Премини към съдържанието

Препоръчан отговор


Здравейте! След като си преинсталирах компа ми се появи вирус svhost, който всъщност е системен файл или процес, но ми товари много и мисля, че е вирус! Ето една снимка:

xWPBwUch.png

 

 

 

FRST.txt

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

 

Имате си червей Neshta.

 

Изтеглете KKdS6sj.pngfixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

  • Харесва ми 3

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Благодаря много, а междру времено нещата стават все по-зле.. Започна да ми иска разрешение от администратор при пускане на гугъл, на скайп и всички програми като цяло... 1мин и ще пусна log файла :)


Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Ali (2015-09-19 11:24:10) Run:1
Running from C:\Users\Ali\Downloads
Loaded Profiles: Ali (Available Profiles: Ali)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
2015-09-18 17:01 - 2015-09-18 20:10 - 00000107 _____ C:\Windows\directx.sys
2015-09-18 16:52 - 2015-09-18 16:52 - 00041472 _____ C:\Windows\svchost.com
HKLM\...\exefile\open\command: C:\Windows\svchost.com "%1" %* <===== ATTENTION
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
Hosts:
EmptyTemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Windows\directx.sys => moved successfully
C:\Windows\svchost.com => moved successfully
HKLM\Software\Classes\exefile\shell\open\command\\Default => value restored successfully
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{68A52267-2393-4A37-A19C-A3AF87B44966} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\S-1-5-21-2556964095-490352788-1680620185-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2556964095-490352788-1680620185-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 1.1 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 11:25:04 ====

А не трябва ли да е само един процес?

След промяната: 

SEY5vT7.png

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не....svchost.exe е легитимен процес, който стартира от C:\Windows\system32.

Svchost.com не е легитимен процес и стартира от C:\Windows...правите ли разлика?

Така че е напълно нормално да имате и до 10 инстанции на svchost.exe в Task Manager в зависимост от това колко услуги са стартирани във фонов режим.

Лошата новина обаче е, че Neshta заразява всички exe файлове на всички дялове и си е един вид полиморфен бацил и може да се налижи да изтриете всички дялове и да ги създадете наново, да ги форматирате и да преинсталирате Windows на чисто. Така става като строите без инсталирана антивирусна програма!

 

 

СТЪПКА 1

 

 

emsisoft_emergency_kit.pnglogo.png

  • Моля изтеглете EmsisoftEmergencyKit, стартирайте exe файла и посочете къде да се разархивира програмата - например в (C:\EEK), натискайки бутона Extract.
  • Стартирайте иконата на файла Start Emsisoft Emergency Kit от десктопа за да стартирате приложението.
  • Натиснете бутона"Yes", когато бъдете подканени да обновите дефинициите на програмата.

EKK.gif

  • След като процеса по обновяването на дефинициите приключи натиснете бутона "Scan".
  • Натиснете бутона "Yes", когато бъдете попитани дали да програмата да включи засичането на потенциално нежелани приложения (Potentially Unwanted Applications).
  • Сега вече изберете бутона Custom Scan. Премахнете от списъка всички дялове без C:\ (т.е. нека да остане само дял C:\ в списъка).
  • Натиснете Next за да започне проверката.
  • Когато проверката приключи натиснете бутона View Report.
  • Копирайте съдържанието на лог файла в следващия си коментар.

 

 

 

СТЪПКА 2

 

 

  • Моля изтеглете и стартирайте изпълнимия файл от линка отдолу:
    ESET OnlineScan
  • Сложете отметката предesetAcceptTerms.png
  • Натиснете бутона esetStart.png.
  • Сложете отметката пред Enable detection of potentially unwanted applications.
  • Сега кликнете на Advanced Settings и се уверете, че опцията Remove found threats не е маркирана, а следните са маркирани:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    • Изберете сега бутона Change и изберете само Operating memory и дял C:\

fhSji42.png

 

  • Натиснете бутона Start.
  • ESET ще започне да сваля и инсталира актуализации за вирусните дефиниции и след това ще започне да сканира компютъра. Бъдете търпеливи, защото процеса е бавен и може да отнеме доста време.
  • След като проверката приключи натиснете бутонаesetListThreats.png
  • Сега натиснете бутона esetExport.png, и запазете файла на десктопа с име по избор като например (ESETScan.txt). Копирайте резултата в следващия си коментар.
  • Натиснете бутона esetBack.png и след това натиснете бутона esetFinish.png за да затворите приложението.

Поздрави!

  • Харесва ми 3

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

А есет-а след като си оправя компа да го трия ли или не, защото са ми казвали, че безплатните антивирусни не хващат сериозните вируси, а само тия дето не са кой знае какво

Редактирано от D71149 (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Това което са ви казали е грешно. Единствения минус на безплатните антивирусни е липсата на техническа поддръжка и някои орязани функции, но си ловят повече от добре. Това,  което съм дал в момента от Eset е само скенер, без защита в реално време. Eset нямат безплатни продукти...така че ако трябва да избирате между безплатна или кракната програма се насочете към безплатната...Ако вече можете да си позволите лиценз за платена тогава се насочете към нея.

  • Харесва ми 3

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
Emsisoft Emergency Kit - Version 10.0
Last update: N/A
User account: Ali-PC\Ali
 
Scan settings:
 
Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 19.9.2015 г. 14:52:23
C:\AMD\AMD-Catalyst-15.7.1-With-DOTNet45-Win7-64bit\Packages\Apps\Raptr\RaptrInstaller\amd_ge_installer.exe detected: Win32.Neshta.A (B)
C:\AMD\AMD-Catalyst-15.7.1-With-DOTNet45-Win7-64bit\Packages\Apps\VC12RTx64\vcredist_x64\vcredist_x64.exe detected: Win32.Neshta.A (B)
C:\AMD\AMD-Catalyst-15.7.1-With-DOTNet45-Win7-64bit\Packages\Apps\VC12RTx86\vcredist_x86\vcredist_x86.exe detected: Win32.Neshta.A (B)
C:\FRST\Quarantine\C\Windows\svchost.com.xBAD detected: Win32.Neshta.A (B)
C:\Program Files (x86)\InstallShield Installation Information\{86A7EED0-02D0-4D91-8183-8D2F23F5E6AE}\setup.exe detected: Win32.Neshta.A (B)
C:\Program Files (x86)\Steam\uninstall.exe detected: Win32.Neshta.A (B)
C:\Users\Ali\AppData\Local\Apps\2.0\AVJZXD3R.MLH\5A6YBC2R.K24\clic...exe_86fd5b6b43e66935_0001.0003_none_c2df945ba0371298\GoogleUpdateSetup.exe detected: Win32.Neshta.A (B)
C:\Users\Ali\AppData\Local\Apps\2.0\AVJZXD3R.MLH\5A6YBC2R.K24\google.app_86fd5b6b43e66935_0001.0003_e635e70961deb344\GoogleUpdateSetup.exe detected: Win32.Neshta.A (B)
C:\Users\Ali\AppData\Local\Google\Chrome\Application\26.0.1410.64\chrome_frame_helper.exe detected: Win32.Neshta.A (B)
C:\Users\Ali\AppData\Local\Google\Chrome\Application\26.0.1410.64\chrome_launcher.exe detected: Win32.Neshta.A (B)
C:\Users\Ali\AppData\Local\Google\Chrome\Application\26.0.1410.64\delegate_execute.exe detected: Win32.Neshta.A (B)
C:\Users\Ali\AppData\Local\Google\Chrome\Application\26.0.1410.64\Installer\setup.exe detected: Win32.Neshta.A (B)
C:\Users\Ali\AppData\Local\Google\Chrome\Application\26.0.1410.64\nacl64.exe detected: Win32.Neshta.A (B)
 
Scanned 223929
Found 13
 
Scan end: 19.9.2015 г. 15:18:53
Scan time: 0:26:30

Сега есетът е на наред :) Но наистина съм имал много вируси и са били доста гадни вирусчета..

