• Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы

SPYWARE-RU.COM
Меню
  • Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы
В начало › Помогите избавиться от редиректа в гугл хроме
Adguard
 

Помогите избавиться от редиректа в гугл хроме

Удаление вирусов и троянов. Защита компьютера. › Помощь в удалении вирусов, троянов, рекламы и других зловредов › Помогите избавиться от редиректа в гугл хроме

  • This topic has 3 ответа, 2 участника, and was last updated 8 years, 4 months назад by Admin.
Просмотр 4 сообщений - с 1 по 4 (из 4 всего)
  • Автор
    Сообщения
  • 9 июля, 2016 в 10:41 дп #49734
    Денис Цуркан
    Participant
    • Темы:1
    • Сообщений:2
    • ☆

    Доброго времени суток!

    Две недели назад жена скачала с интернета какую-то хрень, сразу после этого во всех браузерах появился редирект при старте браузера. Я обнаружил, что вирусняк тупо поменял мне ярлычки, я ручками их вернул как были, но проблема не решилась. Скачал spy hunter — он кое-что нашел, кое-что подчистил, но проблему не решил. Скачал Малваребайтс, он тоже кое что проверил кое-что нашел почистил, но проблема осталась, правда она не так часто проявляется, только при старте Хрома, сначала идет редирект, потом еще один редирект при добавлении новой вкладки на foryourweb.net, и очень редко при работе хрома при кликах на ссылки (до проверки малваребайтс было гораздо чаще редиректов). Остальными браузерами не пользуюсь, поэтому как там обстоят дела не знаю.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
    Ran by Denis (administrator) on DENIS-PC (09-07-2016 19:29:30)
    Running from C:\Users\Denis\Desktop
    Loaded Profiles: Denis (Available Profiles: Denis)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Русский (Россия)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    (SafeNet Inc.) C:\Windows\System32\hasplms.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (The OpenVPN Project) C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe
    () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    () C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
    (BitTorrent Inc.) C:\Users\Denis\AppData\Roaming\uTorrent\uTorrent.exe
    (Viber Media S.à r.l.) C:\Users\Denis\AppData\Local\Viber\Viber.exe
    (Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
    (ООО Яндекс) C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe
    (Jetico, Inc.) C:\Program Files (x86)\Jetico\BestCrypt\BCResident.exe
    (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    () C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe
    (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
    (ООО Яндекс) C:\Program Files (x86)\Yandex\Punto Switcher\ps64ldr.exe
    (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
    (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
    (BitTorrent Inc.) C:\Users\Denis\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
    (BitTorrent Inc.) C:\Users\Denis\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
    (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\TscHelp.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagitEditor.exe
    (1C) C:\Program Files (x86)\1Cv77\BIN\1cv7s.exe
    (Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Ghisler Software GmbH) C:\Program Files (x86)\Total Commander\TOTALCMD64.EXE

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\…\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
    HKLM\…\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [384248 2014-05-30] (Acronis)
    HKLM\…\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
    HKLM\…\Run: [TNOD UP] => C:\Program Files\TNod User & Password Finder\TNODUP.exe [1024748 2013-07-01] (Tukero[X]Team)
    HKLM\…\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)
    HKLM-x32\…\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
    HKLM-x32\…\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
    HKLM-x32\…\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24105936 2016-06-13] (Dropbox, Inc.)
    HKLM-x32\…\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
    HKLM-x32\…\Run: [openvpn-gui] => C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe [480992 2015-03-23] ()
    HKLM-x32\…\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499240 2015-01-27] (Lenovo)
    HKLM-x32\…\RunOnce: [EasyTuneVI] => C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2012-07-09] ()
    HKU\S-1-5-21-3953324775-1915042530-1409705831-1000\…\Run: [uTorrent] => C:\Users\Denis\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-20] (BitTorrent Inc.)
