- This topic has 1 ответ, 2 участника, and was last updated 8 years, 4 months назад by
.
-
Сообщения
-
Помогите удалить ложный антивирус 360 и разную рядом идущую нечисть
Несколько раз эта фигня отключала FRST а второй файл так и не создалсяScan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-07-2016 01
Ran by user (administrator) on DESKTOP-P0DFGLB (12-07-2016 03:14:59)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 10 Enterprise Version 1511 (X64) Language: Русский (Россия)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(360.cn) C:\Program Files (x86)\360\360Safe\update\~TH5DA9.cab
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Ghostery Storage Server\ghstore.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(360.cn) C:\Program Files (x86)\360\360Safe\update\~TH52A9.cab
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(360.cn) C:\Program Files (x86)\360\360Safe\update\~TH5487.cab
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\…\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\…\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\…\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\…\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\…\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\…\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\…\Run: [360Safetray] => C:\Program Files (x86)\360\360Safe\safemon\360tray.exe [395688 2016-07-12] (360.cn)
HKU\S-1-5-21-2694642607-1000933816-3533333325-1001\…\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [52135040 2016-04-29] (Skype Technologies S.A.)
HKU\S-1-5-21-2694642607-1000933816-3533333325-1001\…\Run: [Viber] => C:\Users\user\AppData\Local\Viber\Viber.exe [71876176 2016-06-24] (Viber Media S.Ã r.l.)
ShellIconOverlayIdentifiers: [ 360UDiskGuard Icon Overlay] -> {CC00F81D-5262-450A-B1FA-D6BEE3406263} => C:\Program Files (x86)\360\360Safe\safemon\360UDiskGuard64.dll [2014-12-09] (360.cn)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk [2016-07-12]
ShortcutTarget: Punto Switcher.lnk -> G:\Program Files (x86)\Punto Switcher\punto.exe (ООО Яндекс)
GroupPolicyScripts: Restriction <======= ATTENTION==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 91.196.148.3 192.168.0.1
Tcpip\..\Interfaces\{da923d5b-5367-4e23-9c6e-940f4fe20ccf}: [DhcpNameServer] 91.196.148.3 192.168.0.1Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2694642607-1000933816-3533333325-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=625119&clcid=0x419
SearchScopes: HKU\S-1-5-21-2694642607-1000933816-3533333325-1001 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-16] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-16] (Oracle Corporation)FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8pgpzapp.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-29] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-29] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-02-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-02-09] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Extension: Video AdBlock — C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8pgpzapp.default\extensions\{7b8a500a-a464-4624-bd4f-73eaafe0f766} [2016-05-23]
FF Extension: ImTranslator — C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8pgpzapp.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2016-07-03]
FF Extension: Firebug — C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8pgpzapp.default\Extensions\firebug@software.joehewitt.com.xpi [2016-06-09]
FF Extension: SaveFrom.net — helper — C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8pgpzapp.default\Extensions\helper-sig@savefrom.net.xpi [2016-05-19]
FF Extension: Домашняя страница Mail.Ru — C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8pgpzapp.default\Extensions\homepage@mail.ru [2016-07-12]
FF Extension: web_clipper — C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8pgpzapp.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2016-05-16]Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Документы Google) — C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-16]
CHR Extension: (Диск Google) — C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-16]
CHR Extension: (YouTube) — C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-16]
CHR Extension: (Tampermonkey) — C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-05-18]
CHR Extension: (Google Таблицы) — C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-16]
CHR Extension: (Google Документы офлайн) — C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-18]
CHR Extension: (Video Ad Blocker Plus) — C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegneaniplmfjcmohoclabblbahcbjoe [2016-06-09]
CHR Extension: (Платежная система Интернет-магазина Chrome) — C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-16]
CHR Extension: (Gmail) — C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-16]
CHR HKU\S-1-5-21-2694642607-1000933816-3533333325-1001\SOFTWARE\Google\Chrome\Extensions\…\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] — hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2694642607-1000933816-3533333325-1001\SOFTWARE\Google\Chrome\Extensions\…\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] — hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] — hxxp://clients2.google.com/service/update2/crxOpera:
=======
OPR Extension: (SaveFrom.net помощник) — C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2016-07-10]==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2519904 2016-04-13] (ESET)
