Премини към съдържанието

Препоръчан отговор


От известно време лаптопа ми започна да се рестартира, малко след като вляза в някой от браузърите независимо дали е IE, Fox или Chrome. Пусна ли някой видео клип и след минута-две следва рестарт. С Windows 7 Ultimate е лаптопа ми, той е модел Asus X50GL series, CPU: Duo T5800, Memory: 3GB, video card: Nvidia Geforce 8200M G. Прегледах за вируси с Malwarebytes, Superantispyware, минах и сканиране с kaspersky lab live CD, изчистих всички гадини. Нправих memory test, всичко е наред. Сканирах хард диска с HDD regenarator, няма лоши сектори. Направих update на системата, и инсталирах драйвер на видео картата GeForce 341.92 от сайта на производителя. Когато гледам филми не се рестартира или когато сърфирам в нета, единственно този рестарт се случва, когато пусна през браузърите клип или видео. Пуснах и Bluescreen view, нямам системни грешки. Всички startup на системата ги изключих. В Event loga няма errors или critical за съответният проблем. Ще съм Ви благодарен, ако някой може да помогне със съвет и мнение.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Щом е имало открита зараза горещо препоръчвам да прочетете и изпълните указанията зад линка. Изчакайте член на HJt екипа да ви даде указания за по-нататъшни действия.
системата-ми-е-инфектирана-какво-да-правя-сега
 

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Проверете температурите на компонентите със и без натоварване и кажете резултата... например с Speccy.

Каква е версията на браузъра и флаш плеъра, които ползвате при забиването при гледането на клипове? Какви добавки има инсталирани в браузъра?

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Няма да скрия, че температурата се покачва значително с който и браузер да работя. Работният цикъл на процесора при работа с браузърите лавира от 45 до 90 %. Но и аз си мисля за flash playera, макар, че версията му е 20. Ще го преинсталирам. Вирусите съм ги изчистил

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 1 минута, tigarle написа:

Вирусите съм ги изчистил

Може да останете силно изненадан какви находки се намират след почистване.

Машината си е ваша, решенията за начина на работа също са ваши.


  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Отивай в антивирусния отдел, че тоя лаптоп с тази Nvidia 8200 само прегряване му липсва !

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 49 минути, tigarle написа:

В Event loga няма errors или critical за съответният проблем.

А други критични грешки има ли регистрирани?

Архивирай в един файл долните два файла

C:\windows\System32\Winevt\Logs\System.evtx
C:\windows\System32\Winevt\Logs\Application.evtx

и ги качи на

http://dox.abv.bg/files/share

В следващия си пост публикувай линка към качения архив.

В кой браузър се сриват флашовете? Направи чиста инсталация на последния флаш - използвай flash uninstaller  да почисти инсталираните флаш плейъри/ActiveX компонент/ и инсталирай.

Редактирано от ExaFlop (преглед на промените)
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 1 час, ExaFlop написа:

Щом е имало открита зараза горещо препоръчвам да прочетете и изпълните указанията зад линка. Изчакайте член на HJt екипа да ви даде указания за по-нататъшни действия.
системата-ми-е-инфектирана-какво-да-правя-сега
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Genchev (administrator) on GENCHEV-PC (10-02-2016 11:29:08)
Running from F:\za Genchev
Loaded Profiles: Genchev (Available Profiles: Genchev & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [StereoLinksInstall] => "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Tcpip\Parameters: [DhcpNameServer] 10.64.64.2 172.16.100.122
Tcpip\..\Interfaces\{2B31D279-499F-46E1-9EE0-7972A56E8B41}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3A1517DA-CC31-4355-B70D-D8DEA9869509}: [DhcpNameServer] 10.64.64.2 172.16.100.122

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3368690828-3376161107-1409360399-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1443351295&z=e0c141a54a97f17acb74367g8z6zbc1c0wcg6o0tdw&from=cor&uid=hitachixhts542525k9sa00_081019bb6f00wdkezrtgx&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1443351295&z=e0c141a54a97f17acb74367g8z6zbc1c0wcg6o0tdw&from=cor&uid=hitachixhts542525k9sa00_081019bb6f00wdkezrtgx&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1443351295&z=e0c141a54a97f17acb74367g8z6zbc1c0wcg6o0tdw&from=cor&uid=hitachixhts542525k9sa00_081019bb6f00wdkezrtgx&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1443351295&z=e0c141a54a97f17acb74367g8z6zbc1c0wcg6o0tdw&from=cor&uid=hitachixhts542525k9sa00_081019bb6f00wdkezrtgx&q={searchTerms}
HKU\S-1-5-21-3368690828-3376161107-1409360399-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Genchev\AppData\Roaming\Mozilla\Firefox\Profiles\smeowb3w.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: google.bg
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF SearchPlugin: C:\Users\Genchev\AppData\Roaming\Mozilla\Firefox\Profiles\smeowb3w.default\searchplugins\bing-.xml [2016-01-14]
FF Extension: Bing Search - C:\Users\Genchev\AppData\Roaming\Mozilla\Firefox\Profiles\smeowb3w.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-01-14]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Genchev\AppData\Roaming\Mozilla\Firefox\Profiles\smeowb3w.default\extensions\deskCutv2@gmail.com => not found

Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Genchev\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Genchev\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-17]
CHR Extension: (Google Docs) - C:\Users\Genchev\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-17]
CHR Extension: (Google Drive) - C:\Users\Genchev\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Users\Genchev\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-17]
CHR Extension: (Google Search) - C:\Users\Genchev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-08]
CHR Extension: (Google Sheets) - C:\Users\Genchev\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-17]
CHR Extension: (Google Docs Offline) - C:\Users\Genchev\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Genchev\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-17]
CHR Extension: (Gmail) - C:\Users\Genchev\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-17]
CHR HKU\S-1-5-21-3368690828-3376161107-1409360399-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-05-15] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-10 11:28 - 2016-02-10 11:29 - 00000000 ____D C:\FRST
2016-02-10 11:03 - 2016-02-10 11:07 - 00000830 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-10 11:03 - 2016-02-10 11:03 - 00796864 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-10 11:03 - 2016-02-10 11:03 - 00142528 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-10 11:03 - 2016-02-10 11:03 - 00003768 ____C C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-03 01:12 - 2016-02-03 01:12 - 00001072 ____C C:\Users\Genchev\Desktop\2016 - Shortcut.lnk
2016-01-26 10:38 - 2016-01-26 14:01 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2016-01-25 12:05 - 2016-01-25 12:05 - 00000000 ___DC C:\Users\Genchev\AppData\Local\Nvidia Corporation
2016-01-25 11:59 - 2016-01-25 11:59 - 00000000 ____D C:\temp
2016-01-25 11:57 - 2015-10-13 21:00 - 31514288 ____C (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-01-25 11:57 - 2015-10-13 21:00 - 24199344 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-01-25 11:57 - 2015-10-13 21:00 - 22993200 ____C (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2016-01-25 11:57 - 2015-10-13 21:00 - 17559432 ____C (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-01-25 11:57 - 2015-10-13 21:00 - 16128576 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-01-25 11:57 - 2015-10-13 21:00 - 15293104 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2016-01-25 11:57 - 2015-10-13 21:00 - 13916600 ____C (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-01-25 11:57 - 2015-10-13 21:00 - 13828224 ____C (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-01-25 11:57 - 2015-10-13 21:00 - 12898992 ____C (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-01-25 11:57 - 2015-10-13 21:00 - 11272048 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-01-25 11:57 - 2015-10-13 21:00 - 11209376 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-01-25 11:57 - 2015-10-13 21:00 - 04245624 ____C (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-01-25 11:57 - 2015-10-13 21:00 - 03986608 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-01-25 11:57 - 2015-10-13 21:00 - 01908528 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispco6434192.dll
2016-01-25 11:57 - 2015-10-13 21:00 - 01556656 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434192.dll
2016-01-25 11:57 - 2015-10-13 21:00 - 00944304 ____C (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-01-25 11:57 - 2015-10-13 21:00 - 00907440 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-01-25 11:57 - 2015-10-13 21:00 - 00903472 ____C (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-01-25 11:57 - 2015-10-13 21:00 - 00869040 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-01-25 11:30 - 2016-01-25 11:30 - 00000000 ___DC C:\Users\Genchev\AppData\Roaming\NVIDIA
2016-01-25 11:21 - 2016-01-25 11:46 - 00000000 ___DC C:\Users\Genchev\AppData\Local\NVIDIA
2016-01-25 11:21 - 2016-01-25 11:21 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-01-25 11:21 - 2016-01-12 06:41 - 01542600 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-01-25 11:21 - 2016-01-12 06:41 - 01316184 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-01-25 11:21 - 2016-01-12 06:40 - 01860120 ____C (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-01-25 11:21 - 2016-01-12 06:40 - 01756608 ____C (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-01-25 11:21 - 2016-01-12 06:40 - 00112032 ____C C:\Windows\system32\NvRtmpStreamer64.dll
2016-01-25 11:21 - 2010-05-26 11:41 - 02401112 ____C (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-01-25 11:21 - 2010-05-26 11:41 - 01998168 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-01-25 11:21 - 2010-05-26 11:41 - 00511328 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-01-25 11:21 - 2010-05-26 11:41 - 00470880 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2016-01-25 11:21 - 2010-05-26 11:41 - 00276832 ____C (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-01-25 11:21 - 2010-05-26 11:41 - 00248672 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-01-25 11:20 - 2016-01-25 11:20 - 00000000 ___DC C:\ProgramData\Package Cache
2016-01-25 11:19 - 2015-12-18 08:11 - 00047760 ____C (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-01-25 11:19 - 2015-12-18 08:10 - 00099472 ____C (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-01-25 11:19 - 2015-12-18 08:10 - 00090768 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-01-25 11:11 - 2016-01-25 11:11 - 41627856 ____C (NVIDIA Corporation) C:\Users\Genchev\Downloads\GeForce_Experience_v2.9.1.22.exe
2016-01-25 11:04 - 2016-01-25 11:04 - 00000000 ____D C:\NVIDIA
2016-01-24 22:51 - 2016-01-24 22:51 - 00000207 ____C C:\Windows\tweaking.com-regbackup-GENCHEV-PC-Windows-7-Ultimate-(64-bit).dat
2016-01-24 22:51 - 2016-01-24 22:51 - 00000000 ____D C:\RegBackup
2016-01-24 18:03 - 2016-01-24 18:03 - 00001247 ____C C:\Users\Genchev\Desktop\Auslogics Disk Defrag Touch.lnk
2016-01-24 18:03 - 2016-01-24 18:03 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2016-01-24 18:03 - 2016-01-24 18:03 - 00000000 ___DC C:\ProgramData\Auslogics
2016-01-24 18:03 - 2016-01-24 18:03 - 00000000 ___DC C:\Program Files (x86)\Auslogics
2016-01-24 16:52 - 2016-01-26 08:25 - 00758112 ____C C:\Windows\SysWOW64\PerfStringBackup.INI
2016-01-24 16:50 - 2016-01-24 16:50 - 00000000 ___DC C:\Users\Genchev\Desktop\Info za vsichko hardwerno
2016-01-24 16:44 - 2016-02-01 19:34 - 00000000 ___DC C:\ProgramData\TEMP
2016-01-24 16:44 - 2016-01-24 16:44 - 00001076 ____C C:\Users\Genchev\Desktop\Your Unin-staller!.lnk
2016-01-24 16:44 - 2016-01-24 16:44 - 00000000 ___DC C:\Users\Genchev\AppData\Roaming\URSoft
2016-01-24 16:44 - 2016-01-24 16:44 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
2016-01-24 16:44 - 2016-01-24 16:44 - 00000000 ___DC C:\Program Files (x86)\Your Uninstaller! 7
2016-01-24 14:18 - 2016-01-24 14:18 - 00000000 ___DC C:\Users\Administrator\AppData\Roaming\NVIDIA
2016-01-24 14:18 - 2016-01-24 14:18 - 00000000 ___DC C:\Users\Administrator\AppData\Roaming\GRETECH
2016-01-24 13:33 - 2016-01-24 13:33 - 00000000 ___DC C:\Users\Administrator\AppData\Local\GWX
2016-01-24 13:19 - 2016-01-24 13:19 - 00008884 _____ C:\$tmplistd.txt
2016-01-24 13:18 - 2012-10-29 18:30 - 00027159 ____C C:\Windows\TempFileCleaner.cmd
2016-01-24 12:15 - 2016-01-24 12:15 - 00109296 ____C C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-24 12:15 - 2016-01-24 12:15 - 00001413 ____C C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-24 12:15 - 2016-01-24 12:15 - 00000000 ___HC C:\Users\Administrator\Documents\Default.rdp
2016-01-24 12:15 - 2016-01-24 12:15 - 00000000 ___DC C:\Users\Administrator\AppData\Roaming\Apple Computer
2016-01-24 12:15 - 2016-01-24 12:15 - 00000000 ___DC C:\Users\Administrator\AppData\Roaming\Adobe
2016-01-24 12:14 - 2016-01-24 12:14 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2016-01-24 12:14 - 2016-01-24 12:14 - 00000000 SHDCL C:\Users\Administrator\My Documents
2016-01-24 12:14 - 2016-01-24 12:14 - 00000000 SHDCL C:\Users\Administrator\Documents\My Videos
2016-01-24 12:14 - 2016-01-24 12:14 - 00000000 SHDCL C:\Users\Administrator\Documents\My Pictures
2016-01-24 12:14 - 2016-01-24 12:14 - 00000000 SHDCL C:\Users\Administrator\Documents\My Music
2016-01-24 12:14 - 2016-01-24 12:14 - 00000000 ___DC C:\Users\Administrator\AppData\Local\Google
2016-01-24 12:14 - 2016-01-24 12:14 - 00000000 ___DC C:\Users\Administrator
2016-01-24 12:14 - 2015-09-06 00:31 - 00000000 ___DC C:\Users\Administrator\AppData\Local\Microsoft Help
2016-01-24 12:14 - 2010-11-21 09:16 - 00000000 ___DC C:\Users\Administrator\AppData\Roaming\Media Center Programs
2016-01-23 19:12 - 2016-01-25 11:21 - 00000000 ___DC C:\Program Files (x86)\NVIDIA Corporation
2016-01-23 19:09 - 2015-10-13 21:00 - 00074032 ____C (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-01-23 19:09 - 2015-10-13 21:00 - 00059568 ____C (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-01-23 19:07 - 2016-01-25 11:46 - 00000000 ___DC C:\ProgramData\NVIDIA Corporation
2016-01-23 19:00 - 2016-01-25 11:58 - 00000000 ___DC C:\Program Files\NVIDIA Corporation
2016-01-23 19:00 - 2010-08-12 11:46 - 00758272 ____C (NVIDIA Corporation) C:\Windows\system32\cohelper.dll
2016-01-23 19:00 - 2010-08-09 22:33 - 00011164 ____C C:\Windows\system32\Drivers\nvphy.bin
2016-01-23 18:55 - 2016-01-24 17:04 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2016-01-23 18:54 - 2016-01-24 00:39 - 00001945 ____C C:\Windows\epplauncher.mif
2016-01-23 18:50 - 2016-01-24 00:39 - 00002117 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-01-23 18:49 - 2016-01-24 00:39 - 00000000 ___DC C:\Program Files\Microsoft Security Client
2016-01-23 18:49 - 2016-01-24 00:39 - 00000000 ___DC C:\Program Files (x86)\Microsoft Security Client
2016-01-23 18:47 - 2016-01-23 19:03 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-01-23 18:47 - 2016-01-23 19:03 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-01-23 18:47 - 2016-01-23 19:03 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2016-01-23 18:47 - 2016-01-23 19:03 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2016-01-23 18:47 - 2016-01-23 19:03 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-01-23 18:47 - 2016-01-23 19:03 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2016-01-23 18:47 - 2016-01-23 19:03 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2016-01-23 18:47 - 2016-01-23 19:03 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2016-01-23 18:45 - 2016-01-23 18:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-01-23 18:45 - 2016-01-23 18:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-01-23 18:45 - 2016-01-23 18:55 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-01-23 18:45 - 2016-01-23 18:55 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-01-23 18:45 - 2016-01-23 18:55 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-01-23 18:45 - 2016-01-23 18:55 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-01-23 18:45 - 2016-01-23 18:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-01-23 18:45 - 2016-01-23 18:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-01-23 18:02 - 2016-01-23 18:02 - 00318492 __RSH C:\HSCBT
