykrfdyyomf.exe
      2018-08-08 19:55 - 2018-08-08 19:55 - 000000586 _____ C:\Users\DBPROTOOLS\Desktop\control8.lnk
      2018-08-08 19:53 - 2018-08-08 19:54 - 000000586 _____ C:\Users\DBPROTOOLS\Desktop\control7.lnk
      2018-08-08 10:50 - 2018-08-08 10:51 - 000000000 ___HD C:\Program Files (x86)\Temp
      2018-08-08 10:49 - 2018-08-08 10:49 - 020227746 _____ C:\Users\DBPROTOOLS\Downloads\FTS_RealtekHDAudio_6015911_1039707.zip
      2018-08-08 10:36 - 2018-08-08 10:36 - 000529696 _____ (Fujitsu) C:\Users\DBPROTOOLS\Downloads\AutoDetect_CR.exe
      2018-08-08 10:19 - 2018-08-08 10:19 - 000870768 _____ (PDFLogic Corporation ) C:\Users\DBPROTOOLS\Downloads\pdfvista.exe
      2018-08-08 10:14 - 2018-08-08 10:14 - 000127389 _____ C:\Users\DBPROTOOLS\Downloads\received_1656658347796650.jpeg
      2018-08-08 09:51 - 2018-08-08 09:51 - 000131068 _____ C:\Users\DBPROTOOLS\Downloads\ACFrOgD5qMx8urBDsFoSA7F_JPxuDeiEhFOgmeQLIU44kuc2fxOLoZfY-xq9ebf1sM-mw4X0coR12Y2kOz69foLufsDyMtHGIiFwi_Ya2E4BRTKHCOlw-VxJoiTp7S8=
      2018-08-08 09:41 - 2018-08-08 09:41 - 000949332 _____ (Vivid Document Imaging Technologies ) C:\Users\DBPROTOOLS\Downloads\PDFViewerSetup (1).exe
      2018-08-08 09:40 - 2018-08-16 12:03 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Roaming\YcanPDF
      2018-08-08 09:39 - 2018-08-08 09:39 - 003451040 _____ (PDFZilla, Inc. ) C:\Users\DBPROTOOLS\Downloads\freepdfreader.exe
      2018-08-07 17:15 - 2018-08-07 17:15 - 000008192 ___RS C:\BOOTSECT.BAK
      2018-08-07 17:15 - 2018-08-07 16:22 - 000000000 ____D C:\Windows\Panther
      2018-08-07 17:15 - 2009-04-11 19:22 - 000333257 __RSH C:\bootmgr
      2018-08-07 16:21 - 2018-08-07 16:21 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_00_00.Wdf
      2018-08-07 16:18 - 2018-08-07 16:18 - 000000000 ____D C:\Windows\CSC
      2018-08-07 12:34 - 2018-08-07 12:34 - 000044749 _____ C:\Users\DBPROTOOLS\Downloads\logo_db_protools.pdf
      2018-08-07 12:29 - 2018-08-07 12:29 - 001207800 _____ (Adobe Systems Incorporated) C:\Users\DBPROTOOLS\Downloads\readerdc_en_ha_install.exe
      2018-08-07 12:27 - 2018-08-07 12:27 - 000949332 _____ (Vivid Document Imaging Technologies ) C:\Users\DBPROTOOLS\Downloads\PDFViewerSetup.exe
      2018-08-07 12:22 - 2018-08-07 12:22 - 000004088 ____H C:\Users\DBPROTOOLS\AppData\Local\ygtcnugszfhefberbqviqmyucpyjqcov.dab
      2018-08-07 12:20 - 2018-08-17 10:18 - 000000272 ____H C:\Users\DBPROTOOLS\AppData\Local\dacaawxyupgsitlnmqkmj.vgd
      2018-08-07 12:19 - 2018-08-07 12:19 - 000000000 ____D C:\Users\DBPROTOOLS\Desktop\Оферти Доставчици
      2018-08-07 12:16 - 2018-08-07 12:16 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Roaming\ControlCenter4
      2018-08-07 12:13 - 2018-08-07 12:13 - 000001975 _____ C:\Users\Public\Desktop\Brother Creative Center.lnk
      2018-08-07 12:13 - 2018-08-07 12:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\ProgramData\ControlCenter4
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\Program Files (x86)\ControlCenter4
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\Program Files (x86)\BrownyInd
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\Program Files (x86)\Browny02
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\Brother
      2018-08-07 12:11 - 2012-12-14 04:31 - 000180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
      2018-08-07 12:11 - 2012-12-14 04:31 - 000113744 _____ (Brother Industries Ltd) C:\Windows\SysWOW64\BRRBTOOL.EXE
      2018-08-07 12:11 - 2012-12-14 04:31 - 000077824 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BRLMW03A.DLL
      2018-08-07 12:11 - 2012-12-14 04:31 - 000045056 _____ C:\Windows\SysWOW64\BRTCPCON.DLL
      2018-08-07 12:11 - 2012-12-14 04:31 - 000025299 _____ (Brother Industries, Ltd) C:\Windows\SysWOW64\BRLM03A.DLL
      2018-08-07 12:11 - 2012-12-14 04:31 - 000000114 _____ C:\Windows\SysWOW64\BRLMW03A.INI
      2018-08-07 12:11 - 2012-12-14 04:29 - 000000050 _____ C:\Windows\system32\BRADM12A.DAT
      2018-08-07 12:11 - 2012-12-13 19:00 - 000226816 _____ (Brother Industries, Ltd.) C:\Windows\system32\BRCOM12A.DLL
      2018-08-07 12:11 - 2012-10-19 15:07 - 001441792 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrWi212c.dll