R2 Ghostery Storage Server; C:\Program Files (x86)\Ghostery Storage Server\ghstore.exe [346624 2016-07-12] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZhuDongFangYu; C:\Program Files (x86)\360\360Safe\deepscan\zhudongfangyu.exe [237168 2015-12-03] (360.cn)===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [151784 2016-07-12] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [321616 2016-07-12] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2014-04-18] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [389864 2016-07-12] (360.cn)
S1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [65096 2014-12-24] (360.cn)
R1 360qpesv; C:\Windows\System32\DRIVERS\360qpesv64.sys [231656 2016-06-01] (360.cn)
R1 360reskit64; C:\Windows\system32\drivers\360reskit64.sys [63048 2015-04-05] (360.cn)
S3 AsrCDDrv; C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [16904 2016-05-16] (ASRock Incorporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-07-21] (Advanced Micro Devices)
S1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [182352 2016-07-12] (360.cn)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264552 2016-04-13] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [14976 2016-04-13] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [186784 2016-04-13] (ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [142976 2016-04-13] (ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [198096 2016-04-13] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [53384 2016-04-13] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84800 2016-04-13] (ESET)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [202032 2016-01-19] (Intel Corporation)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-12 03:14 — 2016-07-12 03:14 — 00016768 _____ C:\Users\user\Downloads\FRST.txt
2016-07-12 03:14 — 2016-07-12 03:14 — 00015816 _____ C:\Users\user\Downloads\Addition.txt
2016-07-12 03:13 — 2016-07-12 03:14 — 00000000 ____D C:\FRST
2016-07-12 03:13 — 2016-07-12 03:13 — 02390528 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2016-07-12 03:13 — 2016-07-12 03:13 — 00000000 __SHD C:\Users\user\AppData\Roaming\360Quarant
2016-07-12 03:13 — 2016-07-12 03:13 — 00000000 __SHD C:\$360Section
2016-07-12 03:04 — 2016-07-12 03:08 — 00008628 _____ C:\avenger.txt
2016-07-12 03:04 — 2016-07-12 03:04 — 00003314 _____ C:\Windows\System32\Tasks\{9FFF804C-8DE0-4CCF-B8C6-A16CDB1C91BF}
2016-07-12 03:03 — 2016-07-12 03:03 — 00000000 ____D C:\Users\user\Downloads\avenger
2016-07-12 03:02 — 2016-07-12 03:09 — 00000000 ____D C:\AdwCleaner
2016-07-12 03:02 — 2016-07-12 03:02 — 03712064 _____ C:\Users\user\Downloads\adwcleaner_5.201.exe
2016-07-12 03:02 — 2016-07-12 03:02 — 00724952 _____ C:\Users\user\Downloads\avenger.zip
2016-07-12 02:59 — 2016-07-12 02:59 — 01610560 _____ (Malwarebytes) C:\Users\user\Downloads\JRT.exe
2016-07-12 02:25 — 2016-07-12 02:25 — 00240351 _____ C:\Users\user\Downloads\Remove Fake Antivirus.exe
2016-07-12 02:21 — 2016-06-01 16:12 — 00231656 _____ (360.cn) C:\Windows\system32\Drivers\360qpesv64.sys
2016-07-12 02:08 — 2015-04-05 06:47 — 00063048 _____ (360.cn) C:\Windows\system32\Drivers\360reskit64.sys
2016-07-12 02:07 — 2016-07-12 02:07 — 00003546 _____ C:\Windows\System32\Tasks\RegOrganizerQuickLaunch
2016-07-12 02:07 — 2016-07-12 02:07 — 00001600 _____ C:\Windows\system32\rrr.lnk
2016-07-12 01:59 — 2016-07-12 01:59 — 00000000 ____D C:\Windows\Tasks\360Disabled
2016-07-12 01:59 — 2016-07-12 01:59 — 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приложения Амиго
2016-07-12 01:55 — 2016-07-12 03:05 — 00321616 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys
2016-07-12 01:55 — 2016-07-12 03:05 — 00151784 _____ (360.cn) C:\Windows\system32\Drivers\360AntiHacker64.sys
2016-07-12 01:55 — 2016-07-12 03:01 — 00000000 ____D C:\Users\user\AppData\Roaming\360mobilemgr
2016-07-12 01:55 — 2016-07-12 03:00 — 00000000 ____D C:\Users\user\AppData\LocalLow\360WD
2016-07-12 01:55 — 2016-07-12 02:30 — 00182352 _____ (360.cn) C:\Windows\system32\Drivers\BAPIDRV64.SYS
2016-07-12 01:55 — 2016-07-12 02:29 — 00389864 _____ (360.cn) C:\Windows\system32\Drivers\360fsflt.sys
2016-07-12 01:55 — 2016-07-12 01:59 — 00000000 ____D C:\Users\Все пользователи\360safe
2016-07-12 01:55 — 2016-07-12 01:59 — 00000000 ____D C:\ProgramData\360safe
2016-07-12 01:55 — 2016-07-12 01:55 — 00002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\强力卸载电脑上的软件.lnk
2016-07-12 01:55 — 2016-07-12 01:55 — 00000000 _RSHD C:\360SANDBOX
2016-07-12 01:55 — 2016-07-12 01:55 — 00000000 ____D C:\Users\user\AppData\Roaming\RUP
2016-07-12 01:55 — 2016-07-12 01:55 — 00000000 ____D C:\Users\user\AppData\Roaming\360Login
2016-07-12 01:55 — 2015-04-17 10:35 — 00359496 _____ (360.cn) C:\Windows\system32\Drivers\360fsflt.sys.830
2016-07-12 01:55 — 2015-03-30 07:54 — 00137288 _____ (360.cn) C:\Windows\system32\Drivers\360AntiHacker64.updated
2016-07-12 01:55 — 2015-01-27 12:32 — 00319048 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys.873
2016-07-12 01:55 — 2014-04-21 09:26 — 00039496 _____ (360.cn) C:\Windows\system32\Drivers\360LanProtect.sys
2016-07-12 01:55 — 2014-04-18 11:30 — 00040520 _____ (360.cn) C:\Windows\system32\Drivers\360Camera64.sys
2016-07-12 01:54 — 2016-07-12 03:13 — 00000000 ____D C:\Users\user\AppData\Roaming\360Safe
2016-07-12 01:54 — 2016-07-12 02:01 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360安全中心
2016-07-12 01:54 — 2016-07-12 01:54 — 00000000 ____D C:\Users\Все пользователи\Baidu
2016-07-12 01:54 — 2016-07-12 01:54 — 00000000 ____D C:\Users\user\AppData\Roaming\Baidu