    HKU\S-1-5-21-3953324775-1915042530-1409705831-1000\…\Run: [Viber] => C:\Users\Denis\AppData\Local\Viber\Viber.exe [71876176 2016-06-24] (Viber Media S.à r.l.)
    HKU\S-1-5-21-3953324775-1915042530-1409705831-1000\…\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
    HKU\S-1-5-21-3953324775-1915042530-1409705831-1000\…\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53130368 2016-05-17] (Skype Technologies S.A.)
    HKU\S-1-5-21-3953324775-1915042530-1409705831-1000\…\MountPoints2: {2b1dc309-b3c7-11e4-a50d-806e6f6e6963} — E:\AUTORUN.EXE
    HKU\S-1-5-21-3953324775-1915042530-1409705831-1000\…\MountPoints2: {4b805bce-0a1e-11e5-a501-74d4355a5618} — F:\Lenovo_Suite.exe
    HKU\S-1-5-21-3953324775-1915042530-1409705831-1000\…\MountPoints2: {b76b9d78-3ab1-11e6-b7b8-74d4355a5618} — F:\Lenovo_Suite.exe
    AppInit_DLLs-x32: hplun.dll => No File
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BestCrypt Auto Open.lnk [2015-07-02]
    ShortcutTarget: BestCrypt Auto Open.lnk -> C:\Program Files (x86)\Jetico\BestCrypt\BestCrypt.exe (Jetico, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk [2015-02-06]
    ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)
    Startup: C:\Users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk [2016-01-12]
    ShortcutTarget: Punto Switcher.lnk -> C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe (ООО Яндекс)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 217.26.160.4 217.26.160.5 192.168.1.1
    Tcpip\..\Interfaces\{11BE04BC-7D1D-4554-BD83-19AC01B1F2E4}: [DhcpNameServer] 217.26.160.4 217.26.160.5 192.168.1.1
    Tcpip\..\Interfaces\{879A5C6F-3CFC-44CD-8773-DBEC183D0270}: [DhcpNameServer] 130.30.2.157 40.0.2.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3953324775-1915042530-1409705831-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131107551757320174&GUID=00000000-0000-0000-0000-000000000000
    BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-06] (Oracle Corporation)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-06] (Oracle Corporation)
    DPF: HKLM-x32 {113E52A8-A790-4B13-B5F8-B17BD5617707} hxxps://probanking.procreditbank.md/bs-client/code/3.17.4.560/cr_call.cab
    DPF: HKLM-x32 {34E60EF0-8825-4AD8-ABED-ADC2F358F2C9} hxxps://probanking.procreditbank.md/bs-client/code/3.17.4.560/bsssl.cab
    DPF: HKLM-x32 {B4200B70-4EA0-40EC-8F0D-09299BB8EC03} hxxps://probanking.procreditbank.md/bs-client/code/3.17.4.560/cr_ossl.cab
    Handler: skypec2c — {91774881-D725-4E58-B298-07617B9B86A8} — C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
    Handler-x32: skypec2c — {91774881-D725-4E58-B298-07617B9B86A8} — C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
    Filter: video/mp4 — {20C75730-7C25-476B-95DC-C65810F9E489} — C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
    Filter-x32: video/mp4 — {20C75730-7C25-476B-95DC-C65810F9E489} — C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
    Filter: video/x-flv — {20C75730-7C25-476B-95DC-C65810F9E489} — C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
    Filter-x32: video/x-flv — {20C75730-7C25-476B-95DC-C65810F9E489} — C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Denis\AppData\Roaming\Profiles\5n2hf9qg.default
    FF SearchEngineOrder.3: Bing
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q=
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-06] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-06] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-11] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-11] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
    FF SearchPlugin: C:\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\bing-.xml [2016-05-10]
    FF SearchPlugin: C:\Users\Denis\AppData\Roaming\Profiles\5n2hf9qg.default\searchplugins\bing-.xml [2016-05-10]
    FF Extension: Video AdBlock for Firefox — C:\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{a00bef25-f21a-4539-adbb-b179b29e2b92} [2015-12-10]
    FF Extension: Bing Search — C:\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-05-10]
    FF Extension: Video AdBlock for Firefox — C:\Users\Denis\AppData\Roaming\Profiles\5n2hf9qg.default\Extensions\{a00bef25-f21a-4539-adbb-b179b29e2b92} [2016-06-06]
    FF Extension: Bing Search — C:\Users\Denis\AppData\Roaming\Profiles\5n2hf9qg.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-06-06]
    FF Extension: No Name — C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]