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Както казах...заразява главно exe файловете...явно сме го пипнали на време. Ако не сте затворили Emsisoft направаво изберете Quarantine Selected.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Както казах...заразява главно exe файловете...явно сме го пипнали на време. Ако не сте затворили Emsisoft направаво изберете Quarantine Selected.

жалко затворих го... Има ли начин с Есет да се махне?

Ето и есет файла, ще пусна наново другата програма и ще махна вируса

yaHETBn.jpgСега?

Редактирано от D71149 (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сега продължете със стъпка 2 и публикувайте лог файла от Eset Online Scanner.

Есетът не ми създаде тхт файл, нямаше никви вируси всичко беше 0

Но вирусът продалжава да товари.. 825 000к ми товари + 133 000к те са на първо място по заемане на памет и след това идва хрома и скайпа

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Чудесно...значи сме готови.

 

Ето и няколко финални препоръки:

 

1. Проверете за стари приложения с помощта на PatchMyPC или с програмата Secunia Personal Software Inspector.

 

2. Инсталирайте Unchecky за да се предпазите от адуер по време на инсталацията на даден софтуер.

 

3. За да почистим използваните от нас инструменти направете следното:

 

Изтеглете OTC.exe и го стартирайте. Натиснете бутона CleanUp!.
Рестартирайте компютъра, ако ви попита!

 

Изтеглете Delfix.exe и го стартирайте. Сложете отметка пред Remove disinfection tools и Purge system restore (трябва да има такава по-подразбиране, но все пак да си кажа) => натиснете бутона Run. Инструмента ще се самоизтрие след като приключи своята задача!

 

Ако има папки, които не са се изтрили след гореспоменатите процедури пишете и ще ги премахнем ръчно.

 

4. За защита от криптовирусите, освен обновяване на ОС и антивирусната програма е добре да имунизирате системата си с CryptoPrevent и профила Maximum Protection: (Не използвайте последната опция, защото още е бъгава и не работи коректно, но на ваш риск може да я пробвате да видите как ще се държи системата и с последната опция).

 

mtBkCIZ.jpg

 

Ако имате проблеми с инсталацията на програми след използването на CryptoPrevent вижте следните съвети, както и тези

 

Можете да погледнете и новата програма CryptoMonitor (но инструмента още се разработва и е леко бъгав) и безплатната версия е доста орязана, но в момента пълната версия е достъпна безплатно, защото скоро се очаква нова версия на програмата, която пак ще е платена.

 

Не забравяйте да изключите и Autorun в Windows, защото криптовирусите могат да се настанят и на външните дискове и флашки и да заразят информацията на тези носители при свързването им с инфектирана система и след това да заразят и други системи при свързването на външните дискове към други компютри (и така да го предадете и на тях). Microsoft са създали автоматичен инструмент за целта => MSFixIt. Добре е също така след като вкарате външния диск дори и при спрян Autorun просто да сканирате буквата на устройството с обновена антивирусна програма преди да започнете да прехвърляте данни от и към външния диск.

 

Има и други програми, но са главно за напреднали потребители и няма да се спирам много задълбочено на тях, защото са сравнително по-сложни за употреба на средностатистическите потребители.. Затова ще ги пропусна. Добре е да не се спира System RestoreFile History в Windows 8), да не се спира UAC - User Account Control (даже да се направи на максималното ниво на защита), да не се спира SmartScreen (наличен само в Windows 8), да се внимава с прикачените файлове към електронната поща. Добра идея е и да забраните скриптовете, ако не използвате такива с помощта на инструмента - Noscript.exe. Стартирайте го и изберете Disable. Ако ви потрябва да стартирате някога (js или vbs файлове, просто стартирайте инструмента и го направете на Enable). Добре е да се внимава и с PDF файловете (повечето програми позволяват да се изключи java script в PDF четците, да се забрани на PDF файловете да стартират външни програми и да комуникират с интернет и прочие), да се внимава с офис файловете за макрос експлоити (пак може да се затегне сигурността от настройките на офис пакетите), добре е да се внимава за файлове с двойни разширения (например ако в My Computer => Tools => Folder Options => не е премахната отметката пред "Hide extensions for known file types" ако свалите даден файл от интернет с името image.exe.jpg, вие ще го видите като image.jpg, но всъщност файла ще е image.exe и щом го стартирате това ще задейства и вируса). Добра идея е да инсталирате Malwarebytes Anti-Exploit за да си осигурите спокойствие при сърфиране. Трудничко е, но просто няма как. Потребителите трябва да се научат да проявяват бдителност и хигиена при сърфиране.

 

5. За подобряване на производителността (ако системата ви се вижда мудна) вижте следните няколко теми:

 

Оптимизиране на Windows с цел по-добра производителност

Ръководство за поддръжка на Windows (XP, Vista и 7) [Revision 2.0]

Какво да направя, ако компютърът ми работи бавно

Профилактика на компютъра,как?

 

6. Проверете системата си актуални драйвери от сайтовете на производителите на компонентите ако ви се занимава (не използвайте програми за автоматично обновяване на драйверите за да си спестите главоболията после) и направете пълна проверка за гадини с наличната ви антивирусна програма за всеки случай.

 

7. Винаги правете бекъп на важните си документи на външни носители и за не толкова ценните неща на cloud услуги. Научете се да не инсталирате програми от съмнителни източници. Добра идея е да се научите да си създавате огледални образи на текущото работещо състояние на дяла на който се намира Операционната Система. Възстановяването на такъв образ при нужда в пъти по-лесен и бърз начин за връщане на работещото състояние на системата от преинсталация или опит за ръчно премахване на даден проблем. Такъв образ може да се създаде с външна програма като Macrium Reflect Free.

Можете да видите и тази тема

 

Поздрави и усмихната седмица! Ще маркирам случая като РЕШЕН! :bye1:


Есетът не ми създаде тхт файл, нямаше никви вируси всичко беше 0


Но вирусът продалжава да товари.. 825 000к ми товари + 133 000к те са на първо място по заемане на памет и след това идва хрома и скайпа

 

Едитнали сте си поста и това съм го пропуснал...на снимката ви не се вижда да има процес с такава консумация? Направете нова проверка с FRST и публикувайте резултатите.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by Ali (administrator) on ALI-PC (19-09-2015 19:37:04)
Running from C:\Users\Ali\Downloads
Loaded Profiles: Ali (Available Profiles: Ali)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Beepa P/L) C:\Fraps\fraps.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(BitTorrent Inc.) C:\Users\Ali\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BitTorrent Inc.) C:\Users\Ali\AppData\Roaming\uTorrent\updates\3.4.5_41073\utorrentie.exe
(BitTorrent Inc.) C:\Users\Ali\AppData\Roaming\uTorrent\updates\3.4.5_41073\utorrentie.exe
(Beepa P/L) C:\Fraps\fraps64.dat
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\Ali\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ali\AppData\Local\Google\Chrome\Application\chrome.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginClientService.exe
(Google Inc.) C:\Users\Ali\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ali\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ali\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ali\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ali\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ali\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ali\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ali\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-2556964095-490352788-1680620185-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-2556964095-490352788-1680620185-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55349888 2015-09-04] (Skype Technologies S.A.)
HKU\S-1-5-21-2556964095-490352788-1680620185-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3638256 2015-09-18] (Electronic Arts)
HKU\S-1-5-21-2556964095-490352788-1680620185-1000\...\Run: [uTorrent] => C:\Users\Ali\AppData\Roaming\uTorrent\uTorrent.exe [1774432 2015-09-18] (BitTorrent Inc.)
HKU\S-1-5-21-2556964095-490352788-1680620185-1000\...\Run: [Google Update] => C:\Users\Ali\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-18] (Google Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 217.79.79.79 217.79.79.217
Tcpip\..\Interfaces\{F36A8D2B-05AC-4C78-8414-483507327182}: [DhcpNameServer] 217.79.79.79 217.79.79.217
 