2016-01-23 12:34 - 2016-01-23 18:33 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-01-23 12:34 - 2016-01-23 18:24 - 01112576 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-01-23 12:34 - 2016-01-23 18:24 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-01-23 12:34 - 2016-01-23 18:24 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2016-01-23 06:41 - 2016-01-23 06:41 - 00000000 __SHD C:\found.000
2016-01-16 11:24 - 2016-01-24 21:18 - 00379498 ____C C:\Windows\ntbtlog.txt
2016-01-15 21:24 - 2016-01-15 21:24 - 00000000 ___DC C:\Windows\system32\appmgmt
2016-01-14 00:44 - 2016-01-14 00:44 - 00002697 ____C C:\Users\Public\Desktop\Skype.lnk
2016-01-14 00:44 - 2016-01-14 00:44 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-01-13 20:20 - 2015-12-24 01:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-13 20:20 - 2015-12-24 00:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-13 20:20 - 2015-12-12 20:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-13 20:20 - 2015-12-12 20:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-13 20:20 - 2015-12-12 20:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-13 20:20 - 2015-12-12 20:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 20:20 - 2015-12-12 20:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-13 20:20 - 2015-12-12 20:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-13 20:20 - 2015-12-12 20:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 20:20 - 2015-12-12 20:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-13 20:20 - 2015-12-12 19:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-13 20:20 - 2015-12-12 19:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-13 20:20 - 2015-12-12 19:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-13 20:20 - 2015-12-12 19:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 20:20 - 2015-12-12 19:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 20:20 - 2015-12-12 19:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-13 20:20 - 2015-12-12 19:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-13 20:20 - 2015-12-12 19:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-13 20:20 - 2015-12-12 19:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-13 20:20 - 2015-12-12 19:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-13 20:20 - 2015-12-12 19:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-13 20:20 - 2015-12-12 19:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-13 20:20 - 2015-12-12 19:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-13 20:20 - 2015-12-12 19:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 20:20 - 2015-12-12 19:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-13 20:20 - 2015-12-12 19:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 20:20 - 2015-12-12 19:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-13 20:20 - 2015-12-12 19:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 20:20 - 2015-12-12 19:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-13 20:20 - 2015-12-12 19:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-13 20:20 - 2015-12-12 19:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-13 20:20 - 2015-12-12 19:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-13 20:20 - 2015-12-12 19:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-13 20:20 - 2015-12-12 19:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 20:20 - 2015-12-12 19:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-13 20:20 - 2015-12-12 19:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 20:20 - 2015-12-12 18:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 20:20 - 2015-12-12 18:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 20:19 - 2015-12-12 20:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 20:19 - 2015-12-12 20:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 20:19 - 2015-12-12 20:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-13 20:19 - 2015-12-12 20:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-13 20:19 - 2015-12-12 20:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 20:19 - 2015-12-12 20:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-13 20:19 - 2015-12-12 20:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-13 20:19 - 2015-12-12 20:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 20:19 - 2015-12-12 20:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-13 20:19 - 2015-12-12 20:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-13 20:19 - 2015-12-12 19:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-13 20:19 - 2015-12-12 19:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-13 20:19 - 2015-12-12 19:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 20:19 - 2015-12-12 19:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-13 20:19 - 2015-12-12 19:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-13 20:19 - 2015-12-12 19:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-13 20:19 - 2015-12-12 19:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-13 20:19 - 2015-12-12 19:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 20:19 - 2015-12-12 19:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-13 20:19 - 2015-12-12 19:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 20:19 - 2015-12-12 19:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 20:19 - 2015-12-12 19:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-13 20:19 - 2015-12-12 19:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-13 20:19 - 2015-12-12 18:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 20:19 - 2015-12-12 18:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 20:19 - 2015-12-12 18:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-13 20:19 - 2015-12-11 20:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-13 20:19 - 2015-12-08 23:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 20:19 - 2015-12-08 21:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 20:19 - 2015-11-14 01:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 20:19 - 2015-11-14 01:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 20:19 - 2015-11-14 01:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-13 20:19 - 2015-11-14 00:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-13 20:19 - 2015-11-14 00:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-13 20:19 - 2015-11-14 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-13 20:18 - 2015-12-08 23:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 20:18 - 2015-12-08 23:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 20:18 - 2015-12-08 23:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 20:18 - 2015-12-08 23:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 20:18 - 2015-12-08 23:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 20:18 - 2015-12-08 23:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 20:18 - 2015-12-08 23:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-13 20:18 - 2015-12-08 23:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 20:18 - 2015-12-08 23:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 20:18 - 2015-12-08 23:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 20:18 - 2015-12-08 23:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 20:18 - 2015-12-08 23:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 20:18 - 2015-12-08 23:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-13 20:18 - 2015-12-08 23:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 20:18 - 2015-12-08 23:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 20:18 - 2015-12-08 23:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 20:18 - 2015-12-08 23:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 20:18 - 2015-12-08 23:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 20:18 - 2015-12-08 23:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 20:18 - 2015-12-08 23:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 20:18 - 2015-12-08 23:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-13 20:18 - 2015-12-08 23:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 20:18 - 2015-12-08 23:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 20:18 - 2015-12-08 23:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 20:18 - 2015-12-08 23:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-13 20:18 - 2015-12-08 23:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 20:18 - 2015-12-08 23:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 20:18 - 2015-12-08 23:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 20:18 - 2015-12-08 23:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 20:18 - 2015-12-08 23:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 20:18 - 2015-12-08 23:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 20:18 - 2015-12-08 23:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-13 20:18 - 2015-12-08 23:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-13 20:18 - 2015-12-08 23:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-13 20:18 - 2015-12-08 23:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-13 20:18 - 2015-12-08 21:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 20:18 - 2015-12-08 21:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-13 20:18 - 2015-12-08 21:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 20:18 - 2015-12-08 21:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 20:18 - 2015-12-08 21:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 20:18 - 2015-12-08 21:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 20:18 - 2015-12-08 21:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-13 20:18 - 2015-12-08 21:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 20:18 - 2015-12-08 21:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 20:18 - 2015-12-08 21:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 20:18 - 2015-12-08 21:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 20:18 - 2015-12-08 21:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 20:18 - 2015-12-08 21:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-13 20:18 - 2015-12-08 21:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 20:18 - 2015-12-08 21:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 20:18 - 2015-12-08 21:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 20:18 - 2015-12-08 21:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 20:18 - 2015-12-08 21:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 