    Chrome:
    =======
    CHR HomePage: ChromeDefaultData -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=ru-ru
    CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
    CHR DefaultSearchKeyword: ChromeDefaultData -> bing.com
    CHR HKU\S-1-5-21-3953324775-1915042530-1409705831-1000\SOFTWARE\Google\Chrome\Extensions\…\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] — hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\…\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] — hxxp://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-18] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-18] (Dropbox, Inc.)
    S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт)
    R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
    R2 hasplms; C:\Windows\system32\hasplms.exe [4665168 2015-09-23] (SafeNet Inc.)
    S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38240 2016-02-01] (The OpenVPN Project)
    R2 OpenVPNServiceInteractive; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [81024 2015-03-23] (The OpenVPN Project)
    R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-01-17] (Microsoft Corporation)
    S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт)
    S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [77912 2015-09-23] (SafeNet Inc.)
    S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [81368 2015-09-23] (SafeNet Inc.)
    R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [322560 2015-09-23] (SafeNet Inc.)
    R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
    R1 bcbus; C:\Windows\System32\DRIVERS\bcbus.sys [81984 2010-01-14] (Jetico, Inc.)
    R0 bcfnt; C:\Windows\System32\Drivers\bcfnt.sys [188992 2010-01-29] (Jetico, Inc.)
    R1 BC_3DES; C:\Windows\System32\Drivers\BC_3DES.sys [34368 2010-05-18] (Jetico, Inc.)
    R1 BC_BF128; C:\Windows\System32\Drivers\BC_BF128.sys [30784 2009-12-22] (Jetico, Inc.)
    R1 BC_BF448; C:\Windows\System32\Drivers\BC_BF448.sys [30784 2009-12-22] (Jetico, Inc.)
    R1 BC_BFish; C:\Windows\System32\Drivers\BC_BFish.sys [30272 2009-12-22] (Jetico, Inc.)
    R1 BC_CAST; C:\Windows\System32\Drivers\BC_CAST.sys [37440 2009-12-22] (Jetico, Inc.)
    R1 BC_DES; C:\Windows\System32\Drivers\BC_DES.sys [33856 2010-05-18] (Jetico, Inc.)
    R1 BC_Gost; C:\Windows\System32\Drivers\BC_Gost.sys [25664 2009-12-22] (Jetico, Inc.)
    R1 BC_IDEA; C:\Windows\System32\Drivers\BC_IDEA.sys [27712 2009-12-22] (Iarsn)
    R1 BC_RC6; C:\Windows\System32\Drivers\BC_RC6.sys [30272 2009-12-22] (Michael Oestergaard Pedersen)
    R1 BC_RIJN; C:\Windows\System32\Drivers\BC_RIJN.sys [51264 2009-12-22] (Jetico, Inc.)
    R1 BC_SERP; C:\Windows\System32\Drivers\BC_SERP.sys [36928 2009-12-22] (Michael Oestergaard Pedersen)
    R1 BC_TFISH; C:\Windows\System32\Drivers\BC_TFISH.sys [34368 2009-12-22] (Jetico, Inc.)
    R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
    R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET)
    R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [231520 2015-07-14] (ESET)
    R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53360 2015-07-14] (ESET)
    R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-14] (ESET)
    S3 esgiguard; D:\torrents\SpyHunter 4.21.10.4585 Portable by wood\esgiguard.sys [15920 2016-06-06] (Enigma Software Group USA, LLC.)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-06-06] ()
    R0 fsh; C:\Windows\System32\Drivers\fsh.sys [55872 2010-04-08] (Jetico, Inc.)
    R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2016-07-09] ()
    R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [350552 2015-09-23] (SafeNet Inc.)
    R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-09] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
    R3 mhk; C:\Windows\System32\Drivers\mhk.sys [16872 2008-08-18] (Jetico, Inc.)
    R3 moh; C:\Windows\System32\Drivers\moh.sys [12776 2008-07-17] (Jetico, Inc.)
    R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94656 2015-07-15] (Корпорация Майкрософт)
    S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2016-04-21] (The OpenVPN Project)
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
    S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
    R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Корпорация Майкрософт)
    R2 vusbbus; C:\Windows\System32\DRIVERS\vusbbus.sys [41984 2015-07-22] (Chingachguk & Denger2k)
    U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-07-09 19:29 — 2016-07-09 19:29 — 00025029 _____ C:\Users\Denis\Desktop\FRST.txt
    2016-07-08 08:01 — 2016-07-09 15:52 — 00000004 _____ C:\Windows\SysWOW64\GVTunner.ref
    2016-07-08 00:13 — 2016-07-08 00:13 — 124299570 _____ C:\Users\Denis\Desktop\Документы для банка.rar
    2016-07-07 22:33 — 2016-07-08 00:12 — 00000000 ____D C:\Users\Denis\Desktop\Документы для банка
    2016-07-06 20:14 — 2016-07-09 19:29 — 00000000 ____D C:\FRST
    2016-07-06 19:54 — 2016-07-06 19:54 — 02193920 _____ (Farbar) C:\Users\Denis\Desktop\FRST64.exe
    2016-07-04 23:47 — 2016-07-04 23:47 — 00955184 _____ C:\Users\Denis\Desktop\caem_editia2005.zip
    2016-07-04 23:46 — 2016-07-04 23:46 — 01081772 _____ C:\Users\Denis\Desktop\caem_rev2.zip
    2016-07-04 01:49 — 2016-07-09 19:14 — 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-07-04 01:49 — 2016-07-04 01:49 — 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-07-04 01:49 — 2016-07-04 01:49 — 00000000 ____D C:\Users\Все пользователи\Malwarebytes
    2016-07-04 01:49 — 2016-07-04 01:49 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-07-04 01:49 — 2016-07-04 01:49 — 00000000 ____D C:\ProgramData\Malwarebytes
    2016-07-04 01:49 — 2016-07-04 01:49 — 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-07-04 01:49 — 2016-03-10 14:09 — 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-07-04 01:49 — 2016-03-10 14:08 — 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-07-04 01:49 — 2016-03-10 14:08 — 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-07-01 20:20 — 2016-07-01 20:46 — 03997696 _____ C:\Users\Denis\Desktop\Новый2.xls
    2016-06-30 11:39 — 2016-06-30 11:39 — 00000000 ____D C:\Users\Denis\AppData\Local\Viber
    2016-06-29 20:55 — 2016-06-29 20:55 — 00000017 _____ C:\Users\Denis\AppData\Local\resmon.resmoncfg
    2016-06-28 16:58 — 2016-06-28 16:58 — 00000000 ____D C:\Users\Denis\Documents\1C
    2016-06-26 00:42 — 2016-06-26 00:42 — 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
    2016-06-26 00:40 — 2016-06-26 00:40 — 00003986 _____ C:\Windows\System32\Tasks\lenovo mobile auto run
    2016-06-26 00:40 — 2016-06-26 00:40 — 00000949 _____ C:\Users\Public\Desktop\Mobile Assistant.lnk
    2016-06-26 00:40 — 2016-06-26 00:40 — 00000527 _____ C:\Users\Denis\ticket1.xml
    2016-06-26 00:40 — 2016-06-26 00:40 — 00000000 ____D C:\Users\Denis\AppData\Roaming\Lenovo
