Премини към съдържанието
Силвия Табакова

Голям проблем с intarsurf,oursurfing и съмнение за заразен компютър

Препоръчан отговор


Здравейте,

имам огромен проблем с лаптопа.Всъщност ,въобще не може да се ползва.

Нямям представа как /защото и дъщеря ми го ползва/,но са се инсталирали ред програми като:

intarsurf,oursurfing,Crossbrowse,RegClean-Pro,SpeedUp My PC  и други.Пробвах да ги деинсталирам ,но не успях,и при всяко деинсталиране се сдобивам с разни нови.

Всичко останало ми е разбутано.До сега ползвах Chrome ,но сега ми изчезнаха всички настройки.

От самото включване започват разни блокажи,скриптове,не намиране на програми и.....а екрана се пълни с разни реклами..Непрекъснато изписва:

Error

The specified module could not be found

Load Library(pythondill)failed

Error

C*Program files/Uniblue/SpeedMy PC/PYTHON27.DLL

и други...

Моля ви за помощ :help wanted3:  


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2015
Ran by Silvy (administrator) on SILVY-PC (21-08-2015 15:25:25)
Running from C:\Users\Silvy\Downloads
Loaded Profiles: Silvy (Available Profiles: Silvy)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(DTools LIMITED) C:\ProgramData\6WinManPro6\ProtectWindowsManager.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\ProgramData\ExtTag\ExtTag.exe
(XTab system) C:\Program Files\MiuiTab\ProtectService.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
() C:\Windows\System32\srvany.exe
() C:\Windows\KMService.exe
(Syntek America Inc.) C:\Windows\System32\StkCSrv.exe
() C:\Program Files\DC8122E2-1437418746-D543-6C80-001E8C61453C\hnsj9EF4.tmp
() C:\Program Files\DC8122E2-1437418746-D543-6C80-001E8C61453C\jnst84E2.tmp
() C:\ProgramData\ExtTag\mxyybgvn.exe
(OB) C:\Program Files\SavePass 1.1\e5c80545-bae7-429e-8c66-24b2aadbae3e-10.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BitTorrent Inc.) C:\Users\Silvy\AppData\Roaming\uTorrent\uTorrent.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Crossbrowse) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Dropbox, Inc.) C:\Users\Silvy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(SearchProtect) C:\Program Files\MiuiTab\CmdShell.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(XTab system) C:\Program Files\MiuiTab\HPNotify.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
() C:\Windows\System32\nethtsrv.exe
() C:\Windows\System32\netupdsrv.exe
(Pay By Ads LTD) C:\Users\Silvy\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrsetup.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Pay By Ads LTD) C:\Users\Silvy\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrsetup.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Pay By Ads LTD) C:\Users\Silvy\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrlte.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\Google\Update\Install\{BA737518-6F9B-4951-AE1B-B1DC54A33DD0}\44.0.2403.157_44.0.2403.155_chrome_updater.exe
(Google Inc.) C:\Windows\Temp\CR_4FB64.tmp\setup.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Pay By Ads LTD) C:\Users\Silvy\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrsetup.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-04-03] (CANON INC.)
HKLM\...\Run: [sSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\...\Run: [uTorrent] => C:\Users\Silvy\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-07] (BitTorrent Inc.)
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\...\Run: [speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [51712 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [53288576 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\...\Run: [EpicScale] => [X]
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\...\Run: [Dropbox Update] => C:\Users\Silvy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\...\Run: [GoogleChromeAutoLaunch_9D028DA769B8F8BA1EF2B2E5C45F19DE] => C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-05-12] (Crossbrowse)
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\...\Run: [Yahoo! Search] => C:\Users\Silvy\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrlte.exe [660736 2015-08-08] (Pay By Ads LTD)
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\...\Run: [OffersWizard update] => C:\Users\Silvy\AppData\Local\{11A54DED-6E3E-4122-BAED-0BFB8C5C73A9}\OffersWizard.exe [982016 2015-08-14] ()
AppInit_DLLs: C:\ProgramData\ExtTag\oxxgvhhm.dll => C:\ProgramData\ExtTag\oxxgvhhm.dll [120320 2015-08-12] ()
Startup: C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-07-20]
ShortcutTarget: crossbrowse.lnk -> C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse)
Startup: C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-08-02]
ShortcutTarget: Dropbox.lnk -> C:\Users\Silvy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-06-20]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2t2ZbjKcFXJ1MIte5fIRxZm7OiGFCTkSjrbfZRZpI_eD71KTg20y7jqJ4LatbsQ-BvIIuiauq1CXm8GnajegVCQjtD3o_J3BtiZp6IJXZ2Nj4aSFKJdbaGgrjTsmeBqK7o6Bb64_u4OnMVe-&q={searchTerms}
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.bg/
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437419518&z=f357ae5290211e393adf3ffgbz4c5m0z3g8t3zfb0e&from=ima&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&q={searchTerms}
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2t2ZbjKcFXJ1MIte5fIRxZm7OiGFCTkSjrbfZRZpI_eD71KTg20y7jqJ4LatbsQ-BvIIuiauq1CXm8GnajegVCQjtD3o_J3BtiZp6IJXZ2Nj4aSFKJdbaGgrjTsmeBqK7o6Bb64_u4OnMVe-&q={searchTerms}
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2t2ZbjKcFXJ1MIte5fIRxZm7OiGFCTkSjrbfZRZpI_eD71KTg20y7jqJ4LatbsQ-BvIIuiauq1CXm8GnajegVCQjtD3o_J3BtiZp6IJXZ2Nj4aSFKJdbaGgrjTsmeBqK7o6Bb64_u4OnMVe-&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&q={searchTerms}
SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2t2ZbjKcFXJ1MIte5fIRxZm7OiGFCTkSjrbfZRZpI_eD71KTg20y7jqJ4LatbsQ-BvIIuiauq1CXm8GnajegVCQjtD3o_J3BtiZp6IJXZ2Nj4aSFKJdbaGgrjTsmeBqK7o6Bb64_u4OnMVe-&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1625243576-869716123-3662650611-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1625243576-869716123-3662650611-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1625243576-869716123-3662650611-1000 -> {096B907D-AAF2-40E2-B273-0BD10CAB1969} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1625243576-869716123-3662650611-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1625243576-869716123-3662650611-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1625243576-869716123-3662650611-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1625243576-869716123-3662650611-1000 -> {7029578D-92B5-4DAA-8098-BCAA8414C1C4} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1625243576-869716123-3662650611-1000 -> {BCAA0611-F391-41C8-95A5-D6E87F4D77E5} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1625243576-869716123-3662650611-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1625243576-869716123-3662650611-1000 -> {ielnksrch} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}
BHO: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files\MiuiTab\SupTab.dll [2015-08-04] (Good Co. Limited)
BHO: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files\MiuiTab\SupTab.dll [2015-08-04] (Good Co. Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: PriceFountain -> {b608cc98-54de-4775-96c9-097de398500c} -> C:\Users\Silvy\AppData\Local\PriceFountain\PriceFountainIE.dll No File
Toolbar: HKU\S-1-5-21-1625243576-869716123-3662650611-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{1E4E8F1F-7CCA-44FE-9EBD-07493503D768}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{23DE7EFB-2F55-43BD-AEA8-1BCD1EC70945}: [NameServer] 52.17.204.69,8.8.8.8
Tcpip\..\Interfaces\{3095FECE-B308-4C35-896E-1C0CD667957A}: [NameServer] 52.17.204.69,8.8.8.8
Tcpip\..\Interfaces\{BD2F665A-784E-4B0C-B6C8-8962A37A73B0}: [NameServer] 52.17.204.69,8.8.8.8
Tcpip\..\Interfaces\{BD2F665A-784E-4B0C-B6C8-8962A37A73B0}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 52.17.204.69,8.8.8.8
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\findit.xml [2015-08-17]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mailru.xml [2014-08-26]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ozonru.xml [2014-08-26]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\priceru.xml [2014-08-26]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex-slovari.xml [2014-08-26]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex.xml [2014-08-26]
 
Chrome: 
=======
CHR Profile: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Search) - C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaadgepjkdffhjbkfjgnnffnfcffbg [2015-08-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Skype Click to Call) - C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-08-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-10]
CHR HKLM\...\Chrome\Extension: [aaaaadgepjkdffhjbkfjgnnffnfcffbg] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [125112 2015-08-04] (XTab system)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] () [File not signed]
R2 KMService; C:\Windows\system32\srvany.exe [8192 2010-06-16] () [File not signed]
R2 NetHttpService; C:\Windows\system32\nethtsrv.exe [350208 2015-07-31] () [File not signed]
R2 ServiceUpdater; C:\Windows\system32\netupdsrv.exe [191488 2015-07-31] () [File not signed]
R2 StkSSrv; C:\Windows\System32\StkCSrv.exe [24576 2007-04-19] (Syntek America Inc.)
R2 vicoqudu; C:\Program Files\DC8122E2-1437418746-D543-6C80-001E8C61453C\hnsj9EF4.tmp [165376 2015-07-20] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2014-03-12] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\6WinManPro6\ProtectWindowsManager.exe [708264 2015-08-10] (DTools LIMITED) <==== ATTENTION
R2 zejytose; C:\Program Files\DC8122E2-1437418746-D543-6C80-001E8C61453C\jnst84E2.tmp [199168 2015-07-20] () [File not signed]
R2 ExtTag; C:\ProgramData\ExtTag\ExtTag [X]
S2 qukyfeqy; C:\Program Files\DC8122E2-1437418746-D543-6C80-001E8C61453C\knsj5FC0.tmpfs [X]
S2 Util Coupon Time; "C:\Program Files\Coupon Time\bin\utilCouponTime.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R5 ACPI; C:\Windows\System32\drivers\ACPI.sys [274304 2010-11-21] (Microsoft Corporation)
R5 amdxata; C:\Windows\System32\drivers\amdxata.sys [22400 2014-03-12] (Advanced Micro Devices)
R5 atapi; C:\Windows\System32\drivers\atapi.sys [21584 2009-07-14] (Microsoft Corporation)
R5 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R5 CNG; C:\Windows\System32\Drivers\cng.sys [369848 2014-03-12] (Microsoft Corporation)
R5 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [19024 2009-07-14] (Microsoft Corporation)
S3 cpuz136; C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys [25320 2013-08-24] (CPUID)
R5 Disk; C:\Windows\System32\drivers\disk.sys [57424 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2014-05-17] (DT Soft Ltd)
R5 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58448 2009-07-14] (Microsoft Corporation)
R5 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [198208 2009-07-14] (Microsoft Corporation)
U5 Fs_Rec; C:\Windows\system32\Drivers\Fs_Rec.sys [19824 2014-03-12] (Microsoft Corporation)
R5 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [196328 2014-03-12] (Microsoft Corporation)
R5 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14208 2010-11-21] (Microsoft Corporation)
R5 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [67520 2014-03-12] (Microsoft Corporation)
R5 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [136640 2014-03-12] (Microsoft Corporation)
R5 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78208 2010-11-21] (Microsoft Corporation)
R5 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [13888 2009-07-14] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
R5 Mup; C:\Windows\System32\Drivers\mup.sys [49728 2009-07-14] (Microsoft Corporation)
R5 NDIS; C:\Windows\System32\drivers\ndis.sys [712048 2014-03-12] (Microsoft Corporation)
R1 nethfdrv; C:\Windows\system32\drivers\nethfdrv.sys [40528 2015-07-31] (nethfdrv)
R5 partmgr; C:\Windows\System32\drivers\partmgr.sys [56176 2014-03-12] (Microsoft Corporation)
R5 pci; C:\Windows\System32\drivers\pci.sys [153984 2010-11-21] (Microsoft Corporation)
R5 pciide; C:\Windows\System32\drivers\pciide.sys [12368 2009-07-14] (Microsoft Corporation)
R5 pcw; C:\Windows\System32\drivers\pcw.sys [43088 2009-07-14] (Microsoft Corporation)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1311232 2009-07-14] (NXP Semiconductors)
R5 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [173440 2010-11-21] (Microsoft Corporation)
R5 spldr; C:\Windows\system32\Drivers\spldr.sys [17472 2009-07-14] (Microsoft Corporation)
R3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1260672 2007-05-30] (Syntek)
R5 storflt; C:\Windows\System32\drivers\vmstorfl.sys [40704 2010-11-21] (Microsoft Corporation)
R5 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1294272 2014-03-12] (Microsoft Corporation)
R5 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [32832 2009-07-14] (Microsoft Corporation)
R5 volmgr; C:\Windows\System32\drivers\volmgr.sys [53120 2010-11-21] (Microsoft Corporation)
R5 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] (Microsoft Corporation)
R5 volsnap; C:\Windows\System32\drivers\volsnap.sys [245632 2010-11-21] (Microsoft Corporation)
R5 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [527064 2014-03-12] (Microsoft Corporation)
R1 {5663c04f-f294-4115-9114-b62be60538cb}Gw; C:\Windows\System32\drivers\{5663c04f-f294-4115-9114-b62be60538cb}Gw.sys [43152 2015-08-02] (StdLib)
R1 {92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw; C:\Windows\System32\drivers\{92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw.sys [43152 2015-08-04] (StdLib)
R1 {949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw; C:\Windows\System32\drivers\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw.sys [43152 2015-08-08] (StdLib)
R1 {b2b1c7de-2b5f-4688-b5b1-33172b6705e7}Gw; C:\Windows\System32\drivers\{b2b1c7de-2b5f-4688-b5b1-33172b6705e7}Gw.sys [43152 2015-07-18] (StdLib)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-21 15:23 - 2015-08-21 15:23 - 02173952 _____ (Farbar) C:\Users\Silvy\Downloads\FRST64 (4).exe
2015-08-21 15:23 - 2015-08-21 15:23 - 02173952 _____ (Farbar) C:\Users\Silvy\Downloads\FRST64 (3).exe
2015-08-21 15:22 - 2015-08-21 15:22 - 01677312 _____ (Farbar) C:\Users\Silvy\Downloads\FRST.exe
2015-08-21 15:20 - 2015-08-21 15:20 - 02173952 _____ (Farbar) C:\Users\Silvy\Downloads\FRST64 (2).exe
2015-08-21 15:17 - 2015-08-21 15:18 - 02173952 _____ (Farbar) C:\Users\Silvy\Downloads\FRST64 (1).exe
2015-08-21 15:16 - 2015-08-21 15:16 - 02173952 _____ (Farbar) C:\Users\Silvy\Downloads\FRST64.exe
2015-08-20 22:47 - 2015-08-20 22:47 - 00000687 _____ C:\awhF9CD.tmp
2015-08-16 08:53 - 2015-08-16 08:53 - 00000687 _____ C:\awh4146.tmp
2015-08-16 00:35 - 2015-08-16 00:35 - 00000687 _____ C:\awh5376.tmp
2015-08-15 00:33 - 2015-08-15 00:33 - 00000687 _____ C:\awh9CC8.tmp
2015-08-14 00:54 - 2015-08-14 00:54 - 00000000 ____D C:\Users\Silvy\AppData\Local\{11A54DED-6E3E-4122-BAED-0BFB8C5C73A9}
2015-08-12 18:05 - 2015-08-12 18:05 - 00000000 ____D C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-12 17:58 - 2015-08-12 17:58 - 00000687 _____ C:\awh3BFD.tmp
2015-08-10 22:21 - 2015-08-10 22:21 - 00000000 ____D C:\ProgramData\Systweak
2015-08-10 16:38 - 2015-08-13 16:41 - 00000364 _____ C:\Windows\Tasks\APSnotifierPP3.job
2015-08-10 16:38 - 2015-08-12 17:51 - 00000364 _____ C:\Windows\Tasks\APSnotifierPP2.job
2015-08-10 16:38 - 2015-08-10 17:01 - 00000366 _____ C:\Windows\Tasks\APSnotifierPP1.job
2015-08-10 16:36 - 2015-08-10 16:36 - 00613255 _____ (CMI Limited) C:\Users\Silvy\AppData\Local\nsc1F33.tmp
2015-08-10 16:08 - 2015-08-10 16:09 - 00000000 ____D C:\ProgramData\6WinManPro6
2015-08-10 16:08 - 2015-08-10 16:08 - 00000000 ____D C:\Program Files\FriendlyError
2015-08-10 09:52 - 2015-08-10 09:52 - 00000687 _____ C:\awh677B.tmp
2015-08-10 09:21 - 2015-08-10 09:21 - 00000687 _____ C:\awh41E2.tmp
2015-08-08 23:09 - 2015-08-08 23:09 - 00000000 ____D C:\Users\Silvy\AppData\Roaming\WinRAR
2015-08-08 22:58 - 2015-08-08 22:58 - 00000000 ____D C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-08-08 22:58 - 2015-08-08 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-08-08 22:58 - 2015-08-08 22:58 - 00000000 ____D C:\Program Files\WinRAR
2015-08-08 22:57 - 2015-08-08 22:57 - 00000000 ____D C:\Users\Silvy\AppData\Local\Pay-By-Ads
2015-08-08 22:57 - 2015-08-08 12:35 - 00043152 _____ (StdLib) C:\Windows\system32\Drivers\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw.sys
2015-08-08 22:56 - 2015-08-08 22:56 - 00000000 ____D C:\Users\Silvy\AppData\Local\{D36E4BCB-B3F0-4A5F-94C7-5B1EC70470A2}
2015-08-04 12:49 - 2015-08-04 02:30 - 00043152 _____ (StdLib) C:\Windows\system32\Drivers\{92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw.sys
2015-08-03 15:30 - 2015-08-21 00:17 - 00000089 _____ C:\Users\Silvy\AppData\Roaming\WB.CFG
2015-08-02 16:25 - 2015-08-02 16:25 - 00000000 ____D C:\Users\Silvy\AppData\Roaming\Mozilla
2015-08-02 16:22 - 2015-08-02 16:24 - 00000000 ____D C:\ProgramData\ExtTags
2015-08-02 16:22 - 2015-08-02 00:11 - 00043152 _____ (StdLib) C:\Windows\system32\Drivers\{5663c04f-f294-4115-9114-b62be60538cb}Gw.sys
2015-08-02 16:21 - 2015-08-19 14:56 - 00000000 ____D C:\ProgramData\ExtTag
2015-08-02 14:42 - 2015-08-02 14:42 - 00613255 _____ (CMI Limited) C:\Users\Silvy\AppData\Local\nsm1289.tmp
2015-08-02 14:37 - 2015-08-02 16:20 - 00000000 ____D C:\ProgramData\gWinManProg
2015-07-31 12:39 - 2015-07-31 12:39 - 00191488 _____ C:\Windows\system32\netupdsrv.exe
2015-07-31 12:39 - 2015-07-31 12:39 - 00040528 _____ (nethfdrv) C:\Windows\system32\Drivers\nethfdrv.sys
2015-07-31 12:38 - 2015-07-31 12:38 - 00437248 _____ C:\Windows\system32\hfpapi.dll
2015-07-31 12:38 - 2015-07-31 12:38 - 00350208 _____ C:\Windows\system32\nethtsrv.exe
2015-07-31 12:38 - 2015-07-31 12:38 - 00140288 _____ C:\Windows\system32\installd.exe
2015-07-31 12:38 - 2015-07-31 12:38 - 00108544 _____ C:\Windows\system32\hfnapi.dll
2015-07-29 08:33 - 2015-07-29 08:33 - 00613255 _____ (CMI Limited) C:\Users\Silvy\AppData\Local\nsxCD9D.tmp
2015-07-25 22:50 - 2015-07-25 22:51 - 00033736 _____ C:\Users\Silvy\Downloads\Addition.txt
2015-07-25 22:48 - 2015-08-21 15:25 - 00027801 _____ C:\Users\Silvy\Downloads\FRST.txt
2015-07-25 22:48 - 2015-08-21 15:25 - 00000000 ____D C:\FRST
2015-07-24 18:31 - 2015-07-24 18:31 - 00613255 _____ (CMI Limited) C:\Users\Silvy\AppData\Local\nsm6551.tmp
2015-07-22 17:22 - 2015-07-22 17:22 - 00021504 _____ C:\Users\Silvy\Downloads\Invoice (1).xls
2015-07-22 16:28 - 2015-07-22 16:28 - 00021504 _____ C:\Users\Silvy\Downloads\Invoice.xls
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-21 15:24 - 2014-05-16 23:32 - 00000000 ____D C:\Users\Silvy\AppData\Roaming\uTorrent
2015-08-21 15:14 - 2015-07-19 09:14 - 00002082 _____ C:\Windows\Tasks\e5c80545-bae7-429e-8c66-24b2aadbae3e-10_user.job
2015-08-21 15:03 - 2015-07-20 22:18 - 00000246 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2015-08-21 15:01 - 2015-07-20 22:18 - 00000266 _____ C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2015-08-21 14:59 - 2015-06-18 14:48 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1625243576-869716123-3662650611-1000UA.job
2015-08-21 14:59 - 2015-06-18 14:48 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1625243576-869716123-3662650611-1000Core.job
2015-08-21 14:58 - 2014-05-20 19:25 - 00000000 ____D C:\Users\Silvy\AppData\Roaming\Skype
2015-08-21 14:56 - 2014-05-20 22:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-21 10:11 - 2015-07-20 22:11 - 00001044 _____ C:\Windows\Tasks\Crossbrowse.job
2015-08-21 09:19 - 2014-05-20 22:27 - 00000982 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-21 09:19 - 2014-05-12 03:33 - 01969899 _____ C:\Windows\WindowsUpdate.log
2015-08-20 22:02 - 2015-07-19 09:34 - 00000364 _____ C:\Windows\Tasks\AmiUpdXp.job
2015-08-20 16:54 - 2015-06-12 07:30 - 00000000 ____D C:\Users\Silvy\Desktop\документи
2015-08-20 14:52 - 2015-07-20 22:18 - 00000254 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2015-08-17 19:10 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\NDF
2015-08-17 16:52 - 2014-11-25 18:11 - 00000000 ___RD C:\Users\Silvy\Dropbox
2015-08-17 16:51 - 2014-11-25 17:55 - 00000000 ____D C:\Users\Silvy\AppData\Roaming\Dropbox
2015-08-17 16:49 - 2015-07-20 22:18 - 00000260 _____ C:\Windows\Tasks\SpeedUpMyPC Startup.job
2015-08-17 16:49 - 2015-07-19 09:16 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-08-17 16:49 - 2009-07-14 07:34 - 00026144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-17 16:49 - 2009-07-14 07:34 - 00026144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-17 16:46 - 2014-05-16 23:15 - 00049782 _____ C:\Windows\setupact.log
2015-08-17 16:46 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-14 16:28 - 2015-02-15 22:11 - 00000000 ____D C:\Users\Silvy\Desktop\Prodavalnik
2015-08-13 14:56 - 2014-05-20 22:27 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-13 14:56 - 2014-05-20 22:27 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-12 17:50 - 2015-07-20 22:09 - 00000000 ____D C:\Users\Silvy\AppData\Roaming\mystartsearch
2015-08-12 17:50 - 2014-05-17 06:37 - 00018664 _____ C:\Windows\PFRO.log
2015-08-10 22:24 - 2015-07-19 09:14 - 00000000 ____D C:\Program Files\globalUpdate
2015-08-10 22:19 - 2015-07-20 22:17 - 00000000 ____D C:\Users\Silvy\AppData\Roaming\systweak
2015-08-10 18:24 - 2015-04-17 13:32 - 00000000 ____D C:\Users\Silvy\AppData\Roaming\Canon
2015-08-10 16:49 - 2015-07-20 21:59 - 00000000 ____D C:\Program Files\8f7c661b-cac3-4083-b69c-1847ac7e309a
2015-08-10 16:49 - 2015-07-19 09:14 - 00000000 ____D C:\Program Files\SavePass 1.1
2015-08-10 16:49 - 2014-06-18 15:42 - 00000000 ____D C:\Program Files\Apple Software Update
2015-08-10 16:45 - 2015-07-19 09:14 - 00000000 ____D C:\Program Files\DownChecker
2015-08-10 16:08 - 2015-07-20 22:10 - 00000000 ____D C:\Program Files\MiuiTab
2015-08-10 16:07 - 2014-05-11 18:39 - 00001725 _____ C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-10 15:17 - 2015-07-20 22:17 - 00000292 _____ C:\Windows\Tasks\Price Fountain.job
2015-08-10 12:02 - 2015-07-20 22:16 - 00000000 ____D C:\Program Files\OLBPre
2015-08-10 10:53 - 2015-07-20 22:16 - 00000000 ____D C:\Users\Silvy\AppData\Local\Chromium
2015-08-10 10:51 - 2015-07-20 22:00 - 00000000 ____D C:\Users\Silvy\AppData\Local\DC8122E2-1437429623-D543-6C80-001E8C61453C
2015-08-10 10:45 - 2014-05-20 22:27 - 00000000 ____D C:\Program Files\Google
2015-08-10 10:23 - 2014-05-20 22:28 - 00000000 ____D C:\ProgramData\Google
2015-08-10 10:23 - 2014-05-20 22:27 - 00000000 ____D C:\Users\Silvy\AppData\Local\Google
2015-08-10 09:25 - 2009-07-14 05:04 - 00000756 _____ C:\Windows\win.ini
2015-08-02 16:22 - 2015-07-19 09:34 - 00000000 ____D C:\Users\Silvy\AppData\Local\19462
2015-08-02 16:21 - 2014-05-11 18:39 - 00000000 ____D C:\Users\Silvy
2015-08-02 16:20 - 2015-07-20 22:18 - 00000000 ____D C:\Program Files\ASP
2015-08-02 16:20 - 2015-07-20 22:17 - 00000000 ____D C:\Program Files\RCP
2015-08-02 16:20 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\wfp
2015-08-02 16:18 - 2015-07-20 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector
2015-08-02 16:18 - 2015-07-20 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2015-08-02 16:18 - 2015-07-20 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2015-08-02 16:18 - 2015-07-20 22:12 - 00000000 ____D C:\Users\Silvy\AppData\Roaming\istartsurf
2015-08-02 16:18 - 2015-07-20 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-08-02 16:18 - 2015-07-20 22:03 - 00000000 ____D C:\Program Files\Java
2015-08-02 16:18 - 2015-07-19 09:13 - 00000000 ____D C:\Users\Silvy\AppData\Roaming\oursurfing
2015-08-02 16:18 - 2010-11-21 03:46 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-08-02 16:18 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\registration
2015-07-22 20:14 - 2015-04-17 13:31 - 00000000 ____D C:\ProgramData\CanonIJPLM
 
==================== Files in the root of some directories =======
 
2015-08-03 15:30 - 2015-08-21 00:17 - 0000089 _____ () C:\Users\Silvy\AppData\Roaming\WB.CFG
2015-08-10 16:36 - 2015-08-10 16:36 - 0613255 _____ (CMI Limited) C:\Users\Silvy\AppData\Local\nsc1F33.tmp
2015-07-20 22:48 - 2015-07-20 22:48 - 0613255 _____ (CMI Limited) C:\Users\Silvy\AppData\Local\nshC95E.tmp
2015-08-02 14:42 - 2015-08-02 14:42 - 0613255 _____ (CMI Limited) C:\Users\Silvy\AppData\Local\nsm1289.tmp
2015-07-24 18:31 - 2015-07-24 18:31 - 0613255 _____ (CMI Limited) C:\Users\Silvy\AppData\Local\nsm6551.tmp
2015-07-20 22:22 - 2015-07-20 22:22 - 0613255 _____ (CMI Limited) C:\Users\Silvy\AppData\Local\nsu81D1.tmp
2015-07-20 23:09 - 2015-07-20 23:09 - 0628688 _____ (CMI Limited) C:\Users\Silvy\AppData\Local\nsw39EF.tmp
2015-07-20 23:45 - 2015-07-20 23:45 - 0613255 _____ (CMI Limited) C:\Users\Silvy\AppData\Local\nsw9A33.tmp
2015-07-29 08:33 - 2015-07-29 08:33 - 0613255 _____ (CMI Limited) C:\Users\Silvy\AppData\Local\nsxCD9D.tmp
2015-06-12 07:38 - 2015-06-12 07:38 - 8795496 _____ (PearlMountain Technology Co., Ltd                           ) C:\ProgramData\CollageIt.exe
2014-09-26 09:11 - 2014-09-26 09:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-16 19:20 - 2015-03-16 19:21 - 2295104 _____ () C:\ProgramData\FreePDFTabletInstall.exe
 
Some files in TEMP:
====================
C:\Users\Silvy\AppData\Local\Temp\271.exe
C:\Users\Silvy\AppData\Local\Temp\3545.exe
C:\Users\Silvy\AppData\Local\Temp\9132.exe
C:\Users\Silvy\AppData\Local\Temp\amisetup1922__13312.exe
C:\Users\Silvy\AppData\Local\Temp\amisetup5383__13312.exe
C:\Users\Silvy\AppData\Local\Temp\BackupSetup.exe
C:\Users\Silvy\AppData\Local\Temp\bedhchejeb.exe
C:\Users\Silvy\AppData\Local\Temp\bedjbigfca.exe
C:\Users\Silvy\AppData\Local\Temp\bedjcaefca.exe
C:\Users\Silvy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi9klfq.dll
C:\Users\Silvy\AppData\Local\Temp\dsrsetup.exe
C:\Users\Silvy\AppData\Local\Temp\fsd3AC.exe
C:\Users\Silvy\AppData\Local\Temp\fsdC20.exe
C:\Users\Silvy\AppData\Local\Temp\mytmpinstaller.exe
C:\Users\Silvy\AppData\Local\Temp\nsh9633.exe
C:\Users\Silvy\AppData\Local\Temp\nst6E35.exe
C:\Users\Silvy\AppData\Local\Temp\nsz34CC.exe
C:\Users\Silvy\AppData\Local\Temp\of3w14478.exe
C:\Users\Silvy\AppData\Local\Temp\of3w90960.exe
C:\Users\Silvy\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\Silvy\AppData\Local\Temp\ose00000.exe
C:\Users\Silvy\AppData\Local\Temp\res.dll
C:\Users\Silvy\AppData\Local\Temp\setup.exe
C:\Users\Silvy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Silvy\AppData\Local\Temp\tmp11D6.tmp.exe
C:\Users\Silvy\AppData\Local\Temp\Trojan Killer 2.2.6.2 Full with Crack__10924_i1560732300_il1307368.exe
C:\Users\Silvy\AppData\Local\Temp\Trojan Killer 2.2.6.2 Full with Crack__10924_i1560732688_il1307368.exe
C:\Users\Silvy\AppData\Local\Temp\Uninstall.exe
C:\Users\Silvy\AppData\Local\Temp\zxupd11340.exe
C:\Users\Silvy\AppData\Local\Temp\zxupd46470.exe
C:\Users\Silvy\AppData\Local\Temp\zxupd48330.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe
[2010-11-21 00:29] - [2010-11-19 23:17] - 0285696 ____A (Microsoft Corporation) C3EB9EA34EBE459F13F3F890F56CE72A
 
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 00:29] - [2010-11-19 23:21] - 0812032 ____A (Microsoft Corporation) CF97D64D7EC169C53C93B0A192218B29
 
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION
 
 
nointegritychecks: ==> "IntegrityChecks" is disabled. <===== ATTENTION
 
 
LastRegBack: 2015-08-02 15:44
 
==================== End of log ============================

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

 

icon_zps423a0d9f.jpgМоля изтеглете ZHPcleaner и я запазете на вашия десктоп.

  • Стартирайте ZHPCleaner с десен клик върху файла и изберете от контекстното меню "Run as administrator"
  • Кликнете върху Ashampoo_Snap_20140819_13h09m50s_001__zp за да се съгласите с лицензионното споразумение.
  • Изберете бутона y3pI4LR.png.
  • Браузърите ще бъдат затворени автоматично.
  • Ще се отвори лог файл след приключването на проверката.
  • Публикувайте лог файла в следващия си коментар.
  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

post-361096-0-47223200-1440192962_thumb.

 

Здравейте,

 

icon_zps423a0d9f.jpgМоля изтеглете ZHPcleaner и я запазете на вашия десктоп.

  • Стартирайте ZHPCleaner с десен клик върху файла и изберете от контекстното меню "Run as administrator"
  • Кликнете върху Ashampoo_Snap_20140819_13h09m50s_001__zp за да се съгласите с лицензионното споразумение.
  • Изберете бутона y3pI4LR.png.
  • Браузърите ще бъдат затворени автоматично.
  • Ще се отвори лог файл след приключването на проверката.
  • Публикувайте лог файла в следващия си коментар.

 

Благодаря за бързия отговор,

след края на сканирането не се отваря нищо,никъде нямям текстови файлове.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Вижте дали ако кликнете на бутона Report ще се отвори лог файла.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Вижте дали ако кликнете на бутона Report ще се отвори лог файла.

~ ZHPCleaner v2015.8.20.329 by Nicolas Coolman (2015/08/20)
~ Run by Silvy (Administrator)  (22/08/2015 00:12:22)
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\Silvy\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Silvy\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
 
 
---\\  Services (5)
[R] FOUND : IHProtect Service  =>PUP.Optional.AgentODR
[R] FOUND : KMService  =>PUP.Optional.Office
[R] FOUND : NetHttpService  =>PUP.Optional.Amonetize
[R] FOUND : WindowsMangerProtect  =>PUP.Optional.Fuyu
[R] FOUND : IHProtect Service  =>PUP.Optional.MiuiTab
 
 
---\\  Browser internet (16)
FOUND Chrome Preferences: "http://feed.helperbar.com/" =>PUP.Optional.HelperBar
FOUND Chrome Preferences: "http://feed.safefinder.com/" =>PUP.Optional.SmartBar
FOUND Chrome Preferences: "http://feed.snapdo.com/" =>PUP.Optional.SmartBar
FOUND Chrome Preferences: "http://linkurystoragenorthus.blob.core.windows.net/" =>PUP.Optional.Linkury
FOUND Chrome Preferences: "http://search.safefinder.com/" =>PUP.Optional.SmartBar
FOUND IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL [http://www.mystartsearch.com/?type=hp&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z[...]] =>PUP.Optional.StartSearch
FOUND IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL [http://www.istartsurf.com/web/?type=ds&ts=1437419518&z=f357ae5290211e393adf3ffgb[...]] =>PUP.Optional.IsStart
FOUND IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page [http://www.mystartsearch.com/?type=hp&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z[...]] =>PUP.Optional.StartSearch
FOUND IE Params: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Default_Page_URL [http://www.mystartsearch.com/?type=hp&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z[...]] =>PUP.Optional.StartSearch
FOUND IE Params: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Start Page [http://www.mystartsearch.com/?type=hp&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z[...]] =>PUP.Optional.StartSearch
FOUND file: C:\Program Files\MiuiTab\SupTab.dll [Good Co. Limited - GoodTab]  =>PUP.Optional.MiuiTab
FOUND Quicklaunch: C:\Users\Silvy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk  [bad : http://www.mystartsearch.com/?type=sc&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX](Hijacker.Browser)
FOUND TaskBar: C:\Users\Silvy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk  [bad : http://www.mystartsearch.com/?type=sc&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX](Hijacker.Browser)
FOUND Startup\Programs: C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk  [bad : http://www.mystartsearch.com/?type=sc&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX](Hijacker.Browser)
FOUND SystemTools: C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk  [bad : http://www.mystartsearch.com/?type=sc&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX](Hijacker.Browser)
FOUND Programs: C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk  [bad : http://www.mystartsearch.com/?type=sc&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX](Hijacker.Browser)
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (21)
 
 
---\\  Scheduled automatic tasks. (26)
FOUND task: [Advanced System~Protector] [C:\Program Files\ASP\AspManager.exe] (PUP.Optional.AdvancedSystemProtector)
FOUND task: [Advanced System~Protector_startup] [C:\Program Files\ASP\AdvancedSystemProtector.exe] (PUP.Optional.AdvancedSystemProtector)
FOUND task: [AmiUpdXp] [C:\Users\Silvy\AppData\Local\19462\Updater.exe] (PUP.Optional.SoftwareUpdater)
FOUND task: [APSnotifierPP1] [C:\Program Files\AnyProtectEx\AnyProtect.exe (Not File) ] (PUP.Optional.AnyProtect)
FOUND task: [APSnotifierPP2] [C:\Program Files\AnyProtectEx\AnyProtect.exe (Not File) ] (PUP.Optional.AnyProtect)
FOUND task: [APSnotifierPP3] [C:\Program Files\AnyProtectEx\AnyProtect.exe (Not File) ] (PUP.Optional.AnyProtect)
FOUND task: [Crossbrowse] [C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe] (PUP.Optional.CrossBrowse)
FOUND task: [e5c80545-bae7-429e-8c66-24b2aadbae3e-10_user] [C:\Program Files\SavePass 1.1\e5c80545-bae7-429e-8c66-24b2aadbae3e-10.exe] (PUP.Optional.CrossRider)
FOUND task: [LaunchPreSignup] [C:\Program Files\OLBPre\OLBPre.exe] (PUP.Optional.MyPCBackup)
FOUND task: [Price Fountain] [C:\Users\Silvy\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE] (PUP.Optional.PriceFountain)
FOUND task: [RegClean Pro] [C:\Program Files\RCP\RegCleanPro.exe] (PUP.Optional.RegistryPowerCleaner)
FOUND task: [RegClean Pro_DEFAULT] [C:\Program Files\RCP\RegCleanPro.exe] (PUP.Optional.RegistryPowerCleaner)
FOUND task: [RegClean Pro_UPDATES] [C:\Program Files\RCP\RegCleanPro.exe] (PUP.Optional.RegistryPowerCleaner)
FOUND task: [speedUpMyPC Maintenance] [C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe] (PUP.Optional.SpeedUpMyPC)
FOUND task: [speedUpMyPC Startup] [C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe] (PUP.Optional.SpeedUpMyPC)
FOUND task: [Yahoo! Search Updater] [C:\Users\Silvy\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\..\updt.js,N/A,N/A,Enabled,Disabled,Stop On Battery Mode, No Start On Batteries,Silvy-PC\Silvy,Enabled,72:00:00,Scheduling data is not available in this format.,One Time  (Not File) ] (PUP.Optional.PaybyAds)
FOUND task: [AmiUpdXp] [C:\Windows\Tasks\AmiUpdXp.job] (PUP.Optional.SoftwareUpdater)
FOUND task: [APSnotifierPP1] [C:\Windows\Tasks\APSnotifierPP1.job] (PUP.Optional.AnyProtect)
FOUND task: [APSnotifierPP2] [C:\Windows\Tasks\APSnotifierPP2.job] (PUP.Optional.AnyProtect)
FOUND task: [APSnotifierPP3] [C:\Windows\Tasks\APSnotifierPP3.job] (PUP.Optional.AnyProtect)
FOUND task: [Crossbrowse] [C:\Windows\Tasks\Crossbrowse.job] (PUP.Optional.CrossBrowse)
FOUND task: [Price Fountain] [C:\Windows\Tasks\Price Fountain.job] (PUP.Optional.PriceFountain)
FOUND task: [RegClean Pro_DEFAULT] [C:\Windows\Tasks\RegClean Pro_DEFAULT.job] (PUP.Optional.RegistryPowerCleaner)
FOUND task: [RegClean Pro_UPDATES] [C:\Windows\Tasks\RegClean Pro_UPDATES.job] (PUP.Optional.RegistryPowerCleaner)
FOUND task: [speedUpMyPC Maintenance] [C:\Windows\Tasks\SpeedUpMyPC Maintenance.job] (PUP.Optional.SpeedUpMyPC)
FOUND task: [speedUpMyPC Startup] [C:\Windows\Tasks\SpeedUpMyPC Startup.job] (PUP.Optional.SpeedUpMyPC)
 
