Премини към съдържанието

Rada Beliata

Потребител
  • Публикации

    172
  • Регистрация

  • Последно онлайн

Харесвания

34 Добра репутация

1 Последовател

Всичко за Rada Beliata

  • Титла
    Почетен потребител

Последни посетители

1060 прегледа на профила
  1. Благодаря за отделеното време и професионализма! Давам си оценка, че маловажно на пръв поглед пробнлермче излезе доста сериозен общ проблем, този Троянец ме обикаля вече няколко години, ще трябва по-редовно да обръщам внимание на машината си Изключително ви благодаря още веднъж за помощта! Спокойна празнична вечер! Черпя виртуално за именния си ден
  2. Помествам дневника: # DelFix v1.013 - Logfile created 08/11/2017 at 17:47:32 # Updated 17/04/2016 by Xplode # Username : User - USER-PC # Operating System : Windows 7 Professional Service Pack 1 (64 bits) ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\User\Desktop\mbar Deleted : C:\Users\User\Desktop\Addition.txt Deleted : C:\Users\User\Desktop\adwcleaner_7.0.4.0.exe Deleted : C:\Users\User\Desktop\Fixlog.txt Deleted : C:\Users\User\Desktop\FRST.txt Deleted : C:\Users\User\Desktop\FRST64 (1).exe Deleted : HKLM\SOFTWARE\OldTimer Tools ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #838 [Windows Update | 10/28/2017 11:46:48] Deleted : RP #839 [Windows Update | 11/02/2017 15:21:25] Deleted : RP #840 [Windows Update | 11/06/2017 17:17:46] Deleted : RP #841 [Restore Point Created by FRST | 11/07/2017 16:38:39] Deleted : RP #842 [Restore Operation | 11/07/2017 18:41:37] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
  3. Не наблюдавам нещо нередно. Да деинсталирам ли всички иснтрументи , които ползвах? Например Zemana ?
  4. Прикачвам лог файла FSS.txt
  5. Супер! Много благодаря , лека и мека нощ !
  6. Случайно има някакъв Fix result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017 Ran by User (07-11-2017 18:38:36) Run:1 Running from C:\Users\User\Desktop Loaded Profiles: User (Available Profiles: User & Guest) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: EmptyTemp: CloseProcesses: HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\MountPoints2: {b89e904f-c580-11e0-ae91-806e6f6e6963} - E:\setup.exe Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File CHR HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys C:\Windows\system32\drivers\hitmanpro37.sys 2017-09-10 14:36 - 2017-09-10 14:36 - 001118360 _____ (© 2015 Microsoft Corporation) C:\Users\User\AppData\Local\Temp\BSvcProcessor.exe 2017-09-10 14:36 - 2017-09-10 14:36 - 000170128 _____ (© 2015 Microsoft Corporation) C:\Users\User\AppData\Local\Temp\BSvcUpdater.exe 2017-08-05 17:18 - 2017-10-06 16:51 - 058881488 _____ (Skype Technologies S.A.) C:\Users\User\AppData\Local\Temp\SkypeSetup.exe ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No File Task: {490BB379-8AD1-4422-9AC9-5BF028C3BF93} - \System Health Monitor -> No File <==== ATTENTION Task: {AE88BF02-F288-45F0-862D-B5DF6C382E82} - \{36418477-9598-48BD-8D1D-6700F1E9FBD8} -> No File <==== ATTENTION cmd: del %temp%\*.* /f /s /q cmd: rd /s /q %temp% cmd: netsh winsock reset catalog cmd: netsh int ip reset C:\resettcpip.txt cmd: netsh advfirewall reset cmd: netsh advfirewall set allprofiles state ON cmd: Bitsadmin /Reset /Allusers cmd: ipconfig /flushdns cmd: ipconfig /all Removeproxy: reboot: end ***************** Restore point was successfully created. Processes closed successfully. HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b89e904f-c580-11e0-ae91-806e6f6e6963} => key removed successfully HKLM\Software\Classes\CLSID\{b89e904f-c580-11e0-ae91-806e6f6e6963} => key not found. HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007 => key removed successfully HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008 => key removed successfully HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\SOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => key removed successfully HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd => key removed successfully HKLM\System\CurrentControlSet\Services\hitmanpro37 => key removed successfully hitmanpro37 => service removed successfully C:\Windows\system32\drivers\hitmanpro37.sys => moved successfully C:\Users\User\AppData\Local\Temp\BSvcProcessor.exe => moved successfully C:\Users\User\AppData\Local\Temp\BSvcUpdater.exe => moved successfully C:\Users\User\AppData\Local\Temp\SkypeSetup.exe => moved successfully HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MSSE => key removed successfully HKLM\Software\Classes\CLSID\{0365FE2C-F183-4091-AC82-BFC39FB75C49} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{490BB379-8AD1-4422-9AC9-5BF028C3BF93} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{490BB379-8AD1-4422-9AC9-5BF028C3BF93} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Health Monitor => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE88BF02-F288-45F0-862D-B5DF6C382E82} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE88BF02-F288-45F0-862D-B5DF6C382E82} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{36418477-9598-48BD-8D1D-6700F1E9FBD8} => key not found. ========= del %temp%\*.* /f /s /q ========= Deleted file - C:\Users\User\AppData\Local\Temp\1536017.od Deleted file - C:\Users\User\AppData\Local\Temp\7681364.od Deleted file - C:\Users\User\AppData\Local\Temp\AdobeARM.log Deleted file - C:\Users\User\AppData\Local\Temp\AdobeARM_NotLocked.log Deleted file - C:\Users\User\AppData\Local\Temp\amt.log Deleted file - C:\Users\User\AppData\Local\Temp\ArmUI.ini Deleted file - C:\Users\User\AppData\Local\Temp\au-descriptor-1.8.0_151-b12.xml Deleted file - C:\Users\User\AppData\Local\Temp\bb92d3be-e1b3-4910-827e-46102715ab12.tmp Deleted file - C:\Users\User\AppData\Local\Temp\BSvcUpdateConfig.cab Deleted file - C:\Users\User\AppData\Local\Temp\catalog0 Deleted file - C:\Users\User\AppData\Local\Temp\chrome_installer.log Deleted file - C:\Users\User\AppData\Local\Temp\CVR3554.tmp.cvr Deleted file - C:\Users\User\AppData\Local\Temp\CVR6F55.tmp.cvr C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt The process cannot access the file because it is being used by another process. Deleted file - C:\Users\User\AppData\Local\Temp\JavaDeployReg.log Deleted file - C:\Users\User\AppData\Local\Temp\jusched.log Deleted file - C:\Users\User\AppData\Local\Temp\MSI3e40b.LOG Deleted file - C:\Users\User\AppData\Local\Temp\MSIa265a.LOG Deleted file - C:\Users\User\AppData\Local\Temp\MSIe13be.LOG Deleted file - C:\Users\User\AppData\Local\Temp\MSIe4975.LOG Deleted file - C:\Users\User\AppData\Local\Temp\MSIe9c25.LOG Deleted file - C:\Users\User\AppData\Local\Temp\OutofProcReport15394439.txt Deleted file - C:\Users\User\AppData\Local\Temp\OutofProcReport3974298.txt Deleted file - C:\Users\User\AppData\Local\Temp\qtsingleapp-SoundT-3b2e-1-lockfile Deleted file - C:\Users\User\AppData\Local\Temp\qtsingleapp-SoundT-d392-1-lockfile Deleted file - C:\Users\User\AppData\Local\Temp\qtsingleapp-Viber-0-1-lockfile Deleted file - C:\Users\User\AppData\Local\Temp\rms-User Deleted file - C:\Users\User\AppData\Local\Temp\searchTemp.json Deleted file - C:\Users\User\AppData\Local\Temp\SoundTouch_Install_Log.LOG Deleted file - C:\Users\User\AppData\Local\Temp\StructuredQuery.log Deleted file - C:\Users\User\AppData\Local\Temp\TWAIN.LOG Deleted file - C:\Users\User\AppData\Local\Temp\Twain001.Mtx Deleted file - C:\Users\User\AppData\Local\Temp\Twunk001.MTX Deleted file - C:\Users\User\AppData\Local\Temp\Twunk002.MTX Deleted file - C:\Users\User\AppData\Local\Temp\wmplog00.sqm Deleted file - C:\Users\User\AppData\Local\Temp\wmplog01.sqm Deleted file - C:\Users\User\AppData\Local\Temp\wmplog02.sqm Deleted file - C:\Users\User\AppData\Local\Temp\wmplog03.sqm Deleted file - C:\Users\User\AppData\Local\Temp\wmplog04.sqm Deleted file - C:\Users\User\AppData\Local\Temp\wmplog05.sqm Deleted file - C:\Users\User\AppData\Local\Temp\wmplog06.sqm Deleted file - C:\Users\User\AppData\Local\Temp\wmplog07.sqm Deleted file - C:\Users\User\AppData\Local\Temp\zam-shadow-copy-record.mbr Deleted file - C:\Users\User\AppData\Local\Temp\zam-shadow-copy-record0.vbr Deleted file - C:\Users\User\AppData\Local\Temp\zam-shadow-copy-record1.vbr Deleted file - C:\Users\User\AppData\Local\Temp\zam-shadow-copy-record2.vbr Deleted file - C:\Users\User\AppData\Local\Temp\zam-shadow-copy-record3.vbr Deleted file - C:\Users\User\AppData\Local\Temp\{872E4DCC-A6F4-4051-B900-201AC124422A}.htm Deleted file - C:\Users\User\AppData\Local\Temp\{9746F47F-C3CC-4178-89C2-40272915B438}.htm Deleted file - C:\Users\User\AppData\Local\Temp\~DF54B5CFAA81536777.TMP Deleted file - C:\Users\User\AppData\Local\Temp\~DF9CEE9CE67BF971D2.TMP Deleted file - C:\Users\User\AppData\Local\Temp\BSvcUpdateConfig\BSvcUpdateConfig Deleted file - C:\Users\User\AppData\Local\Temp\Rar$DI00.193\¤®Ј®ў®а ЉЏ_ 2017 Ј..doc Deleted file - C:\Users\User\AppData\Local\Temp\Rar$DI00.964\ЉЏа 1-2017.doc Deleted file - C:\Users\User\AppData\Local\Temp\Rar$DI08.641\¤®Ј®ў®а ЉЏа 2017 Ј..doc Deleted file - C:\Users\User\AppData\Local\Temp\WebInstaller\ServiceUpdaterLogs.log ========= End of CMD: ========= ========= rd /s /q %temp% ========= C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt - The process cannot access the file because it is being used by another process. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003 Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ip reset C:\resettcpip.txt ========= Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003 Reseting Global, OK! Reseting Interface, OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= netsh advfirewall reset ========= Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003 Ok. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003 Ok. ========= End of CMD: ========= ========= Bitsadmin /Reset /Allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Unable to cancel {6B711FF2-7B1C-4D94-BA8D-0DA8A9C2B15A}. Unable to cancel {0F0A1F2B-887F-488B-BEC6-1FF5B61DC228}. 0 out of 2 jobs canceled. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= ipconfig /all ========= Windows IP Configuration Host Name . . . . . . . . . . . . : User-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Peer-Peer IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : Home Wireless LAN adapter Wireless Network Connection 3: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter Physical Address. . . . . . . . . : 68-A3-C4-14-F4-40 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Local Area Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Atheros AR8152 PCI-E Fast Ethernet Controller Physical Address. . . . . . . . . : F0-4D-A2-64-5D-1B DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom Virtual Wireless Adapter Physical Address. . . . . . . . . : 68-A3-C4-14-F4-40 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Home Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card Physical Address. . . . . . . . . : 68-A3-C4-14-F4-40 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::e083:6cce:1131:4b57%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.102(Preferred) Subnet Mask . . . . . . . . . . . : 0.0.0.0 Lease Obtained. . . . . . . . . . : 07 ­®Ґ¬ўаЁ 2017 Ј. 15:55:58 з. Lease Expires . . . . . . . . . . : 07 ­®Ґ¬ўаЁ 2017 Ј. 23:55:58 з. Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 241738692 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-35-C2-C9-68-A3-C4-14-F4-40 DNS Servers . . . . . . . . . . . : 192.168.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled ========= End of CMD: ========= ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 105325522 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 233902979 B Edge => 0 B Chrome => 787309141 B Firefox => 7525024 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 128 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 34069656 B User => 172470695 B Guest => 0 B RecycleBin => 256675091 B EmptyTemp: => 1.5 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 18:41:07 ====
  7. Не го ползвам тоя Акробат , не зная той ли е проблема , но това съобщение май за първи път го виждам или поне този път го улових да го "щракна" ,предишния проблем почна от самонастанилата се търсачка
  8. Благодаря! Изпълних указанията, компа се зареди нормално този път и има вече връзка с Интернет, при включване горе в дясно излезе това съобщение:
  9. рестартнах 2 пъти- едно и също- много бавно изключване и включване и като успее да включи дава пак същото съобщение. Не мога да разбера как да изпълня това: "възстановете от последната точка на възстановяване преди изпълнение на скрипта...създал съм такава..!" реално на моя комп не мога да отворя форума
  10. съобщението , което излезе в дясно гласи: Failed to connect to a windows service Windows could not connect to the system Event Notification Service service.This problem prevents standard users from logging on to the system.As an administrative user, yiu can review the System Event Log for details about why the service didnt respond пиша от компа на съпруга си
  11. след пролагане на fix компа се рестартна сам и после много бавно започна да върти и да не може да вкл чи, доста време стоя на празен екран, даде някакво съобщение в дясно долу , изчезнал е интернета и не мога повече да го свържа към рутера !