      2018-08-07 12:11 - 2012-10-19 15:03 - 000054272 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrUsi12c.dll
      2018-08-07 12:11 - 2012-07-06 13:56 - 000012800 _____ (Brother Industries Ltd.) C:\Windows\system32\BrCiImg.dll
      2018-08-07 12:11 - 2011-09-08 12:36 - 000279040 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrJDec.dll
      2018-08-07 12:10 - 2018-08-07 12:11 - 000000000 ____D C:\Program Files (x86)\Brother
      2018-08-07 12:10 - 2018-08-07 12:10 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
      2018-08-07 12:10 - 2012-11-02 18:15 - 000245760 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
      2018-08-07 12:10 - 2012-02-02 11:21 - 000002560 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
      2018-08-07 12:10 - 2010-03-15 19:45 - 000073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
      2018-08-07 12:10 - 2007-12-13 22:16 - 000005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
      2018-08-07 12:09 - 2018-08-07 12:13 - 000000000 ____D C:\ProgramData\Brother
      2018-08-07 12:09 - 2018-08-07 12:09 - 000000000 ____D C:\Users\DBPROTOOLS\Downloads\install
      2018-08-07 12:08 - 2018-08-07 12:08 - 141297272 _____ (A.I.SOFT,INC.) C:\Users\DBPROTOOLS\Downloads\DCP-1510-inst-A1-eeu.EXE
      2018-08-07 10:22 - 2018-08-07 10:22 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Roaming\OpenOffice
      2018-08-07 10:12 - 2018-08-07 10:12 - 000000985 _____ C:\Users\Public\Desktop\OpenOffice 4.1.5.lnk
      2018-08-07 10:12 - 2018-08-07 10:12 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.5
      2018-08-07 10:12 - 2018-08-07 10:12 - 000000000 ____D C:\Program Files (x86)\OpenOffice 4
      2018-08-07 09:45 - 2018-08-07 09:46 - 000456080 _____ C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistMSI22E4.txt
      2018-08-07 09:45 - 2018-08-07 09:46 - 000011632 _____ C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistUI22E4.txt
      2018-08-07 09:44 - 2018-08-07 09:45 - 000452836 _____ C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistMSI223D.txt
      2018-08-07 09:44 - 2018-08-07 09:45 - 000011616 _____ C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistUI223D.txt
      2018-08-07 09:44 - 2018-08-07 09:44 - 000000000 ____D C:\Users\DBPROTOOLS\Desktop\OpenOffice 4.1.5 (bg) Installation Files
      2018-08-07 09:40 - 2018-08-07 09:40 - 013057882 _____ C:\Users\DBPROTOOLS\Downloads\Apache_OpenOffice_4.1.5_Win_x86_langpack_bg.exe
      2018-08-07 09:40 - 2018-08-07 09:40 - 000000000 ____D C:\Users\DBPROTOOLS\Desktop\OpenOffice 4.1.5 Language Pack (Bulgarian) Installation Files
      2018-08-07 09:39 - 2018-08-07 09:40 - 129515834 _____ C:\Users\DBPROTOOLS\Downloads\Apache_OpenOffice_4.1.5_Win_x86_install_bg.exe
      2018-08-07 09:34 - 2018-08-07 09:34 - 000000000 ____D C:\Users\DBPROTOOLS\Desktop\Нова папка
      2018-08-07 09:34 - 2013-06-28 14:49 - 001732096 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athurx.sys
      2018-08-07 09:31 - 2018-08-07 09:32 - 245571584 _____ C:\Users\DBPROTOOLS\Downloads\LibreOffice_5.4.7_Win_x64.msi
      2018-08-07 07:22 - 2018-08-08 09:45 - 000054608 _____ C:\Users\DBPROTOOLS\AppData\Local\GDIPFONTCACHEV1.DAT
      2018-08-07 07:22 - 2018-08-07 07:22 - 000000979 _____ C:\Users\DBPROTOOLS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      2018-08-07 07:22 - 2018-08-07 07:22 - 000000974 _____ C:\Users\DBPROTOOLS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
      2018-08-07 07:22 - 2018-08-07 07:22 - 000000949 _____ C:\Users\DBPROTOOLS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
      2018-08-07 07:21 - 2018-08-16 17:01 - 000000732 _____ C:\Users\DBPROTOOLS\AppData\Local\d3d9caps64.dat
      2018-08-07 07:21 - 2018-08-10 15:00 - 000000000 ____D C:\Users\DBPROTOOLS
      2018-08-07 07:21 - 2018-08-07 12:20 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\VirtualStore
      2018-08-07 07:21 - 2018-08-07 07:22 - 000000915 _____ C:\Users\DBPROTOOLS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
      2018-08-07 07:21 - 2018-08-07 07:21 - 000000020 ___SH C:\Users\DBPROTOOLS\ntuser.ini
      2018-08-07 00:53 - 2018-08-16 17:02 - 000000680 _____ C:\Users\DBPROTOOLS\AppData\Local\d3d9caps.dat
      2018-08-07 00:52 - 2018-08-16 17:01 - 000000000 ____D C:\Program Files (x86)\TeamViewer