    2016-06-26 00:40 — 2016-06-26 00:40 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Assistant
    2016-06-26 00:40 — 2016-06-26 00:40 — 00000000 ____D C:\Program Files (x86)\MagicPlus
    2016-06-25 00:38 — 2016-06-25 00:38 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2016-06-19 13:58 — 2016-06-19 13:58 — 00000000 ____D C:\Users\Все пользователи\AMMYY
    2016-06-19 13:58 — 2016-06-19 13:58 — 00000000 ____D C:\ProgramData\AMMYY
    2016-06-19 00:12 — 2016-06-19 00:12 — 00768416 _____ (Reimage) C:\ReimageRepair.exe
    2016-06-18 01:47 — 2016-07-04 01:35 — 00000000 ____D C:\Program Files (x86)\Webcam Surveyor
    2016-06-18 01:47 — 2016-06-18 01:47 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webcam Surveyor
    2016-06-18 01:25 — 2016-07-04 01:35 — 00000188 _____ C:\Users\Denis\AppData\Roaming\wss.ini
    2016-06-18 01:25 — 2016-07-04 01:35 — 00000000 ____D C:\Users\Denis\AppData\Roaming\WebacamSurveyor
    2016-06-18 01:25 — 2016-06-18 01:25 — 03300928 _____ (El Software Solutions ) C:\WebcamSurveyor-setup.exe
    2016-06-18 01:25 — 2016-06-18 01:25 — 00000000 ____D C:\Users\Denis\Documents\WebacamSurveyor
    2016-06-18 00:49 — 2016-06-18 00:50 — 00000000 ____D C:\proshivka
    2016-06-18 00:31 — 2016-06-18 00:31 — 06248805 _____ C:\recovery.rar
    2016-06-18 00:13 — 2016-06-18 00:33 — 00000000 ____D C:\android
    2016-06-18 00:12 — 2016-06-18 00:12 — 00384425 _____ C:\android.rar
    2016-06-18 00:05 — 2016-06-18 00:05 — 00000005 _____ C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
    2016-06-17 23:54 — 2016-06-18 00:06 — 00000000 ____D C:\Users\Все пользователи\HTC
    2016-06-17 23:54 — 2016-06-18 00:06 — 00000000 ____D C:\Users\Denis\AppData\Roaming\HTC
    2016-06-17 23:54 — 2016-06-18 00:06 — 00000000 ____D C:\ProgramData\HTC
    2016-06-17 23:54 — 2016-06-18 00:05 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
    2016-06-17 23:54 — 2016-06-17 23:54 — 00000000 ____D C:\Users\Denis\Documents\HTC
    2016-06-17 23:54 — 2016-06-17 23:54 — 00000000 ____D C:\Users\Denis\AppData\Roaming\Apple Computer
    2016-06-17 23:54 — 2016-06-17 23:54 — 00000000 ____D C:\Users\Denis\AppData\Local\Apple Computer
    2016-06-17 23:54 — 2016-06-17 23:54 — 00000000 ____D C:\Users\Denis\.android
    2016-06-17 23:53 — 2016-06-18 00:06 — 00000000 ____D C:\Program Files (x86)\HTC
    2016-06-17 23:53 — 2016-06-17 23:53 — 00000000 ____D C:\Users\Denis\AppData\Local\Downloaded Installations
    2016-06-17 23:53 — 2016-06-17 23:53 — 00000000 ____D C:\Program Files (x86)\Spirent Communications
    2016-06-17 23:51 — 2016-06-17 23:53 — 146700768 _____ (HTC) C:\setup_3.1.69.5_htc.exe
    2016-06-17 23:42 — 2016-06-17 23:42 — 01619991 _____ C:\revolutionary-0.4pre4.zip
    2016-06-17 23:42 — 2016-06-17 23:42 — 00000000 ____D C:\revolutionary-0.4pre4
    2016-06-16 19:09 — 2016-06-16 19:09 — 00000000 ____D C:\Users\Denis\AppData\Local\Sophos
    2016-06-16 19:09 — 2016-06-16 19:09 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
    2016-06-16 19:09 — 2016-06-16 19:09 — 00000000 ____D C:\Program Files (x86)\Sophos
    2016-06-15 16:56 — 2016-05-24 02:37 — 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-06-15 16:56 — 2016-05-24 01:54 — 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-06-15 16:56 — 2016-05-21 20:28 — 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-06-15 16:56 — 2016-05-21 19:57 — 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-06-15 16:56 — 2016-05-21 01:27 — 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2016-06-15 16:56 — 2016-05-21 01:27 — 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2016-06-15 16:56 — 2016-05-21 01:14 — 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2016-06-15 16:56 — 2016-05-21 01:10 — 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2016-06-15 16:56 — 2016-05-21 01:09 — 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-06-15 16:56 — 2016-05-21 01:09 — 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2016-06-15 16:56 — 2016-05-21 01:09 — 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2016-06-15 16:56 — 2016-05-21 01:08 — 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-06-15 16:56 — 2016-05-21 01:08 — 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2016-06-15 16:56 — 2016-05-21 01:02 — 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-06-15 16:56 — 2016-05-21 01:00 — 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2016-06-15 16:56 — 2016-05-21 00:59 — 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2016-06-15 16:56 — 2016-05-21 00:57 — 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-06-15 16:56 — 2016-05-21 00:57 — 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2016-06-15 16:56 — 2016-05-21 00:57 — 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2016-06-15 16:56 — 2016-05-21 00:56 — 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2016-06-15 16:56 — 2016-05-21 00:56 — 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2016-06-15 16:56 — 2016-05-21 00:55 — 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2016-06-15 16:56 — 2016-05-21 00:54 — 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-06-15 16:56 — 2016-05-21 00:54 — 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2016-06-15 16:56 — 2016-05-21 00:54 — 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2016-06-15 16:56 — 2016-05-21 00:54 — 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2016-06-15 16:56 — 2016-05-21 00:50 — 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-06-15 16:56 — 2016-05-21 00:49 — 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2016-06-15 16:56 — 2016-05-21 00:48 — 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2016-06-15 16:56 — 2016-05-21 00:45 — 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2016-06-15 16:56 — 2016-05-21 00:45 — 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2016-06-15 16:56 — 2016-05-21 00:44 — 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-06-15 16:56 — 2016-05-21 00:44 — 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2016-06-15 16:56 — 2016-05-21 00:43 — 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2016-06-15 16:56 — 2016-05-21 00:41 — 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2016-06-15 16:56 — 2016-05-21 00:33 — 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2016-06-15 16:56 — 2016-05-21 00:33 — 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2016-06-15 16:56 — 2016-05-21 00:32 — 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2016-06-15 16:56 — 2016-05-21 00:29 — 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-06-15 16:56 — 2016-05-21 00:28 — 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2016-06-15 16:56 — 2016-05-21 00:27 — 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-06-15 16:56 — 2016-05-21 00:27 — 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2016-06-15 16:56 — 2016-05-21 00:26 — 