  12. Разбира се , че трябва да суи вършите работата! Аз като не внимавам с техниката си да не ми е виновен някой друг я Изключително много благодаря за всичко до тук! Добре, че потърсих помощта ви , че иначе , ако бях чакала и пробвала на своя глава сигурно щях да направя още по-големи бели( не случайно така ми е името) Не стига , че ме е заразил някакъв грип и боря кашлици и температури на топло в къщи ами и по компа явно е тръгнал
  13. ето файловете: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017 Ran by User (administrator) on USER-PC (07-11-2017 16:06:59) Running from C:\Users\User\Desktop Loaded Profiles: User (Available Profiles: User & Guest) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE (Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Viber Media S.Ã r.l.) C:\Users\User\AppData\Local\Viber\Viber.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (© 2015 Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\SoundTouch\SoundTouchHelper\SoundTouchHelper.exe (Bose Corporation) C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.exe (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Farbar) C:\Users\User\Desktop\FRST64 (1).exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-16] (Dell Inc.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [1836328 2007-09-20] (Nero AG) HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1611160 2011-03-28] (CANON INC.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-20] (Wondershare) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation) HKLM-x32\...\Run: [SoundTouchHelper] => C:\Program Files (x86)\SoundTouch\SoundTouchHelper\SoundTouchHelper.exe [952832 2017-09-18] () HKLM-x32\...\Run: [SoundTouch Music Server] => C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.lnk [2172 2017-09-26] () HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [googletalk] => C:\Users\User\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google) HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-30] (Google Inc.) HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2007-09-20] (Nero AG) HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\User\AppData\Local\Akamai\netsession_win.exe" HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [Viber] => C:\Users\User\AppData\Local\Viber\Viber.exe [38871120 2017-10-24] (Viber Media S.Ã r.l.) HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.) HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [BingSvc] => C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation) HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Policies\Explorer: [] HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\MountPoints2: {b89e904f-c580-11e0-ae91-806e6f6e6963} - E:\setup.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{61285D62-0825-4C6A-8F7B-F187EF6B7C4E}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{BEC2B3B5-8A62-4C8D-947B-942060F59681}: [NameServer] 10.250.238.3 10.250.238.4 Tcpip\..\Interfaces\{E2C5FBF5-BC9E-4F83-8514-C9EC7DB41090}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2108872990-2365937994-3429966836-1000 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ADFA_en SearchScopes: HKU\S-1-5-21-2108872990-2365937994-3429966836-1000 -> {01331362-9AB4-4EF8-B80F-17A753AABA26} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2108872990-2365937994-3429966836-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ADFA_en BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-08-19] (Oracle Corporation) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.) DPF: HKLM-x32 {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://e-fibank.bg/EBank/CAPICOM/capicom.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies) FireFox: ======== FF DefaultProfile: 0nh7i0xu.default-1396792165575 FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 [2017-10-19] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> Bing FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> Bing FF SelectedSearchEngine: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> Bing FF Homepage: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=en-us hxxps://www.malwarebytes.org/restorebrowser//?u=10b253f49536d7c82625e2601c9d32eb&c=1000_2&src=hp&inst=1471229042 FF Keyword.URL: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q= FF Extension: (Bing Search) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575\Extensions\bingsearch.full@microsoft.com.xpi [2017-09-10] FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575\searchplugins\bing-.xml [2017-09-10] FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575\searchplugins\google-.xml [2016-05-02] FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-08-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\new_plugin\npjp2.dll [No File] FF Plugin-x32: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-08-19] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2108872990-2365937994-3429966836-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2108872990-2365937994-3429966836-1000: @talk.google.com/O1DPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2108872990-2365937994-3429966836-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.) FF Plugin HKU\S-1-5-21-2108872990-2365937994-3429966836-1000: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-08-10] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) Chrome: ======= CHR DefaultProfile: Profile 1 CHR HomePage: Profile 1 -> msn.com CHR StartupUrls: Profile 1 -> "hxxp://www.google.com" CHR NewTab: Profile 1 -> Not-active:"chrome-extension://fcfenmboojpjinhpgggodefccipikbpd/newTab.html" CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-11-07] CHR Extension: (Google Translate) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-20] CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-07] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Dropbox for Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-01-31] CHR Extension: (Email Game) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehbobaphhmjpchjknfpcnlhcbkjbclge [2015-07-19] CHR Extension: (Gmail Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-07-19] CHR Extension: (Google Calendar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-14] CHR Extension: (Dnevnik.bg) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgpgbimpbapjogkgkgmdkcdimopnnljb [2015-07-19] CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20] CHR Extension: (Pin It Button) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-24] CHR Extension: (Facebook Invite All) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2016-01-31] CHR Extension: (Download Master) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf [2016-01-31] CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24] CHR Extension: (MultiHighlighter) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifbglmlbpgpbflnkfpclkmckoollbn [2015-09-04] CHR Extension: (OokiCookie) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjmnhgnkikbajikhhbplekfmljhdhjm [2015-07-19] CHR Extension: (word highlight) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooabkmkhabkahcjbgpiajffckeibpdoa [2015-07-19] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29] CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-03] CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-11-07] CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14] CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-02] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-20] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-02] CHR Extension: (Adobe Acrobat) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-26] CHR Extension: (Bing) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-11-06] CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14] CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-30] CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-29] CHR Extension: (10b253f49536d7c82625e2601c9d32eb_2) - C:\Program Files (x86)\Google\Chrome\Application\10b253f49536d7c82625e2601c9d32eb_2 [2016-08-18] CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-03] CHR HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-04-12] (Macrovision Europe Ltd.) [File not signed] R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] () R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation) R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation) R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-09-20] (Nero AG) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-16] (Dell Inc.) [File not signed] R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [46960 2016-08-20] () R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation) R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-11-07] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-11-07] (Zemana Ltd.) S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-07 16:06 - 2017-11-07 16:07 - 000022449 _____ C:\Users\User\Desktop\FRST.txt 2017-11-07 16:05 - 2017-11-07 16:06 - 002403328 _____ (Farbar) C:\Users\User\Desktop\FRST64 (1).exe 2017-11-07 15:49 - 2017-11-07 15:55 - 000000000 ____D C:\AdwCleaner 2017-11-07 15:48 - 2017-11-07 15:48 - 008261584 _____ (Malwarebytes) C:\Users\User\Desktop\adwcleaner_7.0.4.0.exe 2017-11-07 14:33 - 2017-11-07 14:33 - 000002920 _____ C:\Users\User\Desktop\2017.11.07-14.16.19-i0-t92-d4.txt 2017-11-07 14:16 - 2017-11-07 16:07 - 000047448 _____ C:\Windows\ZAM.krnl.trace 2017-11-07 14:16 - 2017-11-07 16:07 - 000021336 _____ C:\Windows\ZAM_Guard.krnl.trace 2017-11-07 14:15 - 2017-11-07 14:16 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2017-11-07 14:15 - 2017-11-07 14:15 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys 2017-11-07 14:15 - 2017-11-07 14:15 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys 2017-11-07 14:15 - 2017-11-07 14:15 - 000001112 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2017-11-07 14:15 - 2017-11-07 14:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2017-11-07 14:14 - 2017-11-07 14:14 - 000000000 ____D C:\Users\User\AppData\Local\Zemana 2017-11-07 14:12 - 2017-11-07 14:14 - 006625600 _____ (Zemana Ltd. ) C:\Users\User\Desktop\Zemana.AntiMalware.Setup.exe 2017-11-07 12:23 - 2017-11-07 12:23 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\63554240.sys 2017-11-07 12:17 - 2017-11-07 12:53 - 000000000 ____D C:\Users\User\Desktop\mbar 2017-11-07 12:17 - 2017-11-07 12:53 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-11-07 12:17 - 2017-11-07 12:19 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2017-11-07 12:17 - 2017-11-07 12:17 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\1147D1A6.sys 2017-11-07 12:15 - 2017-11-07 12:16 - 014161479 _____ C:\Users\User\Desktop\mbar-1.10.3.1001-nr.exe 2017-11-06 14:32 - 2017-11-07 16:06 - 000000000 ____D C:\FRST 2017-11-06 14:31 - 2017-11-06 14:31 - 002403328 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2017-10-29 13:08 - 2017-10-29 13:09 - 000000000 ____D C:\Users\User\AppData\Local\Viber 2017-10-26 21:08 - 2017-10-26 21:08 - 000182233 _____ C:\Users\User\Desktop\Гръбначните изкривявания - Част VI_ Загуба на шийна лордоза (Forward Head Posture syndrome) _ Любомир Иванов.html 2017-10-26 21:08 - 2017-10-26 21:08 - 000000000 ____D C:\Users\User\Desktop\Гръбначните изкривявания - Част VI_ Загуба на шийна лордоза (Forward Head Posture syndrome) _ Любомир Иванов_files 2017-10-17 10:55 - 2017-10-17 10:55 - 000136163 _____ C:\Users\User\Desktop\Актуална цена за присъединяване.pdf 2017-10-12 20:26 - 2017-10-12 20:26 - 000056320 _____ C:\Users\User\Desktop\Таксуване (1).xls 2017-10-12 19:09 - 2017-10-12 19:09 - 000056320 _____ C:\Users\User\Desktop\Таксуване.xls 2017-10-11 21:32 - 2017-09-13 17:33 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2017-10-11 21:32 - 2017-09-13 17:32 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-10-11 21:32 - 2017-09-13 17:32 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2017-10-11 21:32 - 2017-09-13 17:32 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2017-10-11 21:32 - 2017-09-13 17:32 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2017-10-11 21:32 - 2017-09-13 17:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 000886272 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 000448512 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2017-10-11 21:32 - 2017-09-13 17:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2017-10-11 21:32 - 2017-09-13 17:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2017-10-11 21:32 - 