      2018-08-07 00:52 - 2018-08-15 06:17 - 000000882 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
      2018-08-07 00:52 - 2018-08-15 06:17 - 000000870 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
      2018-08-07 00:52 - 2018-08-07 00:52 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Roaming\TeamViewer
      2018-08-07 00:51 - 2018-08-07 00:51 - 020688888 _____ (TeamViewer GmbH) C:\Users\DBPROTOOLS\Downloads\TeamViewer_Setup.exe
      2018-08-07 00:47 - 2018-08-07 00:47 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-08-07 00:47 - 2018-08-07 00:47 - 000002025 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-08-07 00:47 - 2018-08-07 00:47 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\Google
      2018-08-07 00:47 - 2018-08-07 00:47 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\Deployment
      2018-08-07 00:47 - 2018-08-07 00:47 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\Apps\2.0
      2018-08-07 00:47 - 2018-08-07 00:47 - 000000000 ____D C:\Program Files (x86)\Google
      2018-08-07 00:47 - 2018-08-06 16:30 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
      2018-08-07 00:47 - 2018-08-06 16:30 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
      2018-08-06 19:35 - 2018-08-06 19:35 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\TeamViewer
      2018-08-06 16:30 - 2018-08-06 16:30 - 000000693 _____ C:\Users\DBPROTOOLS\Desktop\Downloads - Shortcut.lnk
      2018-08-06 16:29 - 2018-08-06 16:29 - 000000000 ____D C:\Program Files (x86)\GUM4368.tmp
      2018-08-06 14:37 - 2018-08-06 14:38 - 274317312 _____ C:\Users\DBPROTOOLS\Downloads\LibreOffice_6.0.6_Win_x64.msi
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-17 09:01 - 2006-11-02 18:20 - 000005024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
      2018-08-17 09:01 - 2006-11-02 18:20 - 000005024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
      2018-08-16 17:08 - 2006-11-02 16:33 - 000000000 ____D C:\Windows\inf
      2018-08-16 17:08 - 2006-11-02 15:46 - 000690960 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-08-16 17:01 - 2006-11-02 18:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-08-16 14:51 - 2006-11-02 18:38 - 000011762 _____ C:\Windows\Tasks\SCHEDLGU.TXT
      2018-08-08 09:44 - 2006-11-02 18:20 - 000256016 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-08-07 17:15 - 2006-11-02 18:05 - 000262144 _____ C:\Windows\system32\config\BCD-Template
      2018-08-07 09:44 - 2006-11-02 16:33 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
      2018-08-07 09:43 - 2006-11-02 16:34 - 000000000 ____D C:\Windows\system32\NDF
      2018-08-07 07:21 - 2006-11-02 16:33 - 000000000 ____D C:\Windows\rescache
      ==================== Files in the root of some directories =======
      2018-08-15 10:04 - 2018-08-17 10:18 - 000000272 ____H () C:\Program Files (x86)\dacaawxyupgsitlnmqkmj.vgd
      2018-08-07 00:53 - 2018-08-16 17:02 - 000000680 _____ () C:\Users\DBPROTOOLS\AppData\Local\d3d9caps.dat
      2018-08-07 07:21 - 2018-08-16 17:01 - 000000732 _____ () C:\Users\DBPROTOOLS\AppData\Local\d3d9caps64.dat
      2018-08-07 12:20 - 2018-08-17 10:18 - 000000272 ____H () C:\Users\DBPROTOOLS\AppData\Local\dacaawxyupgsitlnmqkmj.vgd
      2018-08-07 09:44 - 2018-08-07 09:45 - 000452836 _____ () C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistMSI223D.txt
      2018-08-07 09:45 - 2018-08-07 09:46 - 000456080 _____ () C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistMSI22E4.txt
      2018-08-07 09:44 - 2018-08-07 09:45 - 000011616 _____ () C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistUI223D.txt
      2018-08-07 09:45 - 2018-08-07 09:46 - 000011632 _____ () C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistUI22E4.txt
      2018-08-07 12:22 - 2018-08-07 12:22 - 000004088 ____H () C:\Users\DBPROTOOLS\AppData\Local\ygtcnugszfhefberbqviqmyucpyjqcov.dab
      Files to move or delete:
      ====================
      C:\Users\DBPROTOOLS\AppData\Local\Temp\fuoewkdwkxgksvfzq.exe
      C:\Users\DBPROTOOLS\AppData\Local\Temp\zqmeyojeujuakpbxqoc.exe .
      C:\Users\DBPROTOOLS\AppData\Local\Temp\ymfulyqivhpszbkd.exe
      C:\Users\DBPROTOOLS\AppData\Local\Temp\oezqjysmbpzenrcxpm.exe .