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2016-06-15 16:56 — 2016-05-21 00:25 — 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2016-06-15 16:56 — 2016-05-21 00:23 — 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2016-06-15 16:56 — 2016-05-21 00:23 — 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2016-06-15 16:56 — 2016-05-21 00:22 — 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2016-06-15 16:56 — 2016-05-21 00:21 — 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2016-06-15 16:56 — 2016-05-21 00:19 — 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2016-06-15 16:56 — 2016-05-21 00:14 — 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-06-15 16:56 — 2016-05-21 00:12 — 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2016-06-15 16:56 — 2016-05-21 00:11 — 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-06-15 16:56 — 2016-05-21 00:11 — 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-06-15 16:56 — 2016-05-21 00:09 — 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-06-15 16:56 — 2016-05-21 00:09 — 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-06-15 16:56 — 2016-05-21 00:08 — 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-06-15 16:56 — 2016-05-21 00:08 — 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-06-15 16:56 — 2016-05-21 00:07 — 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2016-06-15 16:56 — 2016-05-21 00:07 — 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2016-06-15 16:56 — 2016-05-21 00:06 — 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-06-15 16:56 — 2016-05-20 23:46 — 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-06-15 16:56 — 2016-05-20 23:42 — 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-06-15 16:56 — 2016-05-20 23:38 — 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-06-15 16:56 — 2016-05-20 23:38 — 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-06-15 16:56 — 2016-05-20 23:34 — 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-06-15 16:56 — 2016-05-20 23:23 — 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-06-15 16:55 — 2016-06-06 19:58 — 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2016-06-15 16:55 — 2016-06-06 19:50 — 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2016-06-15 16:55 — 2016-06-03 16:05 — 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2016-06-15 16:55 — 2016-05-27 16:06 — 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2016-06-15 16:55 — 2016-05-27 16:06 — 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2016-06-15 16:55 — 2016-05-27 16:06 — 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2016-06-15 16:55 — 2016-05-27 16:06 — 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2016-06-15 16:55 — 2016-05-22 16:06 — 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2016-06-15 16:55 — 2016-05-18 19:10 — 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2016-06-15 16:55 — 2016-05-18 19:09 — 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2016-06-15 16:55 — 2016-05-14 01:15 — 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2016-06-15 16:55 — 2016-05-14 01:09 — 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2016-06-15 16:55 — 2016-05-14 01:09 — 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2016-06-15 16:55 — 2016-05-14 01:09 — 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2016-06-15 16:55 — 2016-05-14 01:09 — 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2016-06-15 16:55 — 2016-05-14 00:54 — 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2016-06-15 16:55 — 2016-05-14 00:50 — 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2016-06-15 16:55 — 2016-05-14 00:49 — 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2016-06-15 16:55 — 2016-05-14 00:49 — 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2016-06-15 16:55 — 2016-05-14 00:27 — 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2016-06-15 16:55 — 2016-05-12 20:20 — 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-06-15 16:55 — 2016-05-12 20:20 — 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2016-06-15 16:55 — 2016-05-12 20:15 — 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2016-06-15 16:55 — 2016-05-12 20:15 — 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2016-06-15 16:55 — 2016-05-12 20:15 — 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
    2016-06-15 16:55 — 2016-05-12 20:15 — 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2016-06-15 16:55 — 2016-05-12 20:15 — 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2016-06-15 16:55 — 2016-05-12 20:15 — 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2016-06-15 16:55 — 2016-05-12 20:14 — 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-06-15 16:55 — 2016-05-12 20:14 — 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-06-15 16:55 — 2016-05-12 20:14 — 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
    2016-06-15 16:55 — 2016-05-12 20:14 — 00793088 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
    2016-06-15 16:55 — 2016-05-12 20:14 — 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-06-15 16:55 — 2016-05-12 20:14 — 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2016-06-15 16:55 — 2016-05-12 20:14 — 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
    2016-06-15 16:55 — 2016-05-12 20:14 — 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-06-15 16:55 — 2016-05-12 20:14 — 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
    2016-06-15 16:55 — 2016-05-12 20:14 — 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-06-15 16:55 — 2016-05-12 20:14 — 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-06-15 16:55 — 2016-05-12 20:14 — 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-06-15 16:55 — 2016-05-12 20:14 — 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2016-06-15 16:55 — 2016-05-12 20:14 — 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2016-06-15 16:55 — 2016-05-12 20:14 — 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
    2016-06-15 16:55 — 2016-05-12 20:14 — 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
    2016-06-15 16:55 — 2016-05-12 20:14 — 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2016-06-15 16:55 — 2016-05-12 20:14 — 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2016-06-15 16:55 — 2016-05-12 20:14 — 00032768 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
    2016-06-15 16:55 — 2016-05-12 20:14 — 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2016-06-15 16:55 — 2016-05-12 20:14 — 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2016-06-15 16:55 — 2016-05-12 18:18 — 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2016-06-15 16:55 — 2016-05-12 18:18 — 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2016-06-15 16:55 — 2016-05-12 18:18 — 00591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
