Вирус создает процессы .tmp

26 февраля, 2019

@Sandor, добрый день, запрашиваю помощь. Ситуация аналогичная как у Паши

1.скрипт выполнил

2.файл отправил KLAN-9676547042

3. frst:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25.02.2019 01

Ran by Thunderobot (administrator) on DESKTOP-U3A79JF (26-02-2019 12:41:36)
Running from C:\Users\Thunderobot\Desktop
Loaded Profiles: Thunderobot (Available Profiles: Thunderobot)
Platform: Windows 10 Home Version 1803 17134.590 (X64) Language: Русский (Россия)
Default browser not detected!
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_619141c66909ce7e\igfxCUIService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(CLEVO CO.) [File not signed] C:\Program Files (x86)\Hotkey\HotkeyService.exe
(Intel® Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel® Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Windows Hardware Compatibility Publisher -> Insyde Software Corp.) C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel® Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avp.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_619141c66909ce7e\igfxEM.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\NisSrv.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avpui.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(CLEVO CO.) [File not signed] C:\Program Files (x86)\Hotkey\HkeyTray.exe
(Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB5\Sound Blaster X-Fi MB5\SBXFIMB5.exe
(Google LLC -> Google) C:\Users\Thunderobot\AppData\Local\Google\Chrome\User Data\SwReporter\38.191.200.3\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\Thunderobot\AppData\Local\Google\Chrome\User Data\SwReporter\38.191.200.3\software_reporter_tool.exe
(CLEVO CO. -> CLEVO CO.) C:\Program Files (x86)\Hotkey\hkysound.exe
(Google LLC -> Google) C:\Users\Thunderobot\AppData\Local\Google\Chrome\User Data\SwReporter\38.191.200.3\software_reporter_tool.exe
(CLEVO CO. -> CLEVO CO.) C:\Program Files (x86)\Hotkey\ComboKeyTray.exe
(Google LLC -> Google) C:\Users\Thunderobot\AppData\Local\Google\Chrome\User Data\SwReporter\38.191.200.3\software_reporter_tool.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel® Extreme Tuning Utility -> Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
() [File not signed] C:\Users\Thunderobot\AppData\Local\Temp\evbB47C.tmp
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [securityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [MBCfg64] => C:\WINDOWS\system32\MBCfg64.dll [41088 2014-02-21] (Creative Technology Ltd -> Creative Technology Ltd.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18371040 2017-05-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [updReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) [File not signed]
HKLM-x32\...\Run: [sound Blaster X-Fi MB5] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB5\Sound Blaster X-Fi MB5\SBXFIMB5.exe [871936 2016-09-23] (Creative Technology Ltd) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [105984 2018-09-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2018-09-26] (Beepa P/L) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-22] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.73.73.73 10.73.10.73
Tcpip\..\Interfaces\{5a8a0a46-7ee2-4fa3-afe7-26bdbed13df4}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{5cc34f4f-c1e7-4215-9f7d-7bd2e5238eff}: [DhcpNameServer] 10.73.73.73 10.73.10.73