      Some files in TEMP:
      ====================
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\busmiaxumdqykrfdyyomf.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\fuoewkdwkxgksvfzq.exe
      2018-08-07 12:20 - 2018-08-07 12:20 - 000327680 _____ () C:\Users\DBPROTOOLS\AppData\Local\Temp\gegdhvgwcqz.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\mebupgcypfryjpcztshe.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\oezqjysmbpzenrcxpm.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\smlgdwusldranvkjfgxwqy.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\ymfulyqivhpszbkd.exe
      2018-08-07 12:20 - 2018-08-07 12:20 - 000708608 _____ () C:\Users\DBPROTOOLS\AppData\Local\Temp\zeoucgp.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\zqmeyojeujuakpbxqoc.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-08-17 05:08
      ==================== End of FRST.txt ============================
      Addition.txt
    • от v3cko
      malwarbytes засече троянец и други гадинки
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.08.2018
      Ran by BECKO (administrator) on BECKO-PC (12-08-2018 08:46:39)
      Running from C:\Users\BECKO\Downloads
      Loaded Profiles: BECKO (Available Profiles: BECKO)
      Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Английски (Съединени щати)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
      (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
      (Microsoft Corporation) C:\Windows\System32\rundll32.exe
      (Intel Corporation) C:\Windows\System32\igfxtray.exe
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Intel Corporation) C:\Windows\System32\igfxpers.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
      (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
      (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2018-08-11] (Synaptics Incorporated)
      HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
      HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\...\Run: [Chromium] => "c:\users\becko\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{4447F6FC-1164-470A-9CC4-84A798333B40}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{566E0D37-D76E-44FA-984D-4A40BF15E2B7}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
      StartMenuInternet: IEXPLORE.EXE - iexplore.exe
      FireFox:
      ========
      FF ProfilePath: C:\Users\BECKO\AppData\Roaming\K-Meleon\ignaeef5.default [2018-08-12]
      FF user.js: detected! => C:\Users\BECKO\AppData\Roaming\K-Meleon\ignaeef5.default\user.js [2006-04-06]
      FF Homepage: K-Meleon\ignaeef5.default -> google.bg
      FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2016-01-04] [Legacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-08-11] ()
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-11] (Google Inc.)
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-11] (Google Inc.)
      Chrome: 
      =======
      CHR HomePage: Default -> hxxp://google.bg/
      CHR StartupUrls: Default -> "hxxps://www.google.bg/"
      CHR Profile: C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default [2018-08-12]
      CHR Extension: (Презентации) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-11]
      CHR Extension: (Документи) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-11]
      CHR Extension: (Google Диск) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-11]
      CHR Extension: (YouTube) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-11]
      CHR Extension: (Adblock Plus) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-08-11]
      CHR Extension: (Таблици) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-11]
      CHR Extension: (Google Документи офлайн) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-11]
      CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2018-08-11]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-11]
      CHR Extension: (Gmail) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-11]
      CHR Extension: (Chrome Media Router) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-11]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1680088 2018-08-11] (Broadcom Corporation.)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
      R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [175320 2018-08-11] (Broadcom Corporation.)
      S3 btwampfl; C:\Windows\System32\DRIVERS\btwampfl.sys [144600 2018-08-11] (Broadcom Corporation.)
      R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-06-19] (Malwarebytes)
      S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [38224 2018-08-11] ()
      R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [527344 2018-08-11] (Intel Corporation)
      R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26096 2018-08-11] (Intel Corporation)
      R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [44800 2018-08-11] (Infineon Technologies AG)
      R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2018-08-11] (Windows (R) Codename Longhorn DDK provider)
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [165608 2018-08-11] (Malwarebytes)
      R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [95488 2018-08-12] (Malwarebytes)
      R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [42728 2018-08-12] (Malwarebytes)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-08-12] (Malwarebytes)
      R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [73336 2018-08-12] (Malwarebytes)
      R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7523840 2018-08-11] (Intel Corporation)
      R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [7424 2018-08-11] ()
      R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2018-08-12] (Zemana Ltd.)
      R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2018-08-12] (Zemana Ltd.)