2017-09-13 17:10 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2017-10-11 21:32 - 2017-09-13 17:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2017-10-11 21:32 - 2017-09-13 17:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2017-10-11 21:32 - 2017-09-13 17:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2017-10-11 21:32 - 2017-09-13 17:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll 2017-10-11 21:32 - 2017-09-13 17:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll 2017-10-11 21:32 - 2017-09-13 17:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2017-10-11 21:32 - 2017-09-13 17:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2017-10-11 21:32 - 2017-09-13 17:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2017-10-11 21:32 - 2017-09-13 17:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2017-10-11 21:32 - 2017-09-13 17:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2017-10-11 21:32 - 2017-09-13 17:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2017-10-11 21:32 - 2017-09-13 17:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2017-10-11 21:32 - 2017-09-13 17:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2017-10-11 21:32 - 2017-09-13 17:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll 2017-10-11 21:32 - 2017-09-13 17:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll 2017-10-11 21:32 - 2017-09-13 17:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll 2017-10-11 21:32 - 2017-09-13 17:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2017-10-11 21:32 - 2017-09-13 17:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2017-10-11 21:32 - 2017-09-13 17:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2017-10-11 21:32 - 2017-09-13 17:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2017-10-11 21:32 - 2017-09-13 17:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 17:05 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys 2017-10-11 21:32 - 2017-09-13 17:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2017-10-11 21:32 - 2017-09-13 17:00 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2017-10-11 21:32 - 2017-09-13 17:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2017-10-11 21:32 - 2017-09-13 17:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2017-10-11 21:32 - 2017-09-13 16:57 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2017-10-11 21:32 - 2017-09-13 16:56 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2017-10-11 21:32 - 2017-09-13 16:53 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2017-10-11 21:32 - 2017-09-13 16:53 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2017-10-11 21:32 - 2017-09-13 16:53 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2017-10-11 21:32 - 2017-09-13 16:52 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2017-10-11 21:32 - 2017-09-13 16:52 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2017-10-11 21:32 - 2017-09-13 16:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2017-10-11 21:32 - 2017-09-13 16:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2017-10-11 21:32 - 2017-09-13 16:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2017-10-11 21:32 - 2017-09-13 16:46 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2017-10-11 21:32 - 2017-09-13 16:46 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2017-10-11 21:32 - 2017-09-13 16:46 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 16:46 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 16:46 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 16:46 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2017-10-11 21:32 - 2017-09-13 16:46 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2017-10-11 21:32 - 2017-09-09 02:45 - 000395984 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2017-10-11 21:32 - 2017-09-09 01:47 - 000347344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2017-10-11 21:32 - 2017-09-08 17:34 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2017-10-11 21:32 - 2017-09-08 17:30 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2017-10-11 21:32 - 2017-09-08 17:30 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2017-10-11 21:32 - 2017-09-08 17:30 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll 2017-10-11 21:32 - 2017-09-08 17:30 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll 2017-10-11 21:32 - 2017-09-08 17:30 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll 2017-10-11 21:32 - 2017-09-08 17:30 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2017-10-11 21:32 - 2017-09-08 17:30 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll 2017-10-11 21:32 - 2017-09-08 17:30 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll 2017-10-11 21:32 - 2017-09-08 17:30 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll 2017-10-11 21:32 - 2017-09-08 17:30 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll 2017-10-11 21:32 - 2017-09-08 17:30 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll 2017-10-11 21:32 - 2017-09-08 17:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll 2017-10-11 21:32 - 2017-09-08 17:14 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2017-10-11 21:32 - 2017-09-08 17:13 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe 2017-10-11 21:32 - 2017-09-08 17:13 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe 2017-10-11 21:32 - 2017-09-08 17:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2017-10-11 21:32 - 2017-09-08 17:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll 2017-10-11 21:32 - 2017-09-08 17:10 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2017-10-11 21:32 - 2017-09-08 17:10 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll 2017-10-11 21:32 - 2017-09-08 17:09 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2017-10-11 21:32 - 2017-09-08 17:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll 2017-10-11 21:32 - 2017-09-08 17:09 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll 2017-10-11 21:32 - 2017-09-08 17:09 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll 2017-10-11 21:32 - 2017-09-08 17:09 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll 2017-10-11 21:32 - 2017-09-08 17:09 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll 2017-10-11 