Internet Explorer:
==================
HKU\S-1-5-21-3140082001-1905664227-1381899795-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=625119&clcid=0x419
SearchScopes: HKU\S-1-5-21-3140082001-1905664227-1381899795-1001 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2233627
SearchScopes: HKU\S-1-5-21-3140082001-1905664227-1381899795-1001 -> {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2233627
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-02-26]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-12-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2019-02-06] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2019-02-06] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-25] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-25] (Google Inc -> Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-19] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Thunderobot\AppData\Local\Google\Chrome\User Data\Default [2019-02-26]
CHR Extension: (Презентации) - C:\Users\Thunderobot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-25]
CHR Extension: (Kaspersky Protection) - C:\Users\Thunderobot\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2019-02-26]
CHR Extension: (Документы) - C:\Users\Thunderobot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-30]
CHR Extension: (Диск Google) - C:\Users\Thunderobot\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-30]
CHR Extension: (YouTube) - C:\Users\Thunderobot\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-30]
CHR Extension: (Таблицы) - C:\Users\Thunderobot\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-25]
CHR Extension: (Google Документы офлайн) - C:\Users\Thunderobot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-30]
CHR Extension: (Сияние) - C:\Users\Thunderobot\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidbpkjafbnohlnbflllphpkfmojpdac [2018-12-30]
CHR Extension: (LetyShops — кэшбэк-сервис) - C:\Users\Thunderobot\AppData\Local\Google\Chrome\User Data\Default\Extensions\lphicbbhfmllgmomkkhjfkpbdlncafbn [2019-02-18]
CHR Extension: (Платежная система Интернет-магазина Chrome) - C:\Users\Thunderobot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-25]
CHR Extension: (Ali Helper. Помощник на AliExpress) - C:\Users\Thunderobot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojclfkinnapkabameogjppmeedlicean [2019-02-26]
CHR Extension: (Gmail) - C:\Users\Thunderobot\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-12-30]
CHR Extension: (Chrome Media Router) - C:\Users\Thunderobot\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-10]
CHR Profile: C:\Users\Thunderobot\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-26]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11013280 2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
R2 HKClipSvc; C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe [256480 2015-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Insyde Software Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [732448 2017-02-24] (Intel® Trust Services -> Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [548648 2017-02-24] (Intel® Trust Services -> Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [197264 2017-06-06] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\x64\vssbridge64.exe [414352 2019-02-26] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [269480 2017-07-03] (Intel® Wireless Connectivity Solutions -> )
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [33280 2016-12-05] (CLEVO CO.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [279128 2017-11-03] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-25] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-25] (Microsoft Corporation -> Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [18736 2018-09-06] (Intel® Extreme Tuning Utility -> Intel® Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3755176 2017-07-03] (Intel® Wireless Connectivity Solutions -> Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
R3 AirplaneModeHid; C:\WINDOWS\system32\DRIVERS\AirplaneModeHid.sys [46512 2017-10-25] (Insyde Software Corp. -> Insyde Corporation)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 HKKbdFltr; C:\WINDOWS\system32\DRIVERS\HKKbdFltr.sys [51400 2015-11-26] (Insyde Software Corp. -> Insyde Software Corp.)
R3 HKMouFltr; C:\WINDOWS\system32\DRIVERS\HKMouFltr.sys [48344 2015-11-26] (Insyde Software Corp. -> Insyde Software Corp.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [143488 2018-10-13] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37104 2018-05-09] (Intel Corporation -> Intel Corporation)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [73416 2018-12-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [123152 2018-12-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [89168 2018-12-05] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [219744 2019-02-26] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLHK; C:\WINDOWS\System32\drivers\klhk.sys [1214752 2019-02-26] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klids; C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\klids.sys [190784 2019-02-26] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1113696 2019-02-26] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-02-12] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50648 2017-05-30] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [45768 2018-12-05] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [48080 2018-02-12] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [244544 2019-02-26] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [100136 2019-02-26] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [301336 2019-02-26] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [116096 2019-02-26] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [198464 2019-02-26] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [176976 2018-12-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [203968 2018-02-24] (Kaspersky Lab -> AO Kaspersky Lab)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [8714872 2018-09-26] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvcvi.inf_amd64_060ebefc1760b49d\nvlddmkm.sys [20707744 2019-02-08] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-01-16] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [36384 2018-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