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-12 08:46 - 2018-08-12 08:47 - 000008916 _____ C:\Users\BECKO\Downloads\FRST.txt
      2018-08-12 08:46 - 2018-08-12 08:46 - 000000000 ____D C:\FRST
      2018-08-12 08:44 - 2018-08-12 08:44 - 001773056 _____ (Farbar) C:\Users\BECKO\Downloads\FRST.exe
      2018-08-12 08:08 - 2018-08-12 08:46 - 000032169 _____ C:\Windows\ZAM.krnl.trace
      2018-08-12 08:08 - 2018-08-12 08:46 - 000011705 _____ C:\Windows\ZAM_Guard.krnl.trace
      2018-08-12 08:08 - 2018-08-12 08:08 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
      2018-08-12 08:08 - 2018-08-12 08:08 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
      2018-08-12 08:08 - 2018-08-12 08:08 - 000001892 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
      2018-08-12 08:08 - 2018-08-12 08:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
      2018-08-12 08:08 - 2018-08-12 08:08 - 000000000 ____D C:\Program Files\Zemana AntiMalware
      2018-08-12 08:06 - 2018-08-12 08:06 - 000000000 ____D C:\Users\BECKO\AppData\Local\Zemana
      2018-08-12 08:05 - 2018-08-12 08:05 - 006625600 _____ (Zemana Ltd. ) C:\Users\BECKO\Downloads\Zemana.AntiMalware.Setup.exe
      2018-08-12 07:45 - 2018-08-12 07:45 - 007417040 _____ (Malwarebytes) C:\Users\BECKO\Downloads\adwcleaner_7.2.2.exe
      2018-08-12 07:44 - 2018-08-12 07:45 - 000000000 ____D C:\AdwCleaner
      2018-08-12 07:44 - 2018-08-12 07:44 - 007277776 _____ (Malwarebytes) C:\Users\BECKO\Downloads\adwcleaner_7.1.1.exe
      2018-08-12 07:12 - 2018-08-12 07:12 - 000000000 ____D C:\Users\BECKO\AppData\Local\CrashDumps
      2018-08-12 06:43 - 2018-08-12 08:36 - 000000000 ____D C:\ProgramData\RogueKiller
      2018-08-12 06:43 - 2018-08-12 08:16 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
      2018-08-12 06:42 - 2018-08-12 06:42 - 000001005 _____ C:\Users\Public\Desktop\RogueKiller.lnk
      2018-08-12 06:42 - 2018-08-12 06:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
      2018-08-12 06:42 - 2018-08-12 06:42 - 000000000 ____D C:\Program Files\RogueKiller
      2018-08-12 06:41 - 2018-08-12 06:41 - 036826200 _____ (Adlice Software ) C:\Users\BECKO\Downloads\RogueKiller_setup.exe
      2018-08-12 06:39 - 2018-08-12 06:39 - 000000000 _____ C:\Users\BECKO\Downloads\RogueKiller.exe
      2018-08-12 00:53 - 2018-08-12 00:53 - 000000046 _____ C:\Users\BECKO\AppData\Roaming\WB.CFG
      2018-08-12 00:38 - 2018-08-11 13:48 - 000000000 ____D C:\Windows\Panther
      2018-08-12 00:32 - 2018-08-12 00:32 - 000000000 ____D C:\Windows.old
      2018-08-12 00:20 - 2018-08-12 00:20 - 000000000 ____D C:\Windows\pss
      2018-08-11 22:23 - 2018-08-11 22:23 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
      2018-08-11 22:23 - 2018-08-11 22:23 - 000000000 ____D C:\Program Files\Synaptics
      2018-08-11 22:18 - 2018-08-11 22:18 - 000214312 _____ (Synaptics Incorporated) C:\Windows\system32\SynCtrl.dll
      2018-08-11 22:18 - 2018-08-11 22:18 - 000173352 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
      2018-08-11 22:18 - 2018-08-11 22:18 - 000120104 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo4.dll
      2018-08-11 22:14 - 2018-08-11 22:14 - 000165160 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
      2018-08-11 22:11 - 2018-08-11 22:11 - 001303728 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
      2018-08-11 22:09 - 2018-08-11 22:09 - 000046592 _____ (REDC) C:\Windows\system32\Drivers\risdptsk.sys
      2018-08-11 22:04 - 2018-08-11 22:04 - 000044800 _____ (Infineon Technologies AG) C:\Windows\system32\Drivers\ifxtpm.sys
      2018-08-11 21:57 - 2018-08-11 21:57 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ATSwpWDF_01009.Wdf
      2018-08-11 21:57 - 2018-08-11 21:57 - 000000000 ____D C:\Program Files\AuthenTec
      2018-08-11 21:54 - 2018-08-11 21:54 - 000000000 ____D C:\Intel
      2018-08-11 21:52 - 2018-08-11 21:53 - 000571904 _____ (Intel Corporation) C:\Windows\system32\igdumdx32.dll
      2018-08-11 21:52 - 2018-08-11 21:52 - 000452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
      2018-08-11 21:51 - 2018-08-11 21:52 - 004411392 _____ (Intel Corporation) C:\Windows\system32\igd10umd32.dll
      2018-08-11 21:48 - 2018-08-11 21:51 - 011405312 _____ (Intel Corporation) C:\Windows\system32\ig4icd32.dll
      2018-08-11 21:48 - 2018-08-11 21:48 - 000004096 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
      2018-08-11 21:48 - 2018-08-11 21:48 - 000000268 _____ C:\Windows\system32\GfxUI.exe.config
      2018-08-11 21:47 - 2018-08-11 21:48 - 003157784 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
      2018-08-11 21:47 - 2018-08-11 21:47 - 000189552 _____ C:\Windows\system32\Gfxres.th-TH.resources
      2018-08-11 21:47 - 2018-08-11 21:47 - 000121173 _____ C:\Windows\system32\Gfxres.tr-TR.resources
      2018-08-11 21:47 - 2018-08-11 21:47 - 000120320 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
      2018-08-11 21:47 - 2018-08-11 21:47 - 000104044 _____ C:\Windows\system32\Gfxres.zh-TW.resources
      2018-08-11 21:47 - 2018-08-11 21:47 - 000102883 _____ C:\Windows\system32\Gfxres.zh-CN.resources