21:32 - 2017-09-08 17:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll 2017-10-11 21:32 - 2017-09-08 17:00 - 003222016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2017-10-11 21:32 - 2017-09-08 17:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2017-10-11 21:32 - 2017-09-08 17:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe 2017-10-11 21:32 - 2017-09-08 16:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe 2017-10-11 21:32 - 2017-09-08 16:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll 2017-10-11 21:32 - 2017-09-08 16:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll 2017-10-11 21:32 - 2017-09-08 16:20 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll 2017-10-11 21:32 - 2017-09-08 16:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll 2017-10-11 21:32 - 2017-09-07 23:38 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2017-10-11 21:32 - 2017-09-07 23:37 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2017-10-11 21:32 - 2017-09-07 23:19 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2017-10-11 21:32 - 2017-09-07 23:18 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2017-10-11 21:32 - 2017-09-07 23:18 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2017-10-11 21:32 - 2017-09-07 23:17 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2017-10-11 21:32 - 2017-09-07 23:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2017-10-11 21:32 - 2017-09-07 23:15 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2017-10-11 21:32 - 2017-09-07 23:08 - 025729536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-10-11 21:32 - 2017-09-07 23:08 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2017-10-11 21:32 - 2017-09-07 23:07 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2017-10-11 21:32 - 2017-09-07 23:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2017-10-11 21:32 - 2017-09-07 23:01 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2017-10-11 21:32 - 2017-09-07 23:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2017-10-11 21:32 - 2017-09-07 23:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2017-10-11 21:32 - 2017-09-07 23:00 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2017-10-11 21:32 - 2017-09-07 22:52 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2017-10-11 21:32 - 2017-09-07 22:48 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2017-10-11 21:32 - 2017-09-07 22:40 - 005982208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-10-11 21:32 - 2017-09-07 22:39 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2017-10-11 21:32 - 2017-09-07 22:38 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2017-10-11 21:32 - 2017-09-07 22:37 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2017-10-11 21:32 - 2017-09-07 22:33 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2017-10-11 21:32 - 2017-09-07 22:32 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2017-10-11 21:32 - 2017-09-07 22:29 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2017-10-11 21:32 - 2017-09-07 22:27 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2017-10-11 21:32 - 2017-09-07 22:13 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2017-10-11 21:32 - 2017-09-07 22:10 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2017-10-11 21:32 - 2017-09-07 22:10 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2017-10-11 21:32 - 2017-09-07 22:08 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2017-10-11 21:32 - 2017-09-07 22:08 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2017-10-11 21:32 - 2017-09-07 21:44 - 015262720 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-10-11 21:32 - 2017-09-07 21:40 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2017-10-11 21:32 - 2017-09-07 21:27 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2017-10-11 21:32 - 2017-09-07 21:27 - 001548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2017-10-11 21:32 - 2017-09-07 21:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2017-10-11 21:32 - 2017-09-07 21:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2017-10-11 21:32 - 2017-09-07 21:10 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2017-10-11 21:32 - 2017-09-07 21:10 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2017-10-11 21:32 - 2017-09-07 21:10 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2017-10-11 21:32 - 2017-09-07 21:09 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2017-10-11 21:32 - 2017-09-07 21:04 - 020267008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-10-11 21:32 - 2017-09-07 21:03 - 002292736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2017-10-11 21:32 - 2017-09-07 21:03 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2017-10-11 21:32 - 2017-09-07 21:02 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2017-10-11 21:32 - 2017-09-07 20:59 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2017-10-11 21:32 - 2017-09-07 20:58 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2017-10-11 21:32 - 2017-09-07 20:58 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2017-10-11 21:32 - 2017-09-07 20:58 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2017-10-11 21:32 - 2017-09-07 20:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2017-10-11 21:32 - 2017-09-07 20:44 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2017-10-11 21:32 - 2017-09-07 20:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2017-10-11 21:32 - 2017-09-07 20:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2017-10-11 21:32 - 2017-09-07 20:40 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2017-10-11 21:32 - 2017-09-07 20:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2017-10-11 21:32 - 2017-09-07 20:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2017-10-11 21:32 - 2017-09-07 20:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2017-10-11 21:32 - 2017-09-07 20:29 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2017-10-11 21:32 - 2017-09-07 20:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2017-10-11 21:32 - 2017-09-07 20:26 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2017-10-11 21:32 - 2017-09-07 20:25 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2017-10-11 21:32 - 2017-09-07 20:25 