    2016-06-15 16:55 — 2016-05-12 18:18 — 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-06-15 16:55 — 2016-05-12 18:18 — 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-06-15 16:55 — 2016-05-12 18:18 — 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
    2016-06-15 16:55 — 2016-05-12 18:18 — 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-06-15 16:55 — 2016-05-12 18:18 — 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-06-15 16:55 — 2016-05-12 18:18 — 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-06-15 16:55 — 2016-05-12 18:18 — 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2016-06-15 16:55 — 2016-05-12 18:18 — 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2016-06-15 16:55 — 2016-05-12 18:18 — 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2016-06-15 16:55 — 2016-05-12 18:18 — 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2016-06-15 16:55 — 2016-05-12 18:18 — 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
    2016-06-15 16:55 — 2016-05-12 18:18 — 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
    2016-06-15 16:55 — 2016-05-12 18:18 — 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2016-06-15 16:55 — 2016-05-12 18:18 — 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2016-06-15 16:55 — 2016-05-12 18:18 — 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
    2016-06-15 16:55 — 2016-05-12 18:18 — 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2016-06-15 16:55 — 2016-05-12 18:18 — 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2016-06-15 16:55 — 2016-05-12 18:18 — 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2016-06-15 16:55 — 2016-05-12 18:06 — 00025600 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
    2016-06-15 16:55 — 2016-05-12 18:05 — 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2016-06-15 16:55 — 2016-05-12 18:03 — 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-06-15 16:55 — 2016-05-12 17:58 — 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2016-06-15 16:55 — 2016-05-12 17:58 — 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2016-06-15 16:55 — 2016-05-12 17:58 — 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-06-15 16:55 — 2016-05-12 17:58 — 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2016-06-15 16:55 — 2016-05-12 17:58 — 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-06-15 16:55 — 2016-05-12 17:58 — 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-06-15 16:55 — 2016-05-12 17:57 — 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
    2016-06-15 16:55 — 2016-05-12 17:57 — 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2016-06-15 16:55 — 2016-05-12 17:57 — 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
    2016-06-15 16:55 — 2016-05-12 17:56 — 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2016-06-15 16:55 — 2016-05-12 17:51 — 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2016-06-15 16:55 — 2016-05-12 16:05 — 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2016-06-15 16:55 — 2016-05-12 16:05 — 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
    2016-06-15 16:55 — 2016-05-12 16:04 — 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
    2016-06-15 16:55 — 2016-05-11 20:02 — 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
    2016-06-15 16:55 — 2016-05-11 20:02 — 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
    2016-06-15 16:55 — 2016-05-11 20:02 — 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
    2016-06-15 16:55 — 2016-05-11 20:02 — 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
    2016-06-15 16:55 — 2016-05-11 18:19 — 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
    2016-06-15 16:55 — 2016-05-11 18:19 — 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
    2016-06-15 16:55 — 2016-05-11 18:19 — 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
    2016-06-15 16:55 — 2016-05-11 18:19 — 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
    2016-06-15 16:55 — 2016-05-11 18:11 — 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
    2016-06-15 16:55 — 2016-05-11 18:01 — 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
    2016-06-15 16:55 — 2016-05-11 17:58 — 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
    2016-06-15 16:55 — 2016-04-14 19:46 — 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2016-06-15 16:55 — 2016-04-14 19:42 — 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2016-06-15 16:55 — 2016-04-14 19:42 — 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2016-06-15 16:55 — 2016-04-14 19:42 — 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2016-06-15 16:55 — 2016-04-14 19:42 — 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2016-06-15 16:55 — 2016-04-14 19:42 — 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
    2016-06-15 16:55 — 2016-04-14 18:33 — 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2016-06-15 16:55 — 2016-04-14 18:33 — 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2016-06-15 16:55 — 2016-04-14 18:33 — 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2016-06-15 16:55 — 2016-04-14 18:33 — 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
    2016-06-15 16:55 — 2016-04-14 18:19 — 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2016-06-15 16:55 — 2016-04-14 18:11 — 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
    2016-06-15 16:55 — 2016-04-09 09:58 — 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2016-06-15 16:55 — 2016-04-09 09:57 — 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2016-06-15 16:55 — 2016-04-09 09:54 — 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2016-06-15 16:55 — 2016-04-09 09:54 — 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2016-06-15 16:55 — 2016-04-09 08:53 — 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2016-06-15 16:55 — 2016-04-09 08:44 — 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
    2016-06-15 16:55 — 2016-03-09 22:00 — 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
    2016-06-15 16:55 — 2016-03-09 21:40 — 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
    2016-06-15 15:17 — 2016-07-09 15:52 — 00000000 ____D C:\Users\Denis\AppData\LocalLow\uTorrent
    2016-06-11 01:19 — 2016-06-16 20:32 — 00002191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-06-11 01:19 — 2016-06-16 20:32 — 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-06-11 01:17 — 2016-07-09 19:29 — 00000970 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-06-11 01:17 — 2016-07-09 15:52 — 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-06-11 01:17 — 2016-06-11 11:24 — 00003966 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-06-11 01:17 — 2016-06-11 11:24 — 00003714 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-06-11 01:17 — 2016-06-11 01:17 — 00000000 ____D C:\Users\Denis\AppData\Local\Deployment
    2016-06-09 20:21 — 2016-07-07 01:34 — 00000000 ____D C:\AdwCleaner