S3 qcfilter; C:\WINDOWS\System32\drivers\qcusbfilter.sys [40448 2014-05-23] (USBHostDriver(Test003) -> QUALCOMM Incorporated)
S3 qcusbser; C:\WINDOWS\System32\drivers\qcusbser.sys [254520 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [954368 2017-04-11] (Realtek Semiconductor Corp. -> Realtek )
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [782304 2017-04-11] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [69208 2017-11-03] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [72792 2017-11-03] (Synaptics Incorporated -> Synaptics Incorporated)
S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [47944 2018-01-10] (SteelSeries ApS -> SteelSeries ApS)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
R1 SvThANSP; C:\Program Files (x86)\Hotkey\SvThANSP.sys [15224 2013-10-11] (Savitech Corp. -> Windows ® Win 7 DDK provider)
R3 vjoy; C:\WINDOWS\System32\drivers\vjoy.sys [57976 2017-04-06] (Shaul Eizikovich -> Shaul Eizikovich)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-25] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-25] (Microsoft Windows -> Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [51536 2018-07-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 UCOREW64; \??\E:\Download\UCOREW64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-26 12:41 - 2019-02-26 12:42 - 000026275 _____ C:\Users\Thunderobot\Desktop\FRST.txt
2019-02-26 12:35 - 2019-02-26 12:41 - 000000000 ____D C:\FRST
2019-02-26 12:30 - 2019-02-26 00:10 - 002433536 _____ (Farbar) C:\Users\Thunderobot\Desktop\FRST64.exe
2019-02-26 12:15 - 2019-02-26 12:15 - 000301336 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2019-02-26 12:15 - 2019-02-26 12:15 - 000244544 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2019-02-26 12:15 - 2019-02-26 12:15 - 000198464 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2019-02-26 12:15 - 2019-02-26 12:15 - 000116096 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2019-02-26 12:14 - 2019-02-26 12:14 - 000100136 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2019-02-26 12:14 - 2019-02-26 12:14 - 000000000 ____D C:\Program Files\Common Files\AV
2019-02-26 12:13 - 2019-02-26 12:41 - 000000000 ____D C:\Users\Все пользователи\Kaspersky Lab
2019-02-26 12:13 - 2019-02-26 12:13 - 001214752 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2019-02-26 12:13 - 2019-02-26 12:13 - 001113696 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2019-02-26 12:13 - 2019-02-26 12:13 - 000219744 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2019-02-26 12:13 - 2019-02-26 12:13 - 000152960 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\klhkum.dll
2019-02-26 12:13 - 2019-02-26 12:13 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2019-02-26 12:13 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2019-02-26 12:12 - 2019-02-26 12:12 - 000000000 ____D C:\Users\Все пользователи\Kaspersky Lab Setup Files
2019-02-26 12:04 - 2019-02-26 12:04 - 000004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9FB8CE97-36C6-48B2-B502-CE27A5BB99A3}
2019-02-26 00:24 - 2019-02-26 00:24 - 000000000 ____D C:\WINDOWS\Panther
2019-02-25 23:27 - 2019-02-25 23:27 - 000000000 ____D C:\Users\Public\Documents\uPlay
2019-02-25 23:26 - 2019-02-25 23:26 - 000000679 _____ C:\Users\Public\Desktop\Far Cry - New Dawn.lnk
2019-02-25 12:10 - 2019-02-25 13:27 - 000003550 _____ C:\WINDOWS\System32\Tasks\WinRARHelperUpdate
2019-02-25 12:10 - 2019-02-25 13:27 - 000003524 _____ C:\WINDOWS\System32\Tasks\WinRARHelper
2019-02-25 12:10 - 2019-02-25 13:27 - 000000000 ____D C:\Users\Thunderobot\AppData\Roaming\WinRAR_Tools
2019-02-25 09:00 - 2019-02-25 09:02 - 141892386 _____ C:\Users\Thunderobot\Downloads\11_Wireless.exe
2019-02-20 15:22 - 2019-02-20 15:30 - 000000000 ____D C:\Program Files\vJoy
2019-02-15 08:20 - 2019-02-15 13:42 - 000000000 ____D C:\Users\Thunderobot\AppData\Local\EpicGamesLauncher
2019-02-15 08:20 - 2019-02-15 08:21 - 000000000 ____D C:\Users\Все пользователи\Epic
2019-02-15 08:20 - 2019-02-15 08:20 - 000001274 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2019-02-15 08:20 - 2019-02-15 08:20 - 000000000 ____D C:\Users\Thunderobot\AppData\Local\UnrealEngineLauncher
2019-02-15 08:20 - 2019-02-15 08:20 - 000000000 ____D C:\Users\Thunderobot\AppData\Local\UnrealEngine
2019-02-15 08:20 - 2019-02-15 08:20 - 000000000 ____D C:\Program Files (x86)\Epic Games