 
---\\  Explorer ( File, Folder) (307)
FOUND file: C:\Users\Silvy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Crossbrowse.lnk  [bad : C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe]  =>PUP.Optional.CrossBrowse
FOUND file: C:\Users\Silvy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk  [bad : C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe]  =>PUP.Optional.Uniblue
FOUND file: C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk  [bad : C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe]  =>PUP.Optional.CrossBrowse
FOUND file: C:\Program Files\MiuiTab\ProtectService.exe [XTab system - ProtectSvc.exe]  =>PUP.Optional.AgentODR
FOUND file: C:\Windows\System32\drivers\nethfdrv.sys [nethfdrv - nethfdrv]  =>PUP.Optional.Amonetize
FOUND file: C:\Windows\System32\nethtsrv.exe [© 2012-2014, All rights reserved. - ]  =>PUP.Optional.Amonetize
FOUND file: C:\ProgramData\6WinManPro6\ProtectWindowsManager.exe [DTools LIMITED - DTools]  =>PUP.Optional.Fuyu
FOUND file: C:\Windows\System32\drivers\{5663c04f-f294-4115-9114-b62be60538cb}Gw.sys [stdLib - StdLib]  =>PUP.Optional.LinkiDoo
FOUND file: C:\Windows\System32\drivers\{92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw.sys [stdLib - StdLib]  =>PUP.Optional.LinkiDoo
FOUND file: C:\Windows\System32\drivers\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw.sys [stdLib - StdLib]  =>PUP.Optional.LinkiDoo
FOUND file: C:\Windows\System32\drivers\{b2b1c7de-2b5f-4688-b5b1-33172b6705e7}Gw.sys [stdLib - StdLib]  =>PUP.Optional.LinkiDoo
FOUND file: C:\Program Files\MiuiTab\ProtectService.exe [XTab system - ProtectSvc.exe]  =>PUP.Optional.MiuiTab
FOUND folder: C:\Program Files\8f7c661b-cac3-4083-b69c-1847ac7e309a  =>PUP.Optional.CrossRider
FOUND file: C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [Crossbrowse - Crossbrowse]  =>PUP.Optional.CrossBrowse
FOUND file: C:\Users\Silvy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Crossbrowse.lnk    =>PUP.Optional.CrossBrowse
FOUND file: C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk    =>PUP.Optional.CrossBrowse
FOUND file: C:\Users\Silvy\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrlte.exe [Pay By Ads LTD - ]  =>PUP.Optional.PaybyAds
FOUND file: C:\Program Files\ASP\AspManager.exe [Copyright - ASP]  =>PUP.Optional.AdvancedSystemProtector
FOUND file: C:\Program Files\ASP\AdvancedSystemProtector.exe [Copyright - ASP]  =>PUP.Optional.AdvancedSystemProtector
FOUND file: C:\Users\Silvy\AppData\Local\19462\Updater.exe    =>PUP.Optional.SoftwareUpdater
FOUND file: C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe    =>PUP.Optional.CrossBrowse
FOUND file: C:\Program Files\SavePass 1.1\e5c80545-bae7-429e-8c66-24b2aadbae3e-10.exe [OB - SavePass 1.1 exe]  =>PUP.Optional.CrossRider
FOUND file: C:\Program Files\OLBPre\OLBPre.exe    =>PUP.Optional.MyPCBackup
FOUND file: C:\Users\Silvy\AppData\Roaming\PriceFountain\UpdateProc\UpdateTask.exe    =>PUP.Optional.PriceFountain
FOUND file: C:\Program Files\RCP\RegCleanPro.exe    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Windows\Tasks\AmiUpdXp.job    =>PUP.Optional.SoftwareUpdater
FOUND file: C:\Windows\Tasks\APSnotifierPP1.job    =>PUP.Optional.AnyProtect
FOUND file: C:\Windows\Tasks\APSnotifierPP2.job    =>PUP.Optional.AnyProtect
FOUND file: C:\Windows\Tasks\APSnotifierPP3.job    =>PUP.Optional.AnyProtect
FOUND file: C:\Windows\Tasks\Crossbrowse.job    =>PUP.Optional.CrossBrowse
FOUND file: C:\Windows\Tasks\Price Fountain.job    =>PUP.Optional.PriceFountain
FOUND file: C:\Windows\Tasks\RegClean Pro_DEFAULT.job    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Windows\Tasks\RegClean Pro_UPDATES.job    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job    =>PUP.Optional.SpeedUpMyPC
FOUND file: C:\Windows\Tasks\SpeedUpMyPC Startup.job    =>PUP.Optional.SpeedUpMyPC
FOUND file: C:\Windows\Tasks\e5c80545-bae7-429e-8c66-24b2aadbae3e-10_user.job    =>PUP.Optional.CrossRider
FOUND file: C:\Windows\Tasks\e5c80545-bae7-429e-8c66-24b2aadbae3e-3.job    =>PUP.Optional.CrossRider
FOUND file: C:\Windows\System32\Tasks\e5c80545-bae7-429e-8c66-24b2aadbae3e-10_user    =>PUP.Optional.CrossRider
FOUND folder: C:\Program Files\SavePass 1.1  =>PUP.Optional.CrossRider
FOUND file: C:\END    =>PUP.Optional.Conduit
FOUND file: C:\Windows\Prefetch\CROSSBROWSE.EXE-F6F882CE.pf    =>PUP.Optional.CrossBrowse
FOUND file: C:\Windows\Prefetch\GLOBALUPDATE.EXE-B66D5BF9.pf    =>PUP.Optional.GlobalUpdate
FOUND file: C:\Windows\Prefetch\GLOBALUPDATECRASHHANDLER.EXE-C9210A99.pf    =>PUP.Optional.GlobalUpdate
FOUND file: C:\Windows\Prefetch\OFFERSWIZARD.EXE-22157E4C.pf    =>PUP.Optional.OffersWizard
FOUND file: C:\Windows\Prefetch\OLBPRE.EXE-826AFBAE.pf    =>PUP.Optional.MyPCBackup
FOUND file: C:\Windows\Prefetch\PRICEFOUNTAINW.EXE-1E2B9377.pf    =>PUP.Optional.PriceFountain
FOUND file: C:\Windows\Prefetch\SPEEDUPMYPC.EXE-9A3B87D4.pf    =>PUP.Optional.SpeedUpMyPC
FOUND file: C:\Program Files\Mozilla Firefox\browser\searchplugins\findit.xml    =>PUP.Optional.SmartBar
FOUND file: C:\Users\Silvy\AppData\Local\Temp\dsrsetup.exe [Pay By Ads LTD - ]  =>PUP.Optional.PaybyAds
FOUND file: C:\Users\Silvy\AppData\Local\Temp\nsn5FE4.tmp\Zicjmwzibhmepg.exe [installMoon - GoHD Installer]  =>PUP.Optional.CrossRider
FOUND file: C:\Users\Silvy\AppData\Local\Temp\nsfA518.tmp\setup.exe [installMoon - GoHD Installer]  =>PUP.Optional.CrossRider
FOUND file: C:\Users\Silvy\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\Extracted\adv_109.exe [TMRG, Inc. - Additional Offer Setup]  =>PUP.Optional.RelevantKnowledge
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\globalupdate.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\globalupdateBroker.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\goopdate.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\psmachine.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\psuser.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\globalupdate.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\globalupdateBroker.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\goopdate.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\psmachine.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\psuser.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\globalupdate.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\globalupdateBroker.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\goopdate.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\psmachine.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\psuser.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\globalupdate.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\globalupdateBroker.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\goopdate.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\psmachine.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\psuser.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\globalupdate.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\globalupdateBroker.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\goopdate.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\psmachine.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\psuser.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\globalupdate.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\globalupdateBroker.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\goopdate.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\psmachine.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\psuser.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
FOUND file: C:\Users\Silvy\AppData\Local\nsc1F33.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
FOUND file: C:\Users\Silvy\AppData\Local\nshC95E.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
FOUND file: C:\Users\Silvy\AppData\Local\nsm1289.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
FOUND file: C:\Users\Silvy\AppData\Local\nsm6551.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
FOUND file: C:\Users\Silvy\AppData\Local\nsu81D1.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
FOUND file: C:\Users\Silvy\AppData\Local\nsw39EF.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
FOUND file: C:\Users\Silvy\AppData\Local\nsw9A33.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
FOUND file: C:\Users\Silvy\AppData\Local\nsxCD9D.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage    =>PUP.Optional.AkamaiHD
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage-journal    =>PUP.Optional.AkamaiHD
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_hdapp1008-a.akamaihd.net_0.localstorage    =>PUP.Optional.AkamaiHD
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_hdapp1008-a.akamaihd.net_0.localstorage-journal    =>PUP.Optional.AkamaiHD
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage    =>PUP.Optional.ShoppinGate
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal    =>PUP.Optional.ShoppinGate
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage    =>PUP.Optional.BestPriceNinja
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal    =>PUP.Optional.BestPriceNinja
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage    =>PUP.Optional.BoostSaves
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal    =>PUP.Optional.BoostSaves
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cdncache-a.akamaihd.net_0.localstorage    =>PUP.Optional.AkamaiHD
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cdncache-a.akamaihd.net_0.localstorage-journal    =>PUP.Optional.AkamaiHD
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage    =>PUP.Optional.BestPriceNinja
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal    =>PUP.Optional.BestPriceNinja
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage    =>PUP.Optional.SmartBar
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage-journal    =>PUP.Optional.SmartBar
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_searchsimple-a.akamaihd.net_0.localstorage    =>PUP.Optional.AkamaiHD
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_searchsimple-a.akamaihd.net_0.localstorage-journal    =>PUP.Optional.AkamaiHD
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage    =>PUP.Optional.BoostSaves
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal    =>PUP.Optional.BoostSaves
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage    =>PUP.Optional.StartSearch
FOUND file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage-journal    =>PUP.Optional.StartSearch
FOUND file: C:\Users\Silvy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk    =>PUP.Optional.SpeedUpMyPC
FOUND file: C:\Users\Silvy\AppData\Local\Temp\nsw39EF.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
FOUND file: C:\Users\Silvy\AppData\Local\Temp\reimage.log    =>PUP.Optional.ReImageRepair
FOUND file: C:\Users\Silvy\AppData\Local\Temp\Uninstall.exe [Copyright 2013 - ]  =>PUP.Optional.Generic
FOUND file: C:\Program Files\DownChecker\uninstall.exe [DownChecker - DownChecker]  =>PUP.Optional.DownChecker
FOUND file: C:\Program Files\FriendlyError\tmpD63D.bat    =>PUP.Optional.FriendlyError
FOUND file: C:\Program Files\MiuiTab\BrowerWatchCH.dll [XTab - BrowerWa.dll]  =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\MiuiTab\BrowerWatchFF.dll [XTab - BrowerWa.dll]  =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\MiuiTab\BrowserAction.dll [skytech Co., Ltd. - Skytech]  =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\MiuiTab\conf    =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\MiuiTab\defsearchp@gmail.com!1.0.0.1039.xpi    =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\MiuiTab\ffsearch_toolbar!1.0.0.1031.xpi    =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\MiuiTab\HPNotify.exe [XTab system - SupHPNot.exe]  =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\MiuiTab\IeWatchDog.dll [search Protecter - SearchProtect for ie]  =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\MiuiTab\install.data    =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\MiuiTab\searchProvider.xml    =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\MiuiTab\SupTab.dll [Good Co. Limited - GoodTab]  =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\MiuiTab\SupTab_Bak.dll [Thinknice Co. Limited - SupTab setup package]  =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\MiuiTab\uninstall.exe [XTab - XTab]  =>PUP.Optional.MiuiTab
FOUND file: C:\Program Files\RCP\Chinese_rcp.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Chinese_uninst.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\CleanSchedule.exe    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Danish_rcp.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Danish_uninst.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Dutch_rcp.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Dutch_uninst.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\eng_rcp.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\eng_uninst.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\FileList.rcp    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Finnish_rcp_fi.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Finnish_uninst_fi.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\French_rcp.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\French_uninst.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\German_rcp.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\German_uninst.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\greek_rcp_el.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\greek_uninst_el.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\isxdl.dll [bjørnar Henden - ISX Download DLL]  =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Italian_rcp.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Italian_uninst.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Japanese_rcp.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Japanese_uninst.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\korean_rcp_ko.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\korean_uninst_ko.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\LicMgr.dll [RCP - RCP]  =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Norwegian_rcp.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Norwegian_uninst.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\polish_rcp_pl.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\polish_uninst_pl.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\portugese_rcp_pt.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\portugese_uninst_pt.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Portuguese_rcp.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Portuguese_uninst.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\RCPUninstall.exe [Copyright © 2014 - ]  =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\RegList.rcp    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\russian_rcp_ru.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\russian_uninst_ru.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Spanish_rcp.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\spanish_uninst.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Swedish_rcp.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\swedish_uninst.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\systweakasp.exe [systweak Inc - ASP]  =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\TPS.ico    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\TraditionalCn_rcp_zh-tw.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\traditionalcn_uninst_zh-tw.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\turkish_rcp_tr.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\Turkish_uninst_tr.ini    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\Program Files\RCP\unins000.exe [ - Setup/Uninstall]  =>PUP.Optional.RegistryPowerCleaner
FOUND folder: C:\Program Files\Crossbrowse\Crossbrowse  =>PUP.Optional.CrossBrowse
FOUND folder: C:\Program Files\DownChecker\packages  =>PUP.Optional.DownChecker
FOUND folder: C:\Program Files\globalUpdate\CrashReports  =>PUP.Optional.GlobalUpdate
FOUND folder: C:\Program Files\MiuiTab\skin  =>PUP.Optional.MiuiTab
FOUND folder: C:\Program Files\MiuiTab\web  =>PUP.Optional.MiuiTab
FOUND folder: C:\Program Files\Uniblue\SpeedUpMyPC  =>PUP.Optional.Uniblue
FOUND folder: C:\Program Files\Crossbrowse  =>PUP.Optional.CrossBrowse
FOUND folder: C:\Program Files\DownChecker  =>PUP.Optional.DownChecker
FOUND folder: C:\Program Files\FriendlyError  =>PUP.Optional.FriendlyError
FOUND folder: C:\Program Files\globalUpdate  =>PUP.Optional.GlobalUpdate
FOUND folder: C:\Program Files\MiuiTab  =>PUP.Optional.MiuiTab
FOUND folder: C:\Program Files\OLBPre  =>PUP.Optional.MyPCBackup
FOUND folder: C:\Program Files\RCP  =>PUP.Optional.RegistryPowerCleaner
FOUND folder: C:\Program Files\Uniblue  =>PUP.Optional.Uniblue
FOUND file: C:\ProgramData\EpicScale\18508.dat [EpicScale Inc. - EpicScale module]  =>PUP.Optional.EpicScale
FOUND file: C:\ProgramData\EpicScale\32834.dat [EpicScale Inc. - EpicScale module]  =>PUP.Optional.EpicScale
FOUND file: C:\ProgramData\EpicScale\EpicScale.exe [EpicScale Inc. - EpicScale module]  =>PUP.Optional.EpicScale
FOUND file: C:\ProgramData\ExtTag\1fixcpa3.dll [Copyright © 2015 - ]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\34mtzcvd.dll [Copyright © 2015 - ]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\3eg1u4qy.fuo.dll [Copyright ©  2015 - AgentDll]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\conf.config    =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\Config.xml    =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\ExtTag.exe [Copyright ©  2015 - AgentMainService]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\ExtTag.exe.config    =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\gioae22v.dll [Copyright © 2015 - ]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\irsxecsu.dll [Copyright © 2015 - ]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\mxyybgvn.exe [Copyright ©  2014 - StproW]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\mxyybgvn.exe.config    =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\o4kzm5y1.exe [Copyright © 2015 - ]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\o4kzm5y1.exe.bck [Copyright © 2015 - ]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\o4kzm5y1.exe.config    =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\oxxgvhhm.dll [Copyright © 2015 - ]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\Timers.xml    =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\uninstall.exe [Groovelam - Groovelam]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\uq5ks3ec.dll [Copyright © 2015 - ]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\vytoem4m.dll [Copyright © 2015 - ]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\wt2nwsbg.exe [Copyright ©  2015 - VariablesSetter]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\wt2nwsbg.exe.config    =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\wwwlplmz.exe [Copyright © 2015 - ]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\wwwlplmz.exe.bck    =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\wwwlplmz.exe.config    =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\y4gdgm52.dll [Copyright © 2015 - ]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTag\zx323pzc.dll [Copyright © 2015 - ]  =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTags\ff.HP    =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTags\ff.NT    =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\ExtTags\snp.sc    =>PUP.Optional.ExtTag
FOUND file: C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [DTools LIMITED - Windows DTools]  =>PUP.Optional.Fuyu
FOUND folder: C:\ProgramData\APN\APN-Stub  =>Toolbar.Ask
FOUND folder: C:\ProgramData\EpicScale\0  =>PUP.Optional.EpicScale
FOUND folder: C:\ProgramData\ExtTag\ondemand  =>PUP.Optional.ExtTag
FOUND folder: C:\ProgramData\ExtTag\temp  =>PUP.Optional.ExtTag
FOUND folder: C:\ProgramData\IHProtectUpDate\update  =>PUP.Optional.AgentODR
FOUND folder: C:\ProgramData\Systweak\Advanced System~Protector  =>PUP.Optional.Systweak
FOUND folder: C:\ProgramData\WindowsMangerProtect\update  =>PUP.Optional.Fuyu
FOUND folder: C:\ProgramData\APN  =>Toolbar.Ask
FOUND folder: C:\ProgramData\EpicScale  =>PUP.Optional.EpicScale
FOUND folder: C:\ProgramData\ExtTag  =>PUP.Optional.ExtTag
FOUND folder: C:\ProgramData\ExtTags  =>PUP.Optional.ExtTag
FOUND folder: C:\ProgramData\IHProtectUpDate  =>PUP.Optional.AgentODR
FOUND folder: C:\ProgramData\Systweak  =>PUP.Optional.Systweak
FOUND folder: C:\ProgramData\WindowsMangerProtect  =>PUP.Optional.Fuyu
FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector\Advanced System~Protector.lnk    =>PUP.Optional.AdvancedSystemProtector
FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector\Register Advanced System~Protector.lnk    =>PUP.Optional.AdvancedSystemProtector
FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector\Uninstall Advanced System~Protector.lnk    =>PUP.Optional.AdvancedSystemProtector
FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse\Crossbrowse.lnk    =>PUP.Optional.CrossBrowse
FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk    =>PUP.Optional.RegistryPowerCleaner
FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Uninstall RegClean Pro.lnk    =>PUP.Optional.RegistryPowerCleaner
FOUND folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\SpeedUpMyPC  =>PUP.Optional.Uniblue
FOUND folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector  =>PUP.Optional.AdvancedSystemProtector
FOUND folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse  =>PUP.Optional.CrossBrowse
FOUND folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro  =>PUP.Optional.RegistryPowerCleaner
FOUND folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue  =>PUP.Optional.Uniblue
FOUND file: C:\Users\Silvy\AppData\Roaming\istartsurf\UninstallManager.exe [skytech Co., Ltd. - Skytech]  =>PUP.Optional.IsStart
FOUND file: C:\Users\Silvy\AppData\Roaming\mystartsearch\402.json    =>PUP.Optional.StartSearch
FOUND file: C:\Users\Silvy\AppData\Roaming\mystartsearch\MessageBox.xml    =>PUP.Optional.StartSearch
FOUND file: C:\Users\Silvy\AppData\Roaming\mystartsearch\uninstallDlg2.xml    =>PUP.Optional.StartSearch
FOUND file: C:\Users\Silvy\AppData\Roaming\oursurfing\UninstallManager.exe [skytech Co., Ltd. - Skytech]  =>PUP.Optional.OurSurfing
FOUND folder: C:\Users\Silvy\AppData\Roaming\AnyProtectEx\installer  =>PUP.Optional.AnyProtect
FOUND folder: C:\Users\Silvy\AppData\Roaming\AnyProtectEx\language  =>PUP.Optional.AnyProtect
FOUND folder: C:\Users\Silvy\AppData\Roaming\AnyProtectEx\logs  =>PUP.Optional.AnyProtect
FOUND folder: C:\Users\Silvy\AppData\Roaming\AnyProtectEx\scan_results  =>PUP.Optional.AnyProtect
FOUND folder: C:\Users\Silvy\AppData\Roaming\AnyProtectEx\swf  =>PUP.Optional.AnyProtect
FOUND folder: C:\Users\Silvy\AppData\Roaming\mystartsearch\images  =>PUP.Optional.StartSearch
FOUND folder: C:\Users\Silvy\AppData\Roaming\OpenCandy\C6FF6BB9A6B0403BBF27B64856787A6E  =>PUP.Optional.OpenCandy
FOUND folder: C:\Users\Silvy\AppData\Roaming\OpenCandy\OpenCandy_30759EAB54F94C8C91CD2F29296AE10D  =>PUP.Optional.OpenCandy
FOUND folder: C:\Users\Silvy\AppData\Roaming\PriceFountain\UpdateProc  =>PUP.Optional.PriceFountain
FOUND folder: C:\Users\Silvy\AppData\Roaming\systweak\Advanced System~Protector  =>PUP.Optional.Systweak
FOUND folder: C:\Users\Silvy\AppData\Roaming\systweak\regclean pro  =>PUP.Optional.Systweak
FOUND folder: C:\Users\Silvy\AppData\Roaming\AnyProtectEx  =>PUP.Optional.AnyProtect
FOUND folder: C:\Users\Silvy\AppData\Roaming\istartsurf  =>PUP.Optional.IsStart
FOUND folder: C:\Users\Silvy\AppData\Roaming\mystartsearch  =>PUP.Optional.StartSearch
FOUND folder: C:\Users\Silvy\AppData\Roaming\OpenCandy  =>PUP.Optional.OpenCandy
FOUND folder: C:\Users\Silvy\AppData\Roaming\oursurfing  =>PUP.Optional.OurSurfing
FOUND folder: C:\Users\Silvy\AppData\Roaming\PriceFountain  =>PUP.Optional.PriceFountain
FOUND folder: C:\Users\Silvy\AppData\Roaming\systweak  =>PUP.Optional.Systweak
FOUND folder: C:\Users\Silvy\AppData\Local\Crossbrowse\Crossbrowse  =>PUP.Optional.CrossBrowse
FOUND folder: C:\Users\Silvy\AppData\Local\globalUpdate\CrashReports  =>PUP.Optional.GlobalUpdate
FOUND folder: C:\Users\Silvy\AppData\Local\Pay-By-Ads\Yahoo! Search  =>PUP.Optional.PaybyAds
FOUND folder: C:\Users\Silvy\AppData\Local\Crossbrowse  =>PUP.Optional.CrossBrowse
FOUND folder: C:\Users\Silvy\AppData\Local\globalUpdate  =>PUP.Optional.GlobalUpdate
FOUND folder: C:\Users\Silvy\AppData\Local\Pay-By-Ads  =>PUP.Optional.PaybyAds
FOUND folder: C:\Program Files\ASP  =>PUP.Optional.AdvancedSystemProtector
 
 
---\\  Registry ( Key, Value, Data) (148)
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F91A9A1-01BA-4c81-863D-3BA0751E1419} []  =>PUP.Optional.MiuiTab
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} []  =>PUP.Optional.MiuiTab
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b608cc98-54de-4775-96c9-097de398500c} []  =>PUP.Optional.PriceFountain
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F91A9A1-01BA-4c81-863D-3BA0751E1419} []  =>PUP.Optional.MiuiTab
FOUND key: HKLM\Software\Classes\CLSID\{1F91A9A1-01BA-4c81-863D-3BA0751E1419} [GoodTab Class]  =>PUP.Optional.MiuiTab
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} []  =>PUP.Optional.MiuiTab
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} []  =>PUP.Optional.MiuiTab
FOUND key: HKLM\Software\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} [LuckyTab Class]  =>PUP.Optional.MiuiTab
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b608cc98-54de-4775-96c9-097de398500c} []  =>PUP.Optional.PriceFountain
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b608cc98-54de-4775-96c9-097de398500c} []  =>PUP.Optional.PriceFountain
FOUND key: HKLM\Software\Classes\CLSID\{b608cc98-54de-4775-96c9-097de398500c} [PriceFountain]  =>PUP.Optional.PriceFountain
FOUND key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][bing] (PUP.Optional.StartSearch)
FOUND key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{096B907D-AAF2-40E2-B273-0BD10CAB1969} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][Yahoo! Search] (PUP.Optional.StartSearch)
FOUND key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][e] (PUP.Optional.StartSearch)
FOUND key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][mystartsearch] (PUP.Optional.StartSearch)
FOUND key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][Google] (PUP.Optional.StartSearch)
FOUND key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7029578D-92B5-4DAA-8098-BCAA8414C1C4} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][Ask Search] (PUP.Optional.StartSearch)
FOUND key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BCAA0611-F391-41C8-95A5-D6E87F4D77E5} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][Google] (PUP.Optional.StartSearch)
FOUND key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][Google] (PUP.Optional.StartSearch)
FOUND key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][search the web] (PUP.Optional.StartSearch)
FOUND key: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?type=ds&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg[...]][mystartsearch] (PUP.Optional.StartSearch)
FOUND key: [X64] HKLM\SOFTWARE\Clients\StartMenuInternet\Crossbrowse ["C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" http://www.mystartsearch.com/?type=sc&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX(Not File)]  =>PUP.Optional.StartSearch
FOUND data: HKLM\...\Crossbrowse\Shell\open\Command\\"C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" http://www.mystartsearch.com/?type=sc&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX(PUP.Optional.StartSearch)
FOUND data: HKLM\...\IEXPLORE.EXE\Shell\open\Command\\C:\Program Files\Internet Explorer\iexplore.exe http://www.oursurfing.com/?type=sc&ts=1437286377&z=f89574d1b5769d1295f03cdg5zbc7mbodbbq7cdm2w&from=amt&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX(PUP.Optional.OurSurfing)
FOUND value: HKLM\Software\Classes\.htm\OpenWithProgIDs\\CRSBRWSHTML []  =>PUP.Optional.CrossBrowse
FOUND value: HKLM\Software\Classes\.html\OpenWithProgIDs\\CRSBRWSHTML []  =>PUP.Optional.CrossBrowse
FOUND value: HKLM\Software\Classes\.shtml\OpenWithProgIDs\\CRSBRWSHTML []  =>PUP.Optional.CrossBrowse
FOUND value: HKLM\Software\Classes\.webp\OpenWithProgIDs\\CRSBRWSHTML []  =>PUP.Optional.CrossBrowse
FOUND value: HKLM\Software\Classes\.xht\OpenWithProgIDs\\CRSBRWSHTML []  =>PUP.Optional.CrossBrowse
FOUND key: HKCU\Software\WajIEnhance []  =>PUP.Optional.Wajam
FOUND key: HKCU\Software\WajIntEnhance []  =>PUP.Optional.Wajam
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service [C:\Program Files\MiuiTab\ProtectService.exe]  =>PUP.Optional.AgentODR
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\KMService [C:\Windows\System32\srvany.exe]  =>PUP.Optional.Office
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\nethfdrv [C:\Windows\System32\drivers\nethfdrv.sys]  =>PUP.Optional.Amonetize
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\NetHttpService [C:\Windows\System32\nethtsrv.exe]  =>PUP.Optional.Amonetize
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect [C:\ProgramData\6WinManPro6\ProtectWindowsManager.exe]  =>PUP.Optional.Fuyu
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{5663c04f-f294-4115-9114-b62be60538cb}Gw [C:\Windows\System32\drivers\{5663c04f-f294-4115-9114-b62be60538cb}Gw.sys]  =>PUP.Optional.LinkiDoo
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw [C:\Windows\System32\drivers\{92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw.sys]  =>PUP.Optional.LinkiDoo
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw [C:\Windows\System32\drivers\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw.sys]  =>PUP.Optional.LinkiDoo
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{b2b1c7de-2b5f-4688-b5b1-33172b6705e7}Gw [C:\Windows\System32\drivers\{b2b1c7de-2b5f-4688-b5b1-33172b6705e7}Gw.sys]  =>PUP.Optional.LinkiDoo
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service [C:\Program Files\MiuiTab\ProtectService.exe]  =>PUP.Optional.MiuiTab
FOUND key: HKLM\SOFTWARE\downchecker []  =>PUP.Optional.DownChecker
FOUND key: HKLM\SOFTWARE\SearchProtect []  =>PUP.Optional.SearchProtect
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\Currentversion\Uninstall\SearchProtect []  =>PUP.Optional.SearchProtect
FOUND key: HKCU\Software\Cinem Plus 2.4cV20.07-nv-ie []  =>Heuristic.CrossRider
FOUND key: HKCU\Software\CinemaPlus-3.2cV20.07-nv-ie []  =>Heuristic.CrossRider
FOUND key: HKCU\Software\SavePass 1.1-nv-ie []  =>Heuristic.CrossRider
FOUND key: HKCU\Software\Shop and Save Up-nv-ie []  =>Heuristic.CrossRider
FOUND value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9D028DA769B8F8BA1EF2B2E5C45F19DE ["C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window]  =>PUP.Optional.CrossBrowse
FOUND value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Yahoo! Search [C:\Users\Silvy\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrlte.exe]  =>PUP.Optional.PaybyAds
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\AnyProtect []  =>PUP.Optional.AnyProtect
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\APN PIP []  =>PUP.Optional.Conduit
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\ArenaHD []  =>PUP.Optional.CrossRider
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\CinemaPlus-3.2cV20.07-nv-ie []  =>PUP.Optional.CrossRider
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Crossbrowse []  =>PUP.Optional.CrossBrowse
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\CrossBrowser []  =>PUP.Optional.CrossBrowser
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\EpicScale []  =>PUP.Optional.EpicScale
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\globalUpdate []  =>PUP.Optional.GlobalUpdate
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\HighDefAction []  =>PUP.Optional.CrossRider
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\HomeTab []  =>PUP.Optional.CertifiedToolbar
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Linkey []  =>PUP.Optional.LinkeySearch
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\PriceFountain []  =>PUP.Optional.PriceFountain
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\SavePass 1.1 []  =>PUP.Optional.CrossRider
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\SavePass 1.1-nv-ie []  =>PUP.Optional.CrossRider
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\SearchProtectWS []  =>PUP.Optional.SearchProtect
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Shop and Save Up-nv-ie []  =>PUP.Optional.ShopSave
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\SimplyTech []  =>PUP.Optional.SimplyTech
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\systweak []  =>PUP.Optional.Systweak
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\TNT2 []  =>PUP.Optional.TidyNetwork
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\WajIEnhance []  =>PUP.Optional.Multiplug
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\WajIntEnhance []  =>PUP.Optional.Multiplug
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\YorkNewCin []  =>PUP.Optional.CrossRider
FOUND key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Classes\keepmysearch []  =>PUP.Optional.Hotbar
FOUND key: HKCU\Software\AnyProtect []  =>PUP.Optional.AnyProtect
FOUND key: HKCU\Software\APN PIP []  =>PUP.Optional.Conduit
FOUND key: HKCU\Software\ArenaHD []  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\CinemaPlus-3.2cV20.07-nv-ie []  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Crossbrowse []  =>PUP.Optional.CrossBrowse
FOUND key: HKCU\Software\CrossBrowser []  =>PUP.Optional.CrossBrowser
FOUND key: HKCU\Software\EpicScale []  =>PUP.Optional.EpicScale
FOUND key: HKCU\Software\globalUpdate []  =>PUP.Optional.GlobalUpdate
FOUND key: HKCU\Software\HighDefAction []  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\HomeTab []  =>PUP.Optional.CertifiedToolbar
FOUND key: HKCU\Software\Linkey []  =>PUP.Optional.LinkeySearch
FOUND key: HKCU\Software\PriceFountain []  =>PUP.Optional.PriceFountain
FOUND key: HKCU\Software\SavePass 1.1 []  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\SavePass 1.1-nv-ie []  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\SearchProtectWS []  =>PUP.Optional.SearchProtect
FOUND key: HKCU\Software\Shop and Save Up-nv-ie []  =>PUP.Optional.ShopSave
FOUND key: HKCU\Software\SimplyTech []  =>PUP.Optional.SimplyTech
FOUND key: HKCU\Software\systweak []  =>PUP.Optional.Systweak
FOUND key: HKCU\Software\TNT2 []  =>PUP.Optional.TidyNetwork
FOUND key: HKCU\Software\WajIEnhance []  =>PUP.Optional.Multiplug
FOUND key: HKCU\Software\WajIntEnhance []  =>PUP.Optional.Multiplug
FOUND key: HKCU\Software\YorkNewCin []  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\AppDataLow\Software\Crossrider []  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP []  =>PUP.Optional.IMBooster
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar []  =>PUP.Optional.IMBooster
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey []  =>PUP.Optional.LinkeySearch
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect []  =>PUP.Optional.SearchProtect
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com []  =>PUP.Optional.Vosteran
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance []  =>PUP.Optional.Multiplug
FOUND key: HKLM\SOFTWARE\Classes\SpeedUpMyPC [url:SpeedUpMyPC Protocol]  =>PUP.Optional.SpeedUpMyPC
FOUND key: HKLM\SOFTWARE\Classes\protector_dll.protectorbho [Google Toolbar Notifier BHO]  =>PUP.Optional.BProtector
FOUND key: HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 [Google Toolbar Notifier BHO]  =>PUP.Optional.BProtector
FOUND key: HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [iTool]  =>Toolbar.Ask
FOUND key: HKLM\SOFTWARE\Classes\CRSBRWSHTML [Crossbrowse HTML Document]  =>PUP.Optional.CrossBrowse
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} [LuckyTab Class]  =>PUP.Optional.LuckyTab
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect []  =>PUP.Optional.Fuyu
FOUND key: HKLM\SOFTWARE\ArenaHD []  =>PUP.Optional.CrossRider
FOUND key: HKLM\SOFTWARE\Conduit []  =>PUP.Optional.Conduit
FOUND key: HKLM\SOFTWARE\Crossbrowse []  =>PUP.Optional.CrossBrowse
FOUND key: HKLM\SOFTWARE\GlobalUpdate []  =>PUP.Optional.GlobalUpdate
FOUND key: HKLM\SOFTWARE\HighDefAction []  =>PUP.Optional.CrossRider
FOUND key: HKLM\SOFTWARE\IHProtect []  =>PUP.Optional.AgentODR
FOUND key: HKLM\SOFTWARE\Iminent []  =>PUP.Optional.IMBooster
FOUND key: HKLM\SOFTWARE\istartsurfSoftware []  =>PUP.Optional.IsStart
FOUND key: HKLM\SOFTWARE\mystartsearchSoftware []  =>PUP.Optional.StartSearch
FOUND key: HKLM\SOFTWARE\oursurfingSoftware []  =>PUP.Optional.OurSurfing
FOUND key: HKLM\SOFTWARE\searchult []  =>PUP.Optional.Generic
FOUND key: HKLM\SOFTWARE\SupDp []  =>PUP.Optional.SupTab
FOUND key: HKLM\SOFTWARE\supTab []  =>PUP.Optional.SupTab
FOUND key: HKLM\SOFTWARE\supWindowsMangerProtect []  =>PUP.Optional.Fuyu
FOUND key: HKLM\SOFTWARE\Systweak []  =>PUP.Optional.Systweak
FOUND key: HKLM\SOFTWARE\Uniblue []  =>PUP.Optional.Uniblue
FOUND key: HKLM\SOFTWARE\WajIntEnhance []  =>PUP.Optional.Multiplug
FOUND key: HKLM\SOFTWARE\YorkNewCin []  =>PUP.Optional.CrossRider
FOUND key: HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 []  =>PUP.Optional.AdvancedSystemProtector
FOUND key: HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS []  =>PUP.Optional.AdvancedSystemProtector
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~9338DF9D_is1 [Advanced System Protector]  =>PUP.Optional.Systweak
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crossbrowse [The Crossbrowse Authors]  =>PUP.Optional.CrossBrowse
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP []  =>PUP.Optional.IMBooster
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar []  =>PUP.Optional.IMBooster
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall [istartsurf]  =>PUP.Optional.IsStart
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey []  =>PUP.Optional.LinkeySearch
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall [mystartsearch]  =>PUP.Optional.StartSearch
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\oursurfing uninstall [oursurfing]  =>PUP.Optional.OurSurfing
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1 []  =>PUP.Optional.RegistryPowerCleaner
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean-Pro_is1 [systweak.com]  =>PUP.Optional.RegistryPowerCleaner
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage []  =>PUP.Optional.Downware
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com []  =>PUP.Optional.Vosteran
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance []  =>PUP.Optional.Multiplug
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1 [uniblue Systems Limited]  =>PUP.Optional.Uniblue
FOUND key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\globalupdate.exe []  =>PUP.Optional.GlobalUpdate
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\crossbrowse.exe [C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe]  =>PUP.Optional.CrossBrowse
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{1F91A9A1-01BA-4c81-863D-3BA0751E1419}\InprocServer32 [C:\Program Files\MiuiTab\SupTab.dll]  =>PUP.Optional.MiuiTab
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}\InprocServer32 [C:\Program Files\MiuiTab\SupTab.dll]  =>PUP.Optional.LuckyTab
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{b608cc98-54de-4775-96c9-097de398500c}\InprocServer32 [C:\Users\Silvy\AppData\Local\PriceFountain\PriceFountainIE.dll (Not File)]  =>PUP.Optional.PriceFountain
 
 
---\\ Result of repair
~ Any repair made
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 52640
~ Items found : 731
~ Items cancelled : 0
~ Items repaired : 0
 
 
~ End of search in 12 minutes
===================
ZHPCleaner--21082015-23_54_49.txt
ZHPCleaner--22082015-00_24_38.txt
;)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Чудесно,

 

  • Сега стартирайте ZHPCleaner с десен клик върху файла и изберете от контекстното меню "Run as administrator"
  • Кликнете върху Ashampoo_Snap_20140819_13h09m50s_001__zp за да се съгласите с лицензионното споразумение.
  • Направете нова проверка и след като приключи натиснете бутона slm23Pe.png
  • Браузърите ще бъдат затворени автоматично.
  • Ще се отвори лог файл след прикючването на проверката.
  • Публикувайте лог файла в следващия си коментар.
  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

 

Чудесно,

 

  • Сега стартирайте ZHPCleaner с десен клик върху файла и изберете от контекстното меню "Run as administrator"
  • Кликнете върху Ashampoo_Snap_20140819_13h09m50s_001__zp за да се съгласите с лицензионното споразумение.
  • Направете нова проверка и след като приключи натиснете бутона slm23Pe.png
  • Браузърите ще бъдат затворени автоматично.
  • Ще се отвори лог файл след прикючването на проверката.
  • Публикувайте лог файла в следващия си коментар.