Internet Explorer:
==================
HKU\S-1-5-21-2556964095-490352788-1680620185-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-19] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-19] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-19] (Oracle Corporation)
FF Plugin HKU\S-1-5-21-2556964095-490352788-1680620185-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ali\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2556964095-490352788-1680620185-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ali\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.bg/"
CHR Plugin: (Shockwave Flash) - C:\Users\Ali\AppData\Local\Google\Chrome\Application\45.0.2454.93\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Users\Ali\AppData\Local\Google\Chrome\Application\45.0.2454.93\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ali\AppData\Local\Google\Chrome\Application\45.0.2454.93\pdf.dll => No File
CHR Profile: C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Skype Click to Call) - C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-09-18]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
StartMenuInternet: Google Chrome.7D2AGC752IBUKT6KE4JDBQ6B3M - C:\Users\Ali\AppData\Local\Google\Chrome\APPLIC~1\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-18] (Electronic Arts)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-19 15:20 - 2015-09-19 15:20 - 00000000 ____D C:\Program Files (x86)\ESET
2015-09-19 14:53 - 2015-09-19 14:53 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-09-19 14:53 - 2015-09-19 14:53 - 00000000 ____D C:\Windows\system32\DAX2
2015-09-19 14:53 - 2015-09-19 14:53 - 00000000 ____D C:\Program Files\Realtek
2015-09-19 14:52 - 2015-06-18 18:45 - 04496600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-09-19 14:52 - 2015-06-18 17:59 - 02862488 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-09-19 14:52 - 2015-06-17 19:47 - 02930904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-09-19 14:52 - 2015-06-17 19:47 - 02585816 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2015-09-19 14:52 - 2015-06-17 14:45 - 03234520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-09-19 14:52 - 2015-06-15 17:39 - 01748184 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-09-19 14:52 - 2015-06-11 19:40 - 03157796 _____ C:\Windows\system32\Drivers\rtkSSTsetting.dat
2015-09-19 14:52 - 2015-05-26 11:59 - 00166616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-09-19 14:52 - 2015-05-18 14:47 - 02702040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-09-19 14:52 - 2015-05-15 19:27 - 02918104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-09-19 14:52 - 2015-05-15 16:32 - 01316056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-09-19 14:52 - 2015-04-24 05:42 - 00858256 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2015-09-19 14:52 - 2015-04-24 05:42 - 00684176 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2015-09-19 14:52 - 2015-04-24 05:42 - 00435856 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2015-09-19 14:52 - 2015-04-24 05:41 - 00555664 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.DLL
2015-09-19 14:52 - 2015-04-13 16:25 - 03262184 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2015-09-19 14:52 - 2015-02-04 00:38 - 01413776 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2015-09-19 14:52 - 2015-02-04 00:38 - 00454288 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2015-09-19 14:52 - 2015-02-04 00:38 - 00369296 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2015-09-19 14:52 - 2015-02-04 00:38 - 00329360 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2015-09-19 14:52 - 2015-02-04 00:38 - 00329360 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2015-09-19 14:52 - 2015-01-23 18:16 - 00213432 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaemaxapo64.dll
2015-09-19 14:52 - 2015-01-19 18:10 - 72113152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-09-19 14:52 - 2014-12-11 08:10 - 01104040 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2015-09-19 14:52 - 2014-12-11 08:10 - 00943784 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2015-09-19 14:52 - 2014-12-11 08:10 - 00734376 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2015-09-19 14:52 - 2014-12-11 08:10 - 00250536 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2015-09-19 14:52 - 2014-11-11 13:44 - 00631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-09-19 14:52 - 2014-08-14 19:16 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2015-09-19 14:52 - 2014-06-17 19:17 - 00856992 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-09-19 14:52 - 2014-04-10 12:19 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-09-19 14:52 - 2014-02-27 20:02 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2015-09-19 14:52 - 2013-10-11 11:31 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-09-19 14:52 - 2013-06-25 12:47 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2015-09-19 14:52 - 2013-06-25 12:47 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2015-09-19 14:52 - 2013-06-25 12:46 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2015-09-19 14:52 - 2012-01-10 10:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-09-19 14:52 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-09-19 14:52 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-09-19 14:52 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-09-19 14:52 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-09-19 14:52 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-09-19 14:52 - 2011-03-17 12:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-09-19 14:52 - 2011-03-07 17:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-09-19 14:52 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-09-19 14:52 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-09-19 14:52 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-09-19 14:52 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-09-19 14:52 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-09-19 14:52 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-09-19 14:52 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-09-19 14:52 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-09-19 14:52 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-09-19 14:52 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-09-19 14:52 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-09-19 14:51 - 2015-09-19 14:51 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-09-19 14:51 - 2015-06-10 13:20 - 03129672 _____ (Intel Corporation) C:\Windows\system32\IntelSSTAPO.dll
2015-09-19 14:51 - 2015-06-10 13:20 - 00728392 _____ (Intel Corporation) C:\Windows\system32\IntelSstCApoPropPage.dll
2015-09-19 14:51 - 2015-06-09 11:17 - 05708736 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2015-09-19 14:51 - 2015-06-02 19:25 - 01576976 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2015-09-19 14:51 - 2015-05-27 18:51 - 02461016 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2015-09-19 14:51 - 2015-05-27 18:51 - 02393432 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2015-09-19 14:51 - 2015-05-27 18:51 - 00944984 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2015-09-19 14:51 - 2015-05-27 18:51 - 00349528 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2015-09-19 14:51 - 2015-05-25 15:18 - 03195416 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-09-19 14:51 - 2015-05-11 18:53 - 12996528 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2015-09-19 14:51 - 2015-05-11 13:08 - 01374640 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2015-09-19 14:51 - 2015-05-11 13:08 - 01192368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2015-09-19 14:51 - 2015-05-11 13:08 - 01145264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-09-19 14:51 - 2015-05-11 13:08 - 00980400 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-09-19 14:51 - 2015-04-27 16:09 - 00328816 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2015-09-19 14:51 - 2015-02-05 17:48 - 12834736 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
2015-09-19 14:51 - 2015-02-05 17:48 - 02789808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll
2015-09-19 14:51 - 2014-11-04 13:42 - 06242576 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2015-09-19 14:51 - 2014-11-04 13:42 - 01933584 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2015-09-19 14:51 - 2014-11-04 13:42 - 00336144 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2015-09-19 14:51 - 2014-11-04 13:42 - 00284944 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2015-09-19 14:51 - 2014-10-24 10:12 - 05234952 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2015-09-19 14:51 - 2014-10-24 10:12 - 00995120 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2015-09-19 14:51 - 2014-09-24 11:31 - 07087448 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-09-19 14:51 - 2014-09-24 11:31 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-09-19 14:51 - 2014-09-24 11:31 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-09-19 14:51 - 2014-09-24 11:31 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-09-19 14:51 - 2014-06-09 10:59 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-09-19 14:51 - 2014-05-22 16:24 - 00096568 _____ C:\Windows\system32\audioLibVc.dll
2015-09-19 14:51 - 2014-04-10 12:19 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-09-19 14:51 - 2014-01-31 17:27 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2015-09-19 14:51 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-09-19 14:51 - 2013-10-07 00:26 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-09-19 14:51 - 2013-10-07 00:26 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-09-19 14:51 - 2013-10-07 00:26 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-09-19 14:51 - 2013-08-14 15:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-09-19 14:51 - 2013-08-14 15:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-09-19 14:51 - 2013-07-23 15:39 - 14048512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2015-09-19 14:51 - 2013-07-23 15:39 - 00922880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-09-19 14:51 - 2013-06-21 11:01 - 00109848 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2015-09-19 14:51 - 2013-04-03 14:13 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2015-09-19 14:51 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-09-19 14:51 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-09-19 14:51 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-09-19 14:51 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-09-19 14:51 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-09-19 14:51 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-09-19 14:51 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-09-19 14:51 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-09-19 14:51 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-09-19 14:51 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-09-19 14:51 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-09-19 14:51 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-09-19 14:51 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-09-19 14:51 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-09-19 14:51 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-09-19 14:51 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-09-19 14:51 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-09-19 14:51 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-09-19 14:51 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-09-19 14:51 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-09-19 14:50 - 2015-09-19 15:43 - 00000000 ____D C:\EEK
2015-09-19 14:50 - 2015-09-19 14:54 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-09-19 14:50 - 2015-09-19 14:50 - 02870984 _____ (ESET) C:\Users\Ali\Downloads\esetsmartinstaller_enu.exe
2015-09-19 14:50 - 2015-09-19 14:50 - 00000743 _____ C:\Users\Ali\Desktop\Start Emsisoft Emergency Kit.lnk
2015-09-19 14:50 - 2015-05-27 17:38 - 02825944 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-09-19 14:40 - 2015-09-19 14:50 - 131494359 _____ (Realtek Semiconductor Corp.) C:\Users\Ali\Downloads\0006-64bit_Win7_Win8_Win81_Win10_R279.exe
2015-09-19 14:37 - 2015-09-19 14:48 - 166997984 _____ C:\Users\Ali\Downloads\EmsisoftEmergencyKit.exe
2015-09-19 14:32 - 2015-09-19 14:32 - 00022200 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2015-09-19 14:32 - 2015-09-19 14:32 - 00000000 ____D C:\Users\Ali\AppData\Local\eSupport.com