2016-07-12 01:54 — 2016-07-12 01:54 — 00000000 ____D C:\ProgramData\Baidu
2016-07-12 01:54 — 2016-07-12 01:54 — 00000000 ____D C:\Program Files (x86)\Ghostery Storage Server
2016-07-12 01:54 — 2016-07-12 01:54 — 00000000 ____D C:\Program Files (x86)\360
2016-07-12 01:54 — 2014-12-24 14:18 — 00065096 _____ (360.cn) C:\Windows\system32\Drivers\360netmon.sys
2016-07-12 01:54 — 2014-04-17 13:32 — 00162120 _____ (360.cn) C:\Windows\SysWOW64\360SoftMgr.cpl
2016-07-12 01:52 — 2016-07-12 02:01 — 00000000 ____D C:\Program Files (x86)\Mail.Ru
2016-07-12 01:52 — 2016-07-12 02:00 — 00000000 ____D C:\Users\user\AppData\LocalLow\Unity
2016-07-12 01:52 — 2016-07-12 01:52 — 00002295 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Амиго.lnk
2016-07-12 01:52 — 2016-07-12 01:52 — 00002276 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk
2016-07-12 01:52 — 2016-07-12 01:52 — 00002276 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Вконтакте.lnk
2016-07-12 01:52 — 2016-07-12 01:52 — 00000000 ____D C:\Users\Все пользователи\Mail.Ru
2016-07-12 01:52 — 2016-07-12 01:52 — 00000000 ____D C:\ProgramData\Mail.Ru
2016-07-08 19:34 — 2016-07-08 19:34 — 00001278 _____ C:\Users\user\Desktop\Botovod — Ярлык.lnk
2016-07-07 21:43 — 2016-07-12 00:03 — 00000000 ____D C:\Users\user\AppData\Roaming\Apple Computer
2016-07-07 21:43 — 2016-07-07 21:43 — 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2016-07-07 21:42 — 2016-07-07 21:43 — 00000000 ____D C:\Program Files (x86)\Safari
2016-07-07 21:42 — 2016-07-07 21:42 — 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-07-07 21:42 — 2016-07-07 21:42 — 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-07-07 21:42 — 2016-07-07 21:42 — 00000000 ____D C:\Users\Все пользователи\Apple Computer
2016-07-07 21:42 — 2016-07-07 21:42 — 00000000 ____D C:\Users\Все пользователи\Apple
2016-07-07 21:42 — 2016-07-07 21:42 — 00000000 ____D C:\ProgramData\Apple Computer
2016-07-07 21:42 — 2016-07-07 21:42 — 00000000 ____D C:\ProgramData\Apple
2016-07-07 21:42 — 2016-07-07 21:42 — 00000000 ____D C:\Program Files\Bonjour
2016-07-07 21:42 — 2016-07-07 21:42 — 00000000 ____D C:\Program Files (x86)\Bonjour
2016-07-07 21:42 — 2016-07-07 21:42 — 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-07-06 12:46 — 2016-07-06 12:46 — 00000724 _____ C:\Users\user\Desktop\Загрузка — Ярлык.lnk
2016-07-03 10:52 — 2016-05-28 09:13 — 01401024 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-03 10:52 — 2016-05-28 09:13 — 01184960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-03 10:52 — 2016-05-28 09:13 — 00514752 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-03 10:52 — 2016-05-28 09:13 — 00290496 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-03 10:52 — 2016-05-28 09:13 — 00092352 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-03 10:52 — 2016-05-28 09:13 — 00046784 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-03 10:52 — 2016-05-28 08:25 — 04268880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2016-07-03 10:52 — 2016-05-28 08:23 — 00388384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-07-03 10:52 — 2016-05-28 08:23 — 00312160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-07-03 10:52 — 2016-05-28 08:22 — 07474528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-07-03 10:52 — 2016-05-28 08:22 — 04387680 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2016-07-03 10:52 — 2016-05-28 08:22 — 00428896 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2016-07-03 10:52 — 2016-05-28 08:22 — 00211296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2016-07-03 10:52 — 2016-05-28 08:22 — 00118624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2016-07-03 10:52 — 2016-05-28 08:20 — 00430312 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-07-03 10:52 — 2016-05-28 08:18 — 00357216 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-07-03 10:52 — 2016-05-28 08:16 — 00026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-07-03 10:52 — 2016-05-28 08:09 — 00501600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-07-03 10:52 — 2016-05-28 08:09 — 00170848 _____ (Microsoft Corporation) C:\Windows\system32\NetworkUXBroker.exe
2016-07-03 10:52 — 2016-05-28 08:09 — 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-07-03 10:52 — 2016-05-28 08:08 — 00693600 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-07-03 10:52 — 2016-05-28 08:08 — 00258912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ufx01000.sys
2016-07-03 10:52 — 2016-05-28 08:08 — 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-07-03 10:52 — 2016-05-28 08:07 — 03675512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-03 10:52 — 2016-05-28 08:07 — 02921880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-03 10:52 — 2016-05-28 08:07 — 01322248 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-07-03 10:52 — 2016-05-28 08:07 — 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-07-03 10:52 — 2016-05-28 08:07 — 00808288 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-07-03 10:52 — 2016-05-28 08:07 — 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-07-03 10:52 — 2016-05-28 08:07 — 00331616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-07-03 10:52 — 2016-05-28 08:06 — 22561256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-07-03 10:52 — 2016-05-28 08:06 — 04074160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-07-03 10:52 — 2016-05-28 08:06 — 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll
2016-07-03 10:52 — 2016-05-28 08:06 — 00303216 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-07-03 10:52 — 2016-05-28 08:06 — 00254656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2016-07-03 10:52 — 2016-05-28 08:05 — 04515264 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-07-03 10:52 — 2016-05-28 08:04 — 00604928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-07-03 10:52 — 2016-05-28 08:04 — 00431296 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-07-03 10:52 — 2016-05-28 08:04 — 00360480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-07-03 10:52 — 2016-05-28 08:04 — 00161632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-07-03 10:52 — 2016-05-28 08:04 — 00111064 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-07-03 10:52 — 2016-05-28 08:04 — 00097096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-07-03 10:52 — 2016-05-28 08:03 — 00131248 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-07-03 10:52 — 2016-05-28 07:58 — 01996640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-07-03 10:52 — 2016-05-28 07:58 — 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-07-03 10:52 — 2016-05-28 07:57 — 02548944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-07-03 10:52 — 2016-05-28 07:57 — 02195632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-07-03 10:52 — 2016-05-28 07:57 — 01594416 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-07-03 10:52 — 2016-05-28 07:57 — 01372312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-07-03 10:52 — 2016-05-28 07:57 — 00649792 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-07-03 10:52 — 2016-05-28 07:57 — 00636304 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-07-03 10:52 — 2016-05-28 07:57 — 00577376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-07-03 10:52 — 2016-05-28 07:57 — 00546456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-07-03 10:52 — 2016-05-28 07:57 — 00521664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-07-03 10:52 — 2016-05-28 07:57 — 00316256 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-07-03 10:52 — 2016-05-28 07:35 — 00123392 _____ (Microsoft Corporation) C:\Windows\system32\tdlrecover.exe
2016-07-03 10:52 — 2016-05-28 07:35 — 00089088 _____ (Microsoft Corporation) C:\Windows\system32\MapsCSP.dll
2016-07-03 10:52 — 2016-05-28 07:35 — 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsdport.sys
2016-07-03 10:52 — 2016-05-28 07:31 — 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdlrecover.exe
2016-07-03 10:52 — 2016-05-28 07:31 — 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-07-03 10:52 — 2016-05-28 07:31 — 00066560 _____ (Microsoft Corporation) C:\Windows\system32\MosHostClient.dll
2016-07-03 10:52 — 2016-05-28 07:29 — 22379008 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-07-03 10:52 — 2016-05-28 07:29 — 00079360 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2016-07-03 10:52 — 2016-05-28 07:29 — 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-07-03 10:52 — 2016-05-28 07:29 — 00019456 _____ (Microsoft Corporation) C:\Windows\system32\httpprxp.dll
2016-07-03 10:52 — 2016-05-28 07:28 — 00166400 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2016-07-03 10:52 — 2016-05-28 07:28 — 00118272 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-07-03 10:52 — 2016-05-28 07:28 — 00090112 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-07-03 10:52 — 2016-05-28 07:27 — 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosHostClient.dll
2016-07-03 10:52 — 2016-05-28 07:27 — 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mapsupdatetask.dll
2016-07-03 10:52 — 2016-05-28 07:26 — 00199168 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2016-07-03 10:52 — 2016-05-28 07:26 — 00157184 _____ (Microsoft Corporation) C:\Windows\system32\dmcertinst.exe
2016-07-03 10:52 — 2016-05-28 07:26 — 00145920 _____ (Microsoft Corporation) C:\Windows\system32\omadmclient.exe
2016-07-03 10:52 — 2016-05-28 07:26 — 00120320 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
2016-07-03 10:52 — 2016-05-28 07:26 — 00074752 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll
2016-07-03 10:52 — 2016-05-28 07:25 — 00051200 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-07-03 10:52 — 2016-05-28 07:25 — 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-07-03 10:52 — 2016-05-28 07:24 — 00218624 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-07-03 10:52 — 2016-05-28 07:24 — 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Ndu.sys
2016-07-03 10:52 — 2016-05-28 07:24 — 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-07-03 10:52 — 2016-05-28 07:24 — 00091136 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2016-07-03 10:52 — 2016-05-28 07:24 — 00086528 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll
2016-07-03 10:52 — 2016-05-28 07:24 — 00072704 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
2016-07-03 10:52 — 2016-05-28 07:24 — 00067072 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2016-07-03 10:52 — 2016-05-28 07:24 — 00053760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-07-03 10:52 — 2016-05-28 07:23 — 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2016-07-03 10:52 — 2016-05-28 07:23 — 00086016 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2016-07-03 10:52 — 2016-05-28 07:22 — 00406528 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2016-07-03 10:52 — 2016-05-28 07:22 — 00368640 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2016-07-03 10:52 — 2016-05-28 07:22 — 00278528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-07-03 10:52 — 2016-05-28 07:22 — 00269824 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2016-07-03 10:52 — 2016-05-28 07:22 — 00163328 _____ (Microsoft Corporation) C:\Windows\system32\tetheringservice.dll