 

~ ZHPCleaner v2015.8.20.329 by Nicolas Coolman (2015/08/20)
~ Run by Silvy (Administrator)  (22/08/2015 11:24:07)
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Silvy\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Silvy\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
 
 
---\\  Services (4)
CLOSED : IHProtect Service  =>PUP.Optional.AgentODR
CLOSED : KMService  =>PUP.Optional.Office
CLOSED : NetHttpService  =>PUP.Optional.Amonetize
CLOSED : WindowsMangerProtect  =>PUP.Optional.Fuyu
 
 
---\\  Browser internet (9)
REPLACED IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL [http://www.mystartsearch.com/?type=hp&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z[...]] =>PUP.Optional.StartSearch
REPLACED IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL [http://www.istartsurf.com/web/?type=ds&ts=1437419518&z=f357ae5290211e393adf3ffgb[...]] =>PUP.Optional.IsStart
REPLACED IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page [http://www.mystartsearch.com/?type=hp&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z[...]] =>PUP.Optional.StartSearch
REPLACED IE Params: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Default_Page_URL [http://www.mystartsearch.com/?type=hp&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z[...]] =>PUP.Optional.StartSearch
REPLACED IE Params: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Start Page [http://www.mystartsearch.com/?type=hp&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z[...]] =>PUP.Optional.StartSearch
REPLACED Quicklaunch: C:\Users\Silvy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk  [bad : http://www.mystartsearch.com/?type=sc&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX](Hijacker.Browser)
REPLACED TaskBar: C:\Users\Silvy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk  [bad : http://www.mystartsearch.com/?type=sc&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX](Hijacker.Browser)
REPLACED Startup\Programs: C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk  [bad : http://www.mystartsearch.com/?type=sc&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX](Hijacker.Browser)
REPLACED SystemTools: C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk  [bad : http://www.mystartsearch.com/?type=sc&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX](Hijacker.Browser)
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (21)
 
 
---\\  Scheduled automatic tasks. (10)
DELETED task: [AmiUpdXp] [C:\Windows\Tasks\AmiUpdXp.job (Not File) ]  =>PUP.Optional.SoftwareUpdater
DELETED task: [APSnotifierPP1] [C:\Windows\Tasks\APSnotifierPP1.job (Not File) ]  =>PUP.Optional.AnyProtect
DELETED task: [APSnotifierPP2] [C:\Windows\Tasks\APSnotifierPP2.job (Not File) ]  =>PUP.Optional.AnyProtect
DELETED task: [APSnotifierPP3] [C:\Windows\Tasks\APSnotifierPP3.job (Not File) ]  =>PUP.Optional.AnyProtect
DELETED task: [Crossbrowse] [C:\Windows\Tasks\Crossbrowse.job (Not File) ]  =>PUP.Optional.CrossBrowse
DELETED task: [Price Fountain] [C:\Windows\Tasks\Price Fountain.job (Not File) ]  =>PUP.Optional.PriceFountain
DELETED task: [RegClean Pro_DEFAULT] [C:\Windows\Tasks\RegClean Pro_DEFAULT.job (Not File) ]  =>PUP.Optional.RegistryPowerCleaner
DELETED task: [RegClean Pro_UPDATES] [C:\Windows\Tasks\RegClean Pro_UPDATES.job (Not File) ]  =>PUP.Optional.RegistryPowerCleaner
DELETED task: [speedUpMyPC Maintenance] [C:\Windows\Tasks\SpeedUpMyPC Maintenance.job (Not File) ]  =>PUP.Optional.SpeedUpMyPC
DELETED task: [speedUpMyPC Startup] [C:\Windows\Tasks\SpeedUpMyPC Startup.job (Not File) ]  =>PUP.Optional.SpeedUpMyPC
 
 
---\\  Explorer ( File, Folder) (159)
MOVED file: C:\Users\Silvy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Crossbrowse.lnk  [bad : C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe]  =>PUP.Optional.CrossBrowse
MOVED file: C:\Users\Silvy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk  [bad : C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe]  =>PUP.Optional.Uniblue
MOVED file: C:\Users\Silvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk  [bad : C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe]  =>PUP.Optional.CrossBrowse
MOVED file: C:\Program Files\MiuiTab\SupTab.dll [Good Co. Limited - GoodTab]  =>PUP.Optional.MiuiTab
MOVED file: C:\Program Files\MiuiTab\ProtectService.exe [XTab system - ProtectSvc.exe]  =>PUP.Optional.AgentODR
MOVED file: C:\Windows\System32\drivers\nethfdrv.sys [nethfdrv - nethfdrv]  =>PUP.Optional.Amonetize
MOVED file: C:\Windows\System32\nethtsrv.exe [© 2012-2014, All rights reserved. - ]  =>PUP.Optional.Amonetize
MOVED file: C:\ProgramData\6WinManPro6\ProtectWindowsManager.exe [DTools LIMITED - DTools]  =>PUP.Optional.Fuyu
MOVED file: C:\Windows\System32\drivers\{5663c04f-f294-4115-9114-b62be60538cb}Gw.sys [stdLib - StdLib]  =>PUP.Optional.LinkiDoo
MOVED file: C:\Windows\System32\drivers\{92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw.sys [stdLib - StdLib]  =>PUP.Optional.LinkiDoo
MOVED file: C:\Windows\System32\drivers\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw.sys [stdLib - StdLib]  =>PUP.Optional.LinkiDoo
MOVED file: C:\Windows\System32\drivers\{b2b1c7de-2b5f-4688-b5b1-33172b6705e7}Gw.sys [stdLib - StdLib]  =>PUP.Optional.LinkiDoo
MOVED file: C:\Users\Silvy\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrlte.exe [Pay By Ads LTD - ]  =>PUP.Optional.PaybyAds
MOVED file: C:\Windows\Tasks\AmiUpdXp.job    =>PUP.Optional.SoftwareUpdater
MOVED file: C:\Windows\Tasks\APSnotifierPP1.job    =>PUP.Optional.AnyProtect
MOVED file: C:\Windows\Tasks\APSnotifierPP2.job    =>PUP.Optional.AnyProtect
MOVED file: C:\Windows\Tasks\APSnotifierPP3.job    =>PUP.Optional.AnyProtect
MOVED file: C:\Windows\Tasks\Crossbrowse.job    =>PUP.Optional.CrossBrowse
MOVED file: C:\Windows\Tasks\Price Fountain.job    =>PUP.Optional.PriceFountain
MOVED file: C:\Windows\Tasks\RegClean Pro_DEFAULT.job    =>PUP.Optional.RegistryPowerCleaner
MOVED file: C:\Windows\Tasks\RegClean Pro_UPDATES.job    =>PUP.Optional.RegistryPowerCleaner
MOVED file: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job    =>PUP.Optional.SpeedUpMyPC
MOVED file: C:\Windows\Tasks\SpeedUpMyPC Startup.job    =>PUP.Optional.SpeedUpMyPC
MOVED file: C:\Windows\Tasks\e5c80545-bae7-429e-8c66-24b2aadbae3e-10_user.job    =>PUP.Optional.CrossRider
MOVED file: C:\Windows\Tasks\e5c80545-bae7-429e-8c66-24b2aadbae3e-3.job    =>PUP.Optional.CrossRider
MOVED file: C:\Windows\System32\Tasks\e5c80545-bae7-429e-8c66-24b2aadbae3e-10_user    =>PUP.Optional.CrossRider
MOVED file: C:\Program Files\SavePass 1.1\e5c80545-bae7-429e-8c66-24b2aadbae3e-10.exe [OB - SavePass 1.1 exe]  =>PUP.Optional.CrossRider
MOVED file: C:\END    =>PUP.Optional.Conduit
MOVED file: C:\Windows\Prefetch\CROSSBROWSE.EXE-F6F882CE.pf    =>PUP.Optional.CrossBrowse
MOVED file: C:\Windows\Prefetch\GLOBALUPDATE.EXE-B66D5BF9.pf    =>PUP.Optional.GlobalUpdate
MOVED file: C:\Windows\Prefetch\GLOBALUPDATECRASHHANDLER.EXE-C9210A99.pf    =>PUP.Optional.GlobalUpdate
MOVED file: C:\Windows\Prefetch\OFFERSWIZARD.EXE-22157E4C.pf    =>PUP.Optional.OffersWizard
MOVED file: C:\Windows\Prefetch\OLBPRE.EXE-826AFBAE.pf    =>PUP.Optional.MyPCBackup
MOVED file: C:\Windows\Prefetch\PRICEFOUNTAINW.EXE-1E2B9377.pf    =>PUP.Optional.PriceFountain
MOVED file: C:\Windows\Prefetch\SPEEDUPMYPC.EXE-9A3B87D4.pf    =>PUP.Optional.SpeedUpMyPC
MOVED file: C:\Program Files\Mozilla Firefox\browser\searchplugins\findit.xml    =>PUP.Optional.SmartBar
MOVED file: C:\Users\Silvy\AppData\Local\Temp\dsrsetup.exe [Pay By Ads LTD - ]  =>PUP.Optional.PaybyAds
MOVED file: C:\Users\Silvy\AppData\Local\Temp\nsn5FE4.tmp\Zicjmwzibhmepg.exe [installMoon - GoHD Installer]  =>PUP.Optional.CrossRider
MOVED file: C:\Users\Silvy\AppData\Local\Temp\nsfA518.tmp\setup.exe [installMoon - GoHD Installer]  =>PUP.Optional.CrossRider
MOVED file: C:\Users\Silvy\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\Extracted\adv_109.exe [TMRG, Inc. - Additional Offer Setup]  =>PUP.Optional.RelevantKnowledge
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\globalupdate.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\globalupdateBroker.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\goopdate.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\psmachine.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.56526\psuser.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\globalupdate.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\globalupdateBroker.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\goopdate.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\psmachine.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.343129\psuser.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\globalupdate.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\globalupdateBroker.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\goopdate.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\psmachine.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.31346\psuser.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\globalupdate.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\globalupdateBroker.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\goopdate.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\psmachine.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.263660\psuser.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\globalupdate.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\globalupdateBroker.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\goopdate.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\psmachine.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.195787\psuser.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\globalupdate.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\globalupdateBroker.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\goopdate.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\psmachine.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\Temp\comh.122244\psuser.dll [globalUpdate - globalUpdate Update]  =>PUP.Optional.GlobalUpdate
MOVED file: C:\Users\Silvy\AppData\Local\nsc1F33.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
MOVED file: C:\Users\Silvy\AppData\Local\nshC95E.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
MOVED file: C:\Users\Silvy\AppData\Local\nsm1289.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
MOVED file: C:\Users\Silvy\AppData\Local\nsm6551.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
MOVED file: C:\Users\Silvy\AppData\Local\nsu81D1.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
MOVED file: C:\Users\Silvy\AppData\Local\nsw39EF.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
MOVED file: C:\Users\Silvy\AppData\Local\nsw9A33.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
MOVED file: C:\Users\Silvy\AppData\Local\nsxCD9D.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage    =>PUP.Optional.AkamaiHD
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage-journal    =>PUP.Optional.AkamaiHD
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_hdapp1008-a.akamaihd.net_0.localstorage    =>PUP.Optional.AkamaiHD
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_hdapp1008-a.akamaihd.net_0.localstorage-journal    =>PUP.Optional.AkamaiHD
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage    =>PUP.Optional.ShoppinGate
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal    =>PUP.Optional.ShoppinGate
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage    =>PUP.Optional.BestPriceNinja
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal    =>PUP.Optional.BestPriceNinja
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage    =>PUP.Optional.BoostSaves
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal    =>PUP.Optional.BoostSaves
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cdncache-a.akamaihd.net_0.localstorage    =>PUP.Optional.AkamaiHD
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cdncache-a.akamaihd.net_0.localstorage-journal    =>PUP.Optional.AkamaiHD
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage    =>PUP.Optional.BestPriceNinja
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal    =>PUP.Optional.BestPriceNinja
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage    =>PUP.Optional.SmartBar
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage-journal    =>PUP.Optional.SmartBar
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_searchsimple-a.akamaihd.net_0.localstorage    =>PUP.Optional.AkamaiHD
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_searchsimple-a.akamaihd.net_0.localstorage-journal    =>PUP.Optional.AkamaiHD
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage    =>PUP.Optional.BoostSaves
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal    =>PUP.Optional.BoostSaves
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage    =>PUP.Optional.StartSearch
MOVED file: C:\Users\Silvy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage-journal    =>PUP.Optional.StartSearch
MOVED file: C:\Users\Silvy\AppData\Local\Temp\nsw39EF.tmp [CMI Limited - Setup]  =>PUP.Optional.CMILimited
MOVED file: C:\Users\Silvy\AppData\Local\Temp\reimage.log    =>PUP.Optional.ReImageRepair
MOVED file: C:\Users\Silvy\AppData\Local\Temp\Uninstall.exe [Copyright 2013 - ]  =>PUP.Optional.Generic
MOVED folder: C:\Program Files\8f7c661b-cac3-4083-b69c-1847ac7e309a  =>PUP.Optional.CrossRider
MOVED folder: C:\Program Files\SavePass 1.1  =>PUP.Optional.CrossRider
MOVED folder^: C:\Program Files\Crossbrowse  =>PUP.Optional.CrossBrowse
MOVED folder: C:\Program Files\DownChecker  =>PUP.Optional.DownChecker
MOVED folder: C:\Program Files\FriendlyError  =>PUP.Optional.FriendlyError
MOVED folder: C:\Program Files\globalUpdate  =>PUP.Optional.GlobalUpdate
MOVED folder: C:\Program Files\MiuiTab  =>PUP.Optional.MiuiTab
MOVED folder: C:\Program Files\OLBPre  =>PUP.Optional.MyPCBackup
MOVED folder: C:\Program Files\RCP  =>PUP.Optional.RegistryPowerCleaner
MOVED folder: C:\Program Files\Uniblue  =>PUP.Optional.Uniblue
MOVED folder: C:\ProgramData\APN  =>Toolbar.Ask
MOVED folder: C:\ProgramData\EpicScale  =>PUP.Optional.EpicScale
MOVED folder^: C:\ProgramData\ExtTag  =>PUP.Optional.ExtTag
MOVED folder: C:\ProgramData\ExtTags  =>PUP.Optional.ExtTag
MOVED folder: C:\ProgramData\IHProtectUpDate  =>PUP.Optional.AgentODR
MOVED folder: C:\ProgramData\Systweak  =>PUP.Optional.Systweak
MOVED folder: C:\ProgramData\WindowsMangerProtect  =>PUP.Optional.Fuyu
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector  =>PUP.Optional.AdvancedSystemProtector
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse  =>PUP.Optional.CrossBrowse
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro  =>PUP.Optional.RegistryPowerCleaner
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue  =>PUP.Optional.Uniblue
MOVED folder: C:\Users\Silvy\AppData\Roaming\AnyProtectEx  =>PUP.Optional.AnyProtect
MOVED folder: C:\Users\Silvy\AppData\Roaming\istartsurf  =>PUP.Optional.IsStart
MOVED folder: C:\Users\Silvy\AppData\Roaming\mystartsearch  =>PUP.Optional.StartSearch
MOVED folder: C:\Users\Silvy\AppData\Roaming\OpenCandy  =>PUP.Optional.OpenCandy
MOVED folder: C:\Users\Silvy\AppData\Roaming\oursurfing  =>PUP.Optional.OurSurfing
MOVED folder: C:\Users\Silvy\AppData\Roaming\PriceFountain  =>PUP.Optional.PriceFountain
MOVED folder: C:\Users\Silvy\AppData\Roaming\systweak  =>PUP.Optional.Systweak
MOVED folder^: C:\Users\Silvy\AppData\Local\Crossbrowse  =>PUP.Optional.CrossBrowse
MOVED folder: C:\Users\Silvy\AppData\Local\globalUpdate  =>PUP.Optional.GlobalUpdate
MOVED folder^: C:\Users\Silvy\AppData\Local\Pay-By-Ads  =>PUP.Optional.PaybyAds
MOVED folder: C:\Program Files\ASP  =>PUP.Optional.AdvancedSystemProtector
 
 
---\\  Registry ( Key, Value, Data) (158)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][bing] (PUP.Optional.StartSearch)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{096B907D-AAF2-40E2-B273-0BD10CAB1969} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][Yahoo! Search] (PUP.Optional.StartSearch)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][e] (PUP.Optional.StartSearch)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?type=dspp&ts=1437419376&z=33395c02f12c5b421b89a8fg7zeccm5z2g2tecac[...]][mystartsearch] (PUP.Optional.StartSearch)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][Google] (PUP.Optional.StartSearch)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7029578D-92B5-4DAA-8098-BCAA8414C1C4} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][Ask Search] (PUP.Optional.StartSearch)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BCAA0611-F391-41C8-95A5-D6E87F4D77E5} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][Google] (PUP.Optional.StartSearch)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][Google] (PUP.Optional.StartSearch)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds[...]][search the web] (PUP.Optional.StartSearch)
DELETED key: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?type=dspp&ts=1437419376&z=33395c02f12c5b421b89a8fg7zeccm5z2g2tecac[...]][mystartsearch] (PUP.Optional.StartSearch)
REPLACED data: HKLM\...\Crossbrowse\Shell\open\Command\\"C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" http://www.mystartsearch.com/?type=sc&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX(PUP.Optional.StartSearch)
REPLACED data: HKLM\...\IEXPLORE.EXE\Shell\open\Command\\C:\Program Files\Internet Explorer\iexplore.exe http://www.oursurfing.com/?type=sc&ts=1437286377&z=f89574d1b5769d1295f03cdg5zbc7mbodbbq7cdm2w&from=amt&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX(PUP.Optional.OurSurfing)
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F91A9A1-01BA-4c81-863D-3BA0751E1419} []  =>PUP.Optional.MiuiTab
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} []  =>PUP.Optional.MiuiTab
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b608cc98-54de-4775-96c9-097de398500c} []  =>PUP.Optional.PriceFountain
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F91A9A1-01BA-4c81-863D-3BA0751E1419} []  =>PUP.Optional.MiuiTab
DELETED key*: HKLM\Software\Classes\CLSID\{1F91A9A1-01BA-4c81-863D-3BA0751E1419} [GoodTab Class]  =>PUP.Optional.MiuiTab
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} []  =>PUP.Optional.MiuiTab
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} []  =>PUP.Optional.MiuiTab
DELETED key*: HKLM\Software\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} [LuckyTab Class]  =>PUP.Optional.MiuiTab
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b608cc98-54de-4775-96c9-097de398500c} []  =>PUP.Optional.PriceFountain
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b608cc98-54de-4775-96c9-097de398500c} []  =>PUP.Optional.PriceFountain
DELETED key*: HKLM\Software\Classes\CLSID\{b608cc98-54de-4775-96c9-097de398500c} [PriceFountain]  =>PUP.Optional.PriceFountain
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}] =>PUP.Optional.StartSearch
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{096B907D-AAF2-40E2-B273-0BD10CAB1969} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}] =>PUP.Optional.StartSearch
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}] =>PUP.Optional.StartSearch
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}] =>PUP.Optional.StartSearch
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}] =>PUP.Optional.StartSearch
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7029578D-92B5-4DAA-8098-BCAA8414C1C4} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}] =>PUP.Optional.StartSearch
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BCAA0611-F391-41C8-95A5-D6E87F4D77E5} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}] =>PUP.Optional.StartSearch
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&ts=1439212121&type=default&q={searchTerms}] =>PUP.Optional.StartSearch
DELETED key: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?type=ds&ts=1439212061&z=52bbabb0a26c962544a7aa7g7z7cdt0oegfg4t0zbg&from=cmi&uid=HitachiXHTS545032B9A300_100502PBP31016E7HY2LX&q={searchTerms}] =>PUP.Optional.StartSearch
DELETED key*: [X64] HKLM\SOFTWARE\Clients\StartMenuInternet\Crossbrowse []  =>PUP.Optional.StartSearch
DELETED key*: HKCU\Software\WajIEnhance []  =>PUP.Optional.Wajam
DELETED key*: HKCU\Software\WajIntEnhance []  =>PUP.Optional.Wajam
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service [C:\Program Files\MiuiTab\ProtectService.exe (Not File)]  =>PUP.Optional.AgentODR
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\KMService [C:\Windows\System32\srvany.exe]  =>PUP.Optional.Office
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\nethfdrv [C:\Windows\System32\drivers\nethfdrv.sys (Not File)]  =>PUP.Optional.Amonetize
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\NetHttpService [C:\Windows\System32\nethtsrv.exe (Not File)]  =>PUP.Optional.Amonetize
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect [C:\ProgramData\6WinManPro6\ProtectWindowsManager.exe (Not File)]  =>PUP.Optional.Fuyu
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\{5663c04f-f294-4115-9114-b62be60538cb}Gw [C:\Windows\System32\drivers\{5663c04f-f294-4115-9114-b62be60538cb}Gw.sys (Not File)]  =>PUP.Optional.LinkiDoo
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\{92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw [C:\Windows\System32\drivers\{92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw.sys (Not File)]  =>PUP.Optional.LinkiDoo
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw [C:\Windows\System32\drivers\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw.sys (Not File)]  =>PUP.Optional.LinkiDoo
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\{b2b1c7de-2b5f-4688-b5b1-33172b6705e7}Gw [C:\Windows\System32\drivers\{b2b1c7de-2b5f-4688-b5b1-33172b6705e7}Gw.sys (Not File)]  =>PUP.Optional.LinkiDoo
DELETED key*: HKLM\SOFTWARE\downchecker []  =>PUP.Optional.DownChecker
DELETED key*: HKLM\SOFTWARE\SearchProtect []  =>PUP.Optional.SearchProtect
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\Currentversion\Uninstall\SearchProtect []  =>PUP.Optional.SearchProtect
DELETED key*: HKCU\Software\Cinem Plus 2.4cV20.07-nv-ie []  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\CinemaPlus-3.2cV20.07-nv-ie []  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\SavePass 1.1-nv-ie []  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Shop and Save Up-nv-ie []  =>PUP.Optional.CrossRider
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\{5663c04f-f294-4115-9114-b62be60538cb}Gw [C:\Windows\System32\drivers\{5663c04f-f294-4115-9114-b62be60538cb}Gw.sys (Not File)]  =>PUP.Optional.LinkiDoo
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\{92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw [C:\Windows\System32\drivers\{92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw.sys (Not File)]  =>PUP.Optional.LinkiDoo
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw [C:\Windows\System32\drivers\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw.sys (Not File)]  =>PUP.Optional.LinkiDoo
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\{b2b1c7de-2b5f-4688-b5b1-33172b6705e7}Gw [C:\Windows\System32\drivers\{b2b1c7de-2b5f-4688-b5b1-33172b6705e7}Gw.sys (Not File)]  =>PUP.Optional.LinkiDoo
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service [C:\Program Files\MiuiTab\ProtectService.exe (Not File)]  =>PUP.Optional.AgentODR
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\nethfdrv [C:\Windows\System32\drivers\nethfdrv.sys (Not File)]  =>PUP.Optional.Amonetize
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect [C:\ProgramData\6WinManPro6\ProtectWindowsManager.exe (Not File)]  =>PUP.Optional.Fuyu
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\AnyProtect []  =>PUP.Optional.AnyProtect
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\APN PIP []  =>PUP.Optional.Conduit
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\ArenaHD []  =>PUP.Optional.CrossRider
DELETED key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\CinemaPlus-3.2cV20.07-nv-ie []  =>PUP.Optional.CrossRider
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Crossbrowse []  =>PUP.Optional.CrossBrowse
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\CrossBrowser []  =>PUP.Optional.CrossBrowser
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\EpicScale []  =>PUP.Optional.EpicScale
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\globalUpdate []  =>PUP.Optional.GlobalUpdate
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\HighDefAction []  =>PUP.Optional.CrossRider
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\HomeTab []  =>PUP.Optional.CertifiedToolbar
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Linkey []  =>PUP.Optional.LinkeySearch
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\PriceFountain []  =>PUP.Optional.PriceFountain
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\SavePass 1.1 []  =>PUP.Optional.CrossRider
DELETED key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\SavePass 1.1-nv-ie []  =>PUP.Optional.CrossRider
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\SearchProtectWS []  =>PUP.Optional.SearchProtect
DELETED key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Shop and Save Up-nv-ie []  =>PUP.Optional.ShopSave
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\SimplyTech []  =>PUP.Optional.SimplyTech
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\systweak []  =>PUP.Optional.Systweak
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\TNT2 []  =>PUP.Optional.TidyNetwork
DELETED key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\WajIEnhance []  =>PUP.Optional.Multiplug
DELETED key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\WajIntEnhance []  =>PUP.Optional.Multiplug
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\YorkNewCin []  =>PUP.Optional.CrossRider
DELETED key*: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Classes\keepmysearch []  =>PUP.Optional.Hotbar
DELETED key: HKCU\Software\AnyProtect []  =>PUP.Optional.AnyProtect
DELETED key: HKCU\Software\APN PIP []  =>PUP.Optional.Conduit
DELETED key: HKCU\Software\ArenaHD []  =>PUP.Optional.CrossRider
DELETED key: HKCU\Software\Crossbrowse []  =>PUP.Optional.CrossBrowse
DELETED key: HKCU\Software\CrossBrowser []  =>PUP.Optional.CrossBrowser
DELETED key: HKCU\Software\EpicScale []  =>PUP.Optional.EpicScale
DELETED key: HKCU\Software\globalUpdate []  =>PUP.Optional.GlobalUpdate
DELETED key: HKCU\Software\HighDefAction []  =>PUP.Optional.CrossRider
DELETED key: HKCU\Software\HomeTab []  =>PUP.Optional.CertifiedToolbar
DELETED key: HKCU\Software\Linkey []  =>PUP.Optional.LinkeySearch
DELETED key: HKCU\Software\PriceFountain []  =>PUP.Optional.PriceFountain
DELETED key: HKCU\Software\SavePass 1.1 []  =>PUP.Optional.CrossRider
DELETED key: HKCU\Software\SearchProtectWS []  =>PUP.Optional.SearchProtect
DELETED key: HKCU\Software\SimplyTech []  =>PUP.Optional.SimplyTech
DELETED key: HKCU\Software\systweak []  =>PUP.Optional.Systweak
DELETED key: HKCU\Software\TNT2 []  =>PUP.Optional.TidyNetwork
DELETED key: HKCU\Software\YorkNewCin []  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\AppDataLow\Software\Crossrider []  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP []  =>PUP.Optional.IMBooster
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar []  =>PUP.Optional.IMBooster
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey []  =>PUP.Optional.LinkeySearch
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect []  =>PUP.Optional.SearchProtect
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com []  =>PUP.Optional.Vosteran
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance []  =>PUP.Optional.Multiplug
DELETED key*: HKLM\SOFTWARE\Classes\SpeedUpMyPC [url:SpeedUpMyPC Protocol]  =>PUP.Optional.SpeedUpMyPC
DELETED key*: HKLM\SOFTWARE\Classes\protector_dll.protectorbho [Google Toolbar Notifier BHO]  =>PUP.Optional.BProtector
DELETED key*: HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 [Google Toolbar Notifier BHO]  =>PUP.Optional.BProtector
DELETED key*: HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [iTool]  =>Toolbar.Ask
DELETED key*: HKLM\SOFTWARE\Classes\CRSBRWSHTML [Crossbrowse HTML Document]  =>PUP.Optional.CrossBrowse
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect []  =>PUP.Optional.Fuyu
DELETED key*: HKLM\SOFTWARE\ArenaHD []  =>PUP.Optional.CrossRider
DELETED key*: HKLM\SOFTWARE\Conduit []  =>PUP.Optional.Conduit
DELETED key*: HKLM\SOFTWARE\Crossbrowse []  =>PUP.Optional.CrossBrowse
DELETED key*: HKLM\SOFTWARE\GlobalUpdate []  =>PUP.Optional.GlobalUpdate
DELETED key*: HKLM\SOFTWARE\HighDefAction []  =>PUP.Optional.CrossRider
DELETED key*: HKLM\SOFTWARE\IHProtect []  =>PUP.Optional.AgentODR
DELETED key*: HKLM\SOFTWARE\Iminent []  =>PUP.Optional.IMBooster
DELETED key*: HKLM\SOFTWARE\istartsurfSoftware []  =>PUP.Optional.IsStart
DELETED key*: HKLM\SOFTWARE\mystartsearchSoftware []  =>PUP.Optional.StartSearch
DELETED key*: HKLM\SOFTWARE\oursurfingSoftware []  =>PUP.Optional.OurSurfing
DELETED key*: HKLM\SOFTWARE\searchult []  =>PUP.Optional.Generic
DELETED key*: HKLM\SOFTWARE\SupDp []  =>PUP.Optional.SupTab
DELETED key*: HKLM\SOFTWARE\supTab []  =>PUP.Optional.SupTab
DELETED key*: HKLM\SOFTWARE\supWindowsMangerProtect []  =>PUP.Optional.Fuyu
DELETED key*: HKLM\SOFTWARE\Systweak []  =>PUP.Optional.Systweak
DELETED key*: HKLM\SOFTWARE\Uniblue []  =>PUP.Optional.Uniblue
DELETED key*: HKLM\SOFTWARE\WajIntEnhance []  =>PUP.Optional.Multiplug
DELETED key*: HKLM\SOFTWARE\YorkNewCin []  =>PUP.Optional.CrossRider
DELETED key*: HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 []  =>PUP.Optional.AdvancedSystemProtector
DELETED key*: HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS []  =>PUP.Optional.AdvancedSystemProtector
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~9338DF9D_is1 [Advanced System Protector]  =>PUP.Optional.Systweak
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crossbrowse [The Crossbrowse Authors]  =>PUP.Optional.CrossBrowse
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP []  =>PUP.Optional.IMBooster
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar []  =>PUP.Optional.IMBooster
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall [istartsurf]  =>PUP.Optional.IsStart
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey []  =>PUP.Optional.LinkeySearch
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall [mystartsearch]  =>PUP.Optional.StartSearch
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\oursurfing uninstall [oursurfing]  =>PUP.Optional.OurSurfing
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1 []  =>PUP.Optional.RegistryPowerCleaner
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean-Pro_is1 [systweak.com]  =>PUP.Optional.RegistryPowerCleaner
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage []  =>PUP.Optional.Downware
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com []  =>PUP.Optional.Vosteran
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance []  =>PUP.Optional.Multiplug
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1 [uniblue Systems Limited]  =>PUP.Optional.Uniblue
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\globalupdate.exe []  =>PUP.Optional.GlobalUpdate
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\crossbrowse.exe [C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe]  =>PUP.Optional.CrossBrowse
DELETED key: HKLM\SOFTWARE\Classes\CLSID\{1F91A9A1-01BA-4c81-863D-3BA0751E1419}\InprocServer32 [C:\Program Files\MiuiTab\SupTab.dll (Not File)]  =>PUP.Optional.MiuiTab
DELETED key: HKLM\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}\InprocServer32 [C:\Program Files\MiuiTab\SupTab.dll (Not File)]  =>PUP.Optional.LuckyTab
DELETED key: HKLM\SOFTWARE\Classes\CLSID\{b608cc98-54de-4775-96c9-097de398500c}\InprocServer32 [C:\Users\Silvy\AppData\Local\PriceFountain\PriceFountainIE.dll (Not File)]  =>PUP.Optional.PriceFountain
DELETED value: HKLM\Software\Classes\.htm\OpenWithProgIDs\\CRSBRWSHTML []  =>PUP.Optional.CrossBrowse
DELETED value: HKLM\Software\Classes\.html\OpenWithProgIDs\\CRSBRWSHTML []  =>PUP.Optional.CrossBrowse
DELETED value: HKLM\Software\Classes\.shtml\OpenWithProgIDs\\CRSBRWSHTML []  =>PUP.Optional.CrossBrowse
DELETED value: HKLM\Software\Classes\.webp\OpenWithProgIDs\\CRSBRWSHTML []  =>PUP.Optional.CrossBrowse
DELETED value: HKLM\Software\Classes\.xht\OpenWithProgIDs\\CRSBRWSHTML []  =>PUP.Optional.CrossBrowse
DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9D028DA769B8F8BA1EF2B2E5C45F19DE ["C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window]  =>PUP.Optional.CrossBrowse
DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Yahoo! Search [C:\Users\Silvy\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrlte.exe]  =>PUP.Optional.PaybyAds
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
~ The system has been restarted.
 
 
---\\ Statistics
~ Items scanned : 618
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 340
 
 
~ End of clean in 4 minutes
===================
ZHPCleaner-[R]-22082015-11_28_31.txt
ZHPCleaner--21082015-23_54_49.txt
ZHPCleaner--22082015-00_24_38.txt
ZHPCleaner--22082015-11_23_46.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добра работа, програмата е почистила доста боклуци, но редом с тях е заминал и активатора за офис пакета ви:

 

DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\KMService [C:\Windows\System32\srvany.exe]  =>PUP.Optional.Office

 

Тъй като в правилата на форума е забранено да се дискутират и разпространяват нелегални инструменти ще оставя на вас как да постъпите. Имате 4 възможности.

 

1. Да си намерите активатора сама (но с риск да попаднете на нещо, което не трябва и да се заразите отново).

2. Да оставите тази задача на познат, който има опит с тези неща.

3. Да си закупите Microsoft Office.

4. Да деинсталирате Microsoft Office и да инсталирате безплатния пакет LibreOffice 5.0.0, който по нищо не му отстъпва.

 

Сега за да продължим с почистването следвайте следните стъпки:

 

 

СТЪПКА 1

 

  • Изтеглете и стартирайтe 6sv1DN9.jpgAdwCleaner.exe.
  • Натиснете бутона Scan.
  • AdwCleaner ще започне да проверява компютъра.
  • След като проверката приключи натиснете бутона Clean.
  • Програмата ще затвори всички излишни процеси и след почистването ще иска да рестартира машината. Съгласете се.
  • Ще се появи автоматично лог файл с името (AdwCleaner[s0].txt) в C:\Adwcleaner
  • Публикувайте съдържанието му в следващия си коментар.

 

 

СТЪПКА 2

 

 

Моля изтеглете icon1351185104.png Junkware Removal Tool на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

 

 

СТЪПКА 3

 

Направете нова проверка с FRST като се уверите, че има отметка пред Addition.txt преди да натиснете бутона SCAN.

Прикачете новите два лог файла - FRST.txt и Addition.txt в следващия си коментар.

 

 

Поздрави!

  • Харесва ми 3

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стъпка 1


Стъпка 2

 

Стъпка 3 :yanim: 

AdwCleanerC1.txt

AdwCleanerS1.txt

JRT.txt

FRST.txt

Addition.txt

Редактирано от Силвия Табакова (преглед на промените)
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сега изтеглете KKdS6sj.pngfixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

След това пишете как е положението.

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сега изтеглете KKdS6sj.pngfixlist.txt и го запазете в папката от която стартирахте FRST.exe.

Стартирайте FRST.exe и натиснете бутона Fix веднъж!

След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

 

Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

След това пишете как е положението.

След рестарта изчезна Chrome ,за сега всичко друго ми се вижда  ок :)

Fixlog.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

В какъв смисъл изчезна Chrome? Няма ред в скрипта, който да е изтрил каквото и да е свързано с Chrome... Има ли я програмата в Control Panel-a => Uninstall a program? И стартира ли ако стартирате изпълнимия и файл от инсталационната папка в C:\Program Files\Google\Chrome\Application\chrome.exe ?

 

Също така забелязах, че са изключени опциите за проверка на цифровите подписи на драйверите. Вие ли сте го направили? Питам, защото това не винаги е знак на зловредна активност. Много драйвери, които са бета или работят със специфичен хардуер изискват забраната на проверката за цифров подпис.

 

Виждате ли долу вдясно воден знам в който се споменава, че в момента работите в Test Mode като този на картинката отдолу?

 

Windows_7_Test_Mode_Desktop_Watermark.pn

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

В какъв смисъл изчезна Chrome? Няма ред в скрипта, който да е изтрил каквото и да е свързано с Chrome... Има ли я програмата в Control Panel-a => Uninstall a program? И стартира ли ако стартирате изпълнимия и файл от инсталационната папка в C:\Program Files\Google\Chrome\Application\chrome.exe ?

 

Също така забелязах, че са изключени опциите за проверка на цифровите подписи на драйверите. Вие ли сте го направили? Питам, защото това не винаги е знак на зловредна активност. Много драйвери, които са бета или работят със специфичен хардуер изискват забраната на проверката за цифров подпис.

 

Виждате ли долу вдясно воден знам в който се споменава, че в момента работите в Test Mode като този на картинката отдолу?

 

Windows_7_Test_Mode_Desktop_Watermark.pn

Здравейте,

с малко закъсение ...

Няма воден знак за Test Mode.

"че са изключени опциите за проверка на цифровите подписи на драйверите"-това нямам идея как се прави...може ли малко инфо,

За Chrome в папката просо няма chrome.exe :wors:

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Интересен проблем...според лог файла Windows-a трябва да е в TEST mode. Както и да е.

Изчезването на изпълнимия файл на chrome.exe също е мистерия или бъг в FRST при почистването на group policies-те. Ще видим тази работа.

Засега пробвайте да изтеглите и инсталирате последната версия на Google Chrome от този линк и пишете за резултата.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Много благодаря,Google Chrome го извадих от C:\Program Files\Google\Chrome...,там вече всичко е ок .


Бихте ли ми препоръчали ,за в бъдеще някаква( безплатна) антивирусна програма.

Безкрайно съм Ви благодарна за помощта.Не мога да повярвам че имам работещ компютър. :wors:  :clap:

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Много благодаря,Google Chrome го извадих от C:\Program Files\Google\Chrome...,там вече всичко е ок .

 

Нещо не можах да свържа нещата...нали писахте, че в папката C:\Program Files\Google\Chrome\Application\chrome.exе, липсва chrome.exe? Как така сте го извадили от там тогава? Според мен просто ви е изчезнал прекия път на браузъра на десктопа и сте си създали нов, така ли е?

 

Ако да, тогава можете да не се занимавате с преинсталиране на браузъра.

 

Преди да ви препоръчам каквото и да е обаче нека да направим и последни няколко проверки.

 

 

 

СТЪПКА 1

 

 

Моля изтеглете Malwarebytes Anti-Malware 2.1.8.1057 Final и я запазете на вашия десктоп.