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-07-09 19:29 — 2015-02-06 00:04 — 00000000 ____D C:\Users\Denis\AppData\Roaming\uTorrent
    2016-07-09 19:14 — 2015-11-18 21:09 — 00001098 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
    2016-07-09 19:12 — 2016-04-08 10:00 — 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
    2016-07-09 19:00 — 2015-02-06 00:00 — 00000896 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-07-09 17:32 — 2009-07-14 07:45 — 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-07-09 17:32 — 2009-07-14 07:45 — 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-07-09 16:00 — 2015-02-05 02:36 — 02092446 _____ C:\Windows\WindowsUpdate.log
    2016-07-09 15:58 — 2011-04-12 16:26 — 00727458 _____ C:\Windows\system32\perfh019.dat
    2016-07-09 15:58 — 2011-04-12 16:26 — 00151550 _____ C:\Windows\system32\perfc019.dat
    2016-07-09 15:58 — 2009-07-14 08:13 — 01656578 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-07-09 15:53 — 2015-11-18 21:12 — 00000000 ___RD C:\Users\Denis\Dropbox
    2016-07-09 15:52 — 2015-11-24 17:58 — 00000000 ____D C:\Users\Denis\AppData\Roaming\ViberPC
    2016-07-09 15:52 — 2015-11-18 21:09 — 00001094 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
    2016-07-09 15:52 — 2015-02-06 22:19 — 00000000 ____D C:\Users\Denis\AppData\Roaming\Skype
    2016-07-09 15:52 — 2015-02-05 02:56 — 00030528 _____ C:\Windows\GVTDrv64.sys
    2016-07-09 15:52 — 2015-02-05 02:56 — 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
    2016-07-09 15:52 — 2015-02-05 02:56 — 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\etdrv.sys
    2016-07-09 15:52 — 2009-07-14 08:08 — 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-07-09 15:52 — 2009-07-14 07:51 — 00078274 _____ C:\Windows\setupact.log
    2016-07-08 23:20 — 2016-02-21 00:41 — 00000000 ____D C:\Users\Все пользователи\Home Media Server
    2016-07-08 23:20 — 2016-02-21 00:41 — 00000000 ____D C:\ProgramData\Home Media Server
    2016-07-08 16:55 — 2016-05-24 01:11 — 00030506 _____ C:\Users\Denis\Desktop\аренда.xlsx
    2016-07-07 23:02 — 2015-02-12 00:29 — 00000000 ____D C:\Users\Denis\AppData\Local\CrashDumps
    2016-07-07 02:08 — 2015-02-06 00:08 — 00000000 ____D C:\Users\Все пользователи\Microsoft Help
    2016-07-07 02:08 — 2015-02-06 00:08 — 00000000 ____D C:\ProgramData\Microsoft Help
    2016-07-06 20:52 — 2015-03-04 11:04 — 00002324 ____H C:\Users\Denis\Documents\Default.rdp
    2016-07-06 20:27 — 2009-07-14 08:32 — 00000000 ____D C:\Windows\system32\FxsTmp
    2016-07-04 10:36 — 2010-11-21 06:47 — 00057964 _____ C:\Windows\PFRO.log
    2016-07-04 01:48 — 2016-06-03 21:44 — 00000000 ____D C:\Users\Denis\Desktop\барные стойки
    2016-07-04 01:34 — 2015-02-06 00:04 — 00000000 ____D C:\Program Files (x86)\TeamViewer
    2016-07-04 01:23 — 2015-02-06 00:06 — 00000000 ____D C:\Users\Denis\AppData\Roaming\Notepad++
    2016-07-03 16:47 — 2015-02-06 00:07 — 00000000 ____D C:\Program Files (x86)\Total Commander
    2016-06-28 22:03 — 2015-02-06 00:06 — 00000000 ____D C:\Users\Denis\AppData\Local\Adobe
    2016-06-28 18:58 — 2015-02-05 02:35 — 00000000 ____D C:\Users\Denis\AppData\Roaming\Adobe
    2016-06-28 16:57 — 2015-12-14 14:05 — 00043028 _____ C:\Users\Denis\Desktop\AA_v3(1).log
    2016-06-26 00:40 — 2015-02-05 02:34 — 00000000 ____D C:\Users\Denis
    2016-06-25 14:29 — 2015-03-04 14:17 — 00000523 _____ C:\Users\Denis\Desktop\аааа.txt
    2016-06-25 00:38 — 2015-11-18 21:09 — 00000000 ____D C:\Program Files (x86)\Dropbox
    2016-06-24 09:04 — 2015-02-06 00:00 — 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-06-24 09:04 — 2015-02-06 00:00 — 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2016-06-24 02:06 — 2015-02-06 00:01 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-06-21 12:13 — 2010-11-21 06:27 — 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2016-06-18 01:41 — 2015-02-05 02:56 — 00109280 _____ C:\Users\Denis\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-06-18 01:41 — 2009-07-14 07:45 — 00409936 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-06-18 00:33 — 2015-02-05 02:34 — 00000000 __SHD C:\Recovery
    2016-06-17 23:54 — 2015-02-05 02:50 — 00033210 _____ C:\Windows\DPINST.LOG
    2016-06-17 13:00 — 2016-04-08 10:00 — 00003952 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
    2016-06-17 13:00 — 2015-02-06 00:00 — 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-06-17 13:00 — 2015-02-06 00:00 — 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-06-17 13:00 — 2015-02-06 00:00 — 00003834 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-06-15 23:59 — 2009-07-14 06:20 — 00000000 ____D C:\Windows\rescache
    2016-06-15 21:38 — 2015-02-06 00:06 — 00001946 _____ C:\Users\Public\Desktop\Scanitto Pro.lnk
    2016-06-15 20:16 — 2015-04-26 23:01 — 00000000 ____D C:\Windows\system32\appraiser
    2016-06-15 17:44 — 2015-02-14 00:43 — 00000000 ____D C:\Windows\system32\MRT
    2016-06-15 17:40 — 2015-02-14 00:43 — 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-06-15 13:37 — 2016-06-04 01:41 — 00000058 _____ C:\Users\Denis\Desktop\мебель.txt
    2016-06-12 19:23 — 2009-07-14 08:08 — 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-06-11 01:19 — 2015-02-06 00:04 — 00000000 ____D C:\Program Files (x86)\Google
    2016-06-11 01:17 — 2015-06-24 09:29 — 00000000 ____D C:\Users\Denis\AppData\Local\Apps\2.0
    2016-06-10 21:23 — 2016-02-16 17:45 — 00000000 ____D C:\Users\Denis\Desktop\Переход Volta на новый план счетов!!!!!
    2016-06-09 20:23 — 2016-01-06 01:59 — 00001136 _____ C:\Users\Public\Desktop\BS-Client Procreditbank x64.lnk
    2016-06-09 20:23 — 2015-02-06 00:04 — 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