2019-02-14 11:51 - 2019-02-06 22:26 - 000133328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2019-02-14 11:49 - 2019-02-08 17:41 - 001005776 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-02-14 11:49 - 2019-02-08 17:41 - 001005776 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-02-14 11:49 - 2019-02-08 17:41 - 000869584 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-02-14 11:49 - 2019-02-08 17:41 - 000869584 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-02-14 11:49 - 2019-02-08 17:41 - 000551680 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-02-14 11:49 - 2019-02-08 17:41 - 000456992 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-02-14 11:49 - 2019-02-08 17:41 - 000269520 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-02-14 11:49 - 2019-02-08 17:41 - 000269520 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-02-14 11:49 - 2019-02-08 17:41 - 000243920 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-02-14 11:49 - 2019-02-08 17:41 - 000243920 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-02-14 11:49 - 2019-02-08 17:39 - 001464224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-02-14 11:49 - 2019-02-08 17:39 - 001129104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-02-14 11:49 - 2019-02-08 17:39 - 000668848 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-02-14 11:49 - 2019-02-08 17:39 - 000631896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-02-14 11:49 - 2019-02-08 17:39 - 000534752 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-02-14 11:49 - 2019-02-08 17:39 - 000521872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-02-14 11:49 - 2019-02-08 17:38 - 040234432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-02-14 11:49 - 2019-02-08 17:38 - 035139840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-02-14 11:49 - 2019-02-08 17:38 - 005272832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-02-14 11:49 - 2019-02-08 17:38 - 004623968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-02-14 11:49 - 2019-02-08 17:38 - 002032104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-02-14 11:49 - 2019-02-08 17:38 - 001734104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6441891.dll
2019-02-14 11:49 - 2019-02-08 17:38 - 001535120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-02-14 11:49 - 2019-02-08 17:38 - 001468048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6441891.dll
2019-02-14 11:49 - 2019-02-08 17:37 - 020102000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-02-14 11:49 - 2019-02-08 17:37 - 010894304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-02-14 11:49 - 2019-02-08 17:37 - 009254488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-02-14 11:49 - 2019-02-08 17:37 - 001471624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2019-02-14 11:49 - 2019-02-08 17:37 - 001462424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2019-02-14 11:49 - 2019-02-08 17:37 - 001169152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-02-14 11:49 - 2019-02-08 17:37 - 001152016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2019-02-14 11:49 - 2019-02-08 17:37 - 001145928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2019-02-14 11:49 - 2019-02-08 17:37 - 000915144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-02-14 11:49 - 2019-02-08 17:37 - 000822784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-02-14 11:49 - 2019-02-08 17:37 - 000794656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-02-14 11:49 - 2019-02-08 17:37 - 000638392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-02-14 11:49 - 2019-02-08 17:36 - 017428536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-02-14 10:46 - 2017-04-06 09:15 - 000010936 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\hidkmdf.sys
2019-02-14 10:46 - 2017-04-06 09:14 - 000057976 _____ (Shaul Eizikovich) C:\WINDOWS\system32\Drivers\vjoy.sys
2019-02-13 10:01 - 2019-02-13 10:01 - 000000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2019-02-13 09:58 - 2019-02-13 10:00 - 000000000 ____D C:\Users\Thunderobot\AppData\Roaming\InputMapper
2019-02-13 09:58 - 2019-02-13 09:58 - 000003216 _____ C:\WINDOWS\System32\Tasks\ExclusiveTool
2019-02-13 09:58 - 2019-02-13 09:58 - 000000000 ____D C:\Users\Все пользователи\DSDCS
2019-02-13 09:58 - 2019-02-13 09:58 - 000000000 ____D C:\Users\Все пользователи\Caphyon
2019-02-13 09:58 - 2019-02-13 09:58 - 000000000 ____D C:\Users\Thunderobot\AppData\Roaming\DSDCS
2019-02-13 09:42 - 2019-02-06 10:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-13 09:42 - 2019-02-06 10:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-13 09:42 - 2019-02-06 10:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-13 09:42 - 2019-02-06 10:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-13 09:42 - 2019-02-06 10:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-13 09:42 - 2019-02-06 10:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-13 09:42 - 2019-02-06 10:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-13 09:42 - 2019-02-06 09:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-13 09:42 - 2019-02-06 09:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-13 09:42 - 2019-02-06 09:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-13 09:42 - 2019-02-06 06:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-13 09:42 - 2019-02-06 06:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-13 09:42 - 2019-02-06 06:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-13 09:42 - 2019-02-06 06:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-13 09:42 - 2019-02-06 06:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-13 09:42 - 2019-02-06 06:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-13 09:42 - 2019-02-06 06:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-13 09:42 - 2019-02-06 06:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-13 09:42 - 2019-02-06 06:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-13 09:42 - 2019-02-06 06:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-13 09:42 - 2019-02-06 06:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-13 09:42 - 2019-02-06 06:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-13 09:42 - 2019-02-06 06:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-13 09:42 - 2019-02-06 06:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-13 09:42 - 2019-02-06 05:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-13 09:42 - 2019-02-06 05:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-13 09:42 - 2019-02-06 05:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-13 09:42 - 2019-02-06 05:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-13 09:42 - 2019-02-06 05:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-13 09:42 - 2019-02-06 05:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-13 09:42 - 2019-02-06 05:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-13 09:42 - 2019-02-06 05:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-13 09:42 - 2019-02-06 05:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-13 09:42 - 2019-02-06 05:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-13 09:42 - 2019-02-06 05:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-13 09:42 - 2019-02-06 05:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-13 09:42 - 2019-02-06 05:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-13 09:42 - 2019-02-06 05:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-13 09:42 - 2019-02-06 05:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-13 09:42 - 2019-02-06 05:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-13 09:42 - 2019-02-06 05:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-13 09:42 - 2019-01-12 05:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-13 09:42 - 2019-01-09 20:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-13 09:42 - 2019-01-09 20:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-13 09:42 - 2019-01-09 20:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-13 09:42 - 2019-01-09 20:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-13 09:42 - 2019-01-09 12:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-13 09:42 - 2019-01-09 08:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-13 09:42 - 2019-01-09 08:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-13 09:42 - 2019-01-09 08:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-13 09:42 - 2019-01-09 08:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-13 09:42 - 2019-01-09 08:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-13 09:42 - 2019-01-09 08:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-13 09:42 - 2019-01-09 08:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-13 09:42 - 2019-01-09 08:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-13 09:42 - 2019-01-09 08:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-13 09:42 - 2019-01-09 08:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-13 09:42 - 2019-01-09 08:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-13 09:42 - 2019-01-09 08:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-13 09:42 - 2019-01-09 08:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-13 09:42 - 2019-01-09 08:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-13 09:42 - 2019-01-09 08:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-13 09:42 - 2019-01-09 08:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-13 09:42 - 2019-01-09 08:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-13 09:42 - 2019-01-09 08:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-13 09:42 - 2019-01-09 08:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-13 09:42 - 2019-01-09 08:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-13 09:42 - 2019-01-09 08:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-13 09:42 - 2019-01-09 08:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-13 09:42 - 2019-01-09 08:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-13 09:42 - 2019-01-09 08:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-13 09:42 - 2019-01-09 08:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-13 09:42 - 2019-01-09 08:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-13 09:42 - 2019-01-09 08:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-13 09:42 - 2019-01-09 08:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-13 09:42 - 2019-01-09 08:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-13 09:42 - 2019-01-09 08:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-13 09:42 - 2019-01-09 08:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-13 09:42 - 2019-01-09 08:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-13 09:42 - 2019-01-09 08:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-13 09:42 - 2019-01-09 08:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-13 09:42 - 2019-01-09 08:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-13 09:42 - 2019-01-09 08:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 09:42 - 2019-01-09 08:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-13 09:42 - 2019-01-09 08:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-13 09:42 - 2019-01-09 08:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-13 09:42 - 2019-01-09 08:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-13 09:42 - 2019-01-09 08:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-13 09:42 - 2019-01-08 06:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-13 09:41 - 2019-02-06 10:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-13 09:41 - 2019-02-06 09:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-13 09:41 - 2019-02-06 06:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-13 