  • Стартирайте файла mbam-setup-2.1.8.1057.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи се уверете че сте сложили отметка пред:
  • Launch Malwarebytes Anti-Malware
  • Отметката активираща пробния 14 дневен период също е маркиран по-подразбиране. Ако не желаете да тествате защитата в реално време на програмата през следващите 14 дни тогава премахнете отметката. Т.е. премахнете първата отметка:

DkgJ7Zr.png

  • Натиснете бутона Finish.
  • Отидете до табът Settings > Detection and Protection > и под категорията Detection Options включете опцията "Scan for rootkits".
  • Отидете до табът Scan, сложете радио-бутона пред Threat Scan и след това натиснете бутона Scan Now >> . Ако е намерена актуализация тогава натиснете бутона Update Now.
  • Ще започне проверка за зловреден софтуер.
  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи натиснете бутона Apply Actions.
  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.
  • След рестарта, когато се появи десктопа MBAM ще се зареди още веднъж.
  • Отидете то табът History > Application Logs.

65ZBqkR.jpg

  • Отворете рапорта с последната дата и час и натиснете бутона "Copy to Clipboard"
  • Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.

 

 

СТЪПКА 2

 

 

1.Изтеглете Hitman Pro.

За 32-битова система - dEMD6.gif.

За 64-битова система - Download-button3.gif

2.Стартирайте програмата.

3.След като сте стартирали програмата като кликнете върху иконата 5vo5F.jpg и натиснете бутона „Напред“ като се съгласите с лицензионното споразумение (EULA).

4.Сложете отметка пред "Не, искам да завърша еднократно сканиране на компютъра".

5.Натиснете бутона „Напред“.

6.Програмата ще започне да сканира. Времето за сканиране е около 2 минути.

7.След завършване на сканирането от списъка с намерените неща (ако има такива) изберете Apply to all => Ignore.

8.Натиснете "Next" и след това натиснете "Изнеси резултата в XML file" и запазете лог файла на десктопа.

9.Архивирайте файла и го прикачете в следващия си коментар или копирайте съдържанието му в следващия си коментар.

 

Забележка: Ако няма падащо меню, където да изберете ignore както на снимката:

 

6-scanfin-choose.jpg

 

Тогава просто затворете програмата след края на проверката (без да премахвате нищо)...след това отворете C:\Programdata\HitmanPro\Logs, отворете и публикувайте съдържанието на лог файла в следващия си коментар.

 

 

 

СТЪПКА 3

 

 

emsisoft_emergency_kit.pnglogo.png

  • Моля изтеглете EmsisoftEmergencyKit, стартирайте exe файла и посочете къде да се разархивира програмата - например в (C:\EEK), натискайки бутона Extract.
  • Стартирайте иконата на файла Start Emsisoft Emergency Kit от десктопа за да стартирате приложението.
  • Натиснете бутона"Yes", когато бъдете подканени да обновите дефинициите на програмата.

EKK.gif

  • След като процеса по обновяването на дефинициите приключи натиснете бутона "Scan".
  • Натиснете бутона "Yes", когато бъдете попитани дали да програмата да включи засичането на потенциално нежелани приложения (Potentially Unwanted Applications).
  • Сега вече изберете бутона Custom Scan. Премахнете от списъка всички дялове без C:\ (т.е. нека да остане само дял C:\ в списъка).
  • Натиснете Next за да започне проверката.
  • Когато проверката приключи натиснете бутона View Report.
  • Копирайте съдържанието на лог файла в следващия си коментар.

 

 

Поздрави!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
Стъпка 1
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 25.8.2015 г.
Scan Time: 00:19 ч.
Logfile: 
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.08.24.06
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Silvy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328575
Time Elapsed: 38 min, 24 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 10
PUP.Optional.CrossRider.A, HKU\S-1-5-18\SOFTWARE\Cinem Plus 2.4cV20.07-nv, Quarantined, [dfc7e22a43482e087849909e1ce7d927], 
PUP.Optional.CrossRider.A, HKU\S-1-5-18\SOFTWARE\Cinem Plus 2.4cV20.07-nv-ie, Quarantined, [7e288d7fc8c394a201c01816c53e7888], 
PUP.Optional.CinemaPlus.A, HKU\S-1-5-18\SOFTWARE\CinemaPlus-3.2cV20.07-nv, Quarantined, [edb9907cb6d5d5610b3080ba5ea5bb45], 
PUP.Optional.CinemaPlus.A, HKU\S-1-5-18\SOFTWARE\CinemaPlus-3.2cV20.07-nv-ie, Quarantined, [abfbb8543b5010263b0018228f747e82], 
PUP.Optional.GoHD.A, HKU\S-1-5-18\SOFTWARE\GoHD-nv, Quarantined, [20860b01d9b293a3bf53cbd510f45da3], 
PUP.Optional.SavePass.A, HKU\S-1-5-18\SOFTWARE\SavePass 1.1-nv, Quarantined, [8a1cb557216a0036b80a1434b350bf41], 
PUP.Optional.SavePass.A, HKU\S-1-5-18\SOFTWARE\SavePass 1.1-nv-ie, Quarantined, [e6c068a439523204cef42d1b7f84a25e], 
PUP.Optional.ShopAndSave.A, HKU\S-1-5-18\SOFTWARE\Shop and Save Up-nv, Quarantined, [faac55b797f458de6fb7663a60a48878], 
PUP.Optional.ShopAndSave.A, HKU\S-1-5-18\SOFTWARE\Shop and Save Up-nv-ie, Quarantined, [3e68d23ad7b40a2c53d3a000f014e11f], 
PUP.Optional.OutBrowse.A, HKU\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\OB, Quarantined, [4d5930dc880345f1bd6e9423828211ef], 
 
Registry Values: 11
PUP.Optional.CrossBrowse.A, HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS, Crossbrowse, Quarantined, [44626ba1395240f67c5c23f959aa12ee]
PUP.Optional.CrossBrowse.A, HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS|StubPath, "C:\Program Files\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level, Quarantined, [3f67da328ffc75c1dafe1705679c26da]
PUP.Optional.CrossBrowse.A, HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS|Localized Name, Crossbrowse, Quarantined, [079f2ddf93f8fb3b0ecad547f70cc739]
PUP.Optional.Linkury.A, HKU\S-1-5-21-1625243576-869716123-3662650611-1000\ENVIRONMENT|SNP, http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFRec&co=BG&userid=c83b5484-9cbe-ce3a-d273-785389a932c6&searchtype=sc&installDate=02.08.2015&barcodeid=50045888&channelid=888, Quarantined, [6442b458454662d46e43c1f24fb559a7]
PUP.Optional.Linkury.A, HKU\S-1-5-21-1625243576-869716123-3662650611-1000\ENVIRONMENT|SNF, C:\ProgramData\ExtTags\snp.sc, Quarantined, [624418f4c9c2b680f0c0357e18ec7789]
PUP.Optional.OutBrowse.A, HKU\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\OB|monitype25, 7/20/15 21:58:31, Quarantined, [4d5930dc880345f1bd6e9423828211ef]
PUP.Optional.OutBrowse.A, HKU\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\OB|monitype20, 7/20/15 21:59:8, Quarantined, [53536ba15b3079bdac7fad0ac93b718f]
PUP.Optional.OutBrowse.A, HKU\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\OB|monitype22, 7/20/15 21:59:8, Quarantined, [6640c943216aa88e42e95c5b4abac739]
PUP.Optional.OutBrowse.A, HKU\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\OB|monitype24, 7/20/15 21:59:8, Quarantined, [b9ed1bf1eba04ceaa4874e697e86738d]
PUP.Optional.OutBrowse.A, HKU\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\OB|monitype27, 7/20/15 21:59:8, Quarantined, [4b5b3dcf0b80f44208236e490103b34d]
PUP.Optional.OutBrowse.A, HKU\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\OB|monitype21, 7/20/15 22:0:44, Quarantined, [b7efc24a860595a1e645bdfab84c7789]
 
Registry Data: 5
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({ielnksrch}),Replaced,[b2f4c349b6d50333948af962e61f9b65]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{23DE7EFB-2F55-43BD-AEA8-1BCD1EC70945}|NameServer, 52.17.204.69,8.8.8.8, Good: (), Bad: (52.17.204.69,8.8.8.8),Replaced,[2f77d03c4447ec4a44dfdb810bfa748c]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3095FECE-B308-4C35-896E-1C0CD667957A}|NameServer, 52.17.204.69,8.8.8.8, Good: (), Bad: (52.17.204.69,8.8.8.8),Replaced,[f3b3c349b3d849ed0320ea72b4517090]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{BD2F665A-784E-4B0C-B6C8-8962A37A73B0}|NameServer, 52.17.204.69,8.8.8.8, Good: (), Bad: (52.17.204.69,8.8.8.8),Replaced,[75317c90dab13ff73ce7abb117ee13ed]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}|NameServer, 52.17.204.69,8.8.8.8, Good: (), Bad: (52.17.204.69,8.8.8.8),Replaced,[4e589379fc8f2d09948f24385baa55ab]
 
Folders: 2
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config, Quarantined, [b7efa06ce9a2db5b406085c828db46ba], 
PUP.Optional.MultiPlug.A, C:\Program Files\DC8122E2-1437418746-D543-6C80-001E8C61453C, Quarantined, [f9ad6f9d1972a88e03c8971aa46041bf], 
 
Files: 54
PUP.Optional.APNToolBar.A, C:\ProgramData\FreePDFTabletInstall.exe, Quarantined, [6a3c0804d0bbfb3be4e47332d92856aa], 
PUP.Optional.PayByAds.A, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\dsrlte.exe, Quarantined, [772fb25aafdc6ec837a7a6995ca459a7], 
PUP.Optional.PayByAds.A, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\dsrsetup.exe, Quarantined, [099df21af49738fea63809367b8545bb], 
PUP.Optional.SavePass.A, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\e5c80545-bae7-429e-8c66-24b2aadbae3e-10.exe, Quarantined, [d9cdf6162e5d2511ba3985def60bfa06], 
PUP.Optional.ModGoog, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\psmachine.dll, Quarantined, [6541c745adde270f5de8ccc2f20fd22e], 
PUP.Optional.ModGoog, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\psuser.dll, Quarantined, [eabc0a026f1c50e64005b9d51be613ed], 
PUP.Optional.GoHD.A, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\setup.exe, Quarantined, [9c0a0606e1aa41f5e61aa1989a6744bc], 
PUP.Optional.Linkury.PrxySvrRST, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.exe, Quarantined, [0b9ba26a4f3cb18557a58b396e939b65], 
PUP.Optional.ModGoog, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\globalupdate.exe, Quarantined, [e9bd7d8f96f5d066162f2a6469989b65], 
PUP.Optional.ModGoog, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\globalupdateBroker.exe, Quarantined, [fcaa83895a31241252f3a2ec37ca4bb5], 
PUP.Optional.ModGoog, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\globalupdateCrashHandler.exe, Quarantined, [2b7b63a95734cf67fa4b008e3dc4926e], 
PUP.Optional.ModGoog, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\globalupdateOnDemand.exe, Quarantined, [e2c4f5170d7ee65063e2048a8c756e92], 
PUP.Optional.ModGoog, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\goopdate.dll, Quarantined, [891d58b4c2c9f6403b0aa1ede41d0cf4], 
PUP.Optional.ModGoog, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\goopdateres_en.dll, Quarantined, [80263cd0f992d5613510226c7a872ed2], 
PUP.Optional.AnyProtect, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\nshC95E.tmp, Quarantined, [2185d933f2996acc3550adda2ad8a65a], 
PUP.Optional.AnyProtect, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\nsm1289.tmp, Quarantined, [bfe7709c2b60df573d48bdca9171d030], 
PUP.Optional.AnyProtect, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\nsm6551.tmp, Quarantined, [505688846427092dea9baddaeb17f30d], 
PUP.Optional.AnyProtect, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\nsu81D1.tmp, Quarantined, [4a5c6aa2157611259ce96522f9093dc3], 
PUP.Optional.AnyProtect, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\nsw39EF.tmp, Quarantined, [a5014dbf93f8c57193f145427a88758b], 
PUP.Optional.AnyProtect, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\nsw9A33.tmp, Quarantined, [f6b0de2ef79477bfc8bde2a52bd7619f], 
PUP.Optional.AnyProtect, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\nsxCD9D.tmp, Quarantined, [4a5cda32c6c5cc6a31547017ec169769], 
PUP.Optional.XTab.A, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ProtectService.exe, Quarantined, [a7ffff0dddae003610d85dfd2dd4b64a], 
PUP.Optional.WProtectManager.A, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ProtectWindowsManager.exe, Quarantined, [2c7a3eceb3d8a294dc577d1113f2bd43], 
PUP.Optional.AnyProtect, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\nsc1F33.tmp, Quarantined, [5b4b35d70a8139fd6d18434415ed34cc], 
PUP.Optional.NetFilter, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\nethfdrv.sys, Quarantined, [35713ad2f596033372f761cd1be6f40c], 
PUP.Optional.Amonetize, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\nethtsrv.exe, Quarantined, [367054b8a8e379bded7a791913eeb14f], 
PUP.Optional.ModGoog, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\npglobalupdateUpdate4.dll, Quarantined, [c7dfc646cebd0630172e9df1af520000], 
PUP.Optional.GoHD.A, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Zicjmwzibhmepg.exe, Quarantined, [c2e47f8dcac1d06604fc5edb3ec30bf5], 
PUP.Optional.EpicScale, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\EpicScale\18508.dat, Quarantined, [dcca53b9f69538fef159146855ac649c], 
PUP.Optional.EpicScale, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\EpicScale\32834.dat, Quarantined, [06a057b5f497b3837eccbfbdb051d927], 
PUP.Optional.EpicScale, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\EpicScale\EpicScale.exe, Quarantined, [2e78b458246774c263e71c603dc4b44c], 
PUP.Optional.EpicScale, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\EpicScale\0\EpicScale.dat, Quarantined, [05a1a9636a210c2a1b2f3f3d728ffe02], 
PUP.Optional.EpicScale, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\EpicScale\0\EpicScale.exe, Quarantined, [b9edd13b3556c5717ad099e3bc45f907], 
PUP.Optional.EpicScale, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\EpicScale\0\EpicScale64.exe, Quarantined, [b1f566a61972112572d8d5a76e93c040], 
PUP.Optional.EpicScale, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\EpicScale\0\Nova.dat, Quarantined, [4c5a1fed117a70c66cdeb9c311f033cd], 
PUP.Optional.Linkury.PrxySvrRST, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\ExtTag.exe, Quarantined, [1294be4eeba0f343e7154e761ce5bd43], 
PUP.Optional.RegistryReviver.A, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\OpenCandy\OpenCandy_30759EAB54F94C8C91CD2F29296AE10D\RegistryReviverSetup_3.0.1.144_CO2.exe, Quarantined, [396d73992b6065d1ddd76e3aa35ea55b], 
PUP.Optional.RegistryReviver.A, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\OpenCandy\OpenCandy_30759EAB54F94C8C91CD2F29296AE10D\RegistryReviverSetup_AFD_p4v1.exe, Quarantined, [5a4cdd2fd0bbd165e6cef5b3bd443bc5], 
PUP.Optional.WProtectManager.A, C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\WindowsMangerProtect\ProtectWindowsManager.exe, Quarantined, [604610fcb7d44ee87eb5b9d5ba4beb15], 
PUP.Optional.ConvertAd, C:\Program Files\DC8122E2-1437418746-D543-6C80-001E8C61453C\hnsj9EF4.tmp, Quarantined, [acfa030976151f17b41481497e831ee2], 
PUP.Optional.RegCleanPro, C:\Users\Silvy\rcpsetup_23450.exe, Quarantined, [c3e367a53655082eb49a1c303ac6c33d], 
PUP.Optional.APNToolBar.A, C:\Users\Silvy\Documents\APNSetup.exe, Quarantined, [f4b29f6d0b80d165ecdb50553fc2867a], 
PUP.Optional.APNToolBar.A, C:\Users\Silvy\Documents\APNSetup1.exe, Quarantined, [9b0b0c002d5e989e3a8d9f0642bfb14f], 
PUP.Optional.Bershnet, C:\Users\Silvy\Desktop\документи\Trojan Killer 2.2.6.2 Full with Crack_10924_i34353252_il345.exe.zip, Quarantined, [abfb26e6d5b61a1c01f3dfe64cb845bb], 
PUP.Optional.Bershnet, C:\Users\Silvy\Desktop\документи\Trojan+Killer+2.2.6.2+Full+with+Crack_10924_i34353252_il345.exe.zip, Quarantined, [33734bc197f488ae7480c203b45031cf], 
PUP.Optional.Bershnet, C:\Users\Silvy\Desktop\документи\Trojan+Killer+2.2.6.2+Full+with+Crack_10924_i34353252_il345.exe\Trojan Killer 2.2.6.2 Full with Crack_10924_i34353252_il345.exe, Quarantined, [e2c4dd2fdead6fc74aaa00c5c83c6898], 
PUP.Optional.Bershnet, C:\Users\Silvy\Desktop\документи\Trojan+Killer+2.2.6.2+Full+with+Crack_10924_i34353252_il345.exe\Trojan Killer 2.2.6.2 Full with Crack_10924_i34353252_il345.exe.zip, Quarantined, [bcea2ddf35568ea8c133daebea1add23], 
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\ver.xml, Quarantined, [b7efa06ce9a2db5b406085c828db46ba], 
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\data.xml, Quarantined, [b7efa06ce9a2db5b406085c828db46ba], 
PUP.Optional.MultiPlug.A, C:\Program Files\DC8122E2-1437418746-D543-6C80-001E8C61453C\jnst84E2.tmp, Quarantined, [f9ad6f9d1972a88e03c8971aa46041bf], 
PUP.Optional.MultiPlug.A, C:\Program Files\DC8122E2-1437418746-D543-6C80-001E8C61453C\knseE147.tmp, Quarantined, [f9ad6f9d1972a88e03c8971aa46041bf], 
PUP.Optional.MultiPlug.A, C:\Program Files\DC8122E2-1437418746-D543-6C80-001E8C61453C\rnsm74B1.exe, Quarantined, [f9ad6f9d1972a88e03c8971aa46041bf], 
PUP.Optional.MultiPlug.A, C:\Program Files\DC8122E2-1437418746-D543-6C80-001E8C61453C\Uninstall.exe, Quarantined, [f9ad6f9d1972a88e03c8971aa46041bf], 
PUP.Optional.MultiPlug.A, C:\Program Files\DC8122E2-1437418746-D543-6C80-001E8C61453C\vnsr4DE3.tmp, Quarantined, [f9ad6f9d1972a88e03c8971aa46041bf], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стъпка 3

Emsisoft Emergency Kit - Version 10.0
Last update: 25.8.2015 г. 16:04:58
User account: Silvy-PC\Silvy
 
Scan settings:
 
Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, I:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 25.8.2015 г. 16:34:07
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} detected: Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E} detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SU detected: Application.Toolbar (A)
Value: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
C:\AdwCleaner\Quarantine\C\ProgramData\ExtTag\ExtTag.exe.vir detected: Application.Win32.AdLink (A)
C:\AdwCleaner\Quarantine\C\Users\Silvy\AppData\Local\DC8122E2-1437429623-D543-6C80-001E8C61453C\onss80EA.tmp.vir detected: Gen:Variant.Adware.Symmi.53460 (B)
C:\AdwCleaner\Quarantine\C\Users\Silvy\AppData\Local\DC8122E2-1437429623-D543-6C80-001E8C61453C\rnss80E9.exe.vir detected: Gen:Variant.Adware.Mikey.19982 (B)
C:\AdwCleaner\Quarantine\C\Users\Silvy\AppData\Local\DC8122E2-1437429623-D543-6C80-001E8C61453C\snss80E8.tmp.vir detected: Trojan.GenericKD.2512006 (B)
C:\AdwCleaner\Quarantine\C\Windows\system32\hfnapi.dll.vir detected: Gen:Variant.Adware.Netfilter.2 (B)
C:\AdwCleaner\Quarantine\C\Users\Silvy\AppData\Local\pay-by-ads\Yahoo! Search\1.3.26.12\dsrsetup.exe.vir detected: Gen:Variant.Application.Strictor.64185 (B)
C:\AdwCleaner\Quarantine\C\Windows\system32\hfpapi.dll.vir detected: Gen:Variant.Adware.Netfilter.2 (B)
C:\AdwCleaner\Quarantine\C\Windows\system32\installd.exe.vir detected: Gen:Variant.Adware.Netfilter.2 (B)
C:\AdwCleaner\Quarantine\C\Windows\system32\netupdsrv.exe.vir detected: Gen:Variant.Adware.Netfilter.2 (B)
C:\FRST\Quarantine\C\Users\Silvy\AppData\Local\{11A54DED-6E3E-4122-BAED-0BFB8C5C73A9}\OffersWizard.exe detected: Gen:Variant.Zusy.149774 (B)
C:\FRST\Quarantine\C\Users\Silvy\AppData\Local\{D36E4BCB-B3F0-4A5F-94C7-5B1EC70470A2}\OffersWizard.exe detected: Gen:Variant.Zusy.149774 (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\1fixcpa3.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Crossbrowse.DIR\Crossbrowse\Application\39.6.2171.95\Installer\setup.exe detected: Application.Win32.AdBrowse (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Crossbrowse.DIR\Crossbrowse\Application\39.6.2171.95\Installer\chrmstp.exe detected: Application.Win32.AdBrowse (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Crossbrowse.DIR\Crossbrowse\Application\39.6.2171.95\delegate_execute.exe detected: Application.Win32.AdBrowse (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Crossbrowse.DIR\Crossbrowse\Application\39.6.2171.95\nacl64.exe detected: Application.Win32.AdBrowse (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Crossbrowse.DIR\Crossbrowse\Application\utility.exe detected: Adware.Crossrider.EJ (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\1fixcpa3.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\34mtzcvd.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\gioae22v.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\irsxecsu.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\mxyybgvn.exe detected: Application.Win32.AdLink (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\oxxgvhhm.dll detected: Adware.Mplug.LR (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\uninstall.exe detected: Application.Win32.AdLink (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\wt2nwsbg.exe detected: Adware.Smartbar.AD (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\uq5ks3ec.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\vytoem4m.dll detected: Adware.Mplug.LR (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\zx323pzc.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\y4gdgm52.dll detected: Adware.Smartbar.AD (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\BrowerWatchFF.dll detected: Application.SearchProtect.CU (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\BrowerWatchCH.dll detected: Application.SearchProtect.CU (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\CmdShell.exe detected: Application.SearchProtect.CU (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\BrowserAction.dll detected: Adware.Agent.PUE (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\ffsearch_toolbar!1.0.0.1031.xpi detected: Application.Win32.InstallTool (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\HPNotify.exe detected: Application.SearchProtect.CU (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\IeWatchDog.dll detected: Application.SearchProtect.CU (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\SupTab_Bak.dll detected: Application.Win32.AdTab (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\mxyybgvn.exe detected: Application.Win32.AdLink (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Pay-By-Ads.DIR\Yahoo! Search\1.3.26.12\hlpr64.exe detected: Application.InstallTool (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Pay-By-Ads.DIR\Yahoo! Search\1.3.26.12\dsrsetup.exe detected: Gen:Variant.Application.Strictor.64185 (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Pay-By-Ads.DIR\Yahoo! Search\1.3.26.12\kmfolnnb.dll detected: Gen:Variant.Mikey.18740 (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\PriceFountain\UpdateProc\UpdateTask.exe detected: Adware.Generic.1255287 (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\SupTab.dll detected: Application.SearchProtect.CU (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\{5663c04f-f294-4115-9114-b62be60538cb}Gw.sys detected: Adware.BrowseFox.V (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw.sys detected: Adware.BrowseFox.V (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\{92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw.sys detected: Adware.BrowseFox.V (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\{b2b1c7de-2b5f-4688-b5b1-33172b6705e7}Gw.sys detected: Adware.BrowseFox.V (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Pay-By-Ads.DIR\Yahoo! Search\1.3.26.12\hdRi5bkk.dll detected: Gen:Variant.Mikey.17861 (B)
C:\Users\Silvy\pc-wizard_2013.2.12-setup.exe detected: Application.Win32.AdProtect (A)
C:\Windows.old\Program Files\Gophoto.it\gophotoit11.crx -> js/zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\ggagiiobgjmfpdadhecbofeoelcpidec\10.26.4.512_0\APISupport\APISupport.dll detected: Application.Toolbar (A)
C:\Windows.old\Users\Home\Downloads\123\Windows 7 Loader eXtreme Edition v3.503\w7lxe.exe detected: Riskware.Win32.Hacktool (A)
D:\all D\Pictures\глобул мув\download\App.apk -> assets/config.xml detected: Android.Trojan.FakeInst.EL (B)
D:\all D\Pictures\глобул мув\download\GTA_Vice_City.apk -> assets/config.xml detected: Android.Trojan.FakeInst.HA (B)
 
Scanned 224979
Found 69
 
Scan end: 25.8.2015 г. 17:29:15
Scan time: 0:55:08

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

В адресната лента на Windows Explorer въведете => C:\Programdata\HitmanPro\Logs => натиснете Enter

Сега вече качете лог файла на следния адрес => http://dox.abv.bg/files/share и публикувайте линка за изтегляне в следващия си коментар.

Благодаря! ;)

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Почти сме готови.

 

 

Сега изтеглете KKdS6sj.pngfixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

 

Не забравяйте да публикувате лог файла и от последната програма - EmsisoftEmergencyKit. Има леки промени в инструкциите ми относно сканирането с нея. Моля вижте ги. Тъй като няма Full Scan в новата версия на инструмента ще се наложи да изберете Custom Scan и да изберете само дял C:\ като премахнете останалите дялове от списъка.

 

Поздрави! ;)

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
Emsisoft Emergency Kit - Version 10.0
Last update: 25.8.2015 г. 16:04:58
User account: Silvy-PC\Silvy
 
Scan settings:
 
Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 26.8.2015 г. 08:02:10
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} detected: Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} detected: Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E} detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SU detected: Application.Toolbar (A)
Value: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-1625243576-869716123-3662650611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
C:\AdwCleaner\Quarantine\C\ProgramData\ExtTag\ExtTag.exe.vir detected: Application.Win32.AdLink (A)
C:\AdwCleaner\Quarantine\C\Users\Silvy\AppData\Local\DC8122E2-1437429623-D543-6C80-001E8C61453C\onss80EA.tmp.vir detected: Gen:Variant.Adware.Symmi.53460 (B)
C:\AdwCleaner\Quarantine\C\Users\Silvy\AppData\Local\DC8122E2-1437429623-D543-6C80-001E8C61453C\rnss80E9.exe.vir detected: Gen:Variant.Adware.Mikey.19982 (B)
C:\AdwCleaner\Quarantine\C\Users\Silvy\AppData\Local\DC8122E2-1437429623-D543-6C80-001E8C61453C\snss80E8.tmp.vir detected: Trojan.GenericKD.2512006 (B)
C:\AdwCleaner\Quarantine\C\Windows\system32\hfnapi.dll.vir detected: Gen:Variant.Adware.Netfilter.2 (B)
C:\AdwCleaner\Quarantine\C\Windows\system32\installd.exe.vir detected: Gen:Variant.Adware.Netfilter.2 (B)
C:\AdwCleaner\Quarantine\C\Users\Silvy\AppData\Local\pay-by-ads\Yahoo! Search\1.3.26.12\dsrsetup.exe.vir detected: Gen:Variant.Application.Strictor.64185 (B)
C:\AdwCleaner\Quarantine\C\Windows\system32\hfpapi.dll.vir detected: Gen:Variant.Adware.Netfilter.2 (B)
C:\AdwCleaner\Quarantine\C\Windows\system32\netupdsrv.exe.vir detected: Gen:Variant.Adware.Netfilter.2 (B)
C:\FRST\Quarantine\C\Users\Silvy\AppData\Local\{11A54DED-6E3E-4122-BAED-0BFB8C5C73A9}\OffersWizard.exe detected: Gen:Variant.Zusy.149774 (B)
C:\FRST\Quarantine\C\Users\Silvy\AppData\Local\{D36E4BCB-B3F0-4A5F-94C7-5B1EC70470A2}\OffersWizard.exe detected: Gen:Variant.Zusy.149774 (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\1fixcpa3.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Crossbrowse.DIR\Crossbrowse\Application\39.6.2171.95\Installer\chrmstp.exe detected: Application.Win32.AdBrowse (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Crossbrowse.DIR\Crossbrowse\Application\39.6.2171.95\Installer\setup.exe detected: Application.Win32.AdBrowse (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Crossbrowse.DIR\Crossbrowse\Application\39.6.2171.95\delegate_execute.exe detected: Application.Win32.AdBrowse (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Crossbrowse.DIR\Crossbrowse\Application\39.6.2171.95\nacl64.exe detected: Application.Win32.AdBrowse (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Crossbrowse.DIR\Crossbrowse\Application\utility.exe detected: Adware.Crossrider.EJ (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\1fixcpa3.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\34mtzcvd.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\gioae22v.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\mxyybgvn.exe detected: Application.Win32.AdLink (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\irsxecsu.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\oxxgvhhm.dll detected: Adware.Mplug.LR (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\uq5ks3ec.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\uninstall.exe detected: Application.Win32.AdLink (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\vytoem4m.dll detected: Adware.Mplug.LR (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\wt2nwsbg.exe detected: Adware.Smartbar.AD (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\y4gdgm52.dll detected: Adware.Smartbar.AD (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\ExtTag.DIR\zx323pzc.dll detected: Adware.Mplug.LV (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\BrowerWatchFF.dll detected: Application.SearchProtect.CU (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\CmdShell.exe detected: Application.SearchProtect.CU (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\BrowerWatchCH.dll detected: Application.SearchProtect.CU (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\BrowserAction.dll detected: Adware.Agent.PUE (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\HPNotify.exe detected: Application.SearchProtect.CU (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\ffsearch_toolbar!1.0.0.1031.xpi detected: Application.Win32.InstallTool (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\IeWatchDog.dll detected: Application.SearchProtect.CU (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\MiuiTab\SupTab_Bak.dll detected: Application.Win32.AdTab (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\mxyybgvn.exe detected: Application.Win32.AdLink (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Pay-By-Ads.DIR\Yahoo! Search\1.3.26.12\hdRi5bkk.dll detected: Gen:Variant.Mikey.17861 (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Pay-By-Ads.DIR\Yahoo! Search\1.3.26.12\dsrsetup.exe detected: Gen:Variant.Application.Strictor.64185 (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Pay-By-Ads.DIR\Yahoo! Search\1.3.26.12\hlpr64.exe detected: Application.InstallTool (A)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\Pay-By-Ads.DIR\Yahoo! Search\1.3.26.12\kmfolnnb.dll detected: Gen:Variant.Mikey.18740 (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\PriceFountain\UpdateProc\UpdateTask.exe detected: Adware.Generic.1255287 (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\SupTab.dll detected: Application.SearchProtect.CU (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\{92c9ea8e-d032-4248-a8a1-80ea1615e38a}Gw.sys detected: Adware.BrowseFox.V (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\{5663c04f-f294-4115-9114-b62be60538cb}Gw.sys detected: Adware.BrowseFox.V (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw.sys detected: Adware.BrowseFox.V (B)
C:\Users\Silvy\AppData\Roaming\ZHP\Quarantine\{b2b1c7de-2b5f-4688-b5b1-33172b6705e7}Gw.sys detected: Adware.BrowseFox.V (B)
C:\Users\Silvy\pc-wizard_2013.2.12-setup.exe detected: Application.Win32.AdProtect (A)
C:\Windows.old\Program Files\Gophoto.it\gophotoit11.crx -> js/zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\js\zoom.js detected: Application.MAC.OSX.GoPhotoItExt.A (B)
C:\Windows.old\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\ggagiiobgjmfpdadhecbofeoelcpidec\10.26.4.512_0\APISupport\APISupport.dll detected: Application.Toolbar (A)
C:\Windows.old\Users\Home\Downloads\123\Windows 7 Loader eXtreme Edition v3.503\w7lxe.exe detected: Riskware.Win32.Hacktool (A)
 
Scanned 217068
Found 70
 
Scan end: 26.8.2015 г. 09:13:21
Scan time: 1:11:11

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Моля първо изпълнете скрипта за FRST от предишния ми коментар и след това повторете проверката с Emsisoft, защото предполагам, че след почистването с FRST лог файла на Emsisoft ще изглежда значително по-добре.

 

Т.е. изпълнете скрипта за FRST и публикувайте Fixlog.txt и след това направете нова проверка и публикувайте новия лог от Emsisoft и след това ще ви дам финално съвети и приключваме.

 

 

Поздрави!

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Почти сме готови.

 

 

Сега изтеглете KKdS6sj.pngfixlist.txt и го запазете в папката от която стартирахте FRST.exe.

Стартирайте FRST.exe и натиснете бутона Fix веднъж!

След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

 

Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

 

Не забравяйте да публикувате лог файла и от последната програма - EmsisoftEmergencyKit. Има леки промени в инструкциите ми относно сканирането с нея. Моля вижте ги. Тъй като няма Full Scan в новата версия на инструмента ще се наложи да изберете Custom Scan и да изберете само дял C:\ като премахнете останалите дялове от списъка.

 

Поздрави! ;)

Fix result of Farbar Recovery Scan Tool (x86) Version:25-08-2015 02
Ran by Silvy (2015-08-26 11:17:03) Run:2
Running from C:\FRST
Loaded Profiles: Silvy (Available Profiles: Silvy)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}
DeleteKey: HKLM\SOFTWARE\Microsoft\Tracing\dchecker_RASAPI32
DeleteKey: HKLM\SOFTWARE\Microsoft\Tracing\dchecker_RASMANCS
DeleteKey: HKLM\SOFTWARE\Microsoft\Tracing\updateCouponTime_RASAPI32
DeleteKey: HKLM\SOFTWARE\Microsoft\Tracing\updateCouponTime_RASMANCS
DeleteKey: HKLM\SOFTWARE\Microsoft\Tracing\utilCouponTime_RASAPI32
DeleteKey: HKLM\SOFTWARE\Microsoft\Tracing\utilCouponTime_RASMANCS
DeleteKey: HKLM\SOFTWARE\Reg\Clean
DeleteKey: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
DeleteKey: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
DeleteKey: HKU\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
DeleteKey: HKU\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Reg\Clean
end
*****************
 
HKLM\SOFTWARE\Classes\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E} => key not found. 
HKLM\SOFTWARE\Microsoft\Tracing\dchecker_RASAPI32 => key not found. 
HKLM\SOFTWARE\Microsoft\Tracing\dchecker_RASMANCS => key not found. 
HKLM\SOFTWARE\Microsoft\Tracing\updateCouponTime_RASAPI32 => key not found. 
HKLM\SOFTWARE\Microsoft\Tracing\updateCouponTime_RASMANCS => key not found. 
HKLM\SOFTWARE\Microsoft\Tracing\utilCouponTime_RASAPI32 => key not found. 
HKLM\SOFTWARE\Microsoft\Tracing\utilCouponTime_RASMANCS => key not found. 
HKLM\SOFTWARE\Reg\Clean => key not found. 
HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_ => key not found. 
HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_ => key not found. 
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} => key not found. 
HKU\S-1-5-21-1625243576-869716123-3662650611-1000\Software\Reg\Clean => key not found. 
 