    ==================== Files in the root of some directories =======

    2016-06-18 01:25 — 2016-07-04 01:35 — 0000188 _____ () C:\Users\Denis\AppData\Roaming\wss.ini
    2016-06-29 20:55 — 2016-06-29 20:55 — 0000017 _____ () C:\Users\Denis\AppData\Local\resmon.resmoncfg

    Some files in TEMP:
    ====================
    C:\Users\Denis\AppData\Local\Temp\BSvcProcessor.exe
    C:\Users\Denis\AppData\Local\Temp\BSvcUpdater.exe
    C:\Users\Denis\AppData\Local\Temp\downloader.exe
    C:\Users\Denis\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxssjuq.dll
    C:\Users\Denis\AppData\Local\Temp\jre-8u51-windows-au.exe
    C:\Users\Denis\AppData\Local\Temp\jre-8u66-windows-au.exe
    C:\Users\Denis\AppData\Local\Temp\jre-8u91-windows-au.exe
    C:\Users\Denis\AppData\Local\Temp\Rar.exe
    C:\Users\Denis\AppData\Local\Temp\Setup-punto.exe
    C:\Users\Denis\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Denis\AppData\Local\Temp\yupdate-exec-punto.exe

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    testsigning: ==> ‘testsigning’ is set. Check for possible unsigned driver <===== ATTENTION

    LastRegBack: 2016-07-07 15:33

    ==================== End of FRST.txt ============================

    Вложения:
    You must be logged in to view attached files.
    11 июля, 2016 в 11:56 пп #49875
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    Здравствуйте, Добро пожаловать на Spyware-ru форум.

    Запустите программу Блокнот и вставьте в открытое окно следующий текст

    CreateRestorePoint:
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
CHR HKU\S-1-5-21-3953324775-1915042530-1409705831-1000\SOFTWARE\Google\Chrome\Extensions\…\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] — hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] — hxxp://clients2.google.com/service/update2/crx
EmptyTemp:
Reboot:

    Сохраните полученный файл в папку где находится программа FRST/FRST64 под именем fixlist

    Запустите программу FRST и нажмите кнопку Fix.
    Когда программа закончит работу появиться сообщение «Fix completed». Нажмите OK.
    Откроется блокнот с содержимым файла fixlog.txt. Вставьте содержимое этого файла в ваш ответ.

    После этого выполните новую проверку программой FRST (перед нажатием клавиши Scan поставьте галочку в пункте Addition.txt) и оба её лога прикрепите к вашему ответу.

    Скачайте AdwCleaner.
    Запустите программу, кликнув по ней правой клавишей мыши и выбрав «Запустить от имени администратора».
    Нажмите кнопку «Сканировать» и дождитесь окончания процесса. Когда сканирование закончиться, закройте программу и найдите отчет о сканировании.
    Он находиться в папке C:\AdwCleaner и имеет имя AdwCleaner[S1].
    Прикрепите этот отчет к своему сообщению.

    13 июля, 2016 в 4:32 пп #49961
    Денис Цуркан
    Participant
    • Темы:1
    • Сообщений:2
    • ☆

    Спасибо большое вроде вылечилось. Редирект пропал, я и раньше сканировал adwcleanerom, но не помогало. А сейчас все в порядке.

    Вложения:
    You must be logged in to view attached files.
    15 июля, 2016 в 11:55 пп #50153
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    Рад вам помочь.

    Не забывайте обновлять Windows, ваши программы и особенно ваш антивирус.

    Не посещайте незнакомые сайты, очень внимательно относитесь к файлам скаченным с Интернета.

    Всего доброго!

  • Автор
    Сообщения
Просмотр 4 сообщений - с 1 по 4 (из 4 всего)
  • Для ответа в этой теме необходимо авторизоваться.
Войти

Добро пожаловать

На нашем сайте размещены инструкции и программы, которые помогут вам абсолютно бесплатно и самостоятельно удалить навязчивую рекламу, вирусы и трояны.

Поиск

Последние темы

  • Странность в Malwebytes опубликовано Artem225
    5 years назад
  • SUSPICIOUS.FakedMBR.1 что делать, помогите!!! опубликовано White
    5 years, 1 month назад
  • Помогите пожалуйста вирус замучил. опубликовано dimazons1233211
    5 years, 3 months назад
  • Замучила реклама опубликовано Данила Беспятов
    5 years, 4 months назад
  • Замучила реклама опубликовано Марк
    5 years, 1 month назад
  • Вирус S1.video.ru.net опубликовано ludovik
    5 years, 6 months назад
  • Чертов Safe Finder!!!! опубликовано kosta savo
    5 years, 3 months назад
  • ESET блокирует неизвестный сайт , вход на который не осуществлялся. опубликовано trollhamaren
    5 years, 7 months назад

СПАЙВАРЕ РУ

  • О Спайваре Ру
  • Контакты
  • Реклама на сайте
  • Политика конфиденциальности
  • Правила использования

Нужна помощь?

Задайте свой вопрос прямо сейчас кликнув по следующей ссылке Задать вопрос.

Или обратитесь на наш форум, где команда Spyware-ru поможет вам. Узнайте, как попросить о помощи здесь.

Ссылки

  • Инструкции
  • Скачать программы
  • Помощь в удалении вирусов
  • Как вылечить компьютер
Copyright © 2008 - 2024 Spyware-RU.com (en)