2015-09-19 14:32 - 2015-09-19 14:32 - 00000000 ____D C:\Program Files (x86)\eSupport.com
2015-09-19 14:31 - 2015-09-19 14:31 - 01225680 _____ (Copyright © 2015 eSupport.com, Inc • All Rights Reserved ) C:\Users\Ali\Downloads\driveragent-setup-987.exe
2015-09-19 13:49 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-09-19 13:49 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-09-19 13:49 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-09-19 13:49 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-09-19 13:49 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-09-19 13:49 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-09-19 12:19 - 2015-09-19 12:19 - 00000000 ____D C:\Users\Ali\AppData\Roaming\Sun
2015-09-19 12:19 - 2015-09-19 12:19 - 00000000 ____D C:\Users\Ali\.oracle_jre_usage
2015-09-19 12:18 - 2015-09-19 12:18 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-09-19 12:18 - 2015-09-19 12:18 - 00000000 ____D C:\ProgramData\Oracle
2015-09-19 12:18 - 2015-09-19 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-19 12:18 - 2015-09-19 12:18 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-19 12:16 - 2015-09-19 12:16 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2015-09-19 12:14 - 2015-09-19 12:15 - 00679936 _____ C:\Users\Ali\Downloads\Detection.msi
2015-09-19 12:14 - 2015-09-19 12:14 - 00584288 _____ (Oracle Corporation) C:\Users\Ali\Downloads\chromeinstall-8u60.exe
2015-09-19 10:55 - 2015-09-19 10:55 - 00003156 _____ C:\Windows\System32\Tasks\{6814F6D3-32D6-446B-958C-CFDEB8194ECD}
2015-09-19 10:34 - 2015-09-19 19:37 - 00009418 _____ C:\Users\Ali\Downloads\FRST.txt
2015-09-19 10:34 - 2015-09-19 19:37 - 00000000 ____D C:\FRST
2015-09-19 10:32 - 2015-09-19 10:32 - 02191360 _____ (Farbar) C:\Users\Ali\Downloads\FRST64.exe
2015-09-19 03:27 - 2015-09-18 16:39 - 00000000 ____D C:\Windows\Panther
2015-09-18 20:12 - 2015-09-19 13:58 - 00000000 ____D C:\Users\Ali\AppData\Roaming\OBS
2015-09-18 20:12 - 2015-09-18 20:12 - 00000935 _____ C:\Users\Ali\Desktop\Open Broadcaster Software.lnk
2015-09-18 20:12 - 2015-09-18 20:12 - 00000000 ____D C:\Users\Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-09-18 20:12 - 2015-09-18 20:12 - 00000000 ____D C:\Program Files\OBS
2015-09-18 20:12 - 2015-09-18 20:12 - 00000000 ____D C:\Program Files (x86)\OBS
2015-09-18 19:46 - 2015-09-19 18:55 - 00001000 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2556964095-490352788-1680620185-1000UA.job
2015-09-18 19:46 - 2015-09-18 19:55 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2556964095-490352788-1680620185-1000Core.job
2015-09-18 19:46 - 2015-09-18 19:50 - 00003966 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2556964095-490352788-1680620185-1000UA
2015-09-18 19:46 - 2015-09-18 19:50 - 00003570 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2556964095-490352788-1680620185-1000Core
2015-09-18 19:26 - 2015-09-18 19:26 - 00000000 ____D C:\Users\Ali\AppData\Roaming\obs-studio
2015-09-18 19:11 - 2015-09-19 18:49 - 00003130 _____ C:\Windows\System32\Tasks\FRAPS
2015-09-18 19:10 - 2015-09-19 18:49 - 00000000 ____D C:\Fraps
2015-09-18 19:10 - 2015-09-18 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2015-09-18 19:09 - 2015-09-19 19:35 - 00000000 ____D C:\Users\Ali\AppData\Roaming\uTorrent
2015-09-18 19:09 - 2015-09-18 19:09 - 00000791 _____ C:\Users\Ali\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-09-18 19:04 - 2015-09-19 13:49 - 00027370 _____ C:\Windows\DirectX.log
2015-09-18 19:04 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-09-18 19:04 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-09-18 19:04 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-09-18 19:04 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-09-18 19:04 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-09-18 19:04 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-09-18 19:04 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-09-18 19:04 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-09-18 19:04 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-09-18 19:04 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-09-18 19:04 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-09-18 19:04 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-09-18 19:04 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-09-18 19:04 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-09-18 19:04 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-09-18 19:04 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-09-18 19:04 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-09-18 19:04 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-09-18 19:04 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-09-18 19:04 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-09-18 19:04 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-09-18 19:04 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-09-18 19:04 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-09-18 19:04 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-09-18 19:04 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-09-18 19:04 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-09-18 19:04 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-09-18 19:04 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-09-18 19:04 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-09-18 19:04 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-09-18 19:04 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-09-18 19:04 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-09-18 19:04 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-09-18 19:04 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-09-18 19:04 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-09-18 19:04 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-09-18 19:04 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-09-18 19:04 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-09-18 19:04 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-09-18 19:04 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-09-18 19:04 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-09-18 19:04 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-09-18 19:04 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-09-18 19:04 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-09-18 19:04 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-09-18 19:04 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-09-18 19:04 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-09-18 19:04 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2015-09-18 19:04 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-09-18 19:04 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2015-09-18 19:04 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-09-18 19:04 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-09-18 19:04 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-09-18 19:04 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-09-18 19:04 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-09-18 19:04 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-09-18 19:04 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-09-18 19:04 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-09-18 19:04 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-09-18 19:04 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-09-18 19:04 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-09-18 19:04 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-09-18 19:04 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-09-18 19:04 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-09-18 19:04 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-09-18 19:04 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-09-18 19:04 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-09-18 19:04 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-09-18 19:04 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-09-18 19:04 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-09-18 19:04 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-09-18 19:04 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-09-18 19:04 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-09-18 19:04 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-09-18 19:04 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-09-18 19:04 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-09-18 19:04 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-09-18 19:04 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-09-18 19:04 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-09-18 19:04 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-09-18 19:04 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-09-18 19:04 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-09-18 19:04 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-09-18 19:04 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-09-18 19:04 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-09-18 19:04 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-09-18 19:04 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-09-18 19:04 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-09-18 19:04 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-09-18 19:04 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-09-18 19:04 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-09-18 19:04 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-09-18 19:04 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-09-18 19:04 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-09-18 19:04 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-09-18 19:04 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-09-18 19:04 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-09-18 19:04 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-09-18 19:04 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-09-18 19:04 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-09-18 19:04 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-09-18 19:04 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-09-18 19:04 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-09-18 19:04 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-09-18 19:04 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-09-18 19:04 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-09-18 19:04 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-09-18 19:04 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-09-18 19:04 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-09-18 19:04 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-09-18 19:04 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-09-18 19:04 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-09-18 19:04 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-09-18 19:04 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-09-18 19:04 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-09-18 19:04 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-09-18 19:04 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-09-18 19:04 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-09-18 19:04 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-09-18 19:04 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-09-18 19:04 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-09-18 19:04 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-09-18 19:04 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-09-18 19:04 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-09-18 19:04 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-09-18 19:04 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-09-18 19:04 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-09-18 19:04 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-09-18 19:04 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-09-18 19:04 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-09-18 19:04 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-09-18 19:04 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-09-18 19:04 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-09-18 19:04 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-09-18 19:04 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-09-18 19:04 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-09-18 19:04 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-09-18 19:04 