2016-07-03 10:52 — 2016-05-28 07:22 — 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2016-07-03 10:52 — 2016-05-28 07:22 — 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2016-07-03 10:52 — 2016-05-28 07:22 — 00079872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-07-03 10:52 — 2016-05-28 07:22 — 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll
2016-07-03 10:52 — 2016-05-28 07:21 — 00550912 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2016-07-03 10:52 — 2016-05-28 07:21 — 00239104 _____ (Microsoft Corporation) C:\Windows\system32\BrokerLib.dll
2016-07-03 10:52 — 2016-05-28 07:21 — 00207360 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-07-03 10:52 — 2016-05-28 07:21 — 00190464 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2016-07-03 10:52 — 2016-05-28 07:21 — 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-07-03 10:52 — 2016-05-28 07:20 — 00641536 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2016-07-03 10:52 — 2016-05-28 07:20 — 00511488 _____ (Microsoft Corporation) C:\Windows\system32\newdev.dll
2016-07-03 10:52 — 2016-05-28 07:20 — 00332288 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-07-03 10:52 — 2016-05-28 07:20 — 00267264 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2016-07-03 10:52 — 2016-05-28 07:20 — 00199168 _____ (Microsoft Corporation) C:\Windows\system32\GnssAdapter.dll
2016-07-03 10:52 — 2016-05-28 07:20 — 00174080 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Privacy.dll
2016-07-03 10:52 — 2016-05-28 07:20 — 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2016-07-03 10:52 — 2016-05-28 07:19 — 24605696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-03 10:52 — 2016-05-28 07:19 — 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-07-03 10:52 — 2016-05-28 07:19 — 00567808 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2016-07-03 10:52 — 2016-05-28 07:19 — 00414720 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2016-07-03 10:52 — 2016-05-28 07:19 — 00355840 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2016-07-03 10:52 — 2016-05-28 07:19 — 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2016-07-03 10:52 — 2016-05-28 07:18 — 11545088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-07-03 10:52 — 2016-05-28 07:18 — 07977472 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-07-03 10:52 — 2016-05-28 07:18 — 00678912 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-07-03 10:52 — 2016-05-28 07:18 — 00610816 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2016-07-03 10:52 — 2016-05-28 07:18 — 00591360 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2016-07-03 10:52 — 2016-05-28 07:18 — 00460800 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2016-07-03 10:52 — 2016-05-28 07:18 — 00392192 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-07-03 10:52 — 2016-05-28 07:18 — 00380416 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2016-07-03 10:52 — 2016-05-28 07:18 — 00285184 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2016-07-03 10:52 — 2016-05-28 07:17 — 09918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-07-03 10:52 — 2016-05-28 07:17 — 00963072 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2016-07-03 10:52 — 2016-05-28 07:17 — 00630784 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll
2016-07-03 10:52 — 2016-05-28 07:17 — 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\newdev.dll
2016-07-03 10:52 — 2016-05-28 07:17 — 00415232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2016-07-03 10:52 — 2016-05-28 07:17 — 00315392 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2016-07-03 10:52 — 2016-05-28 07:17 — 00278016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2016-07-03 10:52 — 2016-05-28 07:17 — 00173056 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
2016-07-03 10:52 — 2016-05-28 07:16 — 19344384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-03 10:52 — 2016-05-28 07:16 — 00690176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-07-03 10:52 — 2016-05-28 07:16 — 00684544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-07-03 10:52 — 2016-05-28 07:16 — 00592896 _____ (Microsoft Corporation) C:\Windows\system32\AppContracts.dll
2016-07-03 10:52 — 2016-05-28 07:16 — 00503808 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2016-07-03 10:52 — 2016-05-28 07:16 — 00406528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-07-03 10:52 — 2016-05-28 07:16 — 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-07-03 10:52 — 2016-05-28 07:16 — 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2016-07-03 10:52 — 2016-05-28 07:15 — 01056256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2016-07-03 10:52 — 2016-05-28 07:15 — 00853504 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-07-03 10:52 — 2016-05-28 07:15 — 00794624 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-07-03 10:52 — 2016-05-28 07:15 — 00579072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-07-03 10:52 — 2016-05-28 07:15 — 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2016-07-03 10:52 — 2016-05-28 07:15 — 00349696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2016-07-03 10:52 — 2016-05-28 07:15 — 00293888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2016-07-03 10:52 — 2016-05-28 07:15 — 00237056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-07-03 10:52 — 2016-05-28 07:14 — 18674176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-07-03 10:52 — 2016-05-28 07:14 — 01716736 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2016-07-03 10:52 — 2016-05-28 07:14 — 00988160 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2016-07-03 10:52 — 2016-05-28 07:14 — 00965632 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-07-03 10:52 — 2016-05-28 07:14 — 00784384 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-03 10:52 — 2016-05-28 07:14 — 00606208 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-03 10:52 — 2016-05-28 07:14 — 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll
2016-07-03 10:52 — 2016-05-28 07:14 — 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2016-07-03 10:52 — 2016-05-28 07:14 — 00200192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2016-07-03 10:52 — 2016-05-28 07:13 — 01387520 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-07-03 10:52 — 2016-05-28 07:13 — 00990208 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-07-03 10:52 — 2016-05-28 07:13 — 00982016 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2016-07-03 10:52 — 2016-05-28 07:13 — 00939520 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2016-07-03 10:52 — 2016-05-28 07:13 — 00587776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2016-07-03 10:52 — 2016-05-28 07:13 — 00467456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppContracts.dll
2016-07-03 10:52 — 2016-05-28 07:12 — 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2016-07-03 10:52 — 2016-05-28 07:12 — 00614400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-07-03 10:52 — 2016-05-28 07:12 — 00521728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-07-03 10:52 — 2016-05-28 07:11 — 01445888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2016-07-03 10:52 — 2016-05-28 07:11 — 00890368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2016-07-03 10:52 — 2016-05-28 07:11 — 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-07-03 10:52 — 2016-05-28 07:11 — 00784896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2016-07-03 10:52 — 2016-05-28 07:11 — 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2016-07-03 10:52 — 2016-05-28 07:11 — 00687616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-03 10:52 — 2016-05-28 07:11 — 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-03 10:52 — 2016-05-28 07:11 — 00128512 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2016-07-03 10:52 — 2016-05-28 07:09 — 01073152 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2016-07-03 10:52 — 2016-05-28 07:08 — 13385728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-03 10:52 — 2016-05-28 07:08 — 06295552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-07-03 10:52 — 2016-05-28 07:06 — 12128256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-03 10:52 — 2016-05-28 07:06 — 07200256 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-07-03 10:52 — 2016-05-28 07:06 — 01339904 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-07-03 10:52 — 2016-05-28 07:05 — 03994624 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2016-07-03 10:52 — 2016-05-28 07:05 — 03664896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-03 10:52 — 2016-05-28 07:05 — 02582016 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-07-03 10:52 — 2016-05-28 07:05 — 01797120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2016-07-03 10:52 — 2016-05-28 07:04 — 06973952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-07-03 10:52 — 2016-05-28 07:04 — 00555520 _____ (Microsoft Corporation) C:\Windows\system32\SyncController.dll
2016-07-03 10:52 — 2016-05-28 07:04 — 00450560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncController.dll
2016-07-03 10:52 — 2016-05-28 07:03 — 05323776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-07-03 10:52 — 2016-05-28 07:03 — 05205504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-07-03 10:52 — 2016-05-28 07:03 — 02609664 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2016-07-03 10:52 — 2016-05-28 07:03 — 01185280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationFramework.dll
2016-07-03 10:52 — 2016-05-28 07:03 — 00693760 _____ (Microsoft Corporation) C:\Windows\system32\internetmail.dll
2016-07-03 10:52 — 2016-05-28 07:03 — 00417792 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2016-07-03 10:52 — 2016-05-28 07:02 — 03590144 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-07-03 10:52 — 2016-05-28 07:02 — 02061824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-07-03 10:52 — 2016-05-28 07:02 — 01534464 _____ (Microsoft Corporation) C:\Windows\system32\LocationFramework.dll
2016-07-03 10:52 — 2016-05-28 07:02 — 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2016-07-03 10:52 — 2016-05-28 07:01 — 01799680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-07-03 10:52 — 2016-05-28 07:01 — 01582080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2016-07-03 10:52 — 2016-05-28 07:01 — 01500160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-03 10:52 — 2016-05-28 07:01 — 00111104 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2016-07-03 10:52 — 2016-05-28 07:00 — 05660160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-07-03 10:52 — 2016-05-28 07:00 — 03585536 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-07-03 10:52 — 2016-05-28 07:00 — 02635776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-07-03 10:52 — 2016-05-28 07:00 — 02230272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-03 10:52 — 2016-05-28 07:00 — 02168320 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-07-03 10:52 — 2016-05-28 07:00 — 01730560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-03 10:52 — 2016-05-28 07:00 — 01707520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2016-07-03 10:52 — 2016-05-28 07:00 — 00162816 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2016-07-03 10:52 — 2016-05-28 07:00 — 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2016-07-03 10:52 — 2016-05-28 07:00 — 00090624 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