==== End of Fixlog 11:17:32 ====

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от Йорданка Т. Иванова
      Здравейте, при опит за възстановяване на системата към предишна дата, Avast направи пълно сканиране на компютъра и ми премести в клетка заразените файлове.
      Има ли възможност да се почисти компютъра от въпросните заплахи и съответно да си възстановя файловете, най-вече тези /ако има такива/, които са необходими за правилното функциониране на системата.
      П.П.: Пълен лаик съм на тема антивирусни програми.
      Нов Microsoft Office PowerPoint Presentation.pptx


      Ето го резултата от файла FRST
       
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.10.2018
      Ran by Rosko (administrator) on ROSKO-PC (28-10-2018 14:36:09)
      Running from C:\Users\Rosko\Downloads
      Loaded Profiles: Rosko (Available Profiles: Rosko)
      Platform: Windows 7 Ultimate (X64) Language: Български (България)
      Internet Explorer Version 8 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
      (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BAVSvc.exe
      (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BHipsSvc.exe
      (Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe
      (Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
      (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BavTray.exe
      (Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSATray.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      () C:\Program Files (x86)\CalendarTool\2.0.0.1000176\CalendarServ.exe
      () C:\Program Files (x86)\CalendarTool\2.0.0.1000176\calendar.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\bavhm.exe
      (Intel Corporation) C:\Windows\System32\igfxEM.exe
      (Intel Corporation) C:\Windows\System32\igfxHK.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
      () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Baidu Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavadvtools2\8C8AEEC1-5166-4CE7-BBAD-7C37409D0C73\tool\bdMiniDownloaderGB_BAV-Mini_32_1002.exe
      (Baidu Inc.) C:\Users\Rosko\AppData\Local\MiniService\MiniService.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Viber Media S.à r.l.) C:\Users\Rosko\AppData\Local\Viber\Viber.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778352 2014-01-24] (Synaptics Incorporated)
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-10-18] (AVAST Software)
      HKLM-x32\...\Run: [Baidu Antivirus] => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BavTray.exe [2553328 2015-07-14] (Baidu, Inc.)
      HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver Update Utility\DsaTray.exe [132856 2017-05-18] (Intel)
      HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133760 2013-12-24] (Qualcomm®Atheros®)
      HKU\S-1-5-21-749869763-3409154425-2811610640-1000\...\Run: [Viber] => C:\Users\Rosko\AppData\Local\Viber\Viber.exe [36762184 2018-10-22] (Viber Media S.à r.l.)
      HKU\S-1-5-21-749869763-3409154425-2811610640-1000\...\MountPoints2: {c4a92fbb-e173-11e7-9426-f8a963743fcb} - G:\LG_PC_Programs.exe
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 172.16.1.1
      Tcpip\..\Interfaces\{2FB69C23-4CBD-4252-994A-27D31EDC0D6D}: [DhcpNameServer] 172.16.1.1
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
      HKU\S-1-5-21-749869763-3409154425-2811610640-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKU\S-1-5-21-749869763-3409154425-2811610640-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKU\S-1-5-21-749869763-3409154425-2811610640-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
      Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
      Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
      Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
      Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
      FireFox:
      ========
      FF DefaultProfile: 2csmqmsd.default
      FF ProfilePath: C:\Users\Rosko\AppData\Roaming\Mozilla\Firefox\Profiles\2csmqmsd.default [2018-07-05]
      FF Homepage: Mozilla\Firefox\Profiles\2csmqmsd.default -> about:blank
      FF Extension: (Avast SafePrice) - C:\Users\Rosko\AppData\Roaming\Mozilla\Firefox\Profiles\2csmqmsd.default\Extensions\sp@avast.com.xpi [2018-10-18]
      FF Extension: (Avast Online Security) - C:\Users\Rosko\AppData\Roaming\Mozilla\Firefox\Profiles\2csmqmsd.default\Extensions\wrc@avast.com.xpi [2018-10-18]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-09] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-09] ()
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
      FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2015-08-18] (Sun Microsystems, Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
      FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\enpsysau.js [2017-09-10]
      Chrome: 
      =======
      CHR DefaultProfile: Default
      CHR Profile: C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default [2018-10-28]
      CHR Extension: (Презентации) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-02]
      CHR Extension: (Документи) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-02]
      CHR Extension: (Google Диск) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-02]
      CHR Extension: (YouTube) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-02]
      CHR Extension: (Adobe Acrobat) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-10-02]
      CHR Extension: (Avast SafePrice | Сравнение, сделки, купони) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-10-19]
      CHR Extension: (Таблици) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-02]
      CHR Extension: (Google Документи офлайн) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-08]
      CHR Extension: (АБВ Уведомител) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\glkfpmcniebkbeakjdpobddpjghbapec [2018-10-28]
      CHR Extension: (Avast Online Security) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-10-18]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-02]
      CHR Extension: (Gmail) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-10-02]
      CHR Extension: (Chrome Media Router) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-28]
      CHR Profile: C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey [2018-10-28] <==== ATTENTION
      CHR Extension: (Презентации) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-23]
      CHR Extension: (Документи) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-23]
      CHR Extension: (Google Диск) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
      CHR Extension: (YouTube) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
      CHR Extension: (Google Търсене) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
      CHR Extension: (АБВ Уведомител) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\cpbekonjicgkldkmopnamgglbfaiojje [2015-11-25]
      CHR Extension: (Adobe Acrobat) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-08]
      CHR Extension: (Таблици) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-11]
      CHR Extension: (Farmville2 X-Press) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\gbgjpdhhnbgmnafojckjmjogcpoinlim [2018-10-24]
      CHR Extension: (Google Документи офлайн) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
      CHR Extension: (Avast Online Security) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-10-18]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-12]
      CHR Extension: (Gmail) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-23]
      CHR Extension: (Chrome Media Router) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-01]
      CHR HKU\S-1-5-21-749869763-3409154425-2811610640-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-10-18] (AVAST Software)
      R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows (R) Win 7 DDK provider) [File not signed]
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [325024 2018-10-18] (AVAST Software)
      R2 BavSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BavSvc.exe [2805208 2015-07-14] (Baidu, Inc.)
      S3 BdSandboxSrv; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BdSandboxSrv64.exe [490480 2015-04-29] (Baidu, Inc.)
      R2 BHipsSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BHipsSvc.exe [544032 2015-07-14] (Baidu, Inc.)
      S3 BsrSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools2\128B4BEC-5D89-43AD-BAA8-207084AA0E4F\tool\BsrSvc.exe [3503416 2015-07-08] (Baidu, Inc.)
      R2 DSAService; C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe [21240 2017-05-18] (Intel)
      R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
      R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
      R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
      S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
      R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
      R2 MiniService; C:\Users\Rosko\AppData\Local\MiniService\MiniService.exe [103616 2018-10-28] (Baidu Inc.) [File not signed] <==== ATTENTION
      R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] ()
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-09-10] (TeamViewer GmbH)
      R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.1000176\CalendarServ.exe [152720 2017-08-09] ()
      S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201408 2018-10-18] (AVAST Software)
      S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230512 2018-10-18] (AVAST Software)
      S3 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201928 2018-10-18] (AVAST Software)
      S3 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346760 2018-10-18] (AVAST Software)
      S3 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59664 2018-10-18] (AVAST Software)
      R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [185240 2018-10-18] (AVAST Software)
      S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47064 2018-10-18] (AVAST Software)
      R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42456 2018-10-18] (AVAST Software)
      R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163376 2018-10-18] (AVAST Software)
      S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111968 2018-10-18] (AVAST Software)
      R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88112 2018-10-18] (AVAST Software)
      S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028840 2018-10-18] (AVAST Software)
      R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [467904 2018-10-18] (AVAST Software)
      S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [208640 2018-10-18] (AVAST Software)
      S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381144 2018-10-18] (AVAST Software)
      U3 BdApiUtil; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BdApiUtil64.sys [116936 2015-07-14] (Baidu, Inc.)
      R3 bdark64; C:\Windows\system32\drivers\bdark64.sys [78792 2015-04-20] ()
      U3 BdCameraProtect; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BdCameraProtect64.sys [25000 2015-07-14] (Baidu, Inc.)
      S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [235976 2015-04-29] (Baidu, Inc.)
      R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [62920 2015-07-14] (Baidu, Inc.)
      R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [38344 2015-07-14] (Baidu, Inc.)
      R1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [62792 2015-07-14] (Baidu, Inc.)
      R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [487144 2015-07-14] (Baidu, Inc.)
      R3 Bnmon; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\Bnmon64.sys [82376 2015-07-14] (Baidu, Inc.)
      R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [171464 2015-07-14] (Baidu, Inc.)
      S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros)
      R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-08-08] (REALiX(tm))
      R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
      R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
      R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
      U3 aswbdisk; no ImagePath
      U0 Partizan; system32\drivers\Partizan.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-10-28 14:35 - 2018-10-28 14:36 - 000000000 ____D C:\FRST
      2018-10-28 14:35 - 2018-10-28 14:35 - 002414592 _____ (Farbar) C:\Users\Rosko\Downloads\FRST64.exe
      2018-10-28 14:28 - 2018-10-28 14:36 - 000021836 _____ C:\Users\Rosko\Downloads\FRST.txt
      2018-10-28 14:26 - 2018-10-28 14:27 - 000020080 _____ C:\Users\Rosko\Downloads\Addition.txt
      2018-10-28 13:34 - 2018-10-28 13:34 - 000000000 ____D C:\Users\Rosko\AppData\Local\MiniService
      2018-10-28 13:29 - 2018-10-28 13:32 - 000000000 ____D C:\ProgramData\BsrSvc_exe
      2018-10-28 13:19 - 2018-10-28 13:20 - 000617400 _____ C:\Users\Rosko\Desktop\Нов Microsoft Office PowerPoint Presentation.pptx
      2018-10-28 12:40 - 2018-10-28 13:16 - 000000000 ____D C:\ProgramData\BavSvc_exe
      2018-10-28 12:37 - 2018-10-28 12:37 - 000000000 ____D C:\Users\Rosko\AppData\Local\Viber
      2018-10-28 09:17 - 2018-10-28 11:16 - 000000000 ____D C:\Users\Rosko\Desktop\официялни споразумения 2018-2019г
      2018-10-26 17:03 - 2018-10-26 17:03 - 000102327 _____ C:\Users\Rosko\Downloads\П-03001718127835-177-001_archive (1).zip
      2018-10-24 10:41 - 2018-10-24 10:41 - 000000000 ____D C:\Users\Rosko\AppData\Roaming\AVAST Software
      2018-10-24 10:39 - 2018-10-24 10:39 - 000611358 _____ C:\Users\Rosko\Downloads\379984975 (1).pdf
      2018-10-24 10:32 - 2018-10-28 12:37 - 000000000 ____D C:\Users\Rosko\AppData\Local\AVAST Software
      2018-10-22 15:05 - 2018-10-22 15:06 - 000103383 _____ C:\Users\Rosko\Downloads\П-03001718185275-040-001_archive.zip
      2018-10-20 07:48 - 2018-10-20 07:48 - 000230931 _____ C:\Users\Rosko\Downloads\ЗП Ростислав Недков 19.10 (1).pdf
      2018-10-20 07:40 - 2018-10-20 07:40 - 000230931 _____ C:\Users\Rosko\Downloads\ЗП Ростислав Недков 19.10.pdf
      2018-10-19 08:51 - 2018-10-19 08:51 - 002437339 _____ C:\Users\Rosko\Downloads\dec92_2016_1010_баркод_с_ръководство_за_потребителя.rar
      2018-10-18 18:17 - 2018-10-18 18:17 - 000665976 _____ C:\Users\Rosko\Downloads\Re6enie_VAS_27.02.2018 (1).pdf
      2018-10-18 11:52 - 2018-10-18 11:52 - 000039854 _____ C:\Users\Rosko\Downloads\nlnazadyljenia[1] (1).pdf
      2018-10-18 10:16 - 2018-10-18 10:16 - 000001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
      2018-10-18 10:16 - 2018-10-18 10:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
      2018-10-18 10:15 - 2018-10-18 10:15 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
      2018-10-18 10:14 - 2018-10-26 00:45 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
      2018-10-18 10:13 - 2018-10-18 10:13 - 001142072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
      2018-10-18 10:13 - 2018-10-18 10:13 - 000467904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000381144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000378584 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
      2018-10-18 10:13 - 2018-10-18 10:13 - 000208640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000201408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000163376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000111968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000088112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000047064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
      2018-10-18 10:13 - 2018-10-18 10:12 - 001028840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
      2018-10-18 10:13 - 2018-10-18 10:12 - 001001272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
      2018-10-18 10:13 - 2018-10-18 10:12 - 000346760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
      2018-10-18 10:13 - 2018-10-18 10:12 - 000230512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
      2018-10-18 10:13 - 2018-10-18 10:12 - 000201928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
      2018-10-18 10:13 - 2018-10-18 10:12 - 000185240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
      2018-10-18 10:13 - 2018-10-18 10:12 - 000059664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
      2018-10-18 10:13 - 2018-10-18 10:12 - 000042456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
      2018-10-18 10:11 - 2018-10-18 11:43 - 000000000 ____D C:\ProgramData\AVAST Software
      2018-10-18 10:11 - 2018-10-18 10:11 - 000000000 ____D C:\Program Files\AVAST Software
      2018-10-18 10:09 - 2018-10-18 16:40 - 000000000 ____D C:\Users\Rosko\Documents\ViberDownloads
      2018-10-18 10:09 - 2018-10-18 10:09 - 000000000 ____D C:\Users\Rosko\AppData\Local\Viber Media S.à r.l
      2018-10-18 10:08 - 2018-10-28 13:47 - 000000000 ____D C:\Users\Rosko\AppData\Roaming\ViberPC
      2018-10-18 10:08 - 2018-10-18 10:08 - 000000956 _____ C:\Users\Rosko\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
      2018-10-18 10:08 - 2018-10-18 10:08 - 000000954 _____ C:\Users\Rosko\Desktop\Viber.lnk
      2018-10-18 10:08 - 2018-10-18 10:08 - 000000000 ____D C:\Users\Rosko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
      2018-10-18 10:08 - 2018-10-18 10:08 - 000000000 ____D C:\Users\Rosko\AppData\Local\cache
      2018-10-18 10:07 - 2018-10-18 10:07 - 000000000 ____D C:\Users\Rosko\AppData\Local\Package Cache
      2018-10-18 10:06 - 2018-10-18 10:07 - 089186064 _____ (Viber Media Inc.) C:\Users\Rosko\Downloads\ViberSetup.exe
      2018-10-17 22:33 - 2018-10-17 22:33 - 000267977 _____ C:\Users\Rosko\Downloads\danuchno_oblagane_vnoski_na_zemedelski_proizvoditeli (4).pdf
      2018-10-17 22:08 - 2018-10-17 22:09 - 000749389 _____ C:\Users\Rosko\Downloads\Нов Презентация на Microsoft PowerPoint (2).pptx
      2018-10-17 21:41 - 2018-10-17 21:41 - 000749389 _____ C:\Users\Rosko\Downloads\Нов Презентация на Microsoft PowerPoint (1).pptx
      2018-10-17 21:14 - 2018-10-17 21:14 - 000267977 _____ C:\Users\Rosko\Downloads\danuchno_oblagane_vnoski_na_zemedelski_proizvoditeli (3).pdf
      2018-10-17 16:19 - 2018-10-17 16:19 - 000289368 _____ C:\Windows\Minidump\101718-14539-01.dmp
      2018-10-17 15:07 - 2018-10-17 15:07 - 003833305 _____ C:\Users\Rosko\Downloads\dec50_2017_19.03.2018.rar
      2018-10-17 14:45 - 2018-10-17 14:45 - 004074946 _____ C:\Users\Rosko\Downloads\dec50_2016_баркод_с_ръководство_за_потребителя.rar
      2018-10-17 12:55 - 2018-10-17 12:55 - 000648847 _____ C:\Users\Rosko\Downloads\DOM (2).pdf
      2018-10-17 07:52 - 2018-10-17 07:52 - 000012846 _____ C:\Users\Rosko\Downloads\Spravka vazstanovqvane (4).ods
      2018-10-17 07:52 - 2018-10-17 07:52 - 000000165 ____H C:\Users\Rosko\Downloads\~$Spravka vazstanovqvane (4).ods
      2018-10-16 13:59 - 2018-10-16 13:59 - 070935933 _____ C:\Users\Rosko\Downloads\wetransfer-a3a156.zip
      2018-10-16 12:10 - 2018-10-16 12:10 - 001266784 _____ C:\Users\Rosko\Downloads\statement (21).pdf
      2018-10-16 12:09 - 2018-10-16 12:09 - 001105420 _____ C:\Users\Rosko\Downloads\statement (20).pdf
      2018-10-16 10:58 - 2018-10-16 10:58 - 000648847 _____ C:\Users\Rosko\Downloads\DOM (1).pdf
      2018-10-16 08:14 - 2018-10-16 08:14 - 001939889 _____ C:\Users\Rosko\Downloads\95_09.pdf
      2018-10-15 16:01 - 2018-10-15 16:01 - 000749389 _____ C:\Users\Rosko\Downloads\Нов Презентация на Microsoft PowerPoint.pptx
      2018-10-15 15:57 - 2018-10-15 15:57 - 000102327 _____ C:\Users\Rosko\Downloads\П-03001718127835-177-001_archive.zip
      2018-10-15 13:54 - 2018-10-15 13:54 - 000648847 _____ C:\Users\Rosko\Downloads\Ползване на данъчни облекчения и наличие на задължения.pdf
      2018-10-15 13:47 - 2018-10-15 13:47 - 000648847 _____ C:\Users\Rosko\Downloads\DOM.pdf
      2018-10-12 13:49 - 2018-10-12 13:49 - 000009969 _____ C:\Users\Rosko\Downloads\РОСТИСЛАВ НЕДКОВ БОРИСОВ_2019_ЮПЕР.ZIP
      2018-10-12 13:49 - 2018-10-12 13:49 - 000001382 _____ C:\Users\Rosko\Downloads\НЕДКО БОРИСОВ КОЛЕВ_2019_ЮПЕР.ZIP
      2018-10-12 13:48 - 2018-10-12 13:48 - 000001499 _____ C:\Users\Rosko\Downloads\НЕДКО БОРИСОВ КОЛЕВ_2019_БОЖУРОВО.ZIP
      2018-10-12 09:23 - 2018-10-12 09:23 - 000075048 _____ C:\Users\Rosko\Downloads\Crystal Reports - sp_invoice_text_only_2007_5_l.rpt (1).pdf
      2018-10-10 12:50 - 2018-10-10 12:50 - 004808921 _____ C:\Users\Rosko\Downloads\П-03001718168660-004-001_archive.zip
      2018-10-06 15:09 - 2018-10-06 15:09 - 000611358 _____ C:\Users\Rosko\Downloads\379984975.pdf
      2018-10-04 13:28 - 2018-10-04 13:28 - 000156030 _____ C:\Users\Rosko\Downloads\П-03001718168660-040-001_archive.zip
      2018-10-01 18:27 - 2018-10-01 18:27 - 000143428 _____ C:\Users\Rosko\Downloads\Информационна брошура за бъдещите майки.pdf
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-10-28 14:23 - 2009-07-14 06:45 - 000016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-10-28 14:23 - 2009-07-14 06:45 - 000016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-10-28 14:19 - 2009-07-14 05:20 - 000000000 ____D C:\PerfLogs
      2018-10-28 14:11 - 2017-08-24 12:56 - 000000000 ____D C:\Users\Rosko\AppData\Roaming\CalendarTool
      2018-10-28 12:42 - 2009-07-14 07:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-10-28 12:42 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      2018-10-28 12:36 - 2017-06-10 14:47 - 000000000 __SHD C:\Users\Rosko\IntelGraphicsProfiles
      2018-10-28 12:36 - 2015-04-23 13:38 - 000000000 ____D C:\Program Files (x86)\TeamViewer
      2018-10-28 12:35 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-10-28 11:44 - 2016-08-08 17:51 - 000000000 ___HD C:\Program Files (x86)\m3yE3E0
      2018-10-28 10:43 - 2015-04-23 12:58 - 000000000 ____D C:\Users\Rosko\AppData\Local\Microsoft Help
      2018-10-28 10:29 - 2017-01-10 10:04 - 000000000 ____D C:\Users\Rosko\AppData\Local\CrashDumps
      2018-10-27 19:48 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\tracing
      2018-10-24 07:25 - 2015-04-24 13:10 - 000000000 ____D C:\Users\Rosko\AppData\Roaming\Skype
      2018-10-23 08:18 - 2017-02-01 21:07 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2018-10-18 09:43 - 2018-07-09 15:03 - 000000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
      2018-10-18 09:43 - 2016-02-04 18:11 - 000002998 _____ C:\Windows\wininit.ini
      2018-10-17 16:19 - 2015-06-12 12:20 - 000000000 ____D C:\Windows\Minidump
      2018-10-17 16:18 - 2015-06-12 12:20 - 375178840 _____ C:\Windows\MEMORY.DMP
      2018-10-15 10:59 - 2009-07-14 07:08 - 000032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
      2018-10-09 21:41 - 2018-03-14 11:33 - 000004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
      2018-10-09 21:41 - 2017-02-01 18:37 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2018-10-09 21:41 - 2017-02-01 18:37 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2018-10-09 21:41 - 2017-02-01 18:37 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2018-10-09 21:41 - 2017-02-01 18:37 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2018-10-09 21:41 - 2017-02-01 18:37 - 000000000 ____D C:\Windows\system32\Macromed
      2018-10-04 13:28 - 2015-11-03 22:05 - 000000000 ____D C:\Users\Rosko\AppData\LocalLow\Adobe
      2018-10-01 21:10 - 2015-04-23 13:18 - 000000000 ____D C:\KMPlayer
      2018-10-01 08:27 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
      ==================== Files in the root of some directories =======
      2015-10-10 07:33 - 2015-10-10 07:33 - 000229019 _____ () C:\ProgramData\KTLVGTHRCQSO.dat
      2017-06-08 17:31 - 2017-06-08 17:31 - 000000017 _____ () C:\Users\Rosko\AppData\Local\resmon.resmoncfg
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-10-26 08:40
      ==================== End of FRST.txt ============================
      Addition.txt
    • от Magnolia D
      Здравейте, 
      От два - три дни интернет връзката ми се влоши драматично - почти невъзможно беше да се зареди каквато и да е страница (отнемаше минути, ако въобще успееше да го направи). Анти вирусната показа, че има Троянец(нещо си ) - може би е трябвало да запомня какво точно нещо си, но аз просто натиснах да го изтрие. Повторната проверка показа, че всичко е наред, но не мисля че е точно така. Сега зарежда малко по-бързо, но като цяло е изключително бавно и не мисля, че е от връзката. Предполагам, че се разбира, че знанието за компютрите не е една от най-силните ми страни, но за всеки случай ще го подчертая, за да се опитам да оправдая глупостите , които евентуално съм направила  и елементарния си "компютърен изказ". Относно стъпките за публикуване - нямам диск с операционната система, прикачвам другите два файла. П.С. Предварително благодаря за времето и съдействието!
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11.11.2018
      Ran by Grigorovi (administrator) on DIDI (13-11-2018 15:39:12)
      Running from D:\Instal
      Loaded Profiles: Grigorovi (Available Profiles: Grigorovi)
      Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Български (България)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
      (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
      (SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
      (Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [CL-22-D39888C9-D725-485F-B4A2-1AD9369147B7] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-22-4DEB32A9-F15E-4B9A-A7FB-125105229440\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-22-4DEB32A (the data entry has 44 more characters).
      HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [997920 2011-06-15] (Microsoft Corporation)
      HKU\S-1-5-21-2744073735-3007959217-1321240149-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
      Tcpip\..\Interfaces\{3247EA78-9C23-40D4-AF6B-21088034F9BF}: [DhcpNameServer] 192.168.8.1 192.168.8.1
      Tcpip\..\Interfaces\{AE99D80D-ED5E-4FA1-8934-689D4319410D}: [DhcpNameServer] 192.168.8.1 192.168.8.1
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
      FireFox:
      ========
      FF DefaultProfile: ixj5pejf.default-1538731853205
      FF ProfilePath: C:\Users\Grigorovi\AppData\Roaming\Mozilla\Firefox\Profiles\ixj5pejf.default-1538731853205 [2018-11-12]
      FF Extension: (Firefox Monitor) - C:\Users\Grigorovi\AppData\Roaming\Mozilla\Firefox\Profiles\ixj5pejf.default-1538731853205\features\{a452a5ff-64b4-44fa-910c-c6debf5ffb1d}\fxmonitor@mozilla.org.xpi [2018-10-05]
      FF Extension: (Telemetry coverage) - C:\Users\Grigorovi\AppData\Roaming\Mozilla\Firefox\Profiles\ixj5pejf.default-1538731853205\features\{a452a5ff-64b4-44fa-910c-c6debf5ffb1d}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-05] [Legacy]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-14] ()
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-29] (Google Inc.)
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-29] (Google Inc.)
      FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
      FF Plugin HKU\S-1-5-21-2744073735-3007959217-1321240149-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Grigorovi\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-08-10] (Zoom Video Communications, Inc.)
      Chrome: 
      =======
      CHR Profile: C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default [2018-11-13]
      CHR Extension: (Презентации) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Документи) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Диск) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
      CHR Extension: (YouTube) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-26]
      CHR Extension: (Adblock Plus) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-10-31]
      CHR Extension: (Adobe Acrobat) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
      CHR Extension: (Facebook Pixel Helper) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2018-10-23]
      CHR Extension: (Таблици) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Google Документи офлайн) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
      CHR Extension: (Pinterest Save Button) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-10-19]
      CHR Extension: (Grammar.com) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hamhaljjdpcgkelbadepgmnocknejief [2018-10-02]
      CHR Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2018-09-19]
      CHR Extension: (Reasy) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfiiflbfkgfmeinikcgikgiijegkhgf [2017-12-09]
      CHR Extension: (Grammar and Spelling checker by Ginger) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfieneakcjfaiglcfcgkidlkmlijjnh [2018-11-07]
      CHR Extension: (Tag Assistant (by Google)) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2018-09-27]
      CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-10-09]
      CHR Extension: (Awesome Screenshot: Screen Video Recorder) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2018-07-23]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
      CHR Extension: (Gmail) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-26]
      CHR Extension: (Chrome Media Router) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-19]
      CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
      R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [114648 2018-11-12] (SurfRight B.V.)
      R2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [4406408 2018-11-12] (SurfRight B.V.)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
      R2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation)
      R3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.)
      R1 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [263288 2018-11-12] (SurfRight B.V.)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [229568 2018-11-13] (Malwarebytes)
      R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
      R1 MpKsl5e3716e3; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4EE32FF0-58AB-4EF4-90BC-B7873B344D95}\MpKsl5e3716e3.sys [49504 2018-11-13] (Microsoft Corporation)
      R3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2099-10-22 18:57 - 30826-10-22 18:57 - 000186368 ____N (Microsoft Corporation) C:\Windows\foJiYOYp.exe
      2099-10-22 18:57 - 30826-10-22 18:57 - 000073216 ____N (Microsoft Corporation) C:\Windows\system32\rNZYYO.exe
      2099-10-22 18:57 - 30826-10-22 18:57 - 000073216 ____N (Microsoft Corporation) C:\Windows\system32\OmATowuMEtOu.exe
      2018-11-13 10:08 - 2018-11-13 10:08 - 000229568 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2018-11-12 18:25 - 2018-11-13 15:38 - 000000000 ____D C:\Windows\CryptoGuard
      2018-11-12 18:25 - 2018-11-13 10:06 - 000000000 ___DC C:\ProgramData\HitmanPro.Alert
      2018-11-12 18:25 - 2018-11-12 18:25 - 000875656 _____ (SurfRight B.V.) C:\Windows\system32\hmpalert.dll
      2018-11-12 18:25 - 2018-11-12 18:25 - 000263288 _____ (SurfRight B.V.) C:\Windows\system32\Drivers\hmpalert.sys
      2018-11-12 18:25 - 2018-11-12 18:25 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
      2018-11-12 18:25 - 2018-11-12 18:25 - 000000000 ___DC C:\Program Files\HitmanPro.Alert
      2018-11-12 18:14 - 2018-11-12 18:14 - 000001847 _____ C:\Users\Public\Desktop\HitmanPro.lnk
      2018-11-12 18:14 - 2018-11-12 18:14 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
      2018-11-12 18:13 - 2018-11-12 18:14 - 000000000 ___DC C:\Program Files\HitmanPro
      2018-11-07 09:29 - 2018-11-07 09:29 - 001292716 _____ C:\Users\Grigorovi\Desktop\ros.zip
      2018-11-07 02:23 - 2018-11-05 16:55 - 009162423 _____ C:\Users\Grigorovi\Desktop\139_da_badesh_bog2.zip
      2018-11-07 02:14 - 2018-11-07 02:14 - 001062670 _____ C:\Users\Grigorovi\Desktop\Ерик Бърн -Психология на човешките взаимоотношения.pdf
      2018-11-07 02:13 - 2018-11-07 02:13 - 000798148 _____ C:\Users\Grigorovi\Desktop\Игрите, които хората играят.pdf
      2018-11-01 17:09 - 2018-11-04 22:36 - 000000000 ____D C:\Users\Grigorovi\Desktop\WP-UnEducatedMermad
      2018-10-29 18:44 - 2018-10-29 18:44 - 001092248 _____ C:\Users\Grigorovi\Desktop\Quick-Start-Affiliate-Marketing-Report.pdf
      2018-10-26 22:52 - 2018-10-26 22:52 - 002583150 _____ C:\Users\Grigorovi\Desktop\lipton_spontanna.zip
      2018-10-26 22:51 - 2018-10-26 22:51 - 001290479 _____ C:\Users\Grigorovi\Desktop\24_lipton_honemoon.zip
      2018-10-20 16:07 - 2018-10-20 16:07 - 002677746 _____ C:\Users\Grigorovi\Desktop\unblock_your_abundance_by_christiemarie_sheldon_workbook_nsp2.pdf
      2018-10-17 01:23 - 2018-10-17 01:24 - 000507221 _____ C:\Users\Grigorovi\Desktop\shum_v_ushite.zip
      2018-10-16 18:55 - 2018-10-16 18:55 - 006273583 _____ C:\Users\Grigorovi\Desktop\Шакти Гуаейн-Пътят към истинското блоагоденствие.rar
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-11-13 15:39 - 2018-04-07 19:16 - 000000000 ___DC C:\FRST
      2018-11-13 10:15 - 2009-07-14 06:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-11-13 10:15 - 2009-07-14 06:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-11-13 10:10 - 2018-04-10 19:56 - 000000386 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
      2018-11-13 10:06 - 2018-04-07 21:35 - 000065536 _____ C:\Windows\system32\Ikeext.etl
      2018-11-13 10:06 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-11-13 05:49 - 2017-04-26 17:00 - 000000000 ___DC C:\ProgramData\HitmanPro
      2018-11-12 19:59 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
      2018-11-12 18:48 - 2014-10-15 19:19 - 000000000 ____D C:\Windows\Minidump
      2018-11-12 18:34 - 2016-12-02 16:12 - 000000702 _____ C:\Users\Public\Desktop\System Ninja.lnk
      2018-11-12 18:34 - 2016-12-02 16:12 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Ninja
      2018-11-09 18:05 - 2018-07-24 14:22 - 000000000 ___DC C:\Users\Grigorovi\AppData\Local\gtk-2.0
      2018-10-30 09:45 - 2016-10-28 18:07 - 000660594 _____ C:\Windows\system32\perfh01D.dat
      2018-10-30 09:45 - 2016-10-28 18:07 - 000144252 _____ C:\Windows\system32\perfc01D.dat
      2018-10-30 09:45 - 2016-10-28 17:31 - 000425298 _____ C:\Windows\system32\perfh012.dat
      2018-10-30 09:45 - 2016-10-28 17:31 - 000122162 _____ C:\Windows\system32\perfc012.dat
      2018-10-30 09:45 - 2016-10-28 16:02 - 000378044 _____ C:\Windows\system32\prfh0804.dat
      2018-10-30 09:45 - 2016-10-28 16:02 - 000121370 _____ C:\Windows\system32\prfc0804.dat
      2018-10-30 09:45 - 2016-10-28 15:29 - 000413652 _____ C:\Windows\system32\perfh011.dat
      2018-10-30 09:45 - 2016-10-28 15:29 - 000123878 _____ C:\Windows\system32\perfc011.dat
      2018-10-30 09:45 - 2016-10-28 15:09 - 000680628 _____ C:\Windows\system32\perfh00E.dat
      2018-10-30 09:45 - 2016-10-28 15:09 - 000173052 _____ C:\Windows\system32\perfc00E.dat
      2018-10-30 09:45 - 2016-10-28 14:49 - 000478376 _____ C:\Windows\system32\perfh00B.dat
      2018-10-30 09:45 - 2016-10-28 14:49 - 000103298 _____ C:\Windows\system32\perfc00B.dat
      2018-10-30 09:45 - 2016-10-28 14:25 - 000389218 _____ C:\Windows\system32\perfh00D.dat
      2018-10-30 09:45 - 2016-10-28 14:25 - 000086536 _____ C:\Windows\system32\perfc00D.dat
      2018-10-30 09:45 - 2016-10-28 13:57 - 000740372 _____ C:\Windows\system32\perfh013.dat
      2018-10-30 09:45 - 2016-10-28 13:57 - 000154880 _____ C:\Windows\system32\perfc013.dat
      2018-10-30 09:45 - 2016-10-28 13:42 - 000491388 _____ C:\Windows\system32\perfh014.dat
      2018-10-30 09:45 - 2016-10-28 13:42 - 000097182 _____ C:\Windows\system32\perfc014.dat
      2018-10-30 09:45 - 2016-10-28 13:17 - 000603862 _____ C:\Windows\system32\perfh008.dat
      2018-10-30 09:45 - 2016-10-28 13:17 - 000112906 _____ C:\Windows\system32\perfc008.dat
      2018-10-30 09:45 - 2016-10-28 12:51 - 000736920 _____ C:\Windows\system32\perfh010.dat
      2018-10-30 09:45 - 2016-10-28 12:51 - 000148624 _____ C:\Windows\system32\perfc010.dat
      2018-10-30 09:45 - 2016-10-28 12:37 - 000665714 _____ C:\Windows\system32\perfh005.dat
      2018-10-30 09:45 - 2016-10-28 12:37 - 000143204 _____ C:\Windows\system32\perfc005.dat
      2018-10-30 09:45 - 2016-10-28 12:18 - 000475888 _____ C:\Windows\system32\perfh001.dat
      2018-10-30 09:45 - 2016-10-28 12:18 - 000096550 _____ C:\Windows\system32\perfc001.dat
      2018-10-30 09:45 - 2016-10-28 12:05 - 000742590 _____ C:\Windows\system32\perfh00C.dat
      2018-10-30 09:45 - 2016-10-28 12:05 - 000151358 _____ C:\Windows\system32\perfc00C.dat
      2018-10-30 09:45 - 2016-10-28 11:52 - 000725892 _____ C:\Windows\system32\prfh0816.dat
      2018-10-30 09:45 - 2016-10-28 11:52 - 000154684 _____ C:\Windows\system32\prfc0816.dat
      2018-10-30 09:45 - 2016-10-28 11:36 - 000506288 _____ C:\Windows\system32\perfh006.dat
      2018-10-30 09:45 - 2016-10-28 11:36 - 000100436 _____ C:\Windows\system32\perfc006.dat
      2018-10-30 09:45 - 2016-10-28 11:24 - 000742330 _____ C:\Windows\system32\perfh00A.dat
      2018-10-30 09:45 - 2016-10-28 11:24 - 000160252 _____ C:\Windows\system32\perfc00A.dat
      2018-10-30 09:45 - 2016-10-28 11:11 - 000395216 _____ C:\Windows\system32\prfh0404.dat
      2018-10-30 09:45 - 2016-10-28 11:11 - 000116868 _____ C:\Windows\system32\prfc0404.dat
      2018-10-30 09:45 - 2016-10-28 10:59 - 000737232 _____ C:\Windows\system32\perfh015.dat
      2018-10-30 09:45 - 2016-10-28 10:59 - 000157650 _____ C:\Windows\system32\perfc015.dat
      2018-10-30 09:45 - 2016-10-28 10:44 - 000721474 _____ C:\Windows\system32\perfh019.dat
      2018-10-30 09:45 - 2016-10-28 10:44 - 000152620 _____ C:\Windows\system32\perfc019.dat
      2018-10-30 09:45 - 2016-10-28 10:25 - 000710754 _____ C:\Windows\system32\prfh0416.dat
      2018-10-30 09:45 - 2016-10-28 10:25 - 000149434 _____ C:\Windows\system32\prfc0416.dat
      2018-10-30 09:45 - 2016-10-28 09:57 - 000694082 _____ C:\Windows\system32\perfh007.dat
      2018-10-30 09:45 - 2016-10-28 09:57 - 000150894 _____ C:\Windows\system32\perfc007.dat
      2018-10-30 09:45 - 2016-10-28 09:41 - 000653556 _____ C:\Windows\system32\perfh01F.dat
      2018-10-30 09:45 - 2016-10-28 09:41 - 000141778 _____ C:\Windows\system32\perfc01F.dat
      2018-10-30 09:45 - 2016-10-28 09:41 - 000126256 _____ C:\Windows\system32\perfh002.dat
      2018-10-30 09:45 - 2016-10-28 09:41 - 000028684 _____ C:\Windows\system32\perfc002.dat
      2018-10-30 09:45 - 2010-11-20 23:01 - 017739850 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-10-26 11:12 - 2018-10-05 13:08 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
      2018-10-25 10:37 - 2018-04-10 18:45 - 000002093 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-10-25 10:37 - 2016-08-26 11:58 - 000002134 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-10-24 12:51 - 2018-04-15 10:33 - 000000000 ___DC C:\Users\Grigorovi\AppData\Local\ElevatedDiagnostics
      2018-10-23 08:50 - 2016-08-24 15:28 - 000002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2018-10-15 23:48 - 2014-10-15 19:37 - 000479504 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
      ==================== Files in the root of some directories =======
      2017-11-23 15:47 - 2017-11-23 15:47 - 001276776 _____ () C:\Users\Grigorovi\AppData\Roaming\screenshot11Thursday1547301350000.png
      2018-05-17 11:44 - 2018-05-17 11:44 - 001302316 _____ () C:\Users\Grigorovi\AppData\Roaming\screenshot5Thursday1244426890000.png
      2018-05-17 11:44 - 2018-05-17 11:44 - 001299942 _____ () C:\Users\Grigorovi\AppData\Roaming\screenshot5Thursday1244446010000.png
      2016-09-01 09:53 - 2016-09-01 09:53 - 000000000 ____C () C:\Users\Grigorovi\AppData\Local\AtStart.txt
      2016-09-01 09:53 - 2016-09-01 09:53 - 000000000 ____C () C:\Users\Grigorovi\AppData\Local\DSwitch.txt
      2016-09-01 09:53 - 2016-09-01 09:53 - 000000000 ____C () C:\Users\Grigorovi\AppData\Local\QSwitch.txt
      2018-07-31 22:52 - 2018-07-31 22:52 - 000003292 ____C () C:\Users\Grigorovi\AppData\Local\recently-used.xbel
      2017-08-26 20:16 - 2017-08-26 20:16 - 000007597 ____C () C:\Users\Grigorovi\AppData\Local\Resmon.ResmonCfg
      2018-04-07 13:19 - 2018-04-07 13:19 - 000000003 ____C () C:\Users\Grigorovi\AppData\Local\wbem.ini
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-11-04 00:42
      ==================== End of FRST.txt ============================
       
      Addition.txt
    • от D101149
      Здравейте! Съмнявам се, че система ми е заразена ако може да ми помогнете ще съм ви благодарен (за пореден път)  Първите 3-4 минути изобщо хрома не зарежда страниците..
       