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-09-18 19:04 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-09-18 19:04 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-09-18 19:04 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-09-18 19:04 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-09-18 19:04 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-09-18 19:04 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-09-18 19:04 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-09-18 19:04 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-09-18 19:04 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-09-18 19:04 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-09-18 19:04 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-09-18 19:04 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-09-18 19:04 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-09-18 19:04 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-09-18 19:04 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-09-18 19:04 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-09-18 19:04 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-09-18 19:04 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-09-18 19:04 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-09-18 19:04 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-09-18 19:04 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-09-18 19:04 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-09-18 19:04 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-09-18 19:04 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-09-18 19:04 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-09-18 19:04 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-09-18 19:04 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-09-18 19:04 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-09-18 19:04 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-09-18 19:04 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-09-18 19:04 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-09-18 19:04 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-09-18 19:04 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-09-18 19:04 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-09-18 19:04 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-09-18 19:04 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-09-18 19:03 - 2015-09-18 19:03 - 00000208 _____ C:\Users\Ali\Desktop\Counter-Strike Global Offensive.url
2015-09-18 19:00 - 2015-09-18 19:04 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-09-18 18:58 - 2015-09-18 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
2015-09-18 18:58 - 2015-09-18 18:58 - 00000000 ____D C:\Program Files (x86)\Lavalys
2015-09-18 18:39 - 2015-09-18 18:39 - 00000000 ____D C:\Users\Ali\AppData\Local\ESN
2015-09-18 18:39 - 2015-09-18 18:39 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2015-09-18 18:30 - 2015-09-18 18:30 - 00000000 ____D C:\Users\Ali\AppData\Roaming\WinRAR
2015-09-18 18:30 - 2015-09-18 18:30 - 00000000 ____D C:\Users\Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-09-18 18:30 - 2015-09-18 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-09-18 18:30 - 2015-09-18 18:30 - 00000000 ____D C:\Program Files\WinRAR
2015-09-18 18:26 - 2015-09-18 18:26 - 00000000 ____D C:\Program Files (x86)\Origin Games
2015-09-18 18:25 - 2015-09-18 19:42 - 00000000 ____D C:\Users\Ali\AppData\Roaming\Origin
2015-09-18 18:24 - 2015-09-18 18:26 - 00000000 ____D C:\Users\Ali\AppData\Local\Origin
2015-09-18 18:21 - 2015-09-18 20:43 - 00000000 ____D C:\Users\Ali\Documents\Euro Truck Simulator 2
2015-09-18 18:21 - 2015-09-18 18:22 - 00000000 ____D C:\Users\Ali\Documents\ETS2MP
2015-09-18 18:20 - 2015-09-18 18:20 - 00001189 _____ C:\Users\Public\Desktop\Play Euro Truck Simulator 2 Multiplayer.lnk
2015-09-18 18:20 - 2015-09-18 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 Multiplayer
2015-09-18 18:20 - 2015-09-18 18:20 - 00000000 ____D C:\Program Files (x86)\Euro Truck Simulator 2 Multiplayer
2015-09-18 18:20 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-09-18 18:20 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-09-18 18:17 - 2015-09-19 18:49 - 00000000 ____D C:\ProgramData\Origin
2015-09-18 18:17 - 2015-09-18 18:17 - 00000979 _____ C:\Users\Public\Desktop\Origin.lnk
2015-09-18 18:17 - 2015-09-18 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-09-18 18:17 - 2015-09-18 18:17 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-09-18 18:16 - 2015-09-18 18:24 - 00000000 ____D C:\Program Files (x86)\Origin
2015-09-18 17:54 - 2015-09-18 17:54 - 00000211 _____ C:\Users\Ali\Desktop\Euro Truck Simulator 2.url
2015-09-18 17:54 - 2015-09-18 17:54 - 00000000 ____D C:\Users\Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-09-18 17:52 - 2015-09-18 17:52 - 00000000 ____D C:\Users\Ali\AppData\Roaming\ATI
2015-09-18 17:52 - 2015-09-18 17:52 - 00000000 ____D C:\Users\Ali\AppData\Local\ATI
2015-09-18 17:52 - 2015-09-18 17:52 - 00000000 ____D C:\ProgramData\ATI
2015-09-18 17:50 - 2015-09-18 17:50 - 00000000 _____ C:\Windows\ativpsrm.bin
2015-09-18 17:48 - 2015-09-18 17:48 - 00053615 _____ C:\Windows\SysWOW64\CCCInstall_201509181748577366.log
2015-09-18 17:48 - 2015-09-18 17:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-09-18 17:48 - 2015-09-18 17:48 - 00000000 ____D C:\Program Files (x86)\AMD
2015-09-18 17:47 - 2015-09-18 17:47 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-09-18 17:44 - 2015-09-18 17:44 - 00749404 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-09-18 17:41 - 2015-09-18 18:24 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-18 17:40 - 2015-09-18 17:47 - 00000000 ____D C:\Program Files\AMD
2015-09-18 17:39 - 2012-02-17 09:38 - 01112064 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-09-18 17:39 - 2012-02-17 09:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2015-09-18 17:39 - 2012-02-17 08:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2015-09-18 17:39 - 2012-02-17 07:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-09-18 17:39 - 2012-02-17 07:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2015-09-18 17:20 - 2015-09-18 17:20 - 00000000 ____D C:\AMD
2015-09-18 17:17 - 2015-09-18 17:17 - 00000000 ____D C:\Users\Ali\Tracing
2015-09-18 17:16 - 2015-09-19 19:34 - 00000000 ____D C:\Users\Ali\AppData\Roaming\Skype
2015-09-18 17:16 - 2015-09-18 17:21 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-18 17:16 - 2015-09-18 17:16 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-09-18 17:16 - 2015-09-18 17:16 - 00000000 ____D C:\Users\Ali\AppData\Local\Skype
2015-09-18 17:16 - 2015-09-18 17:16 - 00000000 ____D C:\ProgramData\Skype
2015-09-18 17:16 - 2015-09-18 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-18 17:14 - 2015-09-18 17:14 - 00000000 ____D C:\Users\Ali\AppData\Local\Steam
2015-09-18 17:14 - 2015-09-18 17:14 - 00000000 ____D C:\Users\Ali\AppData\Local\CEF
2015-09-18 17:13 - 2015-09-18 17:13 - 00003148 _____ C:\Windows\System32\Tasks\{4F6DA4E8-2CD2-4A4D-8A96-92D4483EB340}
2015-09-18 17:11 - 2015-09-19 18:48 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-18 17:11 - 2015-09-18 17:11 - 00000963 _____ C:\Users\Public\Desktop\Steam.lnk
2015-09-18 17:11 - 2015-09-18 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-09-18 17:04 - 2015-09-18 20:14 - 00002314 _____ C:\Users\Ali\Desktop\Google Chrome.lnk
2015-09-18 17:04 - 2015-09-18 17:04 - 00000000 ____D C:\Users\Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-18 17:01 - 2015-09-19 12:36 - 00000000 ____D C:\Users\Ali\AppData\Local\Google
2015-09-18 17:01 - 2015-09-18 17:03 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-18 17:01 - 2015-09-18 17:01 - 00057560 _____ C:\Users\Ali\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-18 17:01 - 2015-09-18 17:01 - 00000000 ____D C:\Users\Ali\AppData\Local\Deployment
2015-09-18 17:01 - 2015-09-18 17:01 - 00000000 ____D C:\Users\Ali\AppData\Local\Apps\2.0
2015-09-18 17:01 - 2014-05-14 19:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-18 17:01 - 2014-05-14 19:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-18 17:01 - 2014-05-14 19:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-18 17:01 - 2014-05-14 19:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-18 17:00 - 2014-05-14 19:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-18 17:00 - 2014-05-14 19:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-18 17:00 - 2014-05-14 19:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-18 17:00 - 2014-05-14 19:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-18 17:00 - 2014-05-14 19:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-18 17:00 - 2014-05-14 19:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-18 17:00 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-18 17:00 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-18 17:00 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-18 17:00 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-18 16:53 - 2015-09-18 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2015-09-18 16:53 - 2013-06-28 14:49 - 01930240 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athurx.sys
2015-09-18 16:53 - 2013-06-28 14:49 - 01930240 _____ (Atheros Communications, Inc.) C:\Windows\system32\athurx.sys
2015-09-18 16:53 - 2013-06-28 14:49 - 00007518 _____ C:\Windows\system32\athurextx.cat
2015-09-18 16:52 - 2015-09-19 14:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-18 16:52 - 2015-09-18 16:52 - 00000000 ____D C:\ProgramData\TP-LINK
2015-09-18 16:39 - 2015-09-19 12:19 - 00000000 ____D C:\Users\Ali
2015-09-18 16:39 - 2015-09-18 16:39 - 00001427 _____ C:\Users\Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-18 16:39 - 2015-09-18 16:39 - 00001393 _____ C:\Users\Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-09-18 16:39 - 2015-09-18 16:39 - 00000020 ___SH C:\Users\Ali\ntuser.ini
2015-09-18 16:39 - 2015-09-18 16:39 - 00000000 ____D C:\Users\Ali\AppData\Local\VirtualStore
2015-09-18 16:39 - 2009-07-14 07:54 - 00000000 ___RD C:\Users\Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-18 16:39 - 2009-07-14 07:49 - 00000000 ___RD C:\Users\Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-18 16:38 - 2015-09-18 16:38 - 00000000 __SHD C:\Recovery
2015-09-18 16:32 - 2015-09-18 16:32 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-09-18 16:32 - 2015-09-18 16:32 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-09-18 16:31 - 2015-09-19 19:02 - 01727615 _____ C:\Windows\WindowsUpdate.log
2015-09-18 16:31 - 2015-09-18 16:31 - 00001355 _____ C:\Windows\TSSysprep.log
2015-09-18 16:30 - 2015-09-18 16:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-19 18:48 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-19 18:48 - 2009-07-14 07:51 - 00023852 _____ C:\Windows\setupact.log
2015-09-19 18:47 - 2009-07-14 07:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-19 18:47 - 2009-07-14 07:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-19 10:00 - 2009-07-14 08:08 - 00004728 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-19 09:52 - 2009-07-14 08:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-19 08:36 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2015-09-19 03:27 - 2009-07-14 08:38 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2015-09-19 03:27 - 2009-07-14 08:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2015-09-18 19:39 - 2010-11-21 06:47 - 00004950 _____ C:\Windows\PFRO.log
2015-09-18 18:17 - 2009-07-14 06:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-09-18 17:51 - 2009-07-14 08:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-09-18 17:50 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\SysWOW64\bg-BG
2015-09-18 17:50 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\bg-BG
2015-09-18 17:00 - 2009-07-14 06:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-09-18 16:52 - 2009-07-14 08:32 - 00000000 ____D C:\Windows\system32\restore
2015-09-18 16:38 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\Recovery
2015-09-18 16:32 - 2009-07-14 08:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-09-18 16:32 - 2009-07-14 06:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-18 16:31 - 2009-07-14 07:46 - 00002790 _____ C:\Windows\DtcInstall.log
2015-09-18 16:31 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\sysprep
2015-09-18 16:28 - 2011-04-12 11:28 - 00000000 ____D C:\Windows\CSC
2015-09-18 16:28 - 2009-07-14 07:45 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-19 08:26
 