2016-07-03 10:52 — 2016-05-28 06:59 — 00176640 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2016-07-03 10:52 — 2016-05-28 06:58 — 07832576 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-07-03 10:52 — 2016-05-28 06:58 — 04896256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-03 10:52 — 2016-05-28 06:58 — 02755584 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-03 10:52 — 2016-05-28 06:58 — 02066432 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-07-03 10:52 — 2016-05-28 06:58 — 01996288 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-07-03 10:52 — 2016-05-28 06:57 — 02281472 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-07-03 10:52 — 2016-05-28 06:55 — 01390080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2016-07-03 10:52 — 2016-05-28 06:53 — 00076800 _____ (Microsoft Corporation) C:\Windows\system32\ngcpopkeysrv.dll
2016-07-01 22:36 — 2016-07-07 09:53 — 00000000 ____D C:\Users\Все пользователи\LG Software
2016-07-01 22:36 — 2016-07-07 09:53 — 00000000 ____D C:\ProgramData\LG Software
2016-07-01 22:36 — 2016-07-01 22:36 — 00003528 _____ C:\Windows\System32\Tasks\SmartShare
2016-07-01 17:10 — 2016-07-01 17:10 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Imagenomic
2016-07-01 17:08 — 2016-07-01 17:08 — 00000000 ____D C:\Program Files (x86)\GUM3BC3.tmp
2016-06-30 08:09 — 2016-06-30 08:09 — 00119804 _____ C:\Windows\Minidump\063016-9796-01.dmp
2016-06-29 16:50 — 2016-06-29 16:50 — 00001361 _____ C:\Users\user\Desktop\Photoshop — ярлык.lnk
2016-06-29 16:44 — 2016-06-29 16:44 — 00000854 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC (64 Bit).lnk
2016-06-29 16:43 — 2016-06-29 16:43 — 00001619 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-06-29 16:43 — 2016-06-29 16:43 — 00001607 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2016-06-29 16:20 — 2016-06-29 16:45 — 00000000 ____D C:\Program instal
2016-06-29 16:13 — 2016-06-29 16:13 — 00003972 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-06-17 03:22 — 2016-06-17 03:22 — 00000000 ____D C:\Users\user\AppData\Roaming\.oit
2016-06-14 20:56 — 2016-06-29 16:10 — 00000000 ___RD C:\Users\user\Creative Cloud Files
2016-06-14 20:56 — 2016-06-29 16:10 — 00000000 ____D C:\Users\Все пользователи\boost_interprocess
2016-06-14 20:56 — 2016-06-29 16:10 — 00000000 ____D C:\ProgramData\boost_interprocess
2016-06-14 17:00 — 2016-06-14 17:00 — 00000847 _____ C:\Users\user\Desktop\табата — Ярлык.lnk==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-12 03:15 — 2016-05-11 11:57 — 00000000 ____D C:\Temp
2016-07-12 02:55 — 2016-05-11 11:15 — 01833526 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-12 02:55 — 2016-02-13 20:30 — 00803884 _____ C:\Windows\system32\perfh019.dat
2016-07-12 02:55 — 2016-02-13 20:30 — 00157930 _____ C:\Windows\system32\perfc019.dat
2016-07-12 02:55 — 2015-10-30 10:21 — 00000000 ____D C:\Windows\INF
2016-07-12 02:52 — 2016-05-16 09:41 — 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-12 02:50 — 2016-05-16 09:36 — 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2016-07-12 02:49 — 2016-05-16 09:41 — 00001004 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-12 02:49 — 2016-05-16 09:39 — 00000000 ____D C:\Users\user\AppData\Roaming\ViberPC
2016-07-12 02:48 — 2016-02-13 20:48 — 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-12 02:48 — 2015-10-30 09:28 — 00524288 ___SH C:\Windows\system32\config\BBI
2016-07-12 02:38 — 2016-05-16 17:33 — 00000896 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-12 02:13 — 2016-05-19 12:09 — 00000000 ____D C:\Program Files\Unlocker
2016-07-12 01:58 — 2016-05-15 23:59 — 00000450 __RSH C:\Users\user\ntuser.pol
2016-07-12 01:52 — 2015-10-30 10:24 — 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-07-12 00:55 — 2016-05-16 09:40 — 00000000 ____D C:\Users\user\Documents\ViberDownloads
2016-07-11 14:48 — 2016-05-17 17:08 — 00000647 _____ C:\Users\user\.iBank2
2016-07-11 10:54 — 2016-05-19 13:02 — 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2016-07-11 10:37 — 2015-10-30 10:24 — 00000000 ___HD C:\Program Files\WindowsApps
2016-07-11 10:37 — 2015-10-30 10:24 — 00000000 ____D C:\Windows\AppReadiness
2016-07-09 19:20 — 2016-05-30 14:53 — 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-07-09 17:25 — 2016-05-16 00:38 — 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-07-09 17:24 — 2016-05-16 00:36 — 00000000 ____D C:\Users\Все пользователи\Microsoft Help
2016-07-07 09:54 — 2016-05-16 00:23 — 00003986 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1463347427
2016-07-07 09:54 — 2016-05-16 00:23 — 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-07-07 09:54 — 2016-05-16 00:23 — 00000000 ____D C:\Program Files (x86)\Opera
2016-07-07 09:52 — 2016-05-16 00:16 — 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-07-05 22:13 — 2015-10-30 10:24 — 00000000 ____D C:\Windows\rescache