09:41 - 2019-02-06 06:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-13 09:41 - 2019-02-06 06:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-13 09:41 - 2019-02-06 06:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-13 09:41 - 2019-02-06 06:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-13 09:41 - 2019-02-06 06:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-13 09:41 - 2019-02-06 06:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-13 09:41 - 2019-02-06 06:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-13 09:41 - 2019-02-06 06:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-13 09:41 - 2019-02-06 06:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-13 09:41 - 2019-02-06 05:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-13 09:41 - 2019-02-06 05:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-13 09:41 - 2019-02-06 05:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-13 09:41 - 2019-02-06 05:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-13 09:41 - 2019-02-06 05:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-13 09:41 - 2019-02-06 05:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-13 09:41 - 2019-02-06 05:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-13 09:41 - 2019-02-06 05:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-13 09:41 - 2019-02-06 05:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-13 09:41 - 2019-02-06 05:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-13 09:41 - 2019-02-06 05:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-13 09:41 - 2019-02-06 05:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-13 09:41 - 2019-02-06 05:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-13 09:41 - 2019-02-06 05:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-13 09:41 - 2019-02-06 05:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-13 09:41 - 2019-02-06 05:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-13 09:41 - 2019-02-06 05:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-13 09:41 - 2019-02-06 05:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-13 09:41 - 2019-02-06 05:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-13 09:41 - 2019-02-06 04:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-13 09:41 - 2019-01-12 11:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-13 09:41 - 2019-01-09 21:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-13 09:41 - 2019-01-09 20:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-13 09:41 - 2019-01-09 20:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-13 09:41 - 2019-01-09 20:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-13 09:41 - 2019-01-09 13:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-13 09:41 - 2019-01-09 12:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-13 09:41 - 2019-01-09 11:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-13 09:41 - 2019-01-09 11:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-13 09:41 - 2019-01-09 08:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-13 09:41 - 2019-01-09 08:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-13 09:41 - 2019-01-09 08:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-13 09:41 - 2019-01-09 08:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-13 09:41 - 2019-01-09 08:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-13 09:41 - 2019-01-09 08:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-13 09:41 - 2019-01-09 08:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-13 09:41 - 2019-01-09 08:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-13 09:41 - 2019-01-09 08:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-13 09:41 - 2019-01-09 08:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-13 09:41 - 2019-01-09 08:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-13 09:41 - 2019-01-09 08:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-13 09:41 - 2019-01-09 08:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-13 09:41 - 2019-01-09 08:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-13 09:41 - 2019-01-09 08:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-13 09:41 - 2019-01-09 08:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-13 09:41 - 2019-01-09 08:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-13 09:41 - 2019-01-09 08:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-13 09:41 - 2019-01-09 08:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-13 09:41 - 2019-01-09 08:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-13 09:41 - 2019-01-09 08:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-13 09:41 - 2019-01-09 08:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-13 09:41 - 2019-01-09 08:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-13 09:41 - 2019-01-09 08:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-13 09:41 - 2019-01-09 08:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-13 09:41 - 2019-01-09 08:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-13 09:41 - 2019-01-09 08:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-13 09:41 - 2019-01-09 08:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 09:41 - 2019-01-09 08:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-13 09:41 - 2019-01-09 08:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-13 09:41 - 2019-01-09 08:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-13 09:41 - 2019-01-09 08:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-13 09:41 - 2019-01-09 08:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-13 09:41 - 2019-01-09 07:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-13 09:41 - 2019-01-09 07:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-13 09:41 - 2019-01-08 12:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-13 09:41 - 2019-01-08 06:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-13 09:41 - 2019-01-08 06:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-13 09:40 - 2019-02-13 09:40 - 000001258 _____ C:\Users\Public\Desktop\Reg Organizer.lnk