==================== End of FRST.txt ============================

Аз мисля, че проблемът ми е далеч от решен..

z55BbDl.jpg

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Всъщност има леко разминаване...на първата снимка не svchost.com, а svchost.exe товари системата...така че сте хванали червея по случайност и товаренето не е било от него, защото вече го премахнахме и логовете са чисти. Може би някоя услуга като Windows Update го товари или просто вируса е успял да пачне системен файл и да го е повредил. Ще проверим.

 

Да видим коя услуга го използва в момента.

 

Изтеглете Process Explorer.

Разархивирайте инструмента и стартирайте файла procexp.exe

От менюто View сложете отметки пред Show Lower Pane, а на Lower Pane View => сложете отметка пред Handles.

От менюто View отидете до "Select Columns" и сложете отметки пред следните елементи:

Description, Company Name, Image Path, Command Line, Autostart Location и натиснете OK.

Намерете и кликнете върху svchost.exe (който товари най-много).

Отидете до секцията Services и направете снимка на прозореца.

Отидете до секцията Threads. Разпънете графата така че да се виждат по-възможност всички обекти/нишки.Направете снимка на прозореца.

Докато сте в менюто Threads, кликнете с двукратек клик на мишката върху даден обект и направете снимка на Stack прозореца.

Сега докато сте на процеса, който товари най-много отидете в Process Explorer на File => Save as.

Запазете документа на десктопа с някакво име.

 

За финал...от Process Explorer => View => отидете до Lower Pane View => и преместете отметката от Handles на DLLs.

Кликнете върху процеса svchost.exe (който товари най-многo) и отидете в Process Explorer на File => Save as и запазете и този документ с някакво име.

 

След това прикачете всички документи в следващия си коментар или ако са прекалено големи ги качете тук .Направените снимки (screenshots) ги качете тук (например или друг удобен за вас хостинг)

Публикувайте линкове към файловете и снимките за да ги разгледамe в следващия си пост.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Определено не сте изпълнили почти нищо от инструкциите ми. И дори не сте кликнали на процеса, който товари най-много по време на операциите.

То дори според Process Explorer такъв процес дори няма?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Извинявам се,че се намесвам в темата,но имах същия проблем преди 1 седмица.Спрях автоматичното обновяване на уиндоус-а и проблема изчезна.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Това не е решение на проблема, а заобикаляне. И второ аз знам, че може да е от там проблема, но не обичам да действам на посоки...затова си има програми, които да покажат, точно в коя услуга се корени проблема преди да предприема действие срещу нея. ;)

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Аз нямам твоите познания,затова се извиних,че се намесвам в темата.Поклон пред теб и твоите колеги от антивирусния раздел,аз съм имал проблеми преди години и благодарение на адаша Ицо Тонев се справих,затова винаги чета с интерес темите и са ми много полезни.Следвам вашите съвети и вече 3-та година не съм преинсталирал компа.

  • Харесва ми 5

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Благодарим за милите думи. Правим каквото можем. Не винаги има решение за даден проблем, както и не винаги и ние сме безгрешни, защото е човешко да се греши, но смятам, че за последните няколко години процента и ефективността на раздела е на едно доста високо ниво. Истината е, че дори да имаме подготовката, заразите често еволюират и с тях ние също трябва да продължаваме да актуализираме своите знания. Това е един непрестанен процес, който е и доста изморителен, но ако искаме да сме винаги в крак с новостите просто няма друг начин.

  • Харесва ми 6

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

@D71149,

 

Моля, ако се е появил процеса с високата консумация просто повторете стъпките за Process Explorer. Просто този пък като се появи кликнете върху него с двукратен клик на мишката и отидете на Services и направете снимка за да видим от коя услуга е проблема.