2016-07-04 23:40 — 2016-05-18 13:41 — 00000132 _____ C:\Users\user\AppData\Roaming\Установки формата Adobe PNG CC
2016-07-04 16:51 — 2016-05-15 23:57 — 05602184 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-04 16:51 — 2016-02-13 20:52 — 00000000 __RHD C:\Users\Public\AccountPictures
2016-07-04 16:50 — 2015-10-30 10:24 — 00000000 ___SD C:\Windows\system32\DiagSvcs
2016-07-04 16:50 — 2015-10-30 10:24 — 00000000 ____D C:\Windows\system32\SystemResetPlatform
2016-07-04 16:50 — 2015-10-30 10:24 — 00000000 ____D C:\Windows\bcastdvr
2016-07-03 10:56 — 2015-10-30 10:11 — 00000000 ____D C:\Windows\CbsTemp
2016-07-03 10:55 — 2016-05-16 01:29 — 00000000 ____D C:\Windows\system32\MRT
2016-07-03 10:53 — 2016-05-16 01:29 — 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-02 12:09 — 2015-10-30 10:24 — 00000000 ____D C:\Windows\LiveKernelReports
2016-07-01 22:35 — 2016-05-16 00:18 — 00000000 ____D C:\Users\Все пользователи\Package Cache
2016-07-01 22:35 — 2016-05-16 00:18 — 00000000 ____D C:\ProgramData\Package Cache
2016-07-01 17:09 — 2016-05-15 23:59 — 00000000 ____D C:\Users\user\AppData\Roaming\Adobe
2016-07-01 17:08 — 2016-05-16 12:24 — 00000000 ____D C:\Users\Все пользователи\Google
2016-07-01 17:08 — 2016-05-16 12:24 — 00000000 ____D C:\ProgramData\Google
2016-06-30 08:09 — 2016-06-01 14:30 — 00000000 ____D C:\Windows\Minidump
2016-06-29 17:38 — 2016-05-30 14:53 — 00004046 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-06-29 16:44 — 2016-05-16 10:22 — 00000000 ____D C:\Program Files\Common Files\Adobe
2016-06-29 16:43 — 2016-05-16 00:50 — 00000000 ____D C:\Users\Все пользователи\Adobe
2016-06-29 16:43 — 2016-05-16 00:50 — 00000000 ____D C:\ProgramData\Adobe
2016-06-29 16:19 — 2016-05-23 16:17 — 00000000 ____D C:\Program Files (x86)\Adobe
2016-06-29 16:11 — 2016-05-16 09:41 — 00002268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-14 21:33 — 2015-10-30 10:26 — 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-14 21:33 — 2015-10-30 10:26 — 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-13 11:36 — 2016-06-08 11:22 — 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-13 11:36 — 2016-05-16 09:41 — 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service==================== Files in the root of some directories =======
2016-05-18 13:41 — 2016-07-04 23:40 — 0000132 _____ () C:\Users\user\AppData\Roaming\Установки формата Adobe PNG CC
2016-07-03 12:24 — 2016-07-03 12:24 — 301132301 _____ () C:\Users\user\AppData\Local\ACCCx3_7_0_272.zip.aamdownload
2016-07-03 12:24 — 2016-07-03 12:24 — 0003371 _____ () C:\Users\user\AppData\Local\ACCCx3_7_0_272.zip.aamdownload.aamd
2016-05-24 11:03 — 2016-05-26 10:02 — 0006144 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2016-07-08 21:20
==================== End of FRST.txt ============================
Здравствуйте, Добро пожаловать на Spyware-ru форум.
Запустите программу Блокнот и вставьте в открытое окно следующий текст
CreateRestorePoint: HKLM-x32\…\Run: [360Safetray] => C:\Program Files (x86)\360\360Safe\safemon\360tray.exe [395688 2016-07-12] (360.cn) ShellIconOverlayIdentifiers: [ 360UDiskGuard Icon Overlay] -> {CC00F81D-5262-450A-B1FA-D6BEE3406263} => C:\Program Files (x86)\360\360Safe\safemon\360UDiskGuard64.dll [2014-12-09] (360.cn) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File GroupPolicyScripts: Restriction <======= ATTENTION SearchScopes: HKU\S-1-5-21-2694642607-1000933816-3533333325-1001 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File CHR HKU\S-1-5-21-2694642607-1000933816-3533333325-1001\SOFTWARE\Google\Chrome\Extensions\…\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] — hxxp://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2694642607-1000933816-3533333325-1001\SOFTWARE\Google\Chrome\Extensions\…\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] — hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\…\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] — hxxp://clients2.google.com/service/update2/crx R2 ZhuDongFangYu; C:\Program Files (x86)\360\360Safe\deepscan\zhudongfangyu.exe [237168 2015-12-03] (360.cn) R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [151784 2016-07-12] (360.cn) R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [321616 2016-07-12] (360.cn) R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2014-04-18] (360.cn) R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [389864 2016-07-12] (360.cn) S1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [65096 2014-12-24] (360.cn) R1 360qpesv; C:\Windows\System32\DRIVERS\360qpesv64.sys [231656 2016-06-01] (360.cn) R1 360reskit64; C:\Windows\system32\drivers\360reskit64.sys [63048 2015-04-05] (360.cn) S1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [182352 2016-07-12] (360.cn) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () EmptyTemp: Reboot:Сохраните полученный файл в папку где находится программа FRST/FRST64 под именем fixlist
Запустите программу FRST и нажмите кнопку Fix.
Когда программа закончит работу появиться сообщение «Fix completed». Нажмите OK.
Откроется блокнот с содержимым файла fixlog.txt. Вставьте содержимое этого файла в ваш ответ.Далее откройте Панель управление, затем консоль Удаление программ. Поищите в списке установленных программ 360antivirus, 360cn и если они есть, то удалите их.
После этого выполните новую проверку программой FRST (перед нажатием клавиши Scan поставьте галочку в пункте Addition.txt) и оба её лога прикрепите к вашему ответу.
- Для ответа в этой теме необходимо авторизоваться.