      2018-08-11 21:46 - 2018-08-11 21:47 - 000119360 _____ C:\Windows\system32\Gfxres.sv-SE.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000178407 _____ C:\Windows\system32\Gfxres.el-GR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000165395 _____ C:\Windows\system32\Gfxres.ru-RU.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000139909 _____ C:\Windows\system32\Gfxres.ar-SA.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000136401 _____ C:\Windows\system32\Gfxres.ja-JP.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000133746 _____ C:\Windows\system32\Gfxres.he-IL.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000125558 _____ C:\Windows\system32\Gfxres.it-IT.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000123230 _____ C:\Windows\system32\Gfxres.ko-KR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000122927 _____ C:\Windows\system32\Gfxres.es-ES.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000122709 _____ C:\Windows\system32\Gfxres.de-DE.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000120800 _____ C:\Windows\system32\Gfxres.fr-FR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000120366 _____ C:\Windows\system32\Gfxres.pt-BR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000119616 _____ C:\Windows\system32\Gfxres.hu-HU.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000119586 _____ C:\Windows\system32\Gfxres.nl-NL.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000119067 _____ C:\Windows\system32\Gfxres.pt-PT.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118745 _____ C:\Windows\system32\Gfxres.cs-CZ.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118697 _____ C:\Windows\system32\Gfxres.fi-FI.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118409 _____ C:\Windows\system32\Gfxres.pl-PL.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118058 _____ C:\Windows\system32\Gfxres.sk-SK.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000114852 _____ C:\Windows\system32\Gfxres.nb-NO.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000114372 _____ C:\Windows\system32\Gfxres.sl-SI.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000114261 _____ C:\Windows\system32\Gfxres.da-DK.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000110214 _____ C:\Windows\system32\Gfxres.en-US.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000084992 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
      2018-08-11 21:45 - 2018-08-11 21:46 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000084992 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000084480 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000084480 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000082944 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000082944 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
      2018-08-11 21:43 - 2018-08-11 21:45 - 008198936 _____ (Intel(R) Corporation) C:\Windows\system32\TVWSetup.exe
      2018-08-11 21:43 - 2018-08-11 21:43 - 000261632 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
      2018-08-11 21:43 - 2018-08-11 21:43 - 000179480 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
      2018-08-11 21:43 - 2018-08-11 21:43 - 000023552 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
      2018-08-11 21:42 - 2018-08-11 21:43 - 000172824 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000828928 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000268056 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000228864 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000208896 _____ (Intel Corporation) C:\Windows\system32\iglhsip32.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000195584 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000171288 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000147456 _____ (Intel Corporation) C:\Windows\system32\iglhcp32.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000138008 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000130048 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000115200 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
      2018-08-11 21:42 - 2018-08-11 21:42 - 000095232 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000057856 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
      2018-08-11 21:41 - 2018-08-11 21:42 - 001921265 _____ C:\Windows\system32\iglhxa32.cpa
      2018-08-11 21:41 - 2018-08-11 21:41 - 000439308 _____ C:\Windows\system32\igcompkrng500.bin
      2018-08-11 21:41 - 2018-08-11 21:41 - 000092356 _____ C:\Windows\system32\igfcg500m.bin
      2018-08-11 21:41 - 2018-08-11 21:41 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2555.dll
      2018-08-11 21:41 - 2018-08-11 21:41 - 000060254 _____ C:\Windows\system32\iglhxg32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000060226 _____ C:\Windows\system32\iglhxc32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000060015 _____ C:\Windows\system32\iglhxo32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000051628 _____ C:\Windows\system32\iglhxs32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000001090 _____ C:\Windows\system32\iglhxa32.vp
      2018-08-11 21:40 - 2018-08-11 21:41 - 000982240 _____ C:\Windows\system32\igkrng500.bin
      2018-08-11 21:37 - 2018-08-11 21:37 - 000017408 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\KMWDFILTER.sys
      2018-08-11 21:36 - 2018-08-11 21:36 - 000007424 _____ () C:\Windows\system32\Drivers\whfltr2k.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000095488 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000073336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000042728 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2018-08-11 20:30 - 2018-08-11 20:30 - 000165608 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2018-08-11 20:27 - 2018-08-11 20:28 - 000000000 ____D C:\Users\BECKO\Downloads\windows.loader.v2.2.2
      2018-08-11 20:26 - 2018-08-11 20:26 - 001768154 _____ C:\Users\BECKO\Downloads\windows.loader.v2.2.2.zip
      2018-08-11 19:36 - 2018-08-11 19:36 - 078989872 _____ (Malwarebytes ) C:\Users\BECKO\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.6237.exe
      2018-08-11 19:36 - 2018-08-11 19:36 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\ProgramData\Malwarebytes
      2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\Program Files\Malwarebytes
      2018-08-11 19:36 - 2018-06-19 14:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
      2018-08-11 19:15 - 2018-08-11 19:15 - 000038224 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
      2018-08-11 19:14 - 2018-08-11 19:15 - 000000000 ____D C:\ProgramData\HitmanPro
      2018-08-11 18:56 - 2018-08-12 08:13 - 000001134 _____ C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