20:18 - 2015-12-08 21:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 20:18 - 2015-12-08 21:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 20:18 - 2015-12-08 21:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 20:18 - 2015-12-08 21:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-13 20:18 - 2015-12-08 21:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 20:18 - 2015-12-08 21:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 20:18 - 2015-12-08 21:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 20:18 - 2015-12-08 21:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 20:18 - 2015-12-08 21:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 20:18 - 2015-12-08 21:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 20:18 - 2015-12-08 21:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 20:18 - 2015-12-08 21:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 20:18 - 2015-12-08 21:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 20:18 - 2015-12-08 21:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 20:18 - 2015-12-08 21:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 20:18 - 2015-12-08 21:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-13 20:18 - 2015-12-08 21:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-13 20:18 - 2015-12-08 21:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 20:18 - 2015-12-08 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-13 20:18 - 2015-12-08 21:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-13 20:18 - 2015-12-08 20:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 20:18 - 2015-12-08 20:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-13 20:18 - 2015-12-08 20:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-13 20:18 - 2015-12-08 19:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 20:14 - 2015-12-30 21:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 20:14 - 2015-12-30 21:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-13 20:14 - 2015-12-08 23:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-13 20:14 - 2015-12-08 23:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 20:14 - 2015-12-08 21:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 20:14 - 2015-12-08 21:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 20:14 - 2015-11-17 03:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-13 20:14 - 2015-11-17 03:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-13 20:14 - 2015-11-17 03:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-13 20:14 - 2015-11-17 03:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-13 20:14 - 2015-11-17 03:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-13 20:14 - 2015-11-17 03:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-13 20:14 - 2015-11-16 22:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-13 20:13 - 2015-12-30 21:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 20:13 - 2015-12-30 21:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-13 20:13 - 2015-12-30 21:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 20:13 - 2015-12-30 21:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-13 20:13 - 2015-12-30 21:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-13 20:13 - 2015-12-30 21:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-13 20:13 - 2015-12-30 21:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-13 20:13 - 2015-12-30 21:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-13 20:13 - 2015-12-30 21:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-13 20:13 - 2015-12-30 21:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-13 20:13 - 2015-12-30 21:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 20:13 - 2015-12-30 21:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-13 20:13 - 2015-12-30 21:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-13 20:13 - 2015-12-30 21:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-13 20:13 - 2015-12-30 21:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-13 20:13 - 2015-12-30 21:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-13 20:13 - 2015-12-30 20:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-13 20:13 - 2015-12-30 20:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 20:13 - 2015-12-30 20:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-13 20:13 - 2015-12-30 20:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 20:13 - 2015-12-30 20:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-13 20:13 - 2015-12-30 20:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-13 20:13 - 2015-12-30 20:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-13 20:13 - 2015-12-30 20:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-13 20:13 - 2015-12-30 20:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-13 20:13 - 2015-12-30 20:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-13 20:13 - 2015-12-30 20:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-13 20:13 - 2015-12-30 20:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-13 20:13 - 2015-12-30 20:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-13 20:13 - 2015-12-30 20:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-13 20:13 - 2015-12-30 20:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-13 20:13 - 2015-12-30 20:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-13 20:13 - 2015-12-30 20:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-13 20:13 - 2015-12-30 20:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-13 20:13 - 2015-12-30 20:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-13 20:13 - 2015-12-30 20:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-13 20:13 - 2015-12-30 20:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-13 20:13 - 2015-12-30 20:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 20:13 - 2015-12-30 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-13 20:13 - 2015-12-30 20:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-13 20:13 - 2015-12-30 20:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 20:13 - 2015-12-30 20:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-13 20:13 - 2015-12-30 20:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-13 20:13 - 2015-12-30 20:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-13 20:13 - 2015-12-30 20:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 19:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-13 20:13 - 2015-12-30 19:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-13 20:13 - 2015-12-30 19:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-13 20:13 - 2015-12-30 19:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-13 20:13 - 2015-12-30 19:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 20:13 - 2015-12-30 19:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-13 20:13 - 2015-12-30 19:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 20:13 - 2015-12-30 19:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-13 20:13 - 2015-12-30 19:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-13 20:13 - 2015-12-30 19:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-13 20:13 - 2015-12-30 19:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-13 20:13 - 2015-12-30 19:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-13 20:13 - 2015-12-30 19:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-13 20:13 - 2015-12-30 19:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-13 20:13 - 2015-12-30 19:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 19:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 19:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 20:13 - 2015-12-30 19:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-10 11:30 - 2009-07-14 07:13 - 00006162 ____C C:\Windows\system32\PerfStringBackup.INI
2016-02-10 11:26 - 2015-09-07 21:22 - 00000898 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-10 11:22 - 2015-09-07 21:22 - 00000894 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-10 11:22 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-10 11:16 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\inf
2016-02-10 11:02 - 2015-09-05 19:10 - 00000000 ___DC C:\Users\Genchev\AppData\Local\Adobe
2016-02-10 10:54 - 2009-07-14 06:45 - 00026576 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-10 10:54 - 2009-07-14 06:45 - 00026576 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-05 20:55 - 2015-09-16 18:02 - 00000000 ___DC C:\Windows\Minidump
2016-02-05 20:54 - 2015-09-16 18:01 - 335768610 ____C C:\Windows\MEMORY.DMP
2016-02-05 17:22 - 2015-09-04 19:11 - 00000000 ___DC C:\Users\Genchev\AppData\Roaming\Skype
2016-02-05 16:03 - 2015-09-04 19:10 - 00000000 ___DC C:\ProgramData\Skype
2016-02-05 12:29 - 2015-09-07 21:22 - 00002212 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-05 12:29 - 2015-09-07 21:22 - 00002183 ____C C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-02 18:21 - 2015-09-07 21:22 - 00003894 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 18:21 - 2015-09-07 21:22 - 00003642 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-31 12:51 - 2015-09-04 19:47 - 00001793 ____C C:\Users\Genchev\Desktop\WINAMP.LNK
2016-01-25 14:57 - 2009-07-14 07:09 - 00000000 ___DC C:\Windows\System32\Tasks\WPD
2016-01-25 12:01 - 2015-09-04 15:53 - 00000000 ___DC C:\ProgramData\NVIDIA
2016-01-25 11:30 - 2015-09-04 14:01 - 00109296 ____C C:\Users\Genchev\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-24 23:45 - 2010-11-21 09:16 - 00000000 __RDC C:\Users\Public\Recorded TV
2016-01-24 23:44 - 2010-11-21 09:16 - 00000000 ___DC C:\Windows\CSC
2016-01-24 23:44 - 2009-07-14 06:45 - 00408216 ____C C:\Windows\system32\FNTCACHE.DAT
2016-01-24 23:10 - 2009-07-14 04:34 - 00000514 ____C C:\Windows\win.ini
2016-01-24 14:12 - 2015-09-04 19:47 - 00000095 ____C C:\Windows\winamp.ini
2016-01-24 12:15 - 2009-07-14 06:57 - 00001547 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-23 18:31 - 2015-09-04 19:40 - 00000000 ___DC C:\Windows\system32\MRT
2016-01-23 18:26 - 2015-09-04 13:46 - 143671360 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-23 01:32 - 2015-09-04 16:55 - 00000000 ___DC C:\ProgramData\AVAST Software
2016-01-16 12:20 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\PolicyDefinitions
2016-01-14 19:20 - 2015-09-04 21:54 - 00000000 __SDC C:\Windows\system32\CompatTel
2016-01-14 19:20 - 2015-09-04 21:54 - 00000000 ___DC C:\Windows\system32\appraiser
2016-01-14 00:51 - 2015-09-04 19:10 - 00000000 __RDC C:\Program Files (x86)\Skype
2016-01-14 00:44 - 2015-09-04 19:11 - 00000000 ___DC C:\Users\Genchev\AppData\Local\Skype
2016-01-13 17:33 - 2015-09-04 16:58 - 00004182 ____C C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-11 17:28 - 2016-01-08 19:47 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2016-01-11 17:28 - 2015-09-04 16:54 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service