      Addition.txt
      FRST.txt
    • от mordikai
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.09.2018
      Ran by Dellssd (administrator) on DELLSSD-PC (29-09-2018 16:54:29)
      Running from C:\Users\Dellssd\Downloads
      Loaded Profiles: Dellssd (Available Profiles: Dellssd)
      Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
      Internet Explorer Version 11 (Default browser: IE)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
      (Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
      (Intel Corporation) C:\Windows\System32\igfxtray.exe
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Intel Corporation) C:\Windows\System32\igfxpers.exe
      (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.805\SSScheduler.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
      (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
      (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
      (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
      (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Microsoft Corporation) C:\Windows\splwow64.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (BitTorrent Inc.) C:\Users\Dellssd\AppData\Roaming\uTorrent\uTorrent.exe
      (BitTorrent Inc.) C:\Users\Dellssd\AppData\Roaming\uTorrent\updates\3.4.6_42178\utorrentie.exe
      (BitTorrent Inc.) C:\Users\Dellssd\AppData\Roaming\uTorrent\updates\3.4.6_42178\utorrentie.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-08-30] (AVAST Software)
      HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
      HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
      HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
      Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      HKU\S-1-5-21-477188782-2465529923-3270759937-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [1447936 2018-07-13] (Adobe Systems Incorporated)
      HKU\S-1-5-21-477188782-2465529923-3270759937-1000\...\MountPoints2: {6e61377d-2802-11e7-81ae-1c659d02e554} - G:\AutoRun.exe
      HKU\S-1-5-21-477188782-2465529923-3270759937-1000\...\MountPoints2: {76ec0a4f-0d2e-11e6-8287-1c659d02e554} - F:\SETUP.EXE
      HKU\S-1-5-21-477188782-2465529923-3270759937-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
      HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
      Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-09-26]
      ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.805\SSScheduler.exe (McAfee, Inc.)
      GroupPolicy: Restriction ? <==== ATTENTION
      GroupPolicy\User: Restriction ? <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      ProxyEnable: [S-1-5-21-477188782-2465529923-3270759937-1000] => Proxy is enabled.
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{645E12D2-5740-463F-B063-09C024155032}: [DhcpNameServer] 192.168.8.1 192.168.8.1
      Tcpip\..\Interfaces\{B0D854A2-9D35-438A-98DE-EE2EB8CFFC94}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
      HKU\S-1-5-21-477188782-2465529923-3270759937-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
      SearchScopes: HKLM-x32 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
      SearchScopes: HKLM-x32 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
      SearchScopes: HKU\S-1-5-21-477188782-2465529923-3270759937-1000 -> 9845cd48-2779-11e7-bbbc-1c659d02e554 URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
      SearchScopes: HKU\S-1-5-21-477188782-2465529923-3270759937-1000 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://yandex.ru/search/?win=277&clid=2262092-3&text={searchTerms}
      SearchScopes: HKU\S-1-5-21-477188782-2465529923-3270759937-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10041_spdf_opdfs_all_b_doc2pdf_170414__yaie&p={searchTerms}
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
      BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-03-10] (Google Inc.)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
      BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-03-10] (Google Inc.)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-03-10] (Google Inc.)
      Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-03-10] (Google Inc.)
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Google\Google Desktop Search\Plugins\gdSkype\skype4com.dll No File
      StartMenuInternet: IEXPLORE.EXE - iexplore.exe
      FireFox:
      ========
      FF DefaultProfile: yk7fki5l.default
      FF ProfilePath: C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default [2018-09-26]
      FF Homepage: Mozilla\Firefox\Profiles\yk7fki5l.default -> hxxps://search.avast.com/AV772/
      FF NewTab: Mozilla\Firefox\Profiles\yk7fki5l.default -> about:newtab
      FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default\Extensions\homepage@mail.ru.xpi [2018-08-10]
      FF Extension: (Поиск Mail.Ru) - C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default\Extensions\search@mail.ru.xpi [2018-04-12]
      FF Extension: (Советник Яндекс.Маркета) - C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default\Extensions\sovetnik@metabar.ru.xpi [2018-09-19]
      FF Extension: (Avast SafePrice) - C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default\Extensions\sp@avast.com.xpi [2018-08-10]
      FF Extension: (Визуальные закладки) - C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default\Extensions\vb@yandex.ru.xpi [2018-05-06]
      FF Extension: (Avast Online Security) - C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default\Extensions\wrc@avast.com.xpi [2018-05-30]
      FF Extension: (Пульт) - C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.xpi [2017-12-03]
      FF Extension: (Telemetry coverage) - C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default\features\{02617030-72af-413d-a344-376f30098954}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-09-19] [Legacy]
      FF SearchPlugin: C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default\searchplugins\avast-search.xml [2017-08-25]
      FF SearchPlugin: C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default\searchplugins\yahoo-lavasoft.xml [2017-04-14]
      FF SearchPlugin: C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default\searchplugins\Yahoo®-20173422.xml [2017-04-22]
      FF SearchPlugin: C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default\searchplugins\yandex.ru-20173422.xml [2017-04-22]
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
      FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
      FF Plugin-x32: Soda PDF Desktop -> C:\Program Files (x86)\Soda PDF Desktop\np-previewer.dll [2017-03-23] (LULU Software)
      FF Plugin HKU\S-1-5-21-477188782-2465529923-3270759937-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Dellssd\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-01-25] (Zoom Video Communications, Inc.)
      Chrome: 
      =======
      CHR HomePage: Default -> yandex.ru
      CHR NewTab: Default ->  Active:"chrome-extension://fehhbdbmfjboomkmkflbaekjkhkklbnh/newtabproduct.html", Active:"chrome-extension://ceopoaldcnmhechacafgagdkklcogkgd/newtabproduct.html", Not-active:"chrome-extension://hcckjhfbahlnihggjcbadkgfjcghcibl/newtab/newtab.html", Not-active:"chrome-extension://mebpengldpmmlnaeehejppajiakgpbek/redirect.html", Not-active:"chrome-extension://mallpejgeafdahhflmliiahjdpgbegpk/stubby.html", Not-active:"chrome-extension://agibagflppafhfonkefpklndlohkclcb/index.html", Not-active:"chrome-extension://ghfmhofojkkfdnlfefhkckbflohgiicn/index.html"
      CHR DefaultSearchURL: Default -> hxxp://musix.searchalgo.com/search/?category=web&s=wmds&q={searchTerms}
      CHR DefaultSearchKeyword: Default -> WowMusix
      CHR DefaultSuggestURL: Default -> hxxp://sug.searchalgo.com/search/index_sg.php?q={searchTerms}
      CHR Profile: C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default [2018-09-29]
      CHR Extension: (Slides) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
      CHR Extension: (Docs) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Drive) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-19]
      CHR Extension: (Skype Calling) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-10-25]
      CHR Extension: (YouTube) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-19]
      CHR Extension: (OnlineMapFinder) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd [2018-04-26]
      CHR Extension: (Tampermonkey) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-08-24]
      CHR Extension: (Стартовая — Яндекс) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkekdlkmdpipihonapoleopfekmapadh [2017-06-14]
      CHR Extension: (Adobe Acrobat) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-14]
      CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-09-20]
      CHR Extension: (MyImageConverter) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\fehhbdbmfjboomkmkflbaekjkhkklbnh [2018-08-23]
      CHR Extension: (Sheets) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Search App - Music) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\flohajbbpjlbphjgeffnhlopdhoonghc [2017-09-13]
      CHR Extension: (Google Docs Offline) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
      CHR Extension: (Avast Online Security) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-26]
      CHR Extension: (Яндекс) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfblcbjfojmgagikhldeppgmgdpjkpl [2017-06-20]
      CHR Extension: (Ask Web Search) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmengapaekgmapkcophhdmppmjinpogo [2018-09-21]
      CHR Extension: (Ask Web Search) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkmodlfcmmnhhlofndkhdcembjaefbb [2018-09-21]
      CHR Extension: (FromDocToPDF) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2018-08-24]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
      CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\odijcgafkhpobjlnfdgiacpdenpmbgme [2016-10-19]
      CHR Extension: (Parity to Affinity) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\peagbbjfdfkkfcehfbddelhhppflbgla [2017-03-13]
      CHR Extension: (Mail.Ru) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkdcinmmljblpnkohlipaiodlonpinf [2016-10-19]
      CHR Extension: (SearchApp - Entertainment) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\phlbjnedeghkgaeghaiocogfofoicbpg [2018-01-16]
      CHR Extension: (Gmail) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-19]
      CHR Extension: (Chrome Media Router) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-19]
      CHR Extension: (Pulse) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmpoaahleccaibbhfjfimigepmfmmbbk [2018-06-06]
      CHR HKLM-x32\...\Chrome\Extension: [dkekdlkmdpipihonapoleopfekmapadh] - hxxp://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [jkfblcbjfojmgagikhldeppgmgdpjkpl] - hxxp://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [odijcgafkhpobjlnfdgiacpdenpmbgme] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [phkdcinmmljblpnkohlipaiodlonpinf] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [pmpoaahleccaibbhfjfimigepmfmmbbk] - hxxps://clients2.google.com/service/update2/crx
      Opera: 
      =======
      OPR StartupUrls: "hxxps://www.yandex.ru/?win=277&clid=2262091-3"
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
      R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7994520 2018-08-30] (AVAST Software)
      S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-23] (AVAST Software)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-08-30] (AVAST Software)
      S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-23] (AVAST Software)
      S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo Uninstaller 2017\DfSdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
      S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.805\McCHSvc.exe [405392 2018-09-24] (McAfee, Inc.)
      R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [51112 2017-02-22] (Microsoft)
      S2 Soda PDF Desktop Creator; C:\Program Files\Soda PDF Desktop\creator-ws.exe [755048 2017-03-23] (LULU Software)
      S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
      R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25192 2017-04-14] ()
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
      S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\Kingsoft Office\wpscloudsvr.exe [220288 2018-03-28] (Zhuhai Kingsoft Office Software Co.,Ltd)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [199712 2018-08-30] (AVAST Software)
      R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [229384 2018-08-30] (AVAST Software)
      R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201320 2018-08-30] (AVAST Software)
      R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346664 2018-08-30] (AVAST Software)
      R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59568 2018-08-30] (AVAST Software)
      R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [249016 2018-08-30] (AVAST Software)
      S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-08-30] (AVAST Software)
      R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163392 2018-09-12] (AVAST Software)
      R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111864 2018-08-30] (AVAST Software)
      R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87904 2018-08-30] (AVAST Software)
      R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027720 2018-08-30] (AVAST Software)
      R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [467320 2018-09-05] (AVAST Software)
      R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [215920 2018-09-12] (AVAST Software)
      R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381560 2018-08-30] (AVAST Software)
      R3 ST_Accel; C:\Windows\System32\DRIVERS\ST_Accel.sys [103088 2015-02-26] (STMicroelectronics)
      R2 UI5IFS; C:\Program Files (x86)\Ashampoo\Ashampoo Uninstaller 2017\IFS64.sys [31320 2015-12-07] ()
      S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
      S3 btwaudio; system32\drivers\btwaudio.sys [X]
      S3 btwavdt; system32\drivers\btwavdt.sys [X]
      S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
      S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-09-29 16:54 - 2018-09-29 16:54 - 000026700 _____ C:\Users\Dellssd\Downloads\FRST.txt
      2018-09-29 16:54 - 2018-09-29 16:54 - 000000000 ____D C:\FRST
      2018-09-29 16:53 - 2018-09-29 16:53 - 002414080 _____ (Farbar) C:\Users\Dellssd\Downloads\FRST64.exe
      2018-09-29 16:19 - 2018-09-29 16:19 - 004279416 _____ (ESET) C:\Users\Dellssd\Downloads\eset_internet_security_live_installer.exe
      2018-09-29 15:16 - 2018-09-29 15:16 - 000017773 _____ C:\Users\Dellssd\Downloads\American.Horror.Story.S08E03.720p.WEBRip.x264-TBS.torrent
      2018-09-29 11:31 - 2018-09-29 11:31 - 000001191 _____ C:\Users\Dellssd\AppData\Roaming\uni.txt
      2018-09-29 08:39 - 2018-09-29 08:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
      2018-09-29 08:30 - 2018-09-29 08:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      2018-09-27 23:29 - 2018-09-27 23:29 - 005193216 _____ ( ) C:\Users\Dellssd\Downloads\wspsetup.exe
      2018-09-26 14:31 - 2018-09-26 14:31 - 000001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
      2018-09-26 14:31 - 2018-09-26 14:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
      2018-09-26 14:31 - 2018-09-26 14:31 - 000000000 ____D C:\ProgramData\McAfee Security Scan
      2018-09-25 11:26 - 2018-09-28 11:38 - 000109568 ____H C:\Users\Dellssd\Desktop\~WRL1409.tmp
      2018-09-25 11:26 - 2018-09-27 10:53 - 000094208 ____H C:\Users\Dellssd\Desktop\~WRL1082.tmp
      2018-09-25 11:26 - 2018-09-26 13:19 - 000084480 ____H C:\Users\Dellssd\Desktop\~WRL1831.tmp
      2018-09-24 22:25 - 2018-09-24 22:25 - 000014480 _____ C:\Users\Dellssd\Downloads\Preacher.S03E10.HDTV.x264-KILLERS.mkv (2).torrent
      2018-09-24 09:39 - 2018-09-24 09:39 - 000014480 _____ C:\Users\Dellssd\Downloads\Preacher.S03E10.HDTV.x264-KILLERS.mkv (1).torrent
      2018-09-23 22:48 - 2018-09-23 22:48 - 000014480 _____ C:\Users\Dellssd\Downloads\Preacher.S03E10.HDTV.x264-KILLERS.mkv.torrent
      2018-09-23 22:46 - 2018-09-23 22:46 - 000011432 _____ C:\Users\Dellssd\Downloads\Preacher.S03E09.HDTV.x264-SVA (2).torrent
      2018-09-23 08:18 - 2018-09-23 08:18 - 000011432 _____ C:\Users\Dellssd\Downloads\Preacher.S03E09.HDTV.x264-SVA (1).torrent
      2018-09-22 20:53 - 2018-09-22 20:53 - 000011432 _____ C:\Users\Dellssd\Downloads\Preacher.S03E09.HDTV.x264-SVA.torrent
      2018-09-22 19:56 - 2018-09-22 19:56 - 000018281 _____ C:\Users\Dellssd\Downloads\Preacher.S03E08.720p.HEVC.x265-MeGusta.torrent
      2018-09-22 19:03 - 2018-09-22 19:03 - 000017384 _____ C:\Users\Dellssd\Downloads\Preacher.S03E07.720p.HEVC.x265-MeGusta.torrent
      2018-09-22 10:02 - 2018-09-22 10:02 - 000010528 _____ C:\Users\Dellssd\Downloads\American.Horror.Story.S08E01.HDTV.x264-SVA (1).torrent
      2018-09-21 18:54 - 2018-09-21 18:54 - 000010528 _____ C:\Users\Dellssd\Downloads\American.Horror.Story.S08E01.HDTV.x264-SVA.torrent
      2018-09-21 18:52 - 2018-09-21 18:52 - 000017830 _____ C:\Users\Dellssd\Downloads\American.Horror.Story.S08E02.WEBRip.x264-TBS.torrent
      2018-09-19 10:10 - 2018-09-19 10:10 - 000262144 _____ C:\Windows\Minidump\091918-9126-01.dmp
      2018-09-16 10:43 - 2018-09-16 10:43 - 000218836 _____ C:\Users\Dellssd\Desktop\a.psd
      2018-09-16 10:20 - 2018-09-16 10:21 - 000024235 _____ C:\Users\Dellssd\Desktop\a.jpf
      2018-09-08 16:34 - 2018-09-08 16:34 - 000152887 _____ C:\Users\Dellssd\Desktop\5.jpeg
      2018-09-06 20:51 - 2018-09-06 20:51 - 000015001 _____ C:\Users\Dellssd\Downloads\[kinozal.tv]id1604058.torrent
      2018-08-30 23:30 - 2018-08-30 23:29 - 000379608 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-09-29 16:53 - 2016-04-28 15:06 - 000000000 ____D C:\Users\Dellssd\AppData\Roaming\uTorrent
      2018-09-29 16:43 - 2017-05-15 14:15 - 000000378 _____ C:\Windows\Tasks\WpsNotifyTask_Dellssd.job
      2018-09-29 16:39 - 2018-02-11 22:39 - 000000994 _____ C:\Windows\Tasks\Chromium nefil.job
      2018-09-29 16:12 - 2016-10-21 06:34 - 000000000 ____D C:\Users\Dellssd\AppData\Roaming\vlc
      2018-09-29 15:16 - 2017-09-30 23:37 - 000000000 ____D C:\Users\Dellssd\AppData\LocalLow\uTorrent
      2018-09-29 13:22 - 2016-04-28 19:38 - 000000392 _____ C:\Windows\Tasks\update-sys.job
      2018-09-29 12:57 - 2016-04-28 19:38 - 000000392 _____ C:\Windows\Tasks\update-S-1-5-21-477188782-2465529923-3270759937-1000.job
      2018-09-29 08:39 - 2016-04-28 19:38 - 000003270 _____ C:\Windows\System32\Tasks\update-S-1-5-21-477188782-2465529923-3270759937-1000
      2018-09-29 08:38 - 2009-07-14 07:45 - 000014448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-09-29 08:38 - 2009-07-14 07:45 - 000014448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-09-29 08:30 - 2017-08-13 12:16 - 000001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
      2018-09-29 08:30 - 2017-03-11 18:15 - 000001306 _____ C:\Users\Public\Desktop\Skype.lnk
      2018-09-29 08:30 - 2017-03-11 18:15 - 000000000 ___RD C:\Program Files (x86)\Skype
      2018-09-29 08:30 - 2016-04-28 15:22 - 000000000 ____D C:\ProgramData\Skype
      2018-09-29 08:28 - 2009-07-14 08:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-09-29 08:28 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
      2018-09-29 08:21 - 2016-04-28 15:19 - 000000204 _____ C:\Windows\Tasks\AutoKMS.job
      2018-09-29 08:21 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-09-27 23:33 - 2018-03-23 00:37 - 000000000 ____D C:\Users\Dellssd\AppData\Local\AVAST Software
      2018-09-27 10:13 - 2016-12-02 22:36 - 000000000 ____D C:\Users\Dellssd\Desktop\преводи
      2018-09-26 14:31 - 2018-07-13 15:01 - 000000000 ____D C:\Program Files\McAfee Security Scan
      2018-09-24 09:29 - 2017-04-13 09:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
      2018-09-24 09:29 - 2016-08-18 13:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2018-09-23 23:46 - 2016-12-01 16:09 - 000000000 ____D C:\Users\Dellssd\AppData\LocalLow\Mozilla
      2018-09-23 08:33 - 2017-07-27 09:56 - 000003180 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-477188782-2465529923-3270759937-1000
      2018-09-23 08:33 - 2017-05-14 12:21 - 000002164 _____ C:\Users\Dellssd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
      2018-09-23 08:33 - 2017-05-14 12:21 - 000000000 ___RD C:\Users\Dellssd\OneDrive
      2018-09-22 17:35 - 2018-08-29 08:46 - 000501760 ____H C:\Users\Dellssd\Desktop\~WRL1243.tmp
      2018-09-21 18:56 - 2016-10-30 19:56 - 000000000 ____D C:\Users\Dellssd\Desktop\subtitri
      2018-09-21 14:57 - 2018-08-29 08:46 - 000493568 ____H C:\Users\Dellssd\Desktop\~WRL3209.tmp
      2018-09-20 12:11 - 2016-09-26 11:57 - 000119544 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
      2018-09-20 10:36 - 2017-04-14 13:23 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
      2018-09-20 10:36 - 2017-04-14 13:23 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2018-09-19 23:21 - 2018-03-23 00:38 - 000002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
      2018-09-19 10:10 - 2017-01-14 08:33 - 000000000 ____D C:\Windows\Minidump
      2018-09-18 23:46 - 2016-09-19 00:17 - 000002430 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-09-18 23:46 - 2016-09-19 00:17 - 000002389 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-09-18 12:47 - 2018-08-29 08:46 - 000419328 ____H C:\Users\Dellssd\Desktop\~WRL1414.tmp
      2018-09-17 12:36 - 2018-08-29 08:46 - 000396288 ____H C:\Users\Dellssd\Desktop\~WRL2232.tmp
      2018-09-17 09:55 - 2016-04-28 15:19 - 000000202 _____ C:\Windows\Tasks\AutoKMSDaily.job
      2018-09-16 22:22 - 2018-07-13 14:31 - 000004482 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
      2018-09-16 22:22 - 2018-06-17 11:13 - 000003138 _____ C:\Windows\System32\Tasks\{810AB3C2-34D4-499B-B4BB-9D38D546FA12}
      2018-09-16 22:22 - 2018-05-05 14:25 - 000003944 _____ C:\Windows\System32\Tasks\WpsUpdateTask_Dellssd
      2018-09-16 22:22 - 2017-08-07 09:24 - 000004192 _____ C:\Windows\System32\Tasks\WpsExternal_Dellssd_20170807092444
      2018-09-16 22:22 - 2017-05-15 14:15 - 000004196 _____ C:\Windows\System32\Tasks\WpsKtpcntrQingTask_Dellssd
      2018-09-16 22:22 - 2017-05-15 14:15 - 000003362 _____ C:\Windows\System32\Tasks\WpsNotifyTask_Dellssd
      2018-09-16 22:22 - 2017-04-16 19:21 - 000004308 _____ C:\Windows\System32\Tasks\Opera scheduled suite Autoupdate 1492359678
      2018-09-16 22:22 - 2017-04-16 19:21 - 000004086 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1492359677
      2018-09-16 22:22 - 2017-04-14 13:19 - 000003572 _____ C:\Windows\System32\Tasks\doPDF Update
      2018-09-16 22:22 - 2017-03-11 18:01 - 000003154 _____ C:\Windows\System32\Tasks\{F75FB1AB-3FC6-4CCB-8E59-EFFFE1750F20}
      2018-09-16 22:22 - 2017-03-11 17:59 - 000003154 _____ C:\Windows\System32\Tasks\{CEDD031E-67BD-4005-BC8D-F936A030F0BA}
      2018-09-16 22:22 - 2017-03-10 11:47 - 000003154 _____ C:\Windows\System32\Tasks\{54495718-5171-4E02-8AE9-0C0BA73E7D7F}
      2018-09-16 22:22 - 2017-03-10 11:46 - 000003154 _____ C:\Windows\System32\Tasks\{E1C2E6E7-851E-4C71-BE27-06A41080DD86}
      2018-09-16 22:22 - 2017-03-08 15:35 - 000003154 _____ C:\Windows\System32\Tasks\{380FC156-4700-48BE-8B5A-FBA1286DCE61}
      2018-09-16 22:22 - 2017-03-07 19:54 - 000003154 _____ C:\Windows\System32\Tasks\{B59123EA-C895-4329-A7B1-CB325A18760F}
      2018-09-16 22:22 - 2017-03-07 19:53 - 000003154 _____ C:\Windows\System32\Tasks\{1B3678E0-0EBD-4B19-8557-0E961136459F}
      2018-09-16 22:22 - 2017-03-07 19:23 - 000003152 _____ C:\Windows\System32\Tasks\{C3112054-5422-446C-8C6A-CBF71C0F1362}
      2018-09-16 22:22 - 2017-03-07 19:18 - 000003154 _____ C:\Windows\System32\Tasks\{2A7E9ED5-EA5D-44CE-A690-23D3D3057CA2}
      2018-09-16 22:22 - 2017-03-07 19:14 - 000003154 _____ C:\Windows\System32\Tasks\{E3C65BC8-A75A-427C-B27F-42C9BBE41C62}
      2018-09-16 22:22 - 2016-10-20 13:50 - 000003112 _____ C:\Windows\System32\Tasks\{35511907-B4BB-42B6-B5D5-1DEA4D518FE5}
      2018-09-16 22:22 - 2016-10-20 13:36 - 000003164 _____ C:\Windows\System32\Tasks\{CF456C35-60A1-4F96-848F-0062539D31D4}
      2018-09-16 22:22 - 2016-10-20 13:08 - 000003164 _____ C:\Windows\System32\Tasks\{286D155D-B077-4884-A3BD-71EBE307BEF5}
      2018-09-16 22:22 - 2016-10-20 13:07 - 000003164 _____ C:\Windows\System32\Tasks\{295B979B-F0EA-40DA-9832-C45D45FC859B}
      2018-09-16 22:22 - 2016-10-19 13:20 - 000003164 _____ C:\Windows\System32\Tasks\{B72E12E4-120A-46A7-B0FC-AED00851297F}
      2018-09-16 22:22 - 2016-10-19 12:55 - 000003164 _____ C:\Windows\System32\Tasks\{A7EABB03-E8E6-444E-9C70-01DEA803DBEC}
      2018-09-16 22:22 - 2016-10-19 12:53 - 000003164 _____ C:\Windows\System32\Tasks\{D6E5F4DF-91E3-4ECA-B09F-9DCF123E1030}
      2018-09-16 22:22 - 2016-09-19 00:16 - 000003432 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
      2018-09-16 22:22 - 2016-09-19 00:16 - 000003304 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
      2018-09-16 22:22 - 2016-04-28 19:38 - 000003400 _____ C:\Windows\System32\Tasks\update-sys
      2018-09-16 22:22 - 2016-04-28 15:19 - 000002740 _____ C:\Windows\System32\Tasks\AutoKMSDaily
      2018-09-16 22:22 - 2016-04-28 15:19 - 000002436 _____ C:\Windows\System32\Tasks\AutoKMS
      2018-09-16 22:22 - 2016-04-28 15:14 - 000003148 _____ C:\Windows\System32\Tasks\{5A5A1497-EAC4-4683-9946-09144759EE3B}
      2018-09-16 22:22 - 2016-04-28 13:36 - 000003254 _____ C:\Windows\System32\Tasks\{CD225CD4-3990-439E-8F36-78EB3BDEE4E1}
      2018-09-16 20:22 - 2018-08-29 08:46 - 000370688 ____H C:\Users\Dellssd\Desktop\~WRL3793.tmp
      2018-09-15 19:37 - 2018-08-29 08:46 - 000344576 ____H C:\Users\Dellssd\Desktop\~WRL1766.tmp
      2018-09-14 18:54 - 2018-08-29 08:46 - 000297984 ____H C:\Users\Dellssd\Desktop\~WRL2266.tmp
      2018-09-13 15:27 - 2018-08-29 08:46 - 000268288 ____H C:\Users\Dellssd\Desktop\~WRL2379.tmp
      2018-09-12 23:30 - 2016-04-28 15:24 - 000215920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
      2018-09-12 12:59 - 2018-08-29 08:46 - 000251904 ____H C:\Users\Dellssd\Desktop\~WRL1812.tmp
      2018-09-12 12:19 - 2016-04-28 15:24 - 000163392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
      2018-09-09 09:00 - 2018-08-29 08:46 - 000212992 ____H C:\Users\Dellssd\Desktop\~WRL1160.tmp
      2018-09-08 11:36 - 2018-08-29 08:46 - 000209920 ____H C:\Users\Dellssd\Desktop\~WRL3129.tmp
      2018-09-07 13:25 - 2018-08-29 08:46 - 000199168 ____H C:\Users\Dellssd\Desktop\~WRL0459.tmp
      2018-09-05 11:53 - 2016-04-28 15:24 - 000467320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
      2018-09-04 13:41 - 2018-08-29 08:46 - 000154624 ____H C:\Users\Dellssd\Desktop\~WRL0358.tmp
      2018-09-03 23:58 - 2017-03-11 17:50 - 000000000 _____ C:\Windows\SysWOW64\last.dump
      2018-09-03 10:30 - 2018-08-29 08:46 - 000122368 ____H C:\Users\Dellssd\Desktop\~WRL1632.tmp
      2018-09-01 12:16 - 2018-08-29 08:46 - 000114688 ____H C:\Users\Dellssd\Desktop\~WRL0845.tmp
      2018-08-31 12:46 - 2018-08-29 08:46 - 000098304 ____H C:\Users\Dellssd\Desktop\~WRL3568.tmp
      2018-08-30 23:30 - 2017-04-04 12:54 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
      2018-08-30 23:30 - 2016-04-28 15:24 - 000087904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
      2018-08-30 23:29 - 2017-12-23 19:29 - 000249016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
      2018-08-30 23:29 - 2017-11-13 11:28 - 000199712 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
      2018-08-30 23:29 - 2017-04-04 12:54 - 000346664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
      2018-08-30 23:29 - 2017-04-04 12:54 - 000229384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
      2018-08-30 23:29 - 2017-04-04 12:54 - 000201320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
      2018-08-30 23:29 - 2017-04-04 12:54 - 000059568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
      2018-08-30 23:29 - 2016-04-28 15:24 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
      2018-08-30 23:29 - 2016-04-28 15:24 - 000381560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
      2018-08-30 23:29 - 2016-04-28 15:24 - 000111864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
      2018-08-30 23:29 - 2016-04-28 15:24 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
      2018-08-30 13:39 - 2018-08-29 08:46 - 000077824 ____H C:\Users\Dellssd\Desktop\~WRL3210.tmp
      ==================== Files in the root of some directories =======
      2015-10-21 18:11 - 2015-10-21 18:11 - 130502551 _____ () C:\Program Files\openoffice1.cab
      2015-10-21 18:10 - 2015-10-21 18:10 - 002310144 _____ () C:\Program Files\openoffice412.msi
      2015-10-21 18:10 - 2015-10-21 18:10 - 000478720 _____ () C:\Program Files\setup.exe
      2015-10-21 18:10 - 2015-10-21 18:10 - 000000279 _____ () C:\Program Files\setup.ini
      2016-12-08 14:00 - 2017-03-04 10:53 - 000000132 _____ () C:\Users\Dellssd\AppData\Roaming\Adobe AIFF Format CS6 Prefs
      2016-12-07 08:29 - 2016-12-07 08:29 - 000000146 _____ () C:\Users\Dellssd\AppData\Roaming\gamma_ramp.reg
      2018-09-29 11:31 - 2018-09-29 11:31 - 000001191 _____ () C:\Users\Dellssd\AppData\Roaming\uni.txt
      2017-04-08 21:19 - 2016-03-31 21:40 - 000145792 _____ () C:\Users\Dellssd\AppData\Local\downloader.exe
      2016-04-28 19:38 - 2016-04-28 19:38 - 000000003 ____H () C:\Users\Dellssd\AppData\Local\updater.log
      2016-04-28 19:38 - 2016-04-28 19:38 - 000000424 ____H () C:\Users\Dellssd\AppData\Local\UserProducts.xml
      2016-10-29 12:23 - 2016-10-29 12:23 - 000017408 _____ () C:\Users\Dellssd\AppData\Local\WebpageIcons.db
      2017-02-10 09:00 - 2017-02-10 09:00 - 000000000 _____ () C:\Users\Dellssd\AppData\Local\{DC54C818-2F39-4DF4-A54B-09F3D3BE3CC3}
      Some files in TEMP:
      ====================
      2018-04-09 11:51 - 2018-08-20 12:55 - 062983128 _____ (Softland) C:\Users\Dellssd\AppData\Local\Temp\dopdf-full.exe
      2017-05-15 14:12 - 2017-05-15 14:12 - 003463288 _____ (Gadomotus                                                   ) C:\Users\Dellssd\AppData\Local\Temp\ICReinstall_microsoft_office (1).exe
      2016-10-29 19:52 - 2016-10-30 14:18 - 037642072 _____ (PandoraTV) C:\Users\Dellssd\AppData\Local\Temp\KMP_4.1.3.3.exe
      2017-12-16 10:25 - 2017-12-16 10:25 - 039544976 _____ (PandoraTV) C:\Users\Dellssd\AppData\Local\Temp\KMP_4.2.2.5.exe
      2016-12-06 13:30 - 2016-12-07 08:28 - 048947193 _____ () C:\Users\Dellssd\AppData\Local\Temp\new_version.exe
      2017-10-10 23:42 - 2017-10-10 23:42 - 002163712 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201710104236545.dll
      2017-10-12 10:00 - 2017-10-12 10:00 - 002163712 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017101208259.dll
      2017-10-13 10:42 - 2017-10-13 10:42 - 002163712 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201710134229437.dll
      2017-10-13 10:47 - 2017-10-13 10:47 - 002163712 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171013479979.dll
      2017-10-16 10:13 - 2017-10-16 10:13 - 002163712 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201710161342290.dll
      2017-10-19 23:59 - 2017-10-19 23:59 - 002163712 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201710195926616.dll
      2017-10-24 10:14 - 2017-10-24 10:14 - 002172416 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201710241457563.dll
      2017-10-24 10:09 - 2017-10-24 10:09 - 002163712 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171024911435.dll
      2017-10-02 08:58 - 2017-10-02 08:58 - 002163200 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171025819305.dll
      2017-10-28 08:06 - 2017-10-28 08:06 - 002172416 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171028622139.dll
      2017-10-04 09:31 - 2017-10-04 09:31 - 002163200 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171043113370.dll
      2017-10-05 09:53 - 2017-10-05 09:53 - 002163200 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017105532580.dll
      2017-10-06 09:16 - 2017-10-06 09:16 - 002163200 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171061623730.dll
      2017-10-06 23:52 - 2017-10-06 23:52 - 002163712 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171065224505.dll
      2017-10-07 09:54 - 2017-10-07 09:54 - 002163712 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171075447890.dll
      2017-10-09 10:23 - 2017-10-09 10:23 - 002163712 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171092328422.dll
      2017-11-10 11:43 - 2017-11-10 11:43 - 002172416 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201711104321386.dll
      2017-11-01 10:23 - 2017-11-01 10:23 - 002172416 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171112339856.dll
      2017-11-02 00:52 - 2017-11-02 00:52 - 002172416 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171115225368.dll
      2017-11-17 12:11 - 2017-11-17 12:11 - 002172416 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171117111267.dll
      2017-11-18 19:17 - 2017-11-18 19:17 - 002172416 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201711181734927.dll
      2017-11-21 00:46 - 2017-11-21 00:46 - 002230784 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017112046238.dll
      2017-11-23 00:46 - 2017-11-23 00:46 - 002230784 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201711224618694.dll
      2017-11-25 09:12 - 2017-11-25 09:12 - 002230784 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201711251244928.dll
      2017-11-27 10:16 - 2017-11-27 10:16 - 002230784 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201711271659784.dll
      2017-11-06 09:42 - 2017-11-06 09:42 - 002172416 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171164236192.dll
      2017-11-08 10:10 - 2017-11-08 10:10 - 002172416 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017118103184.dll
      2017-11-09 00:50 - 2017-11-09 00:50 - 002172416 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171185049290.dll
      2017-12-11 11:10 - 2017-12-11 11:10 - 002230784 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171211109386.dll
      2017-12-16 10:08 - 2017-12-16 10:08 - 002230784 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171216841406.dll
      2017-12-20 10:30 - 2017-12-20 10:30 - 002230784 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171220300768.dll
      2017-12-21 09:59 - 2017-12-21 09:59 - 002228736 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171221599557.dll
      2017-12-25 11:52 - 2017-12-25 11:52 - 002228736 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201712255220697.dll
      2017-12-27 10:46 - 2017-12-27 10:46 - 002228736 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201712274620418.dll
      2017-12-28 10:30 - 2017-12-28 10:30 - 002228736 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171228304823.dll
      2017-12-30 09:54 - 2017-12-30 09:54 - 002228736 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201712305435151.dll
      2017-12-06 11:04 - 2017-12-06 11:04 - 002230784 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017126459962.dll
      2017-05-16 23:45 - 2017-05-16 23:45 - 001980416 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20175164533688.dll
      2017-05-19 08:44 - 2017-05-19 08:44 - 002008064 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20175194420141.dll
      2017-05-20 06:44 - 2017-05-20 06:44 - 002008064 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20175204459667.dll
      2017-05-24 09:17 - 2017-05-24 09:17 - 002008064 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017524175694.dll
      2017-05-29 08:07 - 2017-05-29 08:07 - 002008064 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20175297735.dll
      2017-06-13 07:40 - 2017-06-13 07:40 - 002011648 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20176134013374.dll
      2017-06-13 23:42 - 2017-06-13 23:42 - 002011648 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017613428192.dll
      2017-06-16 08:07 - 2017-06-16 08:07 - 002011648 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017616745230.dll
      2017-06-17 20:54 - 2017-06-17 20:54 - 002011648 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20176175444375.dll
      2017-06-20 12:39 - 2017-06-20 12:39 - 002011648 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017620392713.dll
      2017-06-22 07:31 - 2017-06-22 07:31 - 002011648 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20176223128826.dll
      2017-06-30 08:43 - 2017-06-30 08:43 - 002011648 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017630439814.dll
      2017-06-05 13:34 - 2017-06-05 13:34 - 002011648 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017653419350.dll
      2017-06-06 23:39 - 2017-06-06 23:39 - 002011648 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017663958437.dll
      2017-06-08 18:49 - 2017-06-08 18:49 - 002011648 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017684938352.dll
      2017-07-10 18:05 - 2017-07-10 18:05 - 001972736 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017710548407.dll
      2017-07-14 18:41 - 2017-07-14 18:41 - 001973248 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017714411279.dll
      2017-07-18 23:54 - 2017-07-18 23:54 - 001973248 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20177185419573.dll
      2017-07-21 05:15 - 2017-07-21 05:15 - 001973760 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20177211525566.dll
      2017-07-27 09:55 - 2017-07-27 09:55 - 001973760 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20177275517760.dll
      2017-07-28 04:57 - 2017-07-28 04:57 - 001973760 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20177285736189.dll
      2017-07-03 08:19 - 2017-07-03 08:19 - 001972736 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017731946996.dll
      2017-07-04 09:07 - 2017-07-04 09:07 - 001972736 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201774732193.dll
      2017-08-01 08:38 - 2017-08-01 08:38 - 001973760 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201781381180.dll
      2017-08-16 05:06 - 2017-08-16 05:06 - 001973760 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017816647150.dll
      2017-08-18 04:56 - 2017-08-18 04:56 - 001999360 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20178185624580.dll
      2017-08-20 07:53 - 2017-08-20 07:53 - 001999360 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20178205358978.dll
      2017-08-23 09:46 - 2017-08-23 09:46 - 001999360 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20178234653479.dll
      2017-08-26 09:05 - 2017-08-26 09:05 - 001999360 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017826549919.dll
      2017-08-31 08:56 - 2017-08-31 08:56 - 001999872 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017831561686.dll
      2017-08-05 07:40 - 2017-08-05 07:40 - 001973760 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017854013409.dll
      2017-08-06 22:28 - 2017-08-06 22:28 - 001973760 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017862837477.dll
      2017-08-09 09:31 - 2017-08-09 09:31 - 001973760 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017893159204.dll
      2017-09-14 08:52 - 2017-09-14 08:52 - 001999872 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20179145250727.dll
      2017-09-20 08:56 - 2017-09-20 08:56 - 001999872 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20179205616444.dll
      2017-09-02 09:04 - 2017-09-02 09:04 - 001999872 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201792421331.dll
      2017-09-26 11:48 - 2017-09-26 11:48 - 001999872 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20179264854497.dll
      2017-09-28 00:05 - 2017-09-28 00:05 - 001999872 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017927529360.dll
      2017-09-07 04:56 - 2017-09-07 04:56 - 001999872 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017975639972.dll
      2018-01-16 10:06 - 2018-01-16 10:06 - 002329600 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201811662581.dll
      2018-01-18 00:32 - 2018-01-18 00:32 - 002329600 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20181173214934.dll
      2018-01-19 00:31 - 2018-01-19 00:31 - 002329600 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20181183124471.dll
      2018-01-21 11:17 - 2018-01-21 11:17 - 002329600 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20181211757955.dll
      2018-01-04 11:38 - 2018-01-04 11:38 - 002228736 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2018143847667.dll
      2018-01-07 08:59 - 2018-01-07 08:59 - 002228736 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2018175955849.dll
      2018-01-09 10:29 - 2018-01-09 10:29 - 002228736 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2018192959337.dll
      2010-06-17 17:09 - 2010-06-17 17:09 - 000149352 ____R (Microsoft Corporation) C:\Users\Dellssd\AppData\Local\Temp\ose00000.exe
      2012-11-10 21:20 - 2012-11-10 21:20 - 000150600 ____R (Microsoft Corporation) C:\Users\Dellssd\AppData\Local\Temp\ose00001.exe
      2008-11-16 13:38 - 2008-11-16 13:38 - 000145184 ____R (Microsoft Corporation) C:\Users\Dellssd\AppData\Local\Temp\ose00002.exe
      2010-06-17 17:09 - 2010-06-17 17:09 - 000149352 ____R (Microsoft Corporation) C:\Users\Dellssd\AppData\Local\Temp\ose00003.exe
      2016-08-16 10:48 - 2016-08-16 10:48 - 000488960 _____ () C:\Users\Dellssd\AppData\Local\Temp\sqlite3.exe
      2017-04-22 19:34 - 2017-04-22 19:34 - 000181544 _____ () C:\Users\Dellssd\AppData\Local\Temp\ubar-yadownloader.exe
      2017-03-15 22:10 - 2017-03-15 22:10 - 014456872 _____ (Microsoft Corporation) C:\Users\Dellssd\AppData\Local\Temp\vc_redist.x86.exe
      2017-08-13 12:15 - 2017-08-13 12:15 - 030950664 _____ () C:\Users\Dellssd\AppData\Local\Temp\vlc-2.2.6-win32.exe
      2017-04-14 13:05 - 2017-04-14 13:05 - 000349280 _____ (Lavasoft) C:\Users\Dellssd\AppData\Local\Temp\WcInstaller.exe
      2017-04-22 21:17 - 2017-03-27 12:10 - 000237920 _____ () C:\Users\Dellssd\AppData\Local\Temp\YandexWorking.exe
      2017-03-30 21:07 - 2017-03-30 21:07 - 061980664 _____ (YANDEX LLC) C:\Users\Dellssd\AppData\Local\Temp\{13BD144E-5CAE-445E-ACAC-B02F6DDCF43E}.exe
      2016-10-20 12:07 - 2016-10-20 12:07 - 044295032 _____ (Google Inc.) C:\Users\Dellssd\AppData\Local\Temp\{486E4B52-BB14-452C-9A04-353419ACD5E8}-54.0.2840.71_chrome_installer.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-09-25 14:59
      ==================== End of FRST.txt ============================
      Addition.txt
    • от ivan_dimitrov26
      Добър ден. От няколко дни след зареждане на Windows-а се зарежда Chromuim (подобен на Google Chrome). Предполагам, че е влязъл с инсталиране на друга програма. Сканирах с Аваст, но не намери нищо. Компютърът е с по-стара операционна система, но се използва рядко.
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06.10.2018
      Ran by Administrator (administrator) on V002-16032D283A (09-10-2018 12:51:00)
      Running from C:\Documents and Settings\Administrator\Desktop
      Loaded Profiles: Administrator (Available Profiles: Administrator)
      Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
      Internet Explorer Version 8 (Default browser: IE)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
      (Samsung Electronics.) C:\WINDOWS\Samsung\ComSMMgr\SSMMgr.exe
      (Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
      (Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
      (NewSoft Technology Corporation) C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe
      (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
      (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
      () C:\WINDOWS\Datecs\FType2K.exe
      (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
      (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
      (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
      (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
      (Google Inc.) C:\Program Files\Chrome\chrome32_49.0.2623.75\chrome.exe
      (Google Inc.) C:\Program Files\Chrome\chrome32_49.0.2623.75\chrome.exe
      (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
      (Google Inc.) C:\Program Files\Chrome\chrome32_49.0.2623.75\chrome.exe
      (Google Inc.) C:\Program Files\Chrome\chrome32_49.0.2623.75\chrome.exe
      (Google Inc.) C:\Program Files\Chrome\chrome32_49.0.2623.75\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      HKLM\...\Run: [nwiz] => nwiz.exe /install
      HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
      HKLM\...\Run: [Samsung Common SM] => C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe [372736 2005-07-03] (Samsung Electronics.)
      HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2005-01-12] (Cyberlink Corp.)
      HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-05-20] (Analog Devices, Inc.)
      HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [716800 2005-09-07] (Analog Devices, Inc.)
      HKLM\...\Run: [Smart Start UP] => C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe [104528 2007-04-27] (NewSoft Technology Corporation)
      HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-10-09] (AVAST Software)
      HKU\S-1-5-21-2025429265-842925246-1177238915-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27716568 2017-05-05] (Skype Technologies S.A.)
      HKU\S-1-5-21-2025429265-842925246-1177238915-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\MSMSGS.EXE [1507600 2002-10-17] (Microsoft Corporation)
      HKU\S-1-5-21-2025429265-842925246-1177238915-500\...\Run: [Chromium] => c:\documents and settings\administrator\local settings\application data\chromium\application\chrome.exe [666624 2015-07-30] (The Chromium Authors)
      SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
      Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk [2018-10-06]
      ShortcutTarget: FlexType 2K.lnk -> C:\WINDOWS\Datecs\FType2K.exe ()
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{15E2290D-8571-410D-8D3C-128B92D7A9B4}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
      HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
      HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
      HKU\S-1-5-21-2025429265-842925246-1177238915-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avast.com/AV772/
      HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
      HKU\S-1-5-21-2025429265-842925246-1177238915-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
      HKU\S-1-5-21-2025429265-842925246-1177238915-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avast.com/AV772/
      HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION
      SearchScopes: HKLM -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
      SearchScopes: HKLM -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
      SearchScopes: HKU\S-1-5-21-2025429265-842925246-1177238915-500 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
      SearchScopes: HKU\S-1-5-21-2025429265-842925246-1177238915-500 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
      BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
      Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
      StartMenuInternet: IEXPLORE.EXE - iexplore.exe
      FireFox:
      ========
      FF DefaultProfile: wykzwtrk.default
      FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wykzwtrk.default [2018-10-09]
      FF Homepage: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wykzwtrk.default -> hxxps://www.gbg.bg/
      FF Extension: (Avast Online Security) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wykzwtrk.default\Extensions\wrc@avast.com.xpi [2018-10-09]
      FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
      FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2018-10-05] [Legacy] [not signed]
      FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
      StartMenuInternet: FIREFOX.EXE - firefox.exe
      Chrome: 
      =======
      CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default [2018-10-09]
      CHR Extension: (Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-04]
      CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-04]
      CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-04]
      CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-04]
      CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-04]
      CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-10-04]
      StartMenuInternet: chrome.exe - C:\Program Files\Chrome\chrome32_49.0.2623.75\chrome.exe
      StartMenuInternet: Google Chrome - C:\Program Files\Chrome\chrome32_49.0.2623.75\chrome.exe
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6488376 2018-10-09] (AVAST Software)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-10-09] (AVAST Software)
      S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [File not signed]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R3 AEAudioService; C:\WINDOWS\System32\drivers\AEAudio.sys [127872 2005-03-04] (Andrea Electronics Corporation)
      R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [167552 2018-10-09] (AVAST Software)
      R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [188336 2018-10-09] (AVAST Software)
      R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [164944 2018-10-09] (AVAST Software)
      R0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [284320 2018-10-09] (AVAST Software)
      R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [57968 2018-10-09] (AVAST Software)
      R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [196008 2018-10-09] (AVAST Software)
      S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42808 2018-10-09] (AVAST Software)
      R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [135376 2018-10-09] (AVAST Software)
      R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [70840 2018-10-09] (AVAST Software)
      R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [73264 2018-10-09] (AVAST Software)
      R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [784112 2018-10-09] (AVAST Software)
      R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [396536 2018-10-09] (AVAST Software)
      R3 aswStmXP; C:\WINDOWS\System32\drivers\aswStmXP.sys [206976 2018-10-09] (AVAST Software)
      R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [311328 2018-10-09] (AVAST Software)
      R2 DgiVecp; C:\WINDOWS\System32\Drivers\DgiVecp.sys [41984 2005-03-14] (DeviceGuys, Inc.) [File not signed]
      R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
      R3 HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [907456 2001-08-17] (Conexant)
      R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [14184 2014-02-12] (Marvell Semiconductor Inc.)
      R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2014-02-12] (Marvell Semiconductor Inc.) [File not signed]
      R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [14184 2014-02-12] (Marvell Semiconductor Inc.)
      R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [20016 2003-10-28] (Sonic Solutions) [File not signed]
      R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [393088 2005-08-11] (Sensaura)
      R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [299424 2012-03-27] (Marvell)
      S4 IntelIde; no ImagePath
      U1 WS2IFSL; no ImagePath
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-10-09 12:51 - 2018-10-09 12:51 - 000012972 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
      2018-10-09 12:50 - 2018-10-09 12:51 - 000000000 ____D C:\FRST
      2018-10-09 12:47 - 2018-10-09 12:49 - 001774592 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
      2018-10-09 08:45 - 2018-10-09 08:45 - 000000000 ____D C:\WINDOWS\CSC
      2018-10-09 08:42 - 2018-10-09 08:42 - 000323288 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
      2018-10-09 08:33 - 2018-10-09 08:33 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\AVAST Software
      2018-10-09 08:32 - 2018-10-09 08:32 - 000001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
      2018-10-09 08:32 - 2018-10-09 08:32 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
      2018-10-09 08:31 - 2018-10-09 12:43 - 000000310 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
      2018-10-09 08:30 - 2018-10-09 08:43 - 000396536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
      2018-10-09 08:30 - 2018-10-09 08:43 - 000206976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
      2018-10-09 08:30 - 2018-10-09 08:43 - 000135376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
      2018-10-09 08:30 - 2018-10-09 08:43 - 000073264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
      2018-10-09 08:30 - 2018-10-09 08:42 - 000784112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
      2018-10-09 08:30 - 2018-10-09 08:42 - 000311328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
      2018-10-09 08:30 - 2018-10-09 08:42 - 000196008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
      2018-10-09 08:30 - 2018-10-09 08:42 - 000167552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
      2018-10-09 08:30 - 2018-10-09 08:42 - 000070840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
      2018-10-09 08:30 - 2018-10-09 08:42 - 000042808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
      2018-10-09 08:30 - 2018-10-09 08:41 - 000284320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblogx.sys
      2018-10-09 08:30 - 2018-10-09 08:41 - 000188336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
      2018-10-09 08:30 - 2018-10-09 08:41 - 000164944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidshx.sys
      2018-10-09 08:30 - 2018-10-09 08:41 - 000057968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbunivx.sys
      2018-10-09 08:29 - 2018-10-09 08:29 - 000000000 ____D C:\Program Files\AVAST Software
      2018-10-08 13:13 - 2018-10-08 13:14 - 000000099 _____ C:\WINDOWS\Reimage.ini
      2018-10-08 13:13 - 2018-10-08 13:13 - 000000000 ____D C:\rei
      2018-10-07 09:40 - 2018-10-07 09:40 - 000000043 _____ C:\Documents and Settings\NetworkService\Application Data\WB.CFG
      2018-10-06 14:51 - 2018-10-06 14:51 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\CEF
      2018-10-06 14:48 - 2018-10-09 09:02 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\AVAST Software
      2018-10-06 14:46 - 2018-10-06 14:46 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
      2018-10-06 14:45 - 2018-10-06 14:45 - 000000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
      2018-10-06 14:45 - 2008-11-07 18:55 - 000016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
      2018-10-06 14:44 - 2018-10-06 14:43 - 001142072 _____ (Microsoft Corporation) C:\WINDOWS\ucrtbase.dll
      2018-10-06 14:42 - 2018-10-06 14:42 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Media Player Classic
      2018-10-06 14:41 - 2018-10-06 14:42 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\chromium
      2018-10-06 14:40 - 2018-10-08 13:58 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Namek
      2018-10-06 14:39 - 2018-10-09 12:32 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
      2018-10-06 14:39 - 2018-10-06 14:39 - 000000717 _____ C:\Documents and Settings\All Users\Desktop\Crystal Player.lnk
      2018-10-06 14:39 - 2018-10-06 14:39 - 000000000 ____D C:\Program Files\Crystal Player
      2018-10-06 14:39 - 2018-10-06 14:39 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Crystal Player
      2018-10-06 14:39 - 2018-10-06 14:39 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Crystal Player
      2018-10-06 14:37 - 2018-10-06 14:37 - 000000940 _____ C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
      2018-10-06 14:37 - 2018-10-06 14:37 - 000000000 ____D C:\Program Files\K-Lite Codec Pack
      2018-10-06 14:37 - 2018-10-06 14:37 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
      2018-10-06 14:37 - 2006-09-13 23:14 - 000593938 _____ C:\WINDOWS\system32\x264vfw.dll
      2018-10-06 14:37 - 2006-07-05 20:02 - 000005120 _____ C:\WINDOWS\system32\ff_vfw.dll
      2018-10-06 14:37 - 2006-07-03 23:40 - 000620180 _____ (DivX, Inc.) C:\WINDOWS\system32\divx.dll
      2018-10-06 14:37 - 2006-06-21 12:42 - 001044480 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\WINDOWS\system32\libdivx.dll
      2018-10-06 14:37 - 2006-06-21 12:42 - 000200704 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\WINDOWS\system32\ssldivx.dll
      2018-10-06 14:37 - 2006-05-25 00:47 - 003596288 _____ C:\WINDOWS\system32\qt-dx331.dll
      2018-10-06 14:37 - 2006-05-25 00:46 - 000200704 _____ (DivXNetworks) C:\WINDOWS\system32\dtu100.dll
      2018-10-06 14:37 - 2006-05-13 23:16 - 000118784 _____ (fccHandler) C:\WINDOWS\system32\ac3acm.acm
      2018-10-06 14:37 - 2006-04-20 16:00 - 000856064 _____ C:\WINDOWS\system32\xvidcore.dll
      2018-10-06 14:37 - 2006-04-08 03:13 - 000090112 _____ (DivXNetworks) C:\WINDOWS\system32\dpl100.dll
      2018-10-06 14:37 - 2006-02-27 15:30 - 000217088 _____ C:\WINDOWS\system32\xvidvfw.dll
      2018-10-06 14:37 - 2005-02-24 18:56 - 000000547 _____ C:\WINDOWS\system32\ff_vfw.dll.manifest
      2018-10-06 14:37 - 2003-06-23 02:44 - 001415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMV9VCM.dll
      2018-10-06 14:26 - 2018-10-06 14:26 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Datecs Applications
      2018-10-06 14:20 - 2018-10-06 14:20 - 000000763 _____ C:\Documents and Settings\Administrator\Desktop\BSPlayer.lnk
      2018-10-06 14:20 - 2018-10-06 14:20 - 000000000 ____D C:\Program Files\Webteh
      2018-10-06 14:20 - 2018-10-06 14:20 - 000000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\Webteh
      2018-10-06 09:28 - 2018-10-06 14:57 - 000000654 _____ C:\Documents and Settings\Administrator\Desktop\Winamp.lnk
      2018-10-06 09:28 - 2018-10-06 14:57 - 000000000 ____D C:\Program Files\Winamp
      2018-10-06 09:28 - 2018-10-06 09:28 - 000000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\Winamp
      2018-10-05 12:45 - 2018-10-05 12:45 - 000053248 _____ C:\WINDOWS\system32\zlib.dll
      2018-10-05 09:04 - 2018-10-05 09:04 - 000001106 _____ C:\Documents and Settings\Administrator\Desktop\Nero Burning ROM.lnk
      2018-10-05 09:02 - 2018-10-05 09:03 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Nero
      2018-10-05 09:02 - 2018-10-05 09:02 - 000000000 ____D C:\Program Files\Common Files\Ahead
      2018-10-05 09:02 - 2004-03-03 20:30 - 000125184 _____ (Ahead Software AG) C:\WINDOWS\system32\Drivers\imagesrv.sys
      2018-10-05 09:02 - 2004-03-03 20:30 - 000005504 _____ (Ahead Software AG) C:\WINDOWS\system32\Drivers\imagedrv.sys
      2018-10-05 09:02 - 2001-07-09 10:50 - 000155648 _____ (Ahead Software Gmbh) C:\WINDOWS\system32\NeroCheck.exe
      2018-10-05 09:02 - 2001-07-06 17:24 - 000283920 _____ (Pegasus Software, LLC) C:\WINDOWS\system32\ImagXpr5.dll
      2018-10-05 09:02 - 2001-07-06 13:41 - 000569344 _____ (Pegasus Software,LLC) C:\WINDOWS\system32\imagr5.dll
      2018-10-05 09:02 - 2001-07-06 11:44 - 000544768 _____ (Pegasus Software, LLC) C:\WINDOWS\system32\imagx5.dll
      2018-10-05 09:02 - 2001-06-26 07:15 - 000038912 _____ (Pegasus Imaging Corp.) C:\WINDOWS\system32\picn20.dll
      2018-10-05 09:02 - 2000-06-26 10:45 - 000106496 _____ (Pegasus Software) C:\WINDOWS\system32\TwnLib20.dll
      2018-10-05 08:52 - 2018-10-05 08:52 - 000000000 ____D C:\Program Files\MSECache
      2018-10-05 08:45 - 2018-10-05 08:45 - 000000000 ____D C:\Documents and Settings\Administrator\My Documents\My Skype Received Files
      2018-10-05 08:45 - 2018-10-05 08:45 - 000000000 ____D C:\Documents and Settings\Administrator\My Documents\My Skype Pictures
      2018-10-05 08:45 - 2018-10-05 08:45 - 000000000 ____D C:\Documents and Settings\Administrator\My Documents\My Skype Content
      2018-10-05 08:36 - 2018-10-05 08:36 - 000154568 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
      2018-10-05 08:35 - 2018-10-05 08:35 - 000000000 ____D C:\WINDOWS\system32\XPSViewer
      2018-10-05 08:34 - 2018-10-05 08:34 - 000000000 ____D C:\Program Files\Reference Assemblies
      2018-10-05 08:34 - 2018-10-05 08:34 - 000000000 ____D C:\Program Files\MSBuild
      2018-10-05 08:34 - 2008-11-07 18:55 - 000026144 _____ (Microsoft Corporation) C:\WINDOWS\system32\spupdsvc.exe
      2018-10-05 08:34 - 2008-07-06 15:06 - 001676288 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpssvcs.dll
      2018-10-05 08:34 - 2008-07-06 15:06 - 001676288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpssvcs.dll
      2018-10-05 08:34 - 2008-07-06 15:06 - 000575488 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsshhdr.dll
      2018-10-05 08:34 - 2008-07-06 15:06 - 000575488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpsshhdr.dll
      2018-10-05 08:34 - 2008-07-06 15:06 - 000117760 ____N (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
      2018-10-05 08:34 - 2008-07-06 15:06 - 000089088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
      2018-10-05 08:34 - 2008-07-06 13:50 - 000597504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
      2018-10-05 08:34 - 2007-11-30 15:39 - 000017272 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
      2018-10-05 08:33 - 2018-10-05 08:33 - 000000829 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
      2018-10-05 08:33 - 2018-10-05 08:33 - 000000000 ____D C:\Program Files\Messenger
      2018-10-05 08:31 - 2018-10-05 08:31 - 000000000 ____D C:\Program Files\Microsoft .NET Micro Framework
      2018-10-05 08:28 - 2018-10-05 08:28 - 000000853 _____ C:\Documents and Settings\All Users\Desktop\PDFArchitect.lnk
      2018-10-05 08:28 - 2018-10-05 08:28 - 000000706 _____ C:\Documents and Settings\All Users\Desktop\PDFCreator.lnk
      2018-10-05 08:28 - 2018-10-05 08:28 - 000000000 ____D C:\Program Files\PDFCreator
      2018-10-05 08:28 - 2018-10-05 08:28 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PDFCreator
      2018-10-05 08:28 - 2018-10-05 08:28 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\pdfforge
      2018-10-05 08:28 - 2012-03-05 21:04 - 000054272 _____ (pdfforge GbR) C:\WINDOWS\system32\pdfcmon.dll
      2018-10-05 08:27 - 2018-10-05 08:27 - 000000000 ____D C:\WINDOWS\system32\appmgmt
      2018-10-04 14:04 - 2018-10-04 14:04 - 000000738 _____ C:\Documents and Settings\Administrator\Desktop\Outlook Express.lnk
      2018-10-04 14:03 - 2018-10-04 14:03 - 000002016 _____ C:\Documents and Settings\Administrator\Desktop\Microsoft Office PowerPoint 2003 (2).lnk
      2018-10-04 12:43 - 2018-10-04 12:43 - 000001527 _____ C:\Documents and Settings\Administrator\Desktop\Tour Windows XP.lnk
      2018-10-04 12:37 - 2018-10-04 12:37 - 000000702 _____ C:\Documents and Settings\All Users\Desktop\MozBackup.lnk
      2018-10-04 12:37 - 2018-10-04 12:37 - 000000000 ____D C:\Program Files\MozBackup
      2018-10-04 12:37 - 2018-10-04 12:37 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\MozBackup
      2018-10-04 12:37 - 2018-09-29 12:42 - 000000775 _____ C:\Documents and Settings\Administrator\My Documents\indexfile.txt
      2018-10-04 12:34 - 2018-10-08 08:43 - 000000000 ____D C:\Documents and Settings\Administrator\My Documents\Изтегляния
      2018-10-04 12:30 - 2018-10-04 12:30 - 000000754 _____ C:\Documents and Settings\All Users\Desktop\YoWindow.lnk
      2018-10-04 12:30 - 2018-10-04 12:30 - 000000000 ____D C:\Program Files\YoWindow
      2018-10-04 12:30 - 2018-10-04 12:30 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\YoWindow
      2018-10-04 12:30 - 2018-10-04 12:30 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\YoWindow
      2018-10-04 12:28 - 2018-10-04 12:28 - 000001487 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Explorer (2).lnk
      2018-10-04 12:25 - 2018-10-04 12:25 - 000000784 _____ C:\Documents and Settings\Administrator\Desktop\ESET Online Scanner.lnk
      2018-10-04 12:20 - 2018-10-04 12:20 - 000000000 ____D C:\Program Files\Marvell
      2018-10-04 12:20 - 2012-03-27 17:48 - 000299424 _____ (Marvell) C:\WINDOWS\system32\Drivers\yk51x86.sys
      2018-10-04 08:51 - 2018-10-09 09:05 - 000000000 ____D C:\Documents and Settings\Administrator\My Documents\My Photo
      2018-10-04 08:48 - 2018-10-06 14:25 - 000002497 _____ C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003 (2).lnk
      2018-10-04 08:48 - 2018-10-04 08:48 - 000002044 _____ C:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2003 (2).lnk
      2018-10-04 08:46 - 2018-10-09 09:22 - 000000192 _____ C:\WINDOWS\winamp.ini
      2018-10-04 08:46 - 2018-10-04 08:46 - 000001826 _____ C:\Documents and Settings\All Users\Desktop\Presto! Mr. Photo 4.lnk
      2018-10-04 08:46 - 2003-10-29 03:34 - 000462848 ____N (Sonic Solutions) C:\WINDOWS\system32\px.dll
      2018-10-04 08:46 - 2003-10-29 03:33 - 000286720 ____N (Sonic Solutions) C:\WINDOWS\system32\pxwave.dll
      2018-10-04 08:46 - 2003-10-29 03:33 - 000143360 ____N (Sonic Solutions) C:\WINDOWS\system32\pxmas.dll
      2018-10-04 08:46 - 2003-10-28 13:02 - 000053248 ____N C:\WINDOWS\system32\pxhpinst.exe
      2018-10-04 08:46 - 2003-10-28 13:02 - 000020016 ____N (Sonic Solutions) C:\WINDOWS\system32\Drivers\pxhelp20.sys
      2018-10-04 08:46 - 2003-10-27 12:00 - 000319488 ____N (Sonic Solutions) C:\WINDOWS\system32\pxdrv.dll
      2018-10-04 08:46 - 2003-10-14 12:00 - 000028672 ____N (Sonic Solutions) C:\WINDOWS\system32\vxblock.dll
      2018-10-04 08:45 - 2018-10-04 08:45 - 000000000 ____D C:\Program Files\NewSoft
      2018-10-04 08:45 - 2018-10-04 08:45 - 000000000 ____D C:\Program Files\Common Files\NewSoft
      2018-10-04 08:45 - 2018-10-04 08:45 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\NewSoft
      2018-10-04 08:45 - 2018-10-04 08:45 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Newsoft
      2018-10-04 08:45 - 2018-10-04 08:45 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\NewSoft
      2018-10-04 08:45 - 1998-06-17 00:00 - 000385100 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVCRTD.DLL
      2018-10-04 08:43 - 2018-10-04 08:43 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Canon
      2018-10-04 08:42 - 2018-10-04 08:42 - 000000000 ___HD C:\CanoScan
      2018-10-04 08:42 - 2018-10-04 08:42 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Canon
      2018-10-04 08:42 - 2013-07-03 01:59 - 000014976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys
      2018-10-04 08:42 - 2013-07-03 01:59 - 000014976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys
      2018-10-04 08:42 - 2005-06-23 22:17 - 000352256 _____ (CANON INC.) C:\WINDOWS\system32\CNQL1213.DLL
      2018-10-04 08:42 - 2005-02-28 13:20 - 000057344 _____ (CANON INC.) C:\WINDOWS\system32\CNQU110.DLL
      2018-10-04 08:38 - 2018-10-09 12:42 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Skype
      2018-10-04 08:38 - 2018-10-05 13:45 - 000002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
      2018-10-04 08:38 - 2018-10-04 08:38 - 000000000 ___RD C:\Program Files\Skype
      2018-10-04 08:38 - 2018-10-04 08:38 - 000000000 ____D C:\Program Files\Common Files\Skype
      2018-10-04 08:38 - 2018-10-04 08:38 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
      2018-10-04 08:38 - 2018-10-04 08:38 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
      2018-10-04 08:38 - 2018-10-04 08:38 - 000000000 ____D C:\Documents and Settings\Administrator\Tracing
      2018-10-04 08:37 - 2018-10-08 12:43 - 000170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
      2018-10-04 08:37 - 2018-10-05 13:43 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
      2018-10-04 08:37 - 2018-10-04 08:37 - 000000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
      2018-10-04 08:37 - 2018-10-04 08:37 - 000000000 ____D C:\Program Files\Malwarebytes Anti-Malware
      2018-10-04 08:37 - 2018-10-04 08:37 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
      2018-10-04 08:37 - 2018-10-04 08:37 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2018-10-04 08:37 - 2016-03-10 14:09 - 000123264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
      2018-10-04 08:37 - 2016-03-10 14:08 - 000024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
      2018-10-04 08:36 - 2018-10-06 14:51 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc
      2018-10-04 08:36 - 2018-10-04 08:36 - 000000000 ____D C:\Program Files\VideoLAN
      2018-10-04 08:31 - 2018-10-04 08:31 - 000000000 ____D C:\Program Files\FinalWire
      2018-10-04 08:31 - 2018-10-04 08:31 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\FinalWire
      2018-10-03 18:55 - 2018-10-03 18:55 - 000000301 _____ C:\Documents and Settings\Administrator\Desktop\Shortcut to Sounds and Audio Devices.lnk
      2018-10-03 18:47 - 2018-10-05 12:33 - 000000000 ___RD C:\Documents and Settings\Administrator\Desktop\New Briefcase
      2018-10-03 18:35 - 2008-04-13 22:47 - 000083072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wdmaud.sys
      2018-10-03 18:35 - 2008-04-13 22:47 - 000083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdmaud.sys
      2018-10-03 18:35 - 2008-04-13 22:15 - 000006272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\splitter.sys
      2018-10-03 18:35 - 2008-04-13 22:15 - 000006272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\splitter.sys
      2018-10-03 18:34 - 2018-10-03 18:34 - 000000000 ____D C:\Program Files\Analog Devices
      2018-10-03 18:34 - 2018-10-03 18:34 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SoundMAX
      2018-10-03 18:34 - 2008-04-14 03:42 - 000129536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ksproxy.ax
      2018-10-03 18:34 - 2008-04-14 03:42 - 000129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
      2018-10-03 18:34 - 2008-04-14 03:41 - 000004096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ksuser.dll
      2018-10-03 18:34 - 2008-04-14 03:41 - 000004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksuser.dll
      2018-10-03 18:34 - 2008-04-13 22:45 - 000060800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sysaudio.sys
      2018-10-03 18:34 - 2008-04-13 22:45 - 000060800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sysaudio.sys
      2018-10-03 18:34 - 2008-04-13 22:15 - 000172416 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kmixer.sys
      2018-10-03 18:34 - 2008-04-13 22:15 - 000172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kmixer.sys
      2018-10-03 18:34 - 2008-04-13 22:15 - 000060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\drmk.sys
      2018-10-03 18:34 - 2008-04-13 22:15 - 000060160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys
      2018-10-03 18:34 - 2008-04-13 22:15 - 000056576 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\swmidi.sys
      2018-10-03 18:34 - 2008-04-13 22:15 - 000056576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swmidi.sys
      2018-10-03 18:34 - 2008-04-13 22:15 - 000052864 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dmusic.sys
      2018-10-03 18:34 - 2008-04-13 22:15 - 000052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\DMusic.sys
      2018-10-03 18:34 - 2008-04-13 22:15 - 000002944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\drmkaud.sys
      2018-10-03 18:34 - 2008-04-13 22:15 - 000002944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmkaud.sys
      2018-10-03 18:34 - 2008-04-13 22:09 - 000007552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mskssrv.sys
      2018-10-03 18:34 - 2008-04-13 22:09 - 000007552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSKSSRV.sys
      2018-10-03 18:34 - 2008-04-13 22:09 - 000005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mspclock.sys
      2018-10-03 18:34 - 2008-04-13 22:09 - 000005376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSPCLOCK.sys
      2018-10-03 18:34 - 2008-04-13 22:09 - 000004992 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mspqm.sys
      2018-10-03 18:34 - 2008-04-13 22:09 - 000004992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSPQM.sys
      2018-10-03 18:34 - 2008-04-13 20:09 - 000142592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aec.sys
      2018-10-03 18:34 - 2008-04-13 20:09 - 000142592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\aec.sys
      2018-10-03 18:34 - 2008-03-21 11:35 - 000146048 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\portcls.sys
      2018-10-03 18:34 - 2008-03-21 11:35 - 000146048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
      2018-10-03 18:34 - 2005-09-26 16:20 - 000049152 _____ (Analog Devices Inc.) C:\WINDOWS\system32\DSndUp.exe
      2018-10-03 18:34 - 2005-05-04 09:20 - 000053248 ____N (Analog Devices Inc.) C:\WINDOWS\system32\wdmioctl.dll
      2018-10-03 18:34 - 2002-04-17 15:05 - 000045056 ____N (adi) C:\WINDOWS\system32\CleanUp.exe
      2018-10-03 18:34 - 2001-09-11 15:20 - 001285632 ____N (Analog Devices) C:\WINDOWS\system32\SMMedia.dll
      2018-10-03 18:31 - 2018-10-03 18:31 - 000000000 ____D C:\Program Files\Realtek
      2018-10-03 18:31 - 2018-10-03 18:31 - 000000000 ____D C:\Program Files\Intel Desktop Board
      2018-10-03 18:30 - 2018-10-07 09:22 - 000069800 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2018-10-03 18:30 - 2018-10-03 18:30 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\DriverDR.com
      2018-10-03 14:32 - 2018-10-03 14:22 - 000000804 _____ C:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk
      2018-10-03 14:29 - 2018-10-03 14:29 - 000001487 _____ C:\Documents and Settings\All Users\Desktop\ICQ6.5.lnk
      2018-10-03 14:29 - 2018-10-03 14:29 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ICQ6.5
      2018-10-03 14:28 - 2018-10-08 09:25 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\ICQ
      2018-10-03 14:28 - 2018-10-03 14:49 - 000000000 ____D C:\Program Files\ICQ6.5
      2018-10-03 14:28 - 2018-10-03 14:28 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\ICQ
      2018-10-03 14:27 - 2018-10-03 14:27 - 000000000 ____D C:\Program Files\SpeedFan
      2018-10-03 14:27 - 2018-10-03 14:27 - 000000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\SpeedFan
      2018-10-03 14:21 - 2018-10-03 14:22 - 000000000 ____D C:\WINDOWS\RegisteredPackages
      2018-10-03 14:19 - 2018-10-06 14:49 - 000000116 _____ C:\WINDOWS\NeroDigital.ini
      2018-10-03 14:19 - 2018-10-03 14:19 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\CyberLink
      2018-10-03 14:19 - 2018-10-03 14:19 - 000000000 ____D C:\Documents and Settings\Administrator\My Documents\CyberLink
      2018-10-03 14:19 - 2018-10-03 14:19 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\CyberLink
      2018-10-03 14:17 - 2018-10-05 09:02 - 000000000 ____D C:\Program Files\Ahead
      2018-10-03 14:16 - 2018-10-03 14:16 - 000001684 _____ C:\Documents and Settings\All Users\Desktop\CyberLink PowerDVD.lnk
      2018-10-03 14:16 - 2018-10-03 14:16 - 000000000 ____D C:\Program Files\CyberLink
      2018-10-03 14:16 - 2018-10-03 14:16 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink PowerDVD
      2018-10-03 14:14 - 2018-10-03 14:14 - 000000857 _____ C:\Documents and Settings\All Users\Desktop\Wise Disk Cleaner.lnk
      2018-10-03 14:14 - 2018-10-03 14:14 - 000000000 ____D C:\Program Files\Wise
      2018-10-03 14:14 - 2018-10-03 14:14 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Wise Disk Cleaner
      2018-10-03 14:13 - 2018-10-04 12:30 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\YoWindow
      2018-10-03 14:12 - 2018-10-03 14:12 - 000000755 _____ C:\Documents and Settings\All Users\Desktop\Billiards.lnk
      2018-10-03 14:12 - 2018-10-03 14:12 - 000000000 ____D C:\Program Files\IrfanView
      2018-10-03 14:12 - 2018-10-03 14:12 - 000000000 ____D C:\Program Files\ePlaybus.com
      2018-10-03 14:12 - 2018-10-03 14:12 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ePlaybus.com
      2018-10-03 14:12 - 2018-10-03 14:12 - 000000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\IrfanView
      2018-10-03 14:11 - 2018-10-03 14:11 - 000000000 ____D C:\Program Files\ESET
      2018-10-03 14:10 - 2018-10-06 14:26 - 000000000 ____D C:\WINDOWS\Datecs
      2018-10-03 14:10 - 2018-10-03 14:10 - 000000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\Datecs Applications
      2018-10-03 14:10 - 2000-06-08 17:00 - 000000398 _____ C:\WINDOWS\system32\kbdus.kbd
      2018-10-03 14:10 - 1997-01-06 11:35 - 000005120 _____ (Datecs Ltd. ) C:\WINDOWS\system32\vga856.fon
      2018-10-03 14:09 - 2018-10-03 14:09 - 000001487 _____ C:\Documents and Settings\Administrator\Desktop\Windows Explorer (2).lnk
      2018-10-03 14:07 - 2018-10-03 13:19 - 000000856 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Copy of Shortcut to chrome.lnk
      2018-10-03 13:19 - 2018-10-03 13:19 - 000000856 _____ C:\Documents and Settings\Administrator\Desktop\Google chrome.lnk
      2018-10-03 11:52 - 2013-08-09 00:55 - 000032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
      2018-10-03 11:52 - 2013-08-09 00:55 - 000032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
      2018-10-03 11:52 - 2008-04-14 03:41 - 000021504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll
      2018-10-03 11:52 - 2008-04-14 03:41 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
      2018-10-03 11:52 - 2008-04-13 22:15 - 000010368 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidusb.sys
      2018-10-03 11:52 - 2008-04-13 22:15 - 000010368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
      2018-10-03 11:52 - 2008-04-13 22:09 - 000014592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhid.sys
      2018-10-03 11:52 - 2008-04-13 22:09 - 000014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
      2018-10-03 11:52 - 2001-08-17 11:48 - 000012160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mouhid.sys
      2018-10-03 11:52 - 2001-08-17 11:48 - 000012160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
      2018-10-02 08:49 - 2018-10-02 08:49 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
      2018-10-02 08:45 - 2018-10-02 08:45 - 000000376 _____ C:\WINDOWS\ODBC.INI
      2018-10-02 08:45 - 2003-06-18 17:31 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdimon.dll
      2018-10-02 08:44 - 2018-10-04 14:03 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
      2018-10-02 08:44 - 2018-10-02 08:44 - 000002002 _____ C:\Documents and Settings\All Users\Start Menu\Open Office Document.lnk
      2018-10-02 08:44 - 2018-10-02 08:44 - 000001992 _____ C:\Documents and Settings\All Users\Start Menu\New Office Document.lnk
      2018-10-02 08:44 - 2018-10-02 08:44 - 000000000 ____D C:\Program Files\Microsoft Works
      2018-10-02 08:44 - 2018-10-02 08:44 - 000000000 ____D C:\Program Files\Microsoft Visual Studio
      2018-10-02 08:44 - 2018-10-02 08:44 - 000000000 ____D C:\Program Files\Microsoft ActiveSync
      2018-10-02 08:44 - 2018-10-02 08:44 - 000000000 ____D C:\Program Files\Common Files\L&H
      2018-10-02 08:44 - 2018-10-02 08:44 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
      2018-10-02 08:43 - 2018-10-05 08:52 - 000000000 ____D C:\Program Files\Microsoft Office
      2018-10-02 08:43 - 2018-10-02 08:44 - 000000000 ____D C:\WINDOWS\SHELLNEW
      2018-10-02 08:42 - 2018-10-02 08:42 - 000000000 __RHD C:\MSOCache
      2018-10-02 08:40 - 2018-10-04 08:45 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
      2018-10-02 08:40 - 2018-10-02 08:40 - 000000129 _____ C:\Documents and Settings\All Users\Desktop\SAMSUNG Dr.Printer.url
      2018-10-02 08:40 - 2018-10-02 08:40 - 000000000 ____D C:\Program Files\Samsung ML-2010 Series
      2018-10-02 08:40 - 2018-10-02 08:40 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Samsung ML-2010 Series
      2018-10-02 08:40 - 2005-04-08 05:29 - 000020622 _____ (Samsung Electronics.) C:\WINDOWS\system32\SUGS2LMK.DLL
      2018-10-02 08:40 - 2005-03-03 14:23 - 000000604 _____ C:\WINDOWS\system32\SUGS2LMK.SMT
      2018-10-02 08:40 - 2005-03-03 13:09 - 000057344 _____ (SEC) C:\WINDOWS\system32\SSCoInst.dll
      2018-10-02 08:40 - 2005-03-03 07:32 - 000151552 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\SSCoInst.exe
      2018-10-02 08:39 - 2018-10-02 08:40 - 000000000 ____D C:\WINDOWS\Samsung
      2018-10-02 08:39 - 2005-03-14 08:01 - 000208896 ____N (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\SSRemove.exe
      2018-10-02 08:39 - 2005-03-14 08:01 - 000041984 ____N (DeviceGuys, Inc.) C:\WINDOWS\system32\Drivers\DGIVECP.SYS
      2018-10-02 08:37 - 2018-10-02 08:37 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Help
      2018-10-02 08:37 - 2018-10-02 08:37 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Help
      2018-10-01 15:58 - 2018-10-01 15:58 - 000000000 _____ C:\WINDOWS\system32\h323log.txt
      2018-10-01 15:56 - 2001-08-17 14:59 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\audstub.sys
      2018-10-01 15:55 - 2008-04-14 06:42 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbui.dll
      2018-10-01 15:55 - 2008-04-14 01:10 - 000057600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\redbook.sys
      2018-10-01 15:55 - 2001-08-17 14:28 - 000907456 _____ (Conexant) C:\WINDOWS\system32\Drivers\HCF_MSFT.sys
      2018-10-01 15:53 - 2018-10-05 08:52 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
      2018-10-01 15:53 - 2018-10-05 08:36 - 000506702 _____ C:\WINDOWS\system32\PerfStringBackup.INI
      2018-10-01 15:53 - 2018-10-01 15:53 - 000004444 _____ C:\WINDOWS\system32\pid.PNF
      2018-10-01 15:53 - 2018-10-01 15:53 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
      2018-10-01 15:53 - 2018-10-01 15:53 - 000000000 ____D C:\Program Files\Common Files\ODBC
      2018-10-01 15:53 - 2018-10-01 13:10 - 000004512 _____ C:\WINDOWS\imsins.BAK
      2018-10-01 15:53 - 2018-10-01 13:06 - 000004161 _____ C:\WINDOWS\ODBCINST.INI
      2018-10-01 15:53 - 2014-02-12 16:56 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\NOTEPAD.EXE
      2018-10-01 15:53 - 2008-04-14 14:00 - 001685606 ____C C:\WINDOWS\system32\dllcache\sam.spd
      2018-10-01 15:53 - 2008-04-14 14:00 - 000774144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\spttseng.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000741376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sapi.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000643717 ____C C:\WINDOWS\system32\dllcache\ltts1033.lxa
      2018-10-01 15:53 - 2008-04-14 14:00 - 000605050 ____C C:\WINDOWS\system32\dllcache\r1033tts.lxa
      2018-10-01 15:53 - 2008-04-14 14:00 - 000176157 ____C (Digi International, Inc.) C:\WINDOWS\system32\dllcache\dgrpsetu.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000176157 _____ (Digi International, Inc.) C:\WINDOWS\system32\dgrpsetu.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000155648 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sapi.cpl
      2018-10-01 15:53 - 2008-04-14 14:00 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\system\WINSPOOL.DRV
      2018-10-01 15:53 - 2008-04-14 14:00 - 000126912 _____ (Microsoft Corporation) C:\WINDOWS\system\MSVIDEO.DLL
      2018-10-01 15:53 - 2008-04-14 14:00 - 000109456 _____ (Microsoft Corporation) C:\WINDOWS\system\AVIFILE.DLL
      2018-10-01 15:53 - 2008-04-14 14:00 - 000103424 ____C (Equinox Systems Inc.) C:\WINDOWS\system32\dllcache\eqnclass.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000103424 _____ (Equinox Systems Inc.) C:\WINDOWS\system32\EqnClass.Dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000085020 ____C (Digi International) C:\WINDOWS\system32\dllcache\dgsetup.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000085020 _____ (Digi International) C:\WINDOWS\system32\dgsetup.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system\OLECLI.DLL
      2018-10-01 15:53 - 2008-04-14 14:00 - 000077824 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\spcommon.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000073376 _____ (Microsoft Corporation) C:\WINDOWS\system\MCIAVI.DRV
      2018-10-01 15:53 - 2008-04-14 14:00 - 000069584 _____ (Microsoft Corporation) C:\WINDOWS\system\AVICAP.DLL
      2018-10-01 15:53 - 2008-04-14 14:00 - 000068768 _____ (Microsoft Corporation) C:\WINDOWS\system\MMSYSTEM.DLL
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066594 ____C C:\WINDOWS\system32\dllcache\c_869.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066594 ____C C:\WINDOWS\system32\dllcache\c_866.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066594 ____C C:\WINDOWS\system32\dllcache\c_857.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066594 ____C C:\WINDOWS\system32\dllcache\c_855.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066594 ____C C:\WINDOWS\system32\dllcache\c_852.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066594 ____C C:\WINDOWS\system32\dllcache\c_737.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066594 _____ C:\WINDOWS\system32\c_869.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066594 _____ C:\WINDOWS\system32\c_866.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066594 _____ C:\WINDOWS\system32\c_857.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066594 _____ C:\WINDOWS\system32\c_855.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066594 _____ C:\WINDOWS\system32\c_852.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066594 _____ C:\WINDOWS\system32\c_737.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_875.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_28603.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_28599.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_28597.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_28595.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_28594.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20127.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_10082.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_10081.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_10029.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_10017.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_10010.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_10007.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_10006.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 _____ C:\WINDOWS\system32\c_875.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 _____ C:\WINDOWS\system32\c_28603.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 _____ C:\WINDOWS\system32\c_28599.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 _____ C:\WINDOWS\system32\C_28597.NLS
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 _____ C:\WINDOWS\system32\C_28595.NLS
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 _____ C:\WINDOWS\system32\C_28594.NLS
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 _____ C:\WINDOWS\system32\c_20127.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 _____ C:\WINDOWS\system32\c_10082.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 _____ C:\WINDOWS\system32\c_10081.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 _____ C:\WINDOWS\system32\c_10029.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 _____ C:\WINDOWS\system32\c_10017.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 _____ C:\WINDOWS\system32\c_10010.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 _____ C:\WINDOWS\system32\c_10007.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000066082 _____ C:\WINDOWS\system32\c_10006.nls
      2018-10-01 15:53 - 2008-04-14 14:00 - 000061440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\spcplui.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000036864 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sapisvr.exe
      2018-10-01 15:53 - 2008-04-14 14:00 - 000036656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dosapp.fon
      2018-10-01 15:53 - 2008-04-14 14:00 - 000032816 _____ (Microsoft Corporation) C:\WINDOWS\system\COMMDLG.DLL
      2018-10-01 15:53 - 2008-04-14 14:00 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system\MCIWAVE.DRV
      2018-10-01 15:53 - 2008-04-14 14:00 - 000025264 _____ (Microsoft Corporation) C:\WINDOWS\system\MCISEQ.DRV
      2018-10-01 15:53 - 2008-04-14 14:00 - 000024661 ____C (Perle Systems Ltd.) C:\WINDOWS\system32\dllcache\spxcoins.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000024661 _____ (Perle Systems Ltd.) C:\WINDOWS\system32\spxcoins.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\system\OLESVR.DLL
      2018-10-01 15:53 - 2008-04-14 14:00 - 000022016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\agt0408.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000019968 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\agt040e.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\agt041f.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\agt0419.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\agt0415.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\agt0405.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000019200 _____ (Microsoft Corporation) C:\WINDOWS\system\TAPI.DLL
      2018-10-01 15:53 - 2008-04-14 14:00 - 000015360 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\taskman.exe
      2018-10-01 15:53 - 2008-04-14 14:00 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\TASKMAN.EXE
      2018-10-01 15:53 - 2008-04-14 14:00 - 000013600 _____ (Microsoft Corporation) C:\WINDOWS\system\WFWNET.DRV
      2018-10-01 15:53 - 2008-04-14 14:00 - 000013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irclass.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\irclass.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000011264 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irenum.sys
      2018-10-01 15:53 - 2008-04-14 14:00 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irenum.sys
      2018-10-01 15:53 - 2008-04-14 14:00 - 000009936 _____ (Microsoft Corporation) C:\WINDOWS\system\LZEXPAND.DLL
      2018-10-01 15:53 - 2008-04-14 14:00 - 000009008 _____ (Microsoft Corporation) C:\WINDOWS\system\VER.DLL
      2018-10-01 15:53 - 2008-04-14 14:00 - 000008704 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\batt.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\batt.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000008192 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdhept.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000008192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhept.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000007168 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdcz.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdcz.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006656 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdycl.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006656 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdsl1.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006656 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdsl.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006656 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdpl.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006656 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdhu.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006656 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdhela3.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006656 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdcz2.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006656 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdcz1.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006656 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdcr.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006656 ____N (Microsoft Corporation) C:\WINDOWS\system32\KBDAL.DLL
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdycl.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdsl1.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdsl.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdpl.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhu.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhela3.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdcz2.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdcz1.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdcr.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdal.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdtuq.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdtuf.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdlv1.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdlv.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdhela2.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdgkl.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdest.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdtuq.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdtuf.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdlv1.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdlv.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhela2.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdgkl.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdest.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdmon.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdkyr.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdycc.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbduzb.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdur.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdtat.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdru1.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdru.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdro.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdpl1.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdlt1.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdlt.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdkaz.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdhu1.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdhe319.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdhe220.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdhe.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdbu.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdblr.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdazel.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdaze.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdycc.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbduzb.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdur.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdtat.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdru1.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdru.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdro.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdpl1.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdmon.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdlt1.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdlt.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdkyr.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdkaz.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhu1.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhe319.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhe220.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhe.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdbu.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdblr.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdazel.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdaze.dll