      2018-08-11 18:54 - 2018-07-20 18:17 - 084469760 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Roaming\rasapi32.dll
      2018-08-11 18:53 - 2018-08-12 06:28 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\41B13405-F6F9-0E07-41F8-1ED9F82C4739
      2018-08-11 18:52 - 2018-08-11 19:54 - 000000000 ____D C:\ProgramData\McAfee
      2018-08-11 18:51 - 2018-08-12 00:31 - 000000000 ____D C:\Windows\system32\yiuxtdsr
      2018-08-11 18:50 - 2018-08-11 19:43 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Sound Volume Control
      2018-08-11 18:47 - 2018-08-11 18:47 - 000000000 ____D C:\Windows\system32\appmgmt
      2018-08-11 18:28 - 2018-08-11 18:28 - 017142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 011220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 004240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 003969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 003914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2018-08-11 18:28 - 2018-08-11 18:28 - 002166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2018-08-11 18:28 - 2018-08-11 18:28 - 001818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
      2018-08-11 18:28 - 2018-08-11 18:28 - 000610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2018-08-11 18:28 - 2018-08-11 18:28 - 000244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2018-08-11 18:28 - 2018-08-11 18:28 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000000000 ____D C:\Users\BECKO\AppData\LocalLow\Temp
      2018-08-11 18:27 - 2018-08-11 18:27 - 001294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
      2018-08-11 18:27 - 2018-08-11 18:27 - 000868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
      2018-08-11 18:27 - 2018-08-11 18:27 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
      2018-08-11 18:27 - 2018-08-11 18:27 - 000240496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
      2018-08-11 18:27 - 2018-08-11 18:27 - 000231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
      2018-08-11 18:27 - 2018-08-11 18:27 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
      2018-08-11 18:27 - 2018-08-11 18:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 003419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 002284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
      2018-08-11 18:23 - 2018-08-11 18:23 - 001505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
      2018-08-11 18:22 - 2018-08-11 18:22 - 031194832 _____ (Microsoft Corporation) C:\Users\BECKO\Downloads\IE11-Windows6.1-x86-bg-bg.exe
      2018-08-11 17:59 - 2018-08-11 18:02 - 009037312 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd32.sys
      2018-08-11 17:57 - 2018-08-11 17:58 - 002760704 _____ (Intel Corporation) C:\Windows\system32\NETwNr32.dll
      2018-08-11 17:57 - 2018-08-11 17:57 - 000684032 _____ (Intel Corporation) C:\Windows\system32\NETwNc32.dll
      2018-08-11 17:55 - 2018-08-11 17:57 - 007523840 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETwNs32.sys
      2018-08-11 17:55 - 2018-08-11 17:55 - 000527344 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
      2018-08-11 17:55 - 2018-08-11 17:55 - 000026096 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys
      2018-08-11 17:54 - 2018-08-11 17:54 - 000232664 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1y6232.sys
      2018-08-11 17:54 - 2018-08-11 17:54 - 000121440 _____ (Intel Corporation) C:\Windows\system32\e1000msg.dll
      2018-08-11 17:54 - 2018-08-11 17:54 - 000081600 _____ (Intel Corporation) C:\Windows\system32\NicInstY.dll
      2018-08-11 17:54 - 2018-08-11 17:54 - 000028792 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll
      2018-08-11 17:54 - 2018-08-11 17:54 - 000003313 _____ C:\Windows\system32\e1y6232.din
      2018-08-11 17:53 - 2018-08-11 17:53 - 000144600 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys
      2018-08-11 17:53 - 2018-08-11 17:53 - 000060120 _____ (Broadcom Corporation.) C:\Windows\system32\btwdi.dll
      2018-08-11 17:52 - 2018-08-11 17:53 - 001680088 _____ (Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe
      2018-08-11 17:52 - 2018-08-11 17:52 - 001640152 _____ (Broadcom Corporation.) C:\Windows\system32\BcmBtRSupport.dll
      2018-08-11 17:52 - 2018-08-11 17:52 - 000175320 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys
      2018-08-11 17:50 - 2018-08-11 17:50 - 000048128 _____ (REDC) C:\Windows\system32\Drivers\rimmptsk.sys
      2018-08-11 17:45 - 2018-08-11 17:45 - 001461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoinstaller01009.dll
      2018-08-11 17:45 - 2018-08-11 17:45 - 000015544 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\CPQBttn.sys
      2018-08-11 17:44 - 2018-08-11 17:44 - 000971752 _____ (AuthenTec, Inc.) C:\Windows\system32\Drivers\ATSwpWDF.sys
      2018-08-11 17:42 - 2018-08-11 17:42 - 000035896 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\Accelerometer.sys
      2018-08-11 17:42 - 2018-08-11 17:42 - 000026168 _____ (Hewlett-Packard Company) C:\Windows\system32\hpservice.exe
      2018-08-11 17:42 - 2018-08-11 17:42 - 000025656 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\hpdskflt.sys
      2018-08-11 17:42 - 2018-08-11 17:42 - 000016952 _____ (Hewlett-Packard Company) C:\Windows\system32\accelerometerdll.DLL
      2018-08-11 17:42 - 2018-08-11 17:42 - 000014392 _____ (Hewlett-Packard Company) C:\Windows\system32\HPMDPCoInst12.dll
      2018-08-11 17:40 - 2018-08-12 07:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
      2018-08-11 17:39 - 2018-08-11 17:39 - 004107032 _____ (Easeware ) C:\Users\BECKO\Downloads\DriverEasy_Setup.exe
      2018-08-11 16:22 - 2018-08-11 16:22 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Adobe
      2018-08-11 16:21 - 2018-08-11 18:15 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
      2018-08-11 16:21 - 2018-08-11 18:15 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
      2018-08-11 16:21 - 2018-08-11 18:15 - 000000000 ____D C:\Windows\system32\Macromed