 

 

Поздрави!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Проблемът е решен! Спрях си актуализирането и благодаря на HJT Team за вирусите  ;)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Това не е особено решение. Можете да пробвате следния вариант и след това да върнете автоматичните актуализации и да видите дали проблема остава...не би трябвало да го има след долните стъпки:

 

Моля изтеглете програмата Windows Repair (all in one) от тук

Кликнете с десен бутон върху иконата на програмата и изберете "Run As Administrator".
 
Отидете до стъпка 3 и натиснете бутона Check.

Ако се окаже, че е необходима проверка на диска тогава натиснете бутона Do It. Ще се наложи да рестартирате компютъра.

4ljsUjO.jpg

След като проверката приключи отидете на Стъпка 4: и стартирайте System File Check натискайки бутона Do It:

yzmb8Pa.jpg


След като проверката приключи отидете до Стъпка 5 и създайте нова точка за възстановяване на системата и бекъп на текущото състояние на регистрите...
 
Под 1.Registry Backup натиснете бутона Backup.
Под 2.System Restore натиснете бутона Create.

60p53Ct.jpg


Сега вече отидете до Start Repairs и натиснете бутона Start.
 
76G7OMh.jpg
 
Сложете отметки пред 17 Repair Windows Updates и премахнете останалите:

 

и сложете отметка пред Restart/Shutdown System When Finished => Restart System и натиснете бутона Start.
 
N1qOYNx.jpg
 
НЕ използвайте компютъра докато се извършват поправките.
 
След като всички приключи, компютъра ще се рестартира.
Архивирайте всички логове от папката
32-bit systems - C:Program Files\Tweaking.com\Windows Repair (All in One)\Logs
и качете архива на следния адрес => http://file.bg и публикувайте линка към архива в следващия си коментар.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добре ще го направя сега, но имам един проблем. Днес пуснах една програма, която я имах на компа, и веднага ми се появи svhost.exe (изпълни като администратор) това се появява на всички .ехе файлове, смисъл като пускам гугъл или пък други програми и винаги трябва да давам ''Да''

Microsoft Windows [Version 6.1.7601]
(c) 2009 Microsoft Corporation. ‚бЁзЄЁ Їа ў  § Ї §Ґ­Ё.

C:\Users\Ali\Desktop>CD /D C:\

C:\>set path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0

C:\>chkdsk C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
9 percent complete. (164736 of 183040 file records processed)     
183040 file records processed.                                         

File verification completed.
  283 large file records processed.                                   

  0 bad file records processed.                                     

2 EA records processed.                                           

31 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 3)...
63 percent complete. (198771 of 238932 index entries processed)    
Index entry Preferences in index $I30 of file 43081 is incorrect.
Index entry PREFER~1 in index $I30 of file 43081 is incorrect.
63 percent complete. (199225 of 238932 index entries processed)    
Index entry f_0069f2 in index $I30 of file 60936 is incorrect.
Index entry f_0069f3 in index $I30 of file 60936 is incorrect.
Index entry f_0069f4 in index $I30 of file 60936 is incorrect.
66 percent complete. (210621 of 238932 index entries processed)    
238932 index entries processed.                                        

Index verification completed.

Errors found.  CHKDSK cannot continue in read-only mode.

C:\>

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ето ги и логовете chkdsk_full_log.txt chkdsk_log.txt Repair_Windows_Updates.txt _Windows_Repair_Log.txt 