Some files in TEMP:
====================
C:\Users\Genchev\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-08 19:51

==================== End of FRST.txt ============================

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

То хубаво, ама това трябва да стане в антивирусния раздел и в нова тема.

От това, което виждам в лога -

1. Направи си пълно сканиране на системния дял!

2. Наличие на istartsurf зараза.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 2 минути, ExaFlop написа:

То хубаво, ама това трябва да стане в антивирусния раздел и в нова тема.

От това, което виждам в лога -

1. Направи си пълно сканиране на системния дял!

2. Наличие на istartsurf зараза.

с коя програма да го пусна скана

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стартирай cmd като администратор. Там напиши:

echo y|chkdsk c: /f /r & shutdown /r /t 000 /d p:1:1

и натисни Enter. Системата ще рестартира и ще започне проверка.

Едит: Възможно е настройките на захранването (Control Panel->Power Options) да са причина за рестартиранията. Задай High Performance и рестартирай машината.

Редактирано от ExaFlop (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

На лаптопа му трябва сериозна профилактика все нещо  трябва да се смени . От това рестартирване само ще умре хард диска на което ме навежда , че е причината идва от слабо захранване . А от другия месец жегите идват и ще започне с всеки изминал ден да награвя доста което ще навреди на видео чипа и на останалите компоненти .

Редактирано от adersa (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 13 минути, ExaFlop написа:

Стартирай cmd като администратор. Там напиши:

echo y|chkdsk c: /f /r & shutdown /r /t 000 /d p:1:1

и натисни Enter. Системата ще рестартира и ще започне проверка.

Едит: Възможно е настройките на захранването (Control Panel->Power Options) да са причина за рестартиранията. Задай High Performance и рестартирай машината.

след подаването на командата, лаптопа се рестартира, но чекването не започва

преди 6 минути, adersa написа:

На лаптопа му трябва сериозна профилактика все нещо  трябва да се смени . От това рестартирване само ще умре хард диска на което ме навежда , че е причината идва от слабо захранване . А от другия месец жегите идват и ще започне с всеки изминал ден да награвя доста което ще навреди на видео чипа и на останалите компоненти .