      2018-08-11 16:21 - 2018-08-11 18:15 - 000000000 ____D C:\Users\BECKO\AppData\Local\Adobe
      2018-08-11 16:21 - 2018-08-11 16:21 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Macromedia
      2018-08-11 16:21 - 2018-08-11 16:21 - 000000000 ____D C:\Users\BECKO\AppData\Local\CEF
      2018-08-11 16:17 - 2018-08-11 17:11 - 000000000 ____D C:\Users\BECKO\AppData\Local\K-Meleon
      2018-08-11 16:17 - 2018-08-11 16:17 - 000001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Meleon.lnk
      2018-08-11 16:17 - 2018-08-11 16:17 - 000001067 _____ C:\Users\Public\Desktop\K-Meleon.lnk
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\Downloads\k-meleon
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Mozilla
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\K-Meleon
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Program Files\K-Meleon
      2018-08-11 16:14 - 2018-08-11 16:14 - 032875887 _____ (kmeleonbrowser.org) C:\Users\BECKO\Downloads\K-Meleon76RC.exe
      2018-08-11 16:04 - 2018-08-11 16:04 - 000000000 ____H C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
      2018-08-11 16:04 - 2018-08-11 16:04 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
      2018-08-11 16:04 - 2012-07-26 06:39 - 000526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
      2018-08-11 16:04 - 2012-07-26 06:39 - 000047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
      2018-08-11 16:04 - 2012-07-26 05:46 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
      2018-08-11 16:04 - 2012-06-02 17:34 - 000000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
      2018-08-11 14:20 - 2018-07-17 01:02 - 000480888 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
      2018-08-11 14:18 - 2018-08-11 14:18 - 000000492 _____ C:\Users\BECKO\Desktop\LFS.lnk
      2018-08-11 14:04 - 2018-08-11 14:04 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-08-11 14:04 - 2018-08-11 14:04 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-08-11 14:04 - 2018-08-11 14:04 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Google
      2018-08-11 14:03 - 2018-08-11 14:18 - 000000000 ____D C:\Users\BECKO\AppData\Local\Google
      2018-08-11 14:03 - 2018-08-11 14:03 - 000000000 ____D C:\Program Files\Google
      2018-08-11 14:02 - 2018-08-11 14:02 - 000057560 _____ C:\Users\BECKO\AppData\Local\GDIPFONTCACHEV1.DAT
      2018-08-11 13:49 - 2018-08-11 13:49 - 000001417 _____ C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      2018-08-11 13:49 - 2014-05-14 19:23 - 001973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
      2018-08-11 13:49 - 2014-05-14 19:23 - 000581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
      2018-08-11 13:49 - 2014-05-14 19:23 - 000054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
      2018-08-11 13:49 - 2014-05-14 19:23 - 000045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
      2018-08-11 13:49 - 2014-05-14 19:23 - 000036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
      2018-08-11 13:49 - 2014-05-14 19:17 - 002425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
      2018-08-11 13:49 - 2014-05-14 19:17 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
      2018-08-11 13:49 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
      2018-08-11 13:49 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
      2018-08-11 13:48 - 2018-08-12 08:13 - 000000000 ____D C:\Users\BECKO
      2018-08-11 13:48 - 2018-08-11 13:48 - 000000020 ___SH C:\Users\BECKO\ntuser.ini
      2018-08-11 13:48 - 2018-08-11 13:48 - 000000000 ____D C:\Users\BECKO\AppData\Local\VirtualStore
      2018-08-11 13:48 - 2010-11-21 03:46 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Media Center Programs
      2018-08-11 13:43 - 2018-08-11 13:43 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
      2018-08-11 13:42 - 2018-08-11 13:42 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
      2018-08-11 13:41 - 2018-08-11 13:41 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-12 07:58 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-08-12 07:58 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-08-12 07:56 - 2010-11-21 00:01 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-08-12 07:56 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
      2018-08-12 07:51 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-08-12 00:38 - 2009-07-14 07:52 - 000028672 _____ C:\Windows\system32\config\BCD-Template
      2018-08-11 21:57 - 2009-07-14 07:52 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
      2018-08-11 21:40 - 2009-07-14 01:09 - 004967424 _____ (Intel Corporation) C:\Windows\system32\igdumd32.dll
      2018-08-11 18:36 - 2009-07-14 07:33 - 000266808 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-08-11 18:34 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\PolicyDefinitions
      2018-08-11 17:30 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\rescache
      2018-08-11 17:24 - 2010-11-21 03:38 - 000000000 ____D C:\Windows\system32\WCN
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\sysprep
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\oobe
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\migwiz
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\servicing
      2018-08-11 17:23 - 2010-11-21 03:46 - 000000000 ____D C:\Program Files\Windows Journal
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Sidebar
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Defender
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\DVD Maker
      2018-08-11 17:23 - 2009-07-14 05:37 - 000000000 ____D C:\Program Files\Common Files\System
      2018-08-11 14:05 - 2017-10-21 15:53 - 000000000 ____D C:\LFS
      2018-08-11 13:48 - 2009-07-14 05:37 - 000000000 __RHD C:\Users\Public\Libraries
      2018-08-11 13:43 - 2009-07-14 07:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
      2018-08-11 13:39 - 2010-11-21 03:46 - 000000000 ____D C:\Windows\CSC
      =============