      2018-10-01 15:53 - 2008-04-14 14:00 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\system\SHELL.DLL
      2018-10-01 15:53 - 2008-04-14 14:00 - 000004048 _____ (Microsoft Corporation) C:\WINDOWS\system\TIMER.DRV
      2018-10-01 15:53 - 2008-04-14 14:00 - 000003360 _____ (Microsoft Corporation) C:\WINDOWS\system\SYSTEM.DRV
      2018-10-01 15:53 - 2008-04-14 14:00 - 000002577 ____N C:\WINDOWS\system32\CONFIG.TMP
      2018-10-01 15:53 - 2008-04-14 14:00 - 000002176 _____ (Microsoft Corporation) C:\WINDOWS\system\VGA.DRV
      2018-10-01 15:53 - 2008-04-14 14:00 - 000002032 _____ (Microsoft Corporation) C:\WINDOWS\system\MOUSE.DRV
      2018-10-01 15:53 - 2008-04-14 14:00 - 000002000 _____ (Microsoft Corporation) C:\WINDOWS\system\KEYBOARD.DRV
      2018-10-01 15:53 - 2008-04-14 14:00 - 000001744 _____ (Microsoft Corporation) C:\WINDOWS\system\SOUND.DRV
      2018-10-01 15:53 - 2008-04-14 14:00 - 000001688 _____ C:\WINDOWS\system32\AUTOEXEC.NT
      2018-10-01 15:53 - 2008-04-14 14:00 - 000001152 _____ (Microsoft Corporation) C:\WINDOWS\system\MMTASK.TSK
      2018-10-01 15:53 - 2008-04-14 14:00 - 000000888 ____C C:\WINDOWS\system32\dllcache\sam.sdf
      2018-10-01 15:53 - 2008-04-14 06:42 - 000074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\storprop.dll
      2018-10-01 15:52 - 2018-10-01 15:52 - 000000000 ____D C:\Documents and Settings\Default User\Local Settings\Temp
      2018-10-01 15:52 - 2018-10-01 13:11 - 000733603 _____ C:\WINDOWS\setuplog.txt
      2018-10-01 15:52 - 2009-01-09 21:19 - 001089593 ____C C:\WINDOWS\system32\dllcache\NTPRINT.CAT
      2018-10-01 15:52 - 2008-04-14 14:00 - 002144487 ____C C:\WINDOWS\system32\dllcache\NT5.CAT
      2018-10-01 15:52 - 2008-04-14 14:00 - 001296669 ____C C:\WINDOWS\system32\dllcache\SP3.CAT
      2018-10-01 15:52 - 2008-04-14 14:00 - 000797189 ____C C:\WINDOWS\system32\dllcache\NT5IIS.CAT
      2018-10-01 15:52 - 2008-04-14 14:00 - 000522220 ____C C:\WINDOWS\system32\dllcache\NT5INF.CAT
      2018-10-01 15:52 - 2008-04-14 14:00 - 000399645 ____C C:\WINDOWS\system32\dllcache\MAPIMIG.CAT
      2018-10-01 15:52 - 2008-04-14 14:00 - 000144484 ____C C:\WINDOWS\system32\dllcache\netfx.cat
      2018-10-01 15:52 - 2008-04-14 14:00 - 000112918 ____C C:\WINDOWS\system32\dllcache\tabletpc.cat
      2018-10-01 15:52 - 2008-04-14 14:00 - 000037484 ____C C:\WINDOWS\system32\dllcache\MW770.CAT
      2018-10-01 15:52 - 2008-04-14 14:00 - 000034747 ____C C:\WINDOWS\system32\dllcache\mediactr.cat
      2018-10-01 15:52 - 2008-04-14 14:00 - 000034063 ____C C:\WINDOWS\system32\dllcache\FP4.CAT
      2018-10-01 15:52 - 2008-04-14 14:00 - 000016535 ____C C:\WINDOWS\system32\dllcache\IMS.CAT
      2018-10-01 15:52 - 2008-04-14 14:00 - 000013472 ____C C:\WINDOWS\system32\dllcache\HPCRDP.CAT
      2018-10-01 15:52 - 2008-04-14 14:00 - 000010027 ____C C:\WINDOWS\system32\dllcache\MSTSWEB.CAT
      2018-10-01 15:52 - 2008-04-14 14:00 - 000008574 ____C C:\WINDOWS\system32\dllcache\IASNT4.CAT
      2018-10-01 15:52 - 2008-04-14 14:00 - 000007382 ____C C:\WINDOWS\system32\dllcache\OEMBIOS.CAT
      2018-10-01 15:52 - 2008-04-14 14:00 - 000007334 ____C C:\WINDOWS\system32\dllcache\wmerrenu.cat
      2018-10-01 15:51 - 2018-10-09 08:47 - 000000211 ___SH C:\boot.ini
      2018-10-01 15:51 - 2018-10-06 14:27 - 000272576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
      2018-10-01 15:51 - 2018-10-03 14:17 - 000000000 ___HD C:\Documents and Settings\Default User
      2018-10-01 15:51 - 2018-10-01 15:51 - 001138688 _____ C:\WINDOWS\system32\config\software.sav
      2018-10-01 15:51 - 2018-10-01 15:51 - 000913408 _____ C:\WINDOWS\system32\config\system.sav
      2018-10-01 15:51 - 2018-10-01 15:51 - 000094208 _____ C:\WINDOWS\system32\config\default.sav
      2018-10-01 15:51 - 2018-10-01 13:12 - 000000000 ____D C:\Documents and Settings
      2018-10-01 15:51 - 2018-10-01 13:05 - 000000000 ____D C:\Documents and Settings\All Users
      2018-10-01 15:50 - 2018-10-01 15:51 - 000262144 _____ C:\WINDOWS\system32\config\userdiff
      2018-10-01 15:43 - 2018-10-09 08:43 - 000000000 ___HD C:\WINDOWS\inf
      2018-10-01 15:43 - 2018-10-08 09:27 - 000000000 ____D C:\WINDOWS\Driver Cache
      2018-10-01 15:43 - 2018-10-06 14:26 - 000000000 RSHDC C:\WINDOWS\system32\dllcache
      2018-10-01 15:43 - 2018-10-05 08:55 - 000000000 ____D C:\WINDOWS\system32\Macromed
      2018-10-01 15:43 - 2018-10-05 08:34 - 000000000 ____D C:\WINDOWS\system32\spool
      2018-10-01 15:43 - 2018-10-04 08:42 - 000000000 ____D C:\WINDOWS\Media
      2018-10-01 15:43 - 2018-10-03 18:34 - 000000000 ____D C:\WINDOWS\system
      2018-10-01 15:43 - 2018-10-03 14:21 - 000000000 ____D C:\WINDOWS\security
      2018-10-01 15:43 - 2018-10-03 14:21 - 000000000 ____D C:\WINDOWS\Help
      2018-10-01 15:43 - 2018-10-02 08:43 - 000000000 ____D C:\WINDOWS\pchealth
      2018-10-01 15:43 - 2018-10-01 15:51 - 000000000 ____D C:\WINDOWS\system32\usmt
      2018-10-01 15:43 - 2018-10-01 15:51 - 000000000 ____D C:\WINDOWS\system32\scripting
      2018-10-01 15:43 - 2018-10-01 15:51 - 000000000 ____D C:\WINDOWS\Network Diagnostic
      2018-10-01 15:43 - 2018-10-01 15:51 - 000000000 ____D C:\WINDOWS\L2Schemas
      2018-10-01 15:43 - 2018-10-01 15:50 - 000000000 ___SD C:\WINDOWS\Offline Web Pages
      2018-10-01 15:43 - 2018-10-01 15:50 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
      2018-10-01 15:43 - 2018-10-01 15:49 - 000000000 ____D C:\WINDOWS\system32\Setup
      2018-10-01 15:43 - 2018-10-01 15:49 - 000000000 ____D C:\WINDOWS\system32\npp
      2018-10-01 15:43 - 2018-10-01 15:49 - 000000000 ____D C:\WINDOWS\PeerNet
      2018-10-01 15:43 - 2018-10-01 15:49 - 000000000 ____D C:\WINDOWS\mui
      2018-10-01 15:43 - 2018-10-01 15:49 - 000000000 ____D C:\WINDOWS\msagent
      2018-10-01 15:43 - 2018-10-01 15:46 - 000000000 ____D C:\WINDOWS\system32\ras
      2018-10-01 15:43 - 2018-10-01 15:45 - 000000000 ____D C:\WINDOWS\system32\icsxml
      2018-10-01 15:43 - 2018-10-01 15:44 - 000000000 ____D C:\WINDOWS\system32\1033
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\system32\wins
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\system32\ShellExt
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\system32\PreInstall
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\system32\mui
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\system32\inetsrv
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\system32\IME
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\system32\export
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\disdn
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\system32\dhcp
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\system32\3com_dmi
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\system32\3076
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\system32\2052
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\system32\1054
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\system32\1042
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\system32\1041
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\system32\1037
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\system32\1031
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\system32\1028
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\system32\1025
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\Resources
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\Provisioning
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\msapps
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\java
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\Connection Wizard
      2018-10-01 15:43 - 2018-10-01 15:43 - 000000000 ____D C:\WINDOWS\addins
      2018-10-01 15:43 - 2018-10-01 13:06 - 000000000 ____D C:\WINDOWS\repair
      2018-10-01 15:43 - 2018-10-01 13:06 - 000000000 ____D C:\WINDOWS\ime
      2018-10-01 15:43 - 2018-10-01 13:05 - 000000000 ___RD C:\WINDOWS\Web
      2018-10-01 15:43 - 2018-10-01 13:05 - 000000000 ____D C:\WINDOWS\system32\ias
      2018-10-01 15:43 - 2018-10-01 13:03 - 000000000 ____D C:\WINDOWS\system32\oobe
      2018-10-01 15:43 - 2018-10-01 13:00 - 000000000 ____D C:\WINDOWS\Cursors
      2018-10-01 13:56 - 2018-10-02 08:49 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
      2018-10-01 13:56 - 2018-10-01 13:56 - 000001804 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
      2018-10-01 13:56 - 2018-10-01 13:56 - 000001729 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
      2018-10-01 13:56 - 2018-10-01 13:56 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
      2018-10-01 13:56 - 2018-10-01 13:56 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
      2018-10-01 13:55 - 2018-10-01 13:56 - 000000000 ____D C:\Program Files\Common Files\Adobe
      2018-10-01 13:55 - 2018-10-01 13:55 - 000000694 _____ C:\Documents and Settings\Administrator\Desktop\BitComet.lnk
      2018-10-01 13:55 - 2018-10-01 13:55 - 000000000 ____D C:\Program Files\BitComet
      2018-10-01 13:55 - 2018-10-01 13:55 - 000000000 ____D C:\Program Files\Adobe
      2018-10-01 13:55 - 2018-10-01 13:55 - 000000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\BitComet
      2018-10-01 13:55 - 2018-10-01 13:55 - 000000000 _____ C:\WINDOWS\PROTOCOL.INI
      2018-10-01 13:54 - 2018-10-01 13:54 - 000000776 _____ C:\Documents and Settings\All Users\Start Menu\Programs\SA Dictionary.lnk
      2018-10-01 13:54 - 2018-10-01 13:54 - 000000770 _____ C:\Documents and Settings\All Users\Desktop\SA Dictionary.lnk
      2018-10-01 13:54 - 2018-10-01 13:54 - 000000000 ____D C:\Program Files\SA Dictionary 2004 Datacenter
      2018-10-01 13:54 - 1999-03-23 09:12 - 000299520 _____ (InstallShield Corporation, Inc.) C:\WINDOWS\uninst.exe
      2018-10-01 13:53 - 2018-10-03 14:11 - 000000000 ____D C:\Program Files\CPUID
      2018-10-01 13:53 - 2018-10-03 14:11 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CPUID
      2018-10-01 13:53 - 2018-10-01 13:53 - 000000000 ____D C:\Documents and Settings\Administrator\WINDOWS
      2018-10-01 13:52 - 2018-10-01 13:52 - 000000000 ____D C:\Program Files\WinRAR
      2018-10-01 13:52 - 2018-10-01 13:52 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
      2018-10-01 13:52 - 2018-10-01 13:52 - 000000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\WinRAR
      2018-10-01 13:50 - 2018-10-01 13:50 - 000000000 ____D C:\Program Files\Datecs
      2018-10-01 13:50 - 2002-04-23 00:17 - 000045056 _____ C:\WINDOWS\system32\newdll.dll
      2018-10-01 13:50 - 2000-11-17 08:47 - 000008992 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdbphz.dLL
      2018-10-01 13:50 - 2000-11-15 01:52 - 000006416 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdbds.Dll
      2018-10-01 13:50 - 1999-12-07 09:00 - 000006416 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdbp.Dll
      2018-10-01 13:50 - 1999-11-18 05:04 - 000007440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Kbddll.dll
      2018-10-01 13:50 - 1999-11-11 13:47 - 000006928 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdhebx.Dll
      2018-10-01 13:50 - 1999-11-11 13:47 - 000006416 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdinori.Dll
      2018-10-01 13:50 - 1999-11-11 13:47 - 000006416 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdinasa.Dll
      2018-10-01 13:50 - 1997-04-03 21:00 - 000066594 _____ C:\WINDOWS\system32\C_856.nls
      2018-10-01 13:50 - 1997-04-03 21:00 - 000008992 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBPH.dLL
      2018-10-01 13:41 - 2018-10-09 12:42 - 000088566 _____ C:\WINDOWS\system32\nvapps.xml
      2018-10-01 13:41 - 2018-10-01 13:43 - 000000000 ____D C:\WINDOWS\nview
      2018-10-01 13:41 - 2006-10-22 15:06 - 000208896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NVUNINST.EXE
      2018-10-01 13:41 - 2006-10-22 12:22 - 000208896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvudisp.exe
      2018-10-01 13:41 - 2006-10-22 12:22 - 000017056 _____ C:\WINDOWS\system32\nvdisp.nvu
      2018-10-01 13:40 - 2018-10-01 13:40 - 000000000 ____D C:\NVIDIA
      2018-10-01 13:39 - 2018-10-01 13:39 - 000000000 ____D C:\WINDOWS\pss
      2018-10-01 13:38 - 2015-08-16 17:29 - 042567136 _____ (NVIDIA Corporation ) C:\Documents and Settings\Administrator\Desktop\93.71_forceware_winxp2k_english_whql.exe
      2018-10-01 13:37 - 2018-10-04 13:35 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
      2018-10-01 13:37 - 2018-10-04 12:40 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2018-10-01 13:37 - 2018-10-01 13:37 - 000000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
      2018-10-01 13:37 - 2018-10-01 13:37 - 000000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
      2018-10-01 13:37 - 2018-10-01 13:37 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
      2018-10-01 13:37 - 2018-10-01 13:37 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Mozilla
      2018-10-01 13:35 - 2018-10-01 13:35 - 000000000 ____D C:\Program Files\Chrome
      2018-10-01 13:35 - 2018-10-01 13:35 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
      2018-10-01 13:34 - 2008-04-13 22:15 - 000026368 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbstor.sys
      2018-10-01 13:34 - 2008-04-13 22:15 - 000026368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
      2018-10-01 13:33 - 2018-10-07 09:14 - 000006144 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2018-10-01 13:19 - 2018-10-01 13:19 - 000000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
      2018-10-01 13:14 - 2018-10-03 14:33 - 000000803 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
      2018-10-01 13:14 - 2008-04-14 14:00 - 000026991 ____C C:\WINDOWS\system32\dllcache\msn7.cat
      2018-10-01 13:14 - 2008-04-14 14:00 - 000014433 ____C C:\WINDOWS\system32\dllcache\msn9.cat
      2018-10-01 13:14 - 2008-04-14 14:00 - 000012363 ____C C:\WINDOWS\system32\dllcache\MSMSGS.CAT
      2018-10-01 13:13 - 2018-10-01 13:19 - 000000738 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
      2018-10-01 13:12 - 2018-10-09 12:53 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
      2018-10-01 13:12 - 2018-10-09 12:41 - 000000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
      2018-10-01 13:12 - 2018-10-09 12:41 - 000000000 ____D C:\Documents and Settings\Administrator
      2018-10-01 13:12 - 2018-10-03 14:22 - 000000792 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
      2018-10-01 13:12 - 2018-10-01 13:06 - 000001599 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
      2018-10-01 13:12 - 2018-10-01 13:06 - 000000000 __SHD C:\Documents and Settings\Administrator\IETldCache
      2018-10-01 13:11 - 2018-10-09 12:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2018-10-01 13:11 - 2018-10-09 12:41 - 000017208 _____ C:\WINDOWS\SchedLgU.Txt
      2018-10-01 13:11 - 2018-10-01 13:11 - 000000020 ___SH C:\Documents and Settings\LocalService\ntuser.ini
      2018-10-01 13:11 - 2018-10-01 13:11 - 000000000 __SHD C:\Documents and Settings\LocalService
      2018-10-01 13:11 - 2018-10-01 13:11 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
      2018-10-01 13:11 - 2018-10-01 13:06 - 000000000 __SHD C:\Documents and Settings\LocalService\IETldCache
      2018-10-01 13:10 - 2018-10-01 13:10 - 000008192 _____ C:\WINDOWS\REGLOCS.OLD
      2018-10-01 13:10 - 2018-10-01 13:10 - 000000020 ___SH C:\Documents and Settings\NetworkService\ntuser.ini
      2018-10-01 13:10 - 2018-10-01 13:10 - 000000000 __SHD C:\Documents and Settings\NetworkService
      2018-10-01 13:10 - 2018-10-01 13:10 - 000000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
      2018-10-01 13:10 - 2018-10-01 13:06 - 000000000 __SHD C:\Documents and Settings\NetworkService\IETldCache
      2018-10-01 13:09 - 2014-02-12 16:56 - 000456704 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smtpsvc.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000571392 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tintlgnt.ime
      2018-10-01 13:09 - 2008-04-14 14:00 - 000455168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tintsetp.exe
      2018-10-01 13:09 - 2008-04-14 14:00 - 000426041 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\voicepad.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000364032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\w3svc.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000358400 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmpincl.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000259072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmpcl.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000236544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smi2smir.exe
      2018-10-01 13:09 - 2008-04-14 14:00 - 000221696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\seo.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000188416 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmpsmir.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000185344 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\thawbrkr.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000156672 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\winzm.ime
      2018-10-01 13:09 - 2008-04-14 14:00 - 000156672 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\winsp.ime
      2018-10-01 13:09 - 2008-04-14 14:00 - 000156672 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\winpy.ime
      2018-10-01 13:09 - 2008-04-14 14:00 - 000143422 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\softkey.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000103424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\uihelper.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000101376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\srusbusd.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000086073 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\voicesub.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000079872 ____C (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rwia330.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000079872 ____C (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rwia001.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000079360 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\winar30.ime
      2018-10-01 13:09 - 2008-04-14 14:00 - 000076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wam51.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000076288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\uniime.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000073728 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\w3ext.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000072704 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wingb.ime
      2018-10-01 13:09 - 2008-04-14 14:00 - 000065536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\winime.ime
      2018-10-01 13:09 - 2008-04-14 14:00 - 000065024 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\unicdime.ime
      2018-10-01 13:09 - 2008-04-14 14:00 - 000053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wamreg51.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000048256 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\w32.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000046592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\svcext51.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000046592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sspifilt.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000045056 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ssinc51.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000044032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tintlphr.exe
      2018-10-01 13:09 - 2008-04-14 14:00 - 000041600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\weitekp9.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000039936 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmpthrd.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000038912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm9aw.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000033792 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tools.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000033280 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmp.exe
      2018-10-01 13:09 - 2008-04-14 14:00 - 000031744 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smb6w.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000031744 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sma3w.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000031232 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\weitekp9.sys
      2018-10-01 13:09 - 2008-04-14 14:00 - 000030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm87w.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm81w.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000029184 ____C (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rw330ext.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000029184 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm8cw.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000028288 ____C C:\WINDOWS\system32\dllcache\xjis.nls
      2018-10-01 13:09 - 2008-04-14 14:00 - 000027648 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rw001ext.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000026624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm93w.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000026624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm92w.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm90w.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm8dw.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm8aw.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm89w.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\romanime.ime
      2018-10-01 13:09 - 2008-04-14 14:00 - 000025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm59w.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000021896 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tdipx.sys
      2018-10-01 13:09 - 2008-04-14 14:00 - 000019464 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tdspx.sys
      2018-10-01 13:09 - 2008-04-14 14:00 - 000018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\simptcp.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000016896 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\status.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000015872 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smierrsm.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000014848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\register.exe
      2018-10-01 13:09 - 2008-04-14 14:00 - 000014336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tsprof.exe
      2018-10-01 13:09 - 2008-04-14 14:00 - 000013192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tdasync.sys
      2018-10-01 13:09 - 2008-04-14 14:00 - 000010752 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smtpapi.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000010240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tmigrate.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000010240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmpstup.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000009728 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rwnh.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000009216 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wamps51.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000008704 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmptrap.exe
      2018-10-01 13:09 - 2008-04-14 14:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmpmib.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\w3svapi.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smimsgif.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smierrsy.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000004608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\w3ctrs51.dll
      2018-10-01 13:09 - 2008-04-14 14:00 - 000004096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rpcref.dll
      2018-10-01 13:09 - 2001-08-17 22:36 - 000057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_scripto.dll
      2018-10-01 13:09 - 2001-08-17 22:36 - 000026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_seos.dll
      2018-10-01 13:09 - 2001-08-17 22:36 - 000023040 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe
      2018-10-01 13:09 - 2001-08-17 22:36 - 000012288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_smtpctrs.dll
      2018-10-01 13:09 - 2001-08-17 22:36 - 000007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_snprfdll.dll
      2018-10-01 13:08 - 2014-02-12 16:55 - 000257024 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\infocomm.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 010129408 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hwxkor.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 001875968 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msir3jp.lex
      2018-10-01 13:08 - 2008-04-14 14:00 - 001158818 ____C C:\WINDOWS\system32\dllcache\korwbrkr.lex
      2018-10-01 13:08 - 2008-04-14 14:00 - 000811064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjp81k.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000716856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjpcus.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000482304 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pintlgnt.ime
      2018-10-01 13:08 - 2008-04-14 14:00 - 000471102 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imskdic.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000368696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjpcic.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000340023 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjp81.ime
      2018-10-01 13:08 - 2008-04-14 14:00 - 000315455 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imskf.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000311359 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imepadsv.exe
      2018-10-01 13:08 - 2008-04-14 14:00 - 000307257 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjpdct.exe
      2018-10-01 13:08 - 2008-04-14 14:00 - 000274489 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjputyc.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000262200 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjputy.exe
      2018-10-01 13:08 - 2008-04-14 14:00 - 000233527 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjprw.exe
      2018-10-01 13:08 - 2008-04-14 14:00 - 000229439 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\multibox.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000208952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjpmig.exe
      2018-10-01 13:08 - 2008-04-14 14:00 - 000196665 ____C C:\WINDOWS\system32\dllcache\imjpinst.exe
      2018-10-01 13:08 - 2008-04-14 14:00 - 000175104 ____C C:\WINDOWS\system32\dllcache\pintlcsa.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000155705 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjpdsvr.exe
      2018-10-01 13:08 - 2008-04-14 14:00 - 000145408 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iische51.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000134339 ____C C:\WINDOWS\system32\dllcache\imekr.lex
      2018-10-01 13:08 - 2008-04-14 14:00 - 000131584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pmxviceo.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000119808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mtstocom.exe
      2018-10-01 13:08 - 2008-04-14 14:00 - 000106496 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imekrcic.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000102463 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imepadsm.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000102456 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imlang.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000098304 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msir3jp.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000094720 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imekr61.ime
      2018-10-01 13:08 - 2008-04-14 14:00 - 000092416 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mga.sys
      2018-10-01 13:08 - 2008-04-14 14:00 - 000092032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mga.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000086016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imekrmbx.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000085504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\metada51.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000083748 ____C C:\WINDOWS\system32\dllcache\prcp.nls
      2018-10-01 13:08 - 2008-04-14 14:00 - 000083748 ____C C:\WINDOWS\system32\dllcache\prc.nls
      2018-10-01 13:08 - 2008-04-14 14:00 - 000081976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjpdct.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000079872 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iislog51.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000079360 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\phon.ime
      2018-10-01 13:08 - 2008-04-14 14:00 - 000077824 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\quick.ime
      2018-10-01 13:08 - 2008-04-14 14:00 - 000070656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\korwbrkr.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000070144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pintlphr.exe
      2018-10-01 13:08 - 2008-04-14 14:00 - 000067584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pmigrate.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000060928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisclex4.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000059904 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imkrinst.exe
      2018-10-01 13:08 - 2008-04-14 14:00 - 000059392 ____C C:\WINDOWS\system32\dllcache\imscinst.exe
      2018-10-01 13:08 - 2008-04-14 14:00 - 000057398 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjpdadm.exe
      2018-10-01 13:08 - 2008-04-14 14:00 - 000053760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pintlcsd.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\nextlink.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000047066 ____C C:\WINDOWS\system32\dllcache\ksc.nls
      2018-10-01 13:08 - 2008-04-14 14:00 - 000045109 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjpuex.exe
      2018-10-01 13:08 - 2008-04-14 14:00 - 000044544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\nsepm.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000044032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imekrmig.exe
      2018-10-01 13:08 - 2008-04-14 14:00 - 000040960 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msiregmv.exe
      2018-10-01 13:08 - 2008-04-14 14:00 - 000037888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\md5filt.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000036927 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\padrs411.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000035328 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iprip.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000033792 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\lmmib2.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000031744 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pagecnt.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000026624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mdsync.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000026624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iscomlog.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisadmin.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000022528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\lpdsvc.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000022016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\logscrpt.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000020992 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\permchk.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000020736 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ramdisk.sys
      2018-10-01 13:08 - 2008-04-14 14:00 - 000019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iiscrmap.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\lprmon.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000018432 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jupiw.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\quser.exe
      2018-10-01 13:08 - 2008-04-14 14:00 - 000015872 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\padrs404.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000015360 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\padrs804.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000015360 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetin51.exe
      2018-10-01 13:08 - 2008-04-14 14:00 - 000014336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\padrs412.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\lonsint.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000011264 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pmxmcro.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000009728 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\query.exe
      2018-10-01 13:08 - 2008-04-14 14:00 - 000009216 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdnecat.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000009216 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdnecat.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000009216 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iwrps.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000008704 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\infoctrs.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000007680 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdnecnt.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000007680 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pwsdata.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000007680 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\migregdb.exe
      2018-10-01 13:08 - 2008-04-14 14:00 - 000007680 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdnecnt.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000007168 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdnec95.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000007168 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdibm02.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdnec95.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdibm02.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\isapips.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisfecnv.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000006656 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdlk41a.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdlk41a.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iissync.exe
      2018-10-01 13:08 - 2008-04-14 14:00 - 000006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdth3.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdth2.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdlk41j.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdinpun.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdax2.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbd106n.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbd101a.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbd101.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pmxgl.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdth3.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdth2.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdlk41j.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdinpun.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdax2.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbd106n.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbd101a.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbd101.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdvntc.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdusa.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdth1.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdth0.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdintel.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdintam.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdinmar.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdinkan.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdinhin.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdinguj.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdindev.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdheb.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdfa.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbda3.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbda2.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbda1.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdvntc.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdusa.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdurdu.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdth1.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdth0.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdsyr2.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdsyr1.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdintel.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdintam.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdinmar.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdinkan.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdinhin.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdinguj.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdindev.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdheb.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdfa.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbddiv2.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbddiv1.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbda3.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbda2.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbda1.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005120 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdgeo.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005120 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdarmw.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005120 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdarme.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdgeo.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdarmw.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000005120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdarme.dll
      2018-10-01 13:08 - 2008-04-14 14:00 - 000003584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iismui.dll
      2018-10-01 13:08 - 2001-08-17 22:36 - 000065536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll
      2018-10-01 13:08 - 2001-08-17 22:36 - 000038912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
      2018-10-01 13:07 - 2014-02-12 16:55 - 000369664 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\asp51.dll
      2018-10-01 13:07 - 2014-02-12 16:55 - 000268288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\httpext.dll
      2018-10-01 13:07 - 2014-02-12 16:55 - 000229888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxscover.exe
      2018-10-01 13:07 - 2014-02-12 16:55 - 000126464 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ftpsv251.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 013463552 ____C C:\WINDOWS\system32\dllcache\hwxjpn.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 010096640 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hwxcht.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 002134528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smtpsnap.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 001677824 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chsbrkr.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 000838144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chtbrkr.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 000562176 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsst.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 000514587 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\edb500.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 000480256 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cintsetp.exe
      2018-10-01 13:07 - 2008-04-14 14:00 - 000451584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsapi.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 000400384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsxp32.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 000397312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxstiff.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 000331264 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aqueue.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 000285184 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxscomex.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 000267776 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxssvc.exe
      2018-10-01 13:07 - 2008-04-14 14:00 - 000246272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxst30.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 000218112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\c_g18030.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 000198656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cintime.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 000195618 ____C C:\WINDOWS\system32\dllcache\c_10002.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000192512 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxswzrd.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 000189986 ____C C:\WINDOWS\system32\dllcache\c_1361.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000189440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smtpadm.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 000187938 ____C C:\WINDOWS\system32\dllcache\c_20005.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000186402 ____C C:\WINDOWS\system32\dllcache\c_20001.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000185378 ____C C:\WINDOWS\system32\dllcache\c_20003.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000180770 ____C C:\WINDOWS\system32\dllcache\c_20932.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000180258 ____C C:\WINDOWS\system32\dllcache\c_20004.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000180258 ____C C:\WINDOWS\system32\dllcache\c_20000.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000177698 ____C C:\WINDOWS\system32\dllcache\c_20949.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000177698 ____C C:\WINDOWS\system32\dllcache\c_10003.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000173602 ____C C:\WINDOWS\system32\dllcache\c_20936.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000173602 ____C C:\WINDOWS\system32\dllcache\c_20002.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000173602 ____C C:\WINDOWS\system32\dllcache\c_10008.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000173568 ____C C:\WINDOWS\system32\dllcache\chtskf.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 000162850 ____C C:\WINDOWS\system32\dllcache\c_10001.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000154112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsui.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 000142848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsclnt.exe
      2018-10-01 13:07 - 2008-04-14 14:00 - 000132608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsclntr.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 000111104 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxscfgwz.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 000108827 ____C C:\WINDOWS\system32\dllcache\hanja.lex
      2018-10-01 13:07 - 2008-04-14 14:00 - 000108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\appconf.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 000101888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\evntagnt.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 000097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chtmbx.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 000092160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\evntwin.exe
      2018-10-01 13:07 - 2008-04-14 14:00 - 000082172 ____C C:\WINDOWS\system32\dllcache\bopomofo.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000078848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dayi.ime
      2018-10-01 13:07 - 2008-04-14 14:00 - 000078336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chajei.ime
      2018-10-01 13:07 - 2008-04-14 14:00 - 000072192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxscom.dll
      2018-10-01 13:07 - 2008-04-14 14:00 - 000066728 ____C C:\WINDOWS\system32\dllcache\big5.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000066594 ____C C:\WINDOWS\system32\dllcache\c_864.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000066594 ____C C:\WINDOWS\system32\dllcache\c_862.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000066594 ____C C:\WINDOWS\system32\dllcache\c_858.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000066594 ____C C:\WINDOWS\system32\dllcache\c_720.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_870.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_708.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_28596.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_21027.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_21025.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20924.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20880.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20871.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20838.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20833.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20424.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 000066082 ____C C:\WINDOWS\system32\dllcache\c_20423.nls
      2018-10-01 13:07 - 2008-04-14 14:00 - 00006