а дали видеокартата не ме предава

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 1 час, ExaFlop написа:

Може да останете силно изненадан какви находки се намират след почистване.

Машината си е ваша, решенията за начина на работа също са ваши.

Обикновено до третия пост, се дава решение на проблема. Но трябва да се изпишат 20 страници и да се направят 100 излишни процедури..

Авторе -Първо го почисти !!!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 2 часа, tigarle написа:

Прегледах за вируси с Malwarebytes, Superantispyware,

Чакай сега авторе това не са антивирусни скенери!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Пусни само проверка на файловата система:

Стартирай cmd  като администратор и там напиши:

chkdsk c:

и натисни Enter. Като завърши проверката, ако в резултата няма текст "found no problem" снимай прозреца и го качи тук.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?

Едва ли от това ще се рестартира.

Цитат

Kaspersky Rescue Disk is a free tool for disinfecting computers from malware which does not allow the operating system to start.

Трябва да пуснеш Kaspersky Virus Removal tool има и други хубави.Опс преместиха темата.Извинявам се.

Редактирано от Beyond_Wisdom (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Аз не съм вирусоборещ експерт като теб. Наличието на istasurf ме навежда на мисълта за наличие на проблеми със сигурността. Затова и по-горе съм предложил да се отвори тема в Антивирусния раздел.

Редактирано от ExaFlop (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 11 минути, ExaFlop написа:

Пусни само проверка на файловата система:

Стартирай cmd  като администратор и там напиши:

chkdsk c:

и натисни Enter. Като завърши проверката, ако в резултата няма текст "found no problem" снимай прозреца и го качи тук.

откри ми много грешки на харда, а интересно, че  HDD regenarator не откри никакви проблеми

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Моля да се въздържате от понататъшни коментари. Нека остави специализирания екип да си свърши работата!!!

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

Не мисля. че сте за нашия раздел, но нека да проверим някои неща:

 

СТЪПКА 1

 

Проверете дяла и за грешки и лоши сектори и да поправим някои от проблемите с файловата система.

В полето за търсене CMD => кликнете върху файла CMD.exe и изберете Run as administrator => въведете командата: chkdsk c: /x /f /r => натиснете Enter

Съгласете се с Y на диалоговия прозорец. Рестартирайте компютъра и би трябвало проверката да започне.След това вижте какви са били резултатите.

Рапорта от проверката ще намерите тук: В полето за търсене въведете eventvwr.msc => Аpplications => събитие WinInit Event ID 1001. Kопирайте рапорта в следващия си пост.

Ето как да намерите лог файла.

Ако с командата ви е трудно просто отворете My Computer => кликнете с десен бутон на дял C:\ и изберете Properties => отидете на Tools => Check Now... => сложете двете отметки и натиснете бутона Start. Рестартирайте системата и изчакайте проверката да приключи (може да мине над час). След това проверете отново и публикувайте лог файла от последната дата.

 

СТЪПКА 2

 

Тъй като видях и системни файлове, които не минават цифровата проверка нека да видим какво е положението и при тях:

В полето за търсене на Windows въведете CMD => кликнете с десен бутон върху CMD.exe и изберете Run as administrator.

След това с копи/пейст изпълнете една по една командите и след всяка натиснете Enter

sfc /scannow

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

Сега трябва да се появи sfcdetails.txt на десктопа. Прикачете файла, който ще се появи на десктопа - sfcdetails.txt в следващия си коментар и пишете дали има промяна.

 

Поздрави!

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход


  • Горещи теми в момента

  • Подобни теми

    • от bobivg
      Здравейте, от известно време ми направи впечатление, че след като изгасне монитора (не се ползва компютъра) се увеличават оборотите на вентилатора на процесора. Проблема изчезва веднага след като размърдам мишката. Предположих, че имам някакъв миньор и от предходните теми за подобен проблем качих и сканирах с Malwarebytes, който не откри нищо. Сканирах с free версията (с крака не можах да се оправя).
      Прилагам снимки от Resoursce Monitor и Task Manager. Aко е необходима повече информация казвайте.  
      Предварително благодаря за помощта.
      п.п Шума със сигурност е вентилатора на процесора, защото до скоро нямах видео карта и звученето си го познавам добре.
      п.п. 2  Farbar Recovery Scan Tool  FRST.txt и Addition.txt
       

    • от Emilyr
      Здравейте, не знам дали темата е в правилния раздел, просто съм нова в сайта,  съжалявам ако нещо не е както трябва..  Преди малко получих известие от антивирусната ми система, че е блокиран вирус на име 64win malware-gen.. Който е преместен в "затвора за вируси" Какво трябва да предприема, това опасен вирус ли е... Не разбирам от компютри, и не знам как да постъпя, пък ме е страх и за информацията на лаптопа ми. Моля ви дайте ми съвет какво да направя или не трябва да предприемам действия.. Страх ме е да няма и други вируси, защото отдолу на снимката не се вижда добре, но пише че "може да се спотайват и още други заплахи ".   Ще приложа и снимка на съобщението от антивирусната система.. Благодаря Ви предварително..
      Пс:съжалявам за лошото качество на снимката, но трябваше да намалявам размерите й, защото иначе не можех да я кача..