2019-02-13 09:40 - 2019-02-13 09:40 - 000000000 ____D C:\Users\Все пользователи\Chemtable Software
2019-02-13 09:40 - 2019-02-13 09:40 - 000000000 ____D C:\Users\Thunderobot\AppData\Roaming\ChemTable Software
2019-02-13 09:40 - 2019-02-13 09:40 - 000000000 ____D C:\Users\Thunderobot\AppData\Local\ChemTable Software
2019-02-13 09:40 - 2019-02-13 09:40 - 000000000 ____D C:\Program Files (x86)\Reg Organizer
2019-02-12 22:34 - 2019-02-12 22:34 - 000000000 ____D C:\Program Files\Nefarius Software Solutions
2019-02-12 22:25 - 2019-02-13 09:45 - 000000000 ____D C:\Users\Thunderobot\AppData\Local\ElevatedDiagnostics
2019-02-12 22:01 - 2019-02-12 22:01 - 000000000 ____D C:\Users\Все пользователи\Nefarius Software Solutions
2019-02-12 21:59 - 2019-02-12 21:59 - 000000000 ____D C:\Users\Thunderobot\AppData\Roaming\Nefarius Software Solutions
2019-02-12 21:55 - 2019-02-12 21:55 - 000000000 ____D C:\Users\Thunderobot\AppData\Roaming\DRPNPS
2019-02-11 22:13 - 2019-02-22 17:45 - 000000000 ____D C:\Users\Thunderobot\Desktop\cemu
2019-02-11 21:21 - 2019-02-12 13:46 - 000000000 ____D C:\Users\Thunderobot\AppData\Roaming\USB_HELPER
2019-02-11 21:15 - 2019-02-11 21:15 - 000000554 _____ C:\Users\Thunderobot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wii U USB Helper.lnk
2019-02-11 21:12 - 2019-02-11 21:21 - 000000000 ____D C:\Users\Thunderobot\AppData\Local\Hikari06
2019-02-10 12:16 - 2019-02-10 13:39 - 000000000 ____D C:\Users\Thunderobot\AppData\LocalLow\uTorrent
2019-02-10 09:50 - 2019-02-13 16:38 - 000000000 ____D C:\Users\Thunderobot\AppData\Roaming\DS4Windows
2019-02-04 21:19 - 2019-02-06 22:22 - 005364776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-02-04 21:19 - 2019-02-06 22:22 - 002624824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-02-04 21:19 - 2019-02-06 22:22 - 001767280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-02-04 21:19 - 2019-02-06 22:22 - 000651248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-02-04 21:19 - 2019-02-06 22:22 - 000450768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-02-04 21:19 - 2019-02-06 22:22 - 000125136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-02-04 21:19 - 2019-02-06 22:22 - 000082800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-02-04 21:19 - 2019-02-06 15:37 - 008491402 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-02-04 21:19 - 2019-02-04 21:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2019-02-04 21:19 - 2018-11-21 08:16 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2019-02-04 21:17 - 2019-02-08 17:36 - 005037936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2019-02-04 21:17 - 2019-02-08 17:36 - 004297208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2019-02-04 21:17 - 2019-02-07 02:37 - 000049634 _____ C:\WINDOWS\system32\nvinfo.pb
2019-02-04 21:17 - 2019-02-01 04:38 - 001734560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6441881.dll
2019-02-04 21:17 - 2019-02-01 04:38 - 001467864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6441881.dll
2019-02-04 21:17 - 2018-10-03 22:28 - 000066792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-26 12:41 - 2018-12-24 19:59 - 000000000 ____D C:\Users\Все пользователи\NVIDIA
2019-02-26 12:39 - 2018-12-24 20:20 - 000000000 __SHD C:\Users\Thunderobot\IntelGraphicsProfiles
2019-02-26 12:39 - 2018-12-24 20:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-26 12:39 - 2018-12-24 19:45 - 000000000 ____D C:\Users\Все пользователи\regid.1991-06.com.microsoft
2019-02-26 12:39 - 2018-12-24 19:41 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-02-26 12:36 - 2018-12-30 12:34 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2019-02-26 12:35 - 2018-12-24 19:58 - 000412976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-26 12:17 - 2018-12-24 20:21 - 001750510 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-26 12:17 - 2018-12-24 19:47 - 000770006 _____ C:\WINDOWS\system32\perfh019.dat
2019-02-26 12:17 - 2018-12-24 19:47 - 000151368 _____ C:\WINDOWS\system32\perfc019.dat
2019-02-26 12:17 - 2018-12-24 19:44 - 000000000 ____D C:\WINDOWS\INF
2019-02-26 12:13 - 2018-12-24 19:45 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-02-26 12:13 - 2018-12-24 19:41 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-02-26 12:06 - 2019-01-08 20:30 - 000000566 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2019-02-26 12:04 - 2018-12-24 21:26 - 000000000 ____D C:\Users\Thunderobot\AppData\Roaming\Yandex
2019-02-26 12:04 - 2018-12-24 19:45 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-02-26 00:03 - 2018-12-25 18:31 - 000000000 ____D C:\Users\Thunderobot\AppData\Local\CrashDumps
2019-02-25 23:49 - 2018-12-24 19:45 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-25 23:29 - 2019-01-13 16:36 - 000000000 ____D C:\Users\Thunderobot\Documents\My Games
2019-02-25 23:27 - 2018-12-24 19:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-25 23:09 - 2018-12-24 19:45 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-25 22:54 - 2019-01-01 17:23 - 000000000 ____D C:\Users\Thunderobot\AppData\Roaming\Shareman
2019-02-25 22:54 - 2019-01-01 17:23 - 000000000 ____D C:\Program Files (x86)\Shareman