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2017-10-11 21:32 - 2017-09-07 20:17 - 013677568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2017-10-11 21:32 - 2017-09-07 20:01 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2017-10-11 21:32 - 2017-09-07 19:57 - 001316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2017-10-11 21:32 - 2017-09-07 19:57 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2017-10-11 21:32 - 2017-09-07 17:31 - 002851328 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll 2017-10-11 21:32 - 2017-09-07 17:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll 2017-10-11 21:32 - 2017-09-07 16:55 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2017-10-11 21:32 - 2017-09-07 16:55 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2017-10-11 21:32 - 2017-09-07 16:55 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2017-10-11 21:32 - 2017-08-19 17:28 - 004121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2017-10-11 21:32 - 2017-08-19 17:28 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2017-10-11 21:32 - 2017-08-19 17:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2017-10-11 21:32 - 2017-08-19 17:10 - 003209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2017-10-11 21:32 - 2017-08-19 17:10 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2017-10-11 21:32 - 2017-08-19 17:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2017-10-11 21:32 - 2017-08-19 17:08 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2017-10-11 21:32 - 2017-08-19 17:08 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2017-10-11 21:32 - 2017-08-19 16:57 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2017-10-11 21:32 - 2017-08-19 16:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2017-10-11 21:32 - 2017-08-14 19:35 - 001032192 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll 2017-10-11 21:32 - 2017-08-14 19:35 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll 2017-10-11 21:32 - 2017-08-14 19:35 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll 2017-10-11 21:32 - 2017-08-13 23:45 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-07 16:05 - 2009-07-14 06:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-11-07 16:05 - 2009-07-14 06:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-11-07 16:00 - 2011-04-12 10:47 - 000000000 ____D C:\Users\User\AppData\Roaming\Skype 2017-11-07 16:00 - 2009-07-14 07:13 - 000785786 _____ C:\Windows\system32\PerfStringBackup.INI 2017-11-07 16:00 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2017-11-07 15:56 - 2016-03-27 23:35 - 000065536 _____ C:\Windows\system32\Ikeext.etl 2017-11-07 15:56 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-11-07 15:17 - 2011-05-26 17:50 - 000001004 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2108872990-2365937994-3429966836-1000UA.job 2017-11-07 14:28 - 2009-07-14 07:08 - 000032536 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-11-07 14:26 - 2016-02-03 08:03 - 000001124 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-11-07 12:17 - 2014-09-05 12:43 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-11-07 10:46 - 2016-04-14 22:13 - 000000000 ____D C:\Users\User\AppData\Roaming\ViberPC 2017-11-06 20:10 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\tracing 2017-11-06 18:35 - 2015-06-24 14:51 - 000000000 ____D C:\Users\User\Documents\ViberDownloads 2017-11-06 18:17 - 2011-05-26 17:50 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2108872990-2365937994-3429966836-1000Core.job 2017-11-05 10:53 - 2017-04-13 22:27 - 000000000 ___RD C:\Program Files (x86)\Skype 2017-11-05 10:53 - 2011-04-12 10:46 - 000000000 ____D C:\ProgramData\Skype 2017-10-31 11:15 - 2011-04-12 20:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2017-10-26 19:48 - 2017-07-25 10:39 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps 2017-10-25 19:32 - 2017-07-22 20:42 - 000000000 ____D C:\Users\User\AppData\Roaming\SoundTouch 2017-10-25 19:32 - 2017-07-22 20:41 - 000000000 ____D C:\Program Files (x86)\SoundTouch 2017-10-24 15:23 - 2013-01-16 17:48 - 000000000 ____D C:\ProgramData\CanonIJPLM 2017-10-19 09:39 - 2016-12-19 08:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-10-19 09:39 - 2016-12-05 20:28 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla 2017-10-12 17:12 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache 2017-10-12 16:22 - 2009-07-14 06:45 - 002338848 _____ C:\Windows\system32\FNTCACHE.DAT 2017-10-11 22:02 - 2011-04-12 11:16 - 000762140 _____ C:\Windows\SysWOW64\PerfStringBackup.INI ==================== Files in the root of some directories ======= 2011-07-27 22:59 - 2011-07-27 22:59 - 000000000 ____H () C:\Users\User\AppData\Local\BIT7DB1.tmp 2011-11-10 16:05 - 2011-11-10 16:05 - 000004096 ____H () C:\Users\User\AppData\Local\keyfile3.drm 2011-07-27 22:59 - 2011-07-27 22:59 - 000000000 _____ () C:\Users\User\AppData\Local\{BE08E1F6-7B92-4E51-B565-F383E741847C} 2011-07-28 14:34 - 2011-07-28 14:35 - 000000000 _____ () C:\Users\User\AppData\Local\{D390E0A7-E0A7-4120-9348-F90CD935A202} 2011-04-12 12:27 - 2011-04-12 12:27 - 000000056 ____H () C:\ProgramData\ezsidmv.dat 2016-03-12 22:11 - 2016-03-12 22:11 - 000000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc Some files in TEMP: ==================== 2017-09-10 14:36 - 2017-09-10 14:36 - 001118360 _____ (© 2015 Microsoft Corporation) C:\Users\User\AppData\Local\Temp\BSvcProcessor.exe 2017-09-10 14:36 - 2017-09-10 14:36 - 000170128 _____ (© 2015 Microsoft Corporation) C:\Users\User\AppData\Local\Temp\BSvcUpdater.exe 2017-08-05 17:18 - 2017-10-06 16:51 - 058881488 _____ (Skype Technologies S.A.) C:\Users\User\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-10-31 11:55 ==================== End of FRST.txt ============================ Addition.txt
  14. ето и дневника: # AdwCleaner 7.0.4.0 - Logfile created on Tue Nov 07 13:55:02 2017 # Updated on 2017/27/10 by Malwarebytes # Running on Windows 7 Professional (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** No malicious folders deleted. ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iSafeSvc2.exe Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [1112 B] - [2017/11/7 13:51:0] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.