    • от Studenta
      Здравейте, от доста време насам браузъра ми е заразен с някаква руска търсачка. Пробвал съм да трия браузъра да променям настройките да премахвам всички добавки но без успех. Мисля,че с тоя боклук вървят в с още 2 с нея. Когато съм изгасил браузъра и си играя някоя игра примерно изведнъж ми се отваря някакъв шибан руски сайт asap.ru нещо подобно. 
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
      Ran by ASUS (administrator) on ASUS-PC (30-12-2017 20:36:37)
      Running from C:\Users\ASUS\Downloads
      Loaded Profiles: ASUS & UpdatusUser (Available Profiles: ASUS & UpdatusUser)
      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
      Internet Explorer Version 9 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
      (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
      (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
      (Microsoft Corporation) C:\Windows\System32\wlanext.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Intel Corporation) C:\Windows\System32\igfxpers.exe
      (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
      (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
      () C:\Users\ASUS\AppData\Local\Facebook\Games\FacebookGames.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
      (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
      (Atheros) C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
      () C:\Windows\Microsoft\svchost.exe
      (The CefSharp Authors) C:\Users\ASUS\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-20] (Intel Corporation)
      Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-06-15] (Sandboxie Holdings, LLC)
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [vyrtapcchc] => explorer "hxxp://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=3B6FA89994383A9FB1DBD199FEE7BAD7&utm_d=20160526" <==== ATTENTION
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [57446848 2017-12-10] (Skype Technologies S.A.)
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\MountPoints2: {7e52b7ab-80b8-11e5-abf8-ac220bd789b4} - G:\Install.exe
      AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-07-08] (NVIDIA Corporation)
      AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-07-08] (NVIDIA Corporation)
      Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Games Arcade (BETA).lnk [2016-09-19]
      ShortcutTarget: Facebook Games Arcade (BETA).lnk -> C:\Users\ASUS\AppData\Local\Facebook\Games\FacebookGames.exe ()
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      GroupPolicy\User: Restriction <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 77.76.144.10
      Tcpip\..\Interfaces\{18B97A15-4C37-40AB-8ABC-148924326CD0}: [NameServer] 8.8.8.8,8.8.4.4
      Tcpip\..\Interfaces\{18B97A15-4C37-40AB-8ABC-148924326CD0}: [DhcpNameServer] 77.76.144.10
      Tcpip\..\Interfaces\{7B128963-1D6F-410F-B447-36004838DDB1}: [DhcpNameServer] 10.0.0.13
      Internet Explorer:
      ==================
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=3B6FA89994383A9FB1DBD199FEE7BAD7&utm_d=20160526
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
      SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> DefaultScope {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
      SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
      SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
      SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BA4B52271-83DE-44E1-91D2-F540224D09C8%7D&gp=811014
      BHO-x32: Searchgo Class -> {598AEFC6-DD3C-4A63-9AC3-53FCF6155931} -> C:\Users\ASUS\AppData\LocalLow\SearchGo\searchgo.dll [2017-12-30] (Searchgo)
      BHO-x32: Поиск@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\ASUS\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2016-05-26] (Mail.Ru)
      Toolbar: HKLM-x32 - Searchgo - {2BC46CFA-4B00-4193-A7BD-6AD1D0BCB5BC} - C:\Users\ASUS\AppData\LocalLow\SearchGo\searchgo.dll [2017-12-30] (Searchgo)
      FireFox:
      ========
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-30] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-30] ()
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
      FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin HKU\S-1-5-21-3540903787-1263480670-1707380032-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ASUS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
      Chrome: 
      =======
      CHR HomePage: Default -> mail.ru
      CHR StartupUrls: Default -> "hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=3B6FA89994383A9FB1DBD199FEE7BAD7&utm_d=20160526"
      CHR NewTab: Default ->  Not-active:"chrome-extension://nagnmfhgkjkplbhplkbicmpkfopmnefp/newtab.html"
      CHR DefaultSearchURL: Default -> hxxp://go-search.ru/search?q={searchTerms}
      CHR DefaultSearchKeyword: Default -> GoSearch
      CHR DefaultSuggestURL: Default -> hxxp://suggest.yandex.net/suggest-ff.cgi?part={searchTerms}
      CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default [2017-12-30]
      CHR Extension: (Презентации) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Документи) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Диск) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-01]
      CHR Extension: (YouTube) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-01]
      CHR Extension: (Chrome Cleaner Pro) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccjleegmemocfpghkhpjmiccjcacackp [2017-11-12]
      CHR Extension: (Save Tabs) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjepfldodmdfmdidhhgamnklbdibndi [2017-11-05]
      CHR Extension: (Таблици) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Google Документи офлайн) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-01]
      CHR Extension: (Skype) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-30]
      CHR Extension: (Microcosm - New Tab) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nagnmfhgkjkplbhplkbicmpkfopmnefp [2017-11-05]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
      CHR Extension: (Gmail) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-01]
      CHR Extension: (Chrome Media Router) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
      CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-12]
      CHR Extension: (No Name) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\ahggfmgiidlaceichjfemgbaggnbaloe [2017-08-25]
      CHR HKLM-x32\...\Chrome\Extension: [bgcifljfapbhgiehkjlckfjmgeojijcb] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [lbjjfiihgfegniolckphpnfaokdkbmdm] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [nagnmfhgkjkplbhplkbicmpkfopmnefp] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-06-15] (Sandboxie Holdings, LLC)
      R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
      R2 SvcHost Service Host; C:\Windows\Microsoft\svchost.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
      R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-11-01] (DT Soft Ltd)
      R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-06-15] (Sandboxie Holdings, LLC)
      S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
      S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
      S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-05-27] (Anchorfree Inc.)
      S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-14] (Microsoft Corporation)
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-30 20:36 - 2017-12-30 20:37 - 000014515 _____ C:\Users\ASUS\Downloads\FRST.txt
      2017-12-30 20:36 - 2017-12-30 20:36 - 000000000 ____D C:\FRST
      2017-12-30 20:35 - 2017-12-30 20:35 - 002391552 _____ (Farbar) C:\Users\ASUS\Downloads\FRST64.exe
      2017-12-30 19:58 - 2017-12-30 20:04 - 000001310 _____ C:\Users\Public\Desktop\Skype.lnk
      2017-12-30 19:58 - 2017-12-30 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-30 20:15 - 2016-03-17 20:38 - 000000000 ___RD C:\Users\ASUS\Desktop\Снимки
      2017-12-30 20:05 - 2016-05-26 03:40 - 000000000 ____D C:\Users\ASUS\AppData\LocalLow\SearchGo
      2017-12-30 20:05 - 2016-05-26 03:40 - 000000000 ____D C:\Users\ASUS\AppData\Local\SearchGo
      2017-12-30 20:03 - 2017-07-09 14:45 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-12-30 20:03 - 2016-05-26 03:39 - 000000000 ____D C:\Users\ASUS\AppData\Local\PowerMonitor
      2017-12-30 20:02 - 2009-07-14 07:13 - 000782154 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-12-30 20:02 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      2017-12-30 20:00 - 2015-11-01 19:02 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-12-30 20:00 - 2015-11-01 19:02 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-12-30 20:00 - 2015-11-01 19:02 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-12-30 20:00 - 2015-11-01 19:02 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-12-30 20:00 - 2015-11-01 19:02 - 000000000 ____D C:\Windows\system32\Macromed
      2017-12-30 19:57 - 2017-03-06 20:25 - 000000000 ___RD C:\Program Files (x86)\Skype
      2017-12-30 19:57 - 2015-11-01 18:59 - 000000000 ____D C:\ProgramData\Skype
      2017-12-30 19:55 - 2016-04-06 12:07 - 000001382 _____ C:\Windows\Sandboxie.ini
      2017-12-30 19:54 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-11-30 12:07 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-11-30 12:07 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-11-30 05:25 - 2015-11-01 18:59 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Skype
      ==================== Files in the root of some directories =======
      2016-03-30 13:19 - 2016-03-30 13:19 - 000000036 _____ () C:\Users\ASUS\AppData\Local\housecall.guid.cache
      2016-07-12 22:16 - 2016-07-12 22:16 - 000004096 ____H () C:\Users\ASUS\AppData\Local\keyfile3.drm
      Some files in TEMP:
      ====================
      2017-11-24 23:55 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\113.tmp.exe
      2017-11-25 00:04 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\1214.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\1B95.tmp.exe
      2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\1C50.tmp.exe
      2017-11-25 00:06 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\27E4.tmp.exe
      2017-11-12 15:44 - 2017-11-12 11:13 - 000775168 ____N (PhoneLine SOFT Inc) C:\Users\ASUS\AppData\Local\Temp\28DE.tmp.exe
      2017-11-17 01:08 - 2017-11-16 23:36 - 000807912 _____ () C:\Users\ASUS\AppData\Local\Temp\2AE7.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\2B1F.tmp.exe
      2017-11-25 00:04 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\2E2B.tmp.exe
      2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\30E9.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\31B4.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3212.tmp.exe
      2017-11-25 00:06 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3443.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\34A1.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3665.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3B45.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3C01.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3C3F.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3C4F.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3CAC.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3CCB.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\4DCC.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\4EB6.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\5403.tmp.exe
      2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\5480.tmp.exe
      2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\5885.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5D75.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5E6F.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5E7E.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5E8E.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5EFB.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\62A3.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\67A2.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\6A8F.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\727B.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7327.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7420.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7568.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7F37.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\8F4E.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\949B.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\9EC8.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\A129.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\A5BB.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\A934.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\AA4D.tmp.exe
      2017-11-27 07:14 - 2017-11-27 01:56 - 000930776 ____N () C:\Users\ASUS\AppData\Local\Temp\B082.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\BF81.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\C184.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\C1D2.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\C838.tmp.exe
      2017-11-18 14:23 - 2017-11-18 13:59 - 000803816 _____ () C:\Users\ASUS\AppData\Local\Temp\CA7F.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CD09.tmp.exe
      2017-11-18 14:23 - 2017-11-18 13:59 - 000803816 _____ () C:\Users\ASUS\AppData\Local\Temp\CD7B.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CDD4.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CF4A.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CFD6.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\D275.tmp.exe
      2017-11-25 00:06 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\DB8A.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\DFCE.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\E05A.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\E662.tmp.exe
      2017-11-17 01:08 - 2017-11-16 23:36 - 000807912 _____ () C:\Users\ASUS\AppData\Local\Temp\EDF7.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\F512.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\F6D6.tmp.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe
      [2010-11-21 05:24] - [2011-01-16 02:01] - 000389632 _____ (Microsoft Corporation) 81257415084B84F3C0D95C381A8D4C8F
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll
      [2010-11-21 05:24] - [2011-01-16 02:01] - 001008640 _____ (Microsoft Corporation) 0B864E15A0BADFF0E7BB8B59009FDDCF
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-11-19 01:44
      ==================== End of FRST.txt ============================
       

      Addition.txt
    • от Technokom Plovdiv
      Ето събщението, което получава всеки изпратил имейл до нас:
      This message was created automatically by mail delivery software.
      A message that you sent has not yet been delivered to one or more of its recipients after more than 24 hours on the queue on hemus.superhosting.bg.
       