2019-02-25 22:26 - 2018-12-24 19:42 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-25 21:18 - 2018-12-24 19:45 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-02-25 09:05 - 2018-12-24 19:58 - 000000000 ____D C:\Users\Все пользователи\Intel
2019-02-25 09:05 - 2015-09-09 15:13 - 000000000 ____D C:\Users\Thunderobot\Downloads\Thunderobot
2019-02-25 09:03 - 2017-08-26 16:33 - 000000000 ____D C:\Users\Все пользователи\Package Cache
2019-02-24 20:43 - 2019-01-01 17:32 - 000000000 ____D C:\Users\Thunderobot\AppData\Local\Warframe
2019-02-24 20:13 - 2019-01-07 17:32 - 000000000 ____D C:\WINDOWS\Minidump
2019-02-22 18:42 - 2018-12-24 20:20 - 000000000 ____D C:\Users\Thunderobot
2019-02-20 23:48 - 2018-12-31 11:11 - 000000000 ___RD C:\Users\Thunderobot\Desktop\☼
2019-02-18 21:22 - 2017-08-26 17:07 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-02-18 13:16 - 2018-12-24 19:59 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-02-18 13:07 - 2019-01-08 15:25 - 000003976 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-18 13:07 - 2019-01-08 15:25 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-18 13:07 - 2019-01-08 15:25 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-18 13:07 - 2019-01-08 15:25 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-18 13:07 - 2019-01-08 15:25 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-18 13:07 - 2019-01-06 18:25 - 000004106 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-18 13:07 - 2018-12-24 20:11 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-18 13:07 - 2018-12-24 20:11 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-18 13:07 - 2018-12-24 20:11 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-18 13:07 - 2018-12-24 20:11 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-18 13:07 - 2018-12-24 20:11 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-18 13:07 - 2018-12-24 19:59 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-02-18 13:07 - 2017-08-26 16:38 - 000000000 ____D C:\Users\Все пользователи\NVIDIA Corporation
2019-02-15 17:22 - 2018-12-25 00:45 - 000000000 ____D C:\Program Files\rempl
2019-02-15 13:42 - 2018-12-24 21:23 - 000000000 ____D C:\Users\Thunderobot\AppData\Local\D3DSCache
2019-02-15 13:42 - 2018-12-24 20:21 - 000000000 ____D C:\Users\Thunderobot\AppData\Local\NVIDIA Corporation
2019-02-13 10:05 - 2018-12-24 19:45 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-13 10:05 - 2018-12-24 19:45 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-13 10:05 - 2018-12-24 19:45 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-13 10:05 - 2018-12-24 19:45 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-13 10:05 - 2018-12-24 19:45 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-13 10:05 - 2018-12-24 19:45 - 000000000 ____D C:\Program Files\Windows Defender
2019-02-13 09:50 - 2018-12-24 20:20 - 000000000 ____D C:\Users\Thunderobot\AppData\Local\Packages
2019-02-13 09:46 - 2019-01-01 17:25 - 000000000 ____D C:\Users\Thunderobot\AppData\Roaming\uTorrent
2019-02-13 09:38 - 2018-12-25 00:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-13 09:37 - 2018-12-25 00:49 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-13 09:37 - 2017-08-26 16:35 - 000000000 ____D C:\Program Files (x86)\Intel
2019-02-12 22:39 - 2018-12-24 19:58 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2019-02-10 09:36 - 2018-12-24 21:02 - 000003390 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3140082001-1905664227-1381899795-1001
2019-02-10 09:36 - 2018-12-24 20:22 - 000000000 ___RD C:\Users\Thunderobot\OneDrive
2019-02-10 09:36 - 2018-12-24 20:20 - 000002440 _____ C:\Users\Thunderobot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-10 09:35 - 2018-12-24 20:51 - 000000000 ____D C:\Users\Все пользователи\Packages
2019-02-04 21:19 - 2018-12-24 19:45 - 000000000 ____D C:\WINDOWS\Help
2019-02-03 21:44 - 2018-12-24 20:20 - 000000000 ____D C:\Users\Thunderobot\AppData\Local\ConnectedDevicesPlatform
2019-02-03 01:53 - 2018-12-24 19:47 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-02-03 01:53 - 2018-12-24 19:47 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-30 23:17 - 2019-01-08 15:25 - 002741640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2019-01-30 23:17 - 2019-01-08 15:25 - 002124680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2019-01-30 23:17 - 2019-01-08 15:25 - 001323400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2019-01-30 22:29 - 2017-08-26 16:38 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat

==================== Files in the root of some directories =======

2018-12-30 23:20 - 2018-12-30 23:20 - 000000017 _____ () C:\Users\Thunderobot\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-12-24 19:58

==================== End of FRST.txt ============================

26 февраля, 2019

@Goldi, здравствуйте!

Для начала неплохо бы почитать правила этого раздела. Выполнение чужих скриптов в лучшем случае ничем не поможет, а в худшем - может навредить вашей системе.

Создайте свою тему и выполните:

Порядок оформления запроса о помощи

Войти

Вирус создает процессы .tmp

Рекомендуемые сообщения

Goldi 0

Ссылка на сообщение

Поделиться на другие сайты

Sandor 1 254

Ссылка на сообщение

Поделиться на другие сайты

Присоединяйтесь к обсуждению

Сайт

Активность

Магазин

Поддержка

Kaspersky Support Forum

Войти

Вирус создает процессы .tmp

Рекомендуемые сообщения

Goldi 0

Ссылка на сообщение

Поделиться на другие сайты

Sandor 1 254

Ссылка на сообщение

Поделиться на другие сайты

Присоединяйтесь к обсуждению

Сайт

Активность

Магазин

Поддержка

Kaspersky Support Forum

Sandor 1 254