       
      The message identifier is:     1eJa1Z-003lh9-9Y
      The subject of the message is: =?utf-8?B?Rlc6INC80LDQvdC+0LzQtdGC0YrRgA==?=
      The date of the message is:    Tue, 28 Nov 2017 09:09:44 +0200
       
       
      The address to which the message has not yet been delivered is:
       
       
        henryresult111@gmail.com
          (ultimately generated from xxxxxxx@xxxxxxxx.bg)
          host alt4.gmail-smtp-in.l.google.com [74.125.28.27]
          Delay reason: SMTP error from remote mail server after RCPT TO:<henryresult111@gmail.com>:
          452-4.2.2 The email account that you tried to reach is over quota. Please direct
          452-4.2.2 the recipient to
          452 4.2.2  https://support.google.com/mail/?p=OverQuotaTemp h72si2628468pfj.20 - gsmtp
       
       
      No action is required on your part. Delivery attempts will continue for some time, and this warning may be repeated at intervals if the message remains undelivered. Eventually the mail delivery software will give up, and when that happens, the message will be returned to you.
       
      Това съобщение го получават изпращащите мейли към този домейн. Събщенията се получават без проблем. Няма проблем и със сървърното място.
      Не разбирам и каква е връзката с gmail и google след като домейнът е частен. Също нямам никаква идея чий е този имейл: henryresult111@gmail.com
      Възможно ли е да е вирус? Сканирани са всички служебни машини. Имаше разни гадини, които уж обезвредихме, но проблемът не се оправи.
      Сменихме и паролите на всички мейли - нищо.
      Ето информацията от FRST:
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-11-2017
      Ran by pc (administrator) on PC1 (30-11-2017 14:23:09)
      Running from C:\Documents and Settings\pc.PC1\Desktop
      Loaded Profiles: pc (Available Profiles: pc & Administrator & Guest)
      Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
      Internet Explorer Version 8 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
      (HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
      (HP) C:\WINDOWS\system32\HPSIsvc.exe
      (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
      (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
      (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
      (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
      (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
      (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
      (Viber Media S.à r.l.) C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Viber\Viber.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
      (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
      () C:\2017\wsklad.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [RTHDCPL] => C:\Windows\RTHDCPL.EXE [16859648 2008-01-09] (Realtek Semiconductor Corp.)
      HKLM\...\Run: [Alcmtr] => C:\Windows\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
      HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-10-31] (AVG Technologies CZ, s.r.o.)
      HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [302744 2017-11-16] (AVG Technologies CZ, s.r.o.)
      HKU\S-1-5-20\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
      HKU\S-1-5-21-329068152-1604221776-1801674531-1003\...\Run: [Viber] => C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Viber\Viber.exe [69268048 2016-04-13] (Viber Media S.à r.l.)
      HKU\S-1-5-21-329068152-1604221776-1801674531-1003\...\MountPoints2: {260473e8-84c9-11e3-a542-001cf0d5a2b8} - G:\SISetup.exe
      HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
      Startup: C:\Documents and Settings\pc.PC1\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk [2017-11-30]
      ShortcutTarget: Microsoft Office Outlook 2007.lnk -> C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe ()
      Startup: C:\Documents and Settings\pc.PC1\Start Menu\Programs\Startup\Skype.lnk [2017-03-06]
      ShortcutTarget: Skype.lnk -> C:\WINDOWS\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\Skype.ico (No File)
      GroupPolicy: Restriction ? <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
      Tcpip\..\Interfaces\{E7E61260-FB73-4F9E-B467-F1870B906C7C}: [DhcpNameServer] 192.168.1.1 192.168.1.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-329068152-1604221776-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      HKU\S-1-5-21-329068152-1604221776-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-22] (Sun Microsystems, Inc.)
      BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-22] (Sun Microsystems, Inc.)
      DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} hxxp://dl-ak.solidworks.com/nonsecure/edrawings/e2012sp02/12.2.0.110/cab//eModelsStandard.cab
      DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
      DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
      DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
      DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
      FireFox:
      ========
      FF DefaultProfile: 07ckpc18.default-1412315343695
      FF ProfilePath: C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695 [2017-11-30]
      FF Extension: (YouTube Video and Audio Downloader) - C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2017-05-22] [Lagacy]
      FF Extension: (Google Search by Image) - C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695\Extensions\google@hitachi.com.xpi [2016-05-03] [Lagacy]
      FF Extension: (signTextJS) - C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695\Extensions\jid1-AXn9cXcB4fD1QQ@jetpack.xpi [2017-06-15] [Lagacy]
      FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
      FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-06-22] [Lagacy] [not signed]
      FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
      FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-01-27] [Lagacy] [not signed]
      FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
      FF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Lagacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll [2013-09-04] ()
      FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
      Chrome:
      =======
      CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [282536 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5954792 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-10-31] (AVG Technologies CZ, s.r.o.)
      R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [247712 2012-07-25] (HP)
      S4 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-06-22] (Sun Microsystems, Inc.)
      S4 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [65536 2003-10-22] (HP) [File not signed]
      S4 rcp_service; C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe [558592 2007-11-30] (ReaSoft) [File not signed]
      R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
      S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
      S2 APNMCP; "C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]
      S2 HP LaserJet Service; "C:\Program Files\hp\HPLaserJetService\HPLaserJetService.exe" [X]
      S0 MBAMService; no ImagePath
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R1 aswKbd; C:\WINDOWS\system32\Drivers\aswKbd.sys [20624 2012-10-31] (AVAST Software)
      R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [149592 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiskx.sys [135872 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriverx.sys [249232 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidshx.sys [151024 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgblog; C:\WINDOWS\System32\drivers\avgblogx.sys [270344 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbunivx.sys [43992 2017-11-16] (AVG Technologies CZ, s.r.o.)
      S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [35264 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [117368 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [63280 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [775552 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [381184 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [290776 2017-11-16] (AVG Technologies CZ, s.r.o.)
      S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
      S3 dg_ssudbus; C:\WINDOWS\System32\DRIVERS\ssudbus.sys [107648 2016-07-22] (Samsung Electronics Co., Ltd.)
      S3 HP1210FAX; C:\WINDOWS\System32\Drivers\HPM1210FAX.sys [13824 2010-04-28] () [File not signed]
      R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
      R3 m4cxw2k3; C:\WINDOWS\System32\DRIVERS\m4cxw2k3.sys [250752 2007-02-15] (D-Link Corporation)
      S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
      S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
      S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2009-08-03] (VSO Software) [File not signed]
      R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
      S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
      S0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [721904 2009-07-13] (Duplex Secure Ltd.)
      S3 ssudmdm; C:\WINDOWS\System32\DRIVERS\ssudmdm.sys [146048 2016-07-22] (Samsung Electronics Co., Ltd.)
      S3 WpdUsb; C:\WINDOWS\System32\DRIVERS\wpdusb.sys [38528 2006-10-18] (Microsoft Corporation) [File not signed]
      S2 adfs; no ImagePath
      S3 BOCDRIVE; \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys [X]
      S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]
      S3 FXDrv32; \??\D:\FXDrv32.sys [X]
      S4 IntelIde; no ImagePath
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-11-30 14:23 - 2017-11-30 14:23 - 000012709 _____ C:\Documents and Settings\pc.PC1\Desktop\FRST.txt
      2017-11-30 14:22 - 2017-11-30 14:23 - 000000000 ____D C:\FRST
      2017-11-30 14:22 - 2017-11-30 14:22 - 001752064 _____ (Farbar) C:\Documents and Settings\pc.PC1\Desktop\FRST.exe
      2017-11-30 10:49 - 2017-11-30 10:49 - 000025377 _____ C:\Documents and Settings\pc.PC1\Local Settings\Application Data\recently-used.xbel
      2017-11-24 14:34 - 2017-11-24 14:34 - 000000000 ____D C:\Program Files\Quester
      2017-11-24 14:34 - 2017-11-24 14:34 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QMailFilter
      2017-11-24 14:32 - 2017-11-24 14:32 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Local Settings\Application Data\CEF
      2017-11-24 14:32 - 2017-11-24 14:32 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Application Data\AVG
      2017-11-24 14:31 - 2017-11-24 14:31 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Local Settings\Application Data\Avg
      2017-11-24 14:21 - 2017-11-24 14:21 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\PCHealth
      2017-11-20 12:24 - 2017-11-20 12:40 - 000065536 _____ C:\WINDOWS\system32\config\Doctor Web.evt
      2017-11-20 12:24 - 2017-11-20 12:24 - 000000000 ____D C:\Documents and Settings\pc.PC1\Doctor Web
      2017-11-20 12:24 - 2017-11-20 12:24 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Doctor Web
      2017-11-16 14:45 - 2017-11-16 14:45 - 000087203 _____ C:\Documents and Settings\pc.PC1\My Documents\Untitled.pdf
      2017-11-16 14:45 - 2017-11-16 14:45 - 000087203 _____ C:\Documents and Settings\pc.PC1\Desktop\Untitled.pdf
      2017-11-16 13:03 - 2017-11-16 13:05 - 000000000 ____D C:\EEK
      2017-11-16 13:02 - 2017-11-16 13:02 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Temp
      2017-11-16 10:11 - 2017-11-16 10:11 - 000001608 _____ C:\Documents and Settings\All Users\Desktop\AVG AntiVirus FREE.lnk
      2017-11-16 10:11 - 2017-11-16 10:11 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\AVG
      2017-11-16 10:10 - 2017-11-30 10:10 - 000000288 ____H C:\WINDOWS\Tasks\Antivirus Emergency Update.job
      2017-11-16 10:10 - 2017-11-16 10:10 - 000775552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000381184 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000306448 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
      2017-11-16 10:10 - 2017-11-16 10:10 - 000290776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000270344 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgblogx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000249232 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriverx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000151024 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidshx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000149592 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000135872 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiskx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000117368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000063280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000043992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbunivx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000035264 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
      2017-11-16 10:08 - 2017-11-16 10:11 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
      2017-11-16 10:08 - 2017-11-16 10:08 - 000000629 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
      2017-11-16 10:06 - 2017-11-30 11:06 - 000000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
      2017-11-16 10:06 - 2017-11-16 10:08 - 000000000 ____D C:\Program Files\AVG
      2017-11-16 09:51 - 2017-11-16 09:51 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\CEF
      2017-11-16 09:50 - 2017-11-16 11:23 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
      2017-11-16 09:50 - 2017-11-16 10:11 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Avg
      2017-11-16 09:50 - 2017-11-16 10:08 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\AvgSetupLog
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-11-30 14:23 - 2013-08-02 12:50 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Temp
      2017-11-30 14:20 - 2015-08-03 07:23 - 000271360 _____ C:\Documents and Settings\pc.PC1\My Documents\Outlook_Archive.pst
      2017-11-30 14:16 - 2016-12-27 11:00 - 000000000 ____D C:\2017
      2017-11-30 10:49 - 2014-01-15 10:08 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\gtk-2.0
      2017-11-30 10:49 - 2013-08-02 12:55 - 000000000 ____D C:\Documents and Settings\pc.PC1\.gimp-2.8
      2017-11-30 07:55 - 2016-08-12 14:25 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\ViberPC
      2017-11-30 07:52 - 2014-03-28 08:20 - 000000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
      2017-11-30 07:52 - 2008-09-12 18:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2017-11-30 07:52 - 2008-04-14 14:00 - 000011936 _____ C:\WINDOWS\system32\wpa.dbl
      2017-11-29 16:54 - 2013-08-02 12:50 - 000000178 ___SH C:\Documents and Settings\pc.PC1\ntuser.ini
      2017-11-29 16:54 - 2013-08-02 12:50 - 000000000 ____D C:\Documents and Settings\pc.PC1
      2017-11-29 16:54 - 2008-09-12 18:28 - 000032520 _____ C:\WINDOWS\SchedLgU.Txt
      2017-11-28 11:37 - 2011-12-19 11:25 - 000000000 ____D C:\Program Files\The KMPlayer
      2017-11-24 14:40 - 2013-08-02 13:09 - 000211496 _____ C:\Documents and Settings\pc.PC1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2017-11-24 14:37 - 2013-11-01 13:09 - 000000178 ___SH C:\Documents and Settings\Administrator.PC1\ntuser.ini
      2017-11-24 14:36 - 2010-03-25 10:10 - 000979370 _____ C:\WINDOWS\ntbtlog.txt
      2017-11-24 14:35 - 2013-11-01 13:09 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Local Settings\Temp
      2017-11-24 14:28 - 2008-09-12 21:12 - 002469912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
      2017-11-24 14:25 - 2013-08-02 14:23 - 000065536 _____ C:\WINDOWS\system32\config\ODiag.evt
      2017-11-24 14:15 - 2008-09-13 10:13 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2017-11-24 14:12 - 2008-04-14 14:00 - 000000668 _____ C:\WINDOWS\win.ini
      2017-11-24 11:47 - 2016-08-12 14:25 - 000000000 ____D C:\Documents and Settings\pc.PC1\My Documents\ViberDownloads
      2017-11-22 16:05 - 2013-12-11 14:52 - 000000000 ____D C:\2014
      2017-11-22 16:04 - 2010-12-03 14:28 - 000000000 ____D C:\2011
      2017-11-22 16:03 - 2011-12-09 14:39 - 000000000 ____D C:\2012
      2017-11-22 15:40 - 2013-08-02 13:28 - 000002515 _____ C:\Documents and Settings\pc.PC1\Desktop\Microsoft Office Word 2007.lnk
      2017-11-22 14:28 - 2014-12-29 16:42 - 000000000 ____D C:\2015
      2017-11-22 14:25 - 2015-12-23 11:32 - 000000000 ____D C:\2016
      2017-11-16 10:55 - 2014-10-02 15:34 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\istartsurf
      2017-11-16 10:48 - 2012-12-20 13:57 - 000000000 ____D C:\2013
      2017-11-16 10:38 - 2014-10-02 15:34 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\IePluginServices
      2017-11-16 09:28 - 2010-09-30 15:57 - 000000000 ____D C:\Program Files\ough
      2017-11-16 09:01 - 2013-09-23 15:54 - 002755382 ___SH C:\Documents and Settings\pc.PC1\Desktop\Thumbs.db
      2017-11-10 13:23 - 2013-08-02 13:49 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\Skype
      2017-11-08 15:00 - 2014-03-28 08:20 - 000000210 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
      ==================== Files in the root of some directories =======
      2015-08-17 11:04 - 2015-08-17 11:08 - 000304492 _____ (AYURvmkth8) C:\Documents and Settings\pc.PC1\Application Data\adobe.exe
      2013-10-07 13:55 - 2014-04-09 12:28 - 000000531 _____ () C:\Documents and Settings\pc.PC1\Application Data\burnaware.ini
      2013-08-02 13:31 - 2017-08-18 12:25 - 000036352 _____ () C:\Documents and Settings\pc.PC1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2014-02-27 17:15 - 2014-02-28 09:48 - 000000600 _____ () C:\Documents and Settings\pc.PC1\Local Settings\Application Data\PUTTY.RND
      2017-11-30 10:49 - 2017-11-30 10:49 - 000025377 _____ () C:\Documents and Settings\pc.PC1\Local Settings\Application Data\recently-used.xbel
      2011-03-11 09:28 - 2011-03-11 09:28 - 000000016 _____ () C:\Documents and Settings\All Users\Application Data\.7486160831680234
      2008-10-31 09:19 - 2008-10-31 09:19 - 000000041 ___SH () C:\Documents and Settings\All Users\Application Data\.zreglib
      2008-09-13 13:47 - 2016-04-26 08:08 - 000001669 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
      2014-08-15 11:57 - 2010-03-30 10:12 - 000024772 _____ () C:\Documents and Settings\All Users\Application Data\P1210DEF.css
      2014-08-15 11:57 - 2016-01-22 14:22 - 000015499 _____ () C:\Documents and Settings\All Users\Application Data\P1210OS.HTM
      2014-08-15 11:57 - 2010-03-30 10:12 - 000002944 _____ () C:\Documents and Settings\All Users\Application Data\P1210SIG.GIF
      Some files in TEMP:
      ====================
      2017-10-13 09:08 - 2011-12-29 11:44 - 001275396 _____ (NCH Software) C:\Documents and Settings\pc.PC1\Local Settings\Temp\uninst.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
      ==================== End of FRST.txt ============================
      Addition.txt
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.