Редактирано от D71149 (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от v3cko
      malwarbytes засече троянец и други гадинки
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.08.2018
      Ran by BECKO (administrator) on BECKO-PC (12-08-2018 08:46:39)
      Running from C:\Users\BECKO\Downloads
      Loaded Profiles: BECKO (Available Profiles: BECKO)
      Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Английски (Съединени щати)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
      (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
      (Microsoft Corporation) C:\Windows\System32\rundll32.exe
      (Intel Corporation) C:\Windows\System32\igfxtray.exe
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Intel Corporation) C:\Windows\System32\igfxpers.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
      (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
      (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2018-08-11] (Synaptics Incorporated)
      HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
      HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\...\Run: [Chromium] => "c:\users\becko\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{4447F6FC-1164-470A-9CC4-84A798333B40}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{566E0D37-D76E-44FA-984D-4A40BF15E2B7}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
      StartMenuInternet: IEXPLORE.EXE - iexplore.exe
      FireFox:
      ========
      FF ProfilePath: C:\Users\BECKO\AppData\Roaming\K-Meleon\ignaeef5.default [2018-08-12]
      FF user.js: detected! => C:\Users\BECKO\AppData\Roaming\K-Meleon\ignaeef5.default\user.js [2006-04-06]
      FF Homepage: K-Meleon\ignaeef5.default -> google.bg
      FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2016-01-04] [Legacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-08-11] ()
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-11] (Google Inc.)
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-11] (Google Inc.)
      Chrome: 
      =======
      CHR HomePage: Default -> hxxp://google.bg/
      CHR StartupUrls: Default -> "hxxps://www.google.bg/"
      CHR Profile: C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default [2018-08-12]
      CHR Extension: (Презентации) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-11]
      CHR Extension: (Документи) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-11]
      CHR Extension: (Google Диск) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-11]
      CHR Extension: (YouTube) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-11]
      CHR Extension: (Adblock Plus) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-08-11]
      CHR Extension: (Таблици) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-11]
      CHR Extension: (Google Документи офлайн) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-11]
      CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2018-08-11]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-11]
      CHR Extension: (Gmail) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-11]
      CHR Extension: (Chrome Media Router) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-11]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1680088 2018-08-11] (Broadcom Corporation.)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
      R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [175320 2018-08-11] (Broadcom Corporation.)
      S3 btwampfl; C:\Windows\System32\DRIVERS\btwampfl.sys [144600 2018-08-11] (Broadcom Corporation.)
      R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-06-19] (Malwarebytes)
      S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [38224 2018-08-11] ()
      R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [527344 2018-08-11] (Intel Corporation)
      R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26096 2018-08-11] (Intel Corporation)
      R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [44800 2018-08-11] (Infineon Technologies AG)
      R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2018-08-11] (Windows (R) Codename Longhorn DDK provider)
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [165608 2018-08-11] (Malwarebytes)
      R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [95488 2018-08-12] (Malwarebytes)
      R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [42728 2018-08-12] (Malwarebytes)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-08-12] (Malwarebytes)
      R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [73336 2018-08-12] (Malwarebytes)
      R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7523840 2018-08-11] (Intel Corporation)
      R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [7424 2018-08-11] ()
      R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2018-08-12] (Zemana Ltd.)
      R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2018-08-12] (Zemana Ltd.)
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-12 08:46 - 2018-08-12 08:47 - 000008916 _____ C:\Users\BECKO\Downloads\FRST.txt
      2018-08-12 08:46 - 2018-08-12 08:46 - 000000000 ____D C:\FRST
      2018-08-12 08:44 - 2018-08-12 08:44 - 001773056 _____ (Farbar) C:\Users\BECKO\Downloads\FRST.exe
      2018-08-12 08:08 - 2018-08-12 08:46 - 000032169 _____ C:\Windows\ZAM.krnl.trace
      2018-08-12 08:08 - 2018-08-12 08:46 - 000011705 _____ C:\Windows\ZAM_Guard.krnl.trace
      2018-08-12 08:08 - 2018-08-12 08:08 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
      2018-08-12 08:08 - 2018-08-12 08:08 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
      2018-08-12 08:08 - 2018-08-12 08:08 - 000001892 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
      2018-08-12 08:08 - 2018-08-12 08:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
      2018-08-12 08:08 - 2018-08-12 08:08 - 000000000 ____D C:\Program Files\Zemana AntiMalware
      2018-08-12 08:06 - 2018-08-12 08:06 - 000000000 ____D C:\Users\BECKO\AppData\Local\Zemana
      2018-08-12 08:05 - 2018-08-12 08:05 - 006625600 _____ (Zemana Ltd. ) C:\Users\BECKO\Downloads\Zemana.AntiMalware.Setup.exe
      2018-08-12 07:45 - 2018-08-12 07:45 - 007417040 _____ (Malwarebytes) C:\Users\BECKO\Downloads\adwcleaner_7.2.2.exe
      2018-08-12 07:44 - 2018-08-12 07:45 - 000000000 ____D C:\AdwCleaner
      2018-08-12 07:44 - 2018-08-12 07:44 - 007277776 _____ (Malwarebytes) C:\Users\BECKO\Downloads\adwcleaner_7.1.1.exe
      2018-08-12 07:12 - 2018-08-12 07:12 - 000000000 ____D C:\Users\BECKO\AppData\Local\CrashDumps
      2018-08-12 06:43 - 2018-08-12 08:36 - 000000000 ____D C:\ProgramData\RogueKiller
      2018-08-12 06:43 - 2018-08-12 08:16 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
      2018-08-12 06:42 - 2018-08-12 06:42 - 000001005 _____ C:\Users\Public\Desktop\RogueKiller.lnk
      2018-08-12 06:42 - 2018-08-12 06:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
      2018-08-12 06:42 - 2018-08-12 06:42 - 000000000 ____D C:\Program Files\RogueKiller
      2018-08-12 06:41 - 2018-08-12 06:41 - 036826200 _____ (Adlice Software ) C:\Users\BECKO\Downloads\RogueKiller_setup.exe
      2018-08-12 06:39 - 2018-08-12 06:39 - 000000000 _____ C:\Users\BECKO\Downloads\RogueKiller.exe
      2018-08-12 00:53 - 2018-08-12 00:53 - 000000046 _____ C:\Users\BECKO\AppData\Roaming\WB.CFG
      2018-08-12 00:38 - 2018-08-11 13:48 - 000000000 ____D C:\Windows\Panther
      2018-08-12 00:32 - 2018-08-12 00:32 - 000000000 ____D C:\Windows.old
      2018-08-12 00:20 - 2018-08-12 00:20 - 000000000 ____D C:\Windows\pss
      2018-08-11 22:23 - 2018-08-11 22:23 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
      2018-08-11 22:23 - 2018-08-11 22:23 - 000000000 ____D C:\Program Files\Synaptics
      2018-08-11 22:18 - 2018-08-11 22:18 - 000214312 _____ (Synaptics Incorporated) C:\Windows\system32\SynCtrl.dll
      2018-08-11 22:18 - 2018-08-11 22:18 - 000173352 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
      2018-08-11 22:18 - 2018-08-11 22:18 - 000120104 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo4.dll
      2018-08-11 22:14 - 2018-08-11 22:14 - 000165160 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
      2018-08-11 22:11 - 2018-08-11 22:11 - 001303728 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
      2018-08-11 22:09 - 2018-08-11 22:09 - 000046592 _____ (REDC) C:\Windows\system32\Drivers\risdptsk.sys
      2018-08-11 22:04 - 2018-08-11 22:04 - 000044800 _____ (Infineon Technologies AG) C:\Windows\system32\Drivers\ifxtpm.sys
      2018-08-11 21:57 - 2018-08-11 21:57 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ATSwpWDF_01009.Wdf
      2018-08-11 21:57 - 2018-08-11 21:57 - 000000000 ____D C:\Program Files\AuthenTec
      2018-08-11 21:54 - 2018-08-11 21:54 - 000000000 ____D C:\Intel
      2018-08-11 21:52 - 2018-08-11 21:53 - 000571904 _____ (Intel Corporation) C:\Windows\system32\igdumdx32.dll
      2018-08-11 21:52 - 2018-08-11 21:52 - 000452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
      2018-08-11 21:51 - 2018-08-11 21:52 - 004411392 _____ (Intel Corporation) C:\Windows\system32\igd10umd32.dll
      2018-08-11 21:48 - 2018-08-11 21:51 - 011405312 _____ (Intel Corporation) C:\Windows\system32\ig4icd32.dll
      2018-08-11 21:48 - 2018-08-11 21:48 - 000004096 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
      2018-08-11 21:48 - 2018-08-11 21:48 - 000000268 _____ C:\Windows\system32\GfxUI.exe.config
      2018-08-11 21:47 - 2018-08-11 21:48 - 003157784 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
      2018-08-11 21:47 - 2018-08-11 21:47 - 000189552 _____ C:\Windows\system32\Gfxres.th-TH.resources
      2018-08-11 21:47 - 2018-08-11 21:47 - 000121173 _____ C:\Windows\system32\Gfxres.tr-TR.resources
      2018-08-11 21:47 - 2018-08-11 21:47 - 000120320 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
      2018-08-11 21:47 - 2018-08-11 21:47 - 000104044 _____ C:\Windows\system32\Gfxres.zh-TW.resources
      2018-08-11 21:47 - 2018-08-11 21:47 - 000102883 _____ C:\Windows\system32\Gfxres.zh-CN.resources
      2018-08-11 21:46 - 2018-08-11 21:47 - 000119360 _____ C:\Windows\system32\Gfxres.sv-SE.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000178407 _____ C:\Windows\system32\Gfxres.el-GR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000165395 _____ C:\Windows\system32\Gfxres.ru-RU.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000139909 _____ C:\Windows\system32\Gfxres.ar-SA.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000136401 _____ C:\Windows\system32\Gfxres.ja-JP.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000133746 _____ C:\Windows\system32\Gfxres.he-IL.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000125558 _____ C:\Windows\system32\Gfxres.it-IT.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000123230 _____ C:\Windows\system32\Gfxres.ko-KR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000122927 _____ C:\Windows\system32\Gfxres.es-ES.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000122709 _____ C:\Windows\system32\Gfxres.de-DE.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000120800 _____ C:\Windows\system32\Gfxres.fr-FR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000120366 _____ C:\Windows\system32\Gfxres.pt-BR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000119616 _____ C:\Windows\system32\Gfxres.hu-HU.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000119586 _____ C:\Windows\system32\Gfxres.nl-NL.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000119067 _____ C:\Windows\system32\Gfxres.pt-PT.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118745 _____ C:\Windows\system32\Gfxres.cs-CZ.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118697 _____ C:\Windows\system32\Gfxres.fi-FI.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118409 _____ C:\Windows\system32\Gfxres.pl-PL.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118058 _____ C:\Windows\system32\Gfxres.sk-SK.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000114852 _____ C:\Windows\system32\Gfxres.nb-NO.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000114372 _____ C:\Windows\system32\Gfxres.sl-SI.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000114261 _____ C:\Windows\system32\Gfxres.da-DK.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000110214 _____ C:\Windows\system32\Gfxres.en-US.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000084992 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
      2018-08-11 21:45 - 2018-08-11 21:46 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000084992 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000084480 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000084480 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000082944 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000082944 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
      2018-08-11 21:43 - 2018-08-11 21:45 - 008198936 _____ (Intel(R) Corporation) C:\Windows\system32\TVWSetup.exe
      2018-08-11 21:43 - 2018-08-11 21:43 - 000261632 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
      2018-08-11 21:43 - 2018-08-11 21:43 - 000179480 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
      2018-08-11 21:43 - 2018-08-11 21:43 - 000023552 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
      2018-08-11 21:42 - 2018-08-11 21:43 - 000172824 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000828928 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000268056 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000228864 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000208896 _____ (Intel Corporation) C:\Windows\system32\iglhsip32.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000195584 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000171288 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000147456 _____ (Intel Corporation) C:\Windows\system32\iglhcp32.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000138008 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000130048 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000115200 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
      2018-08-11 21:42 - 2018-08-11 21:42 - 000095232 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000057856 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
      2018-08-11 21:41 - 2018-08-11 21:42 - 001921265 _____ C:\Windows\system32\iglhxa32.cpa
      2018-08-11 21:41 - 2018-08-11 21:41 - 000439308 _____ C:\Windows\system32\igcompkrng500.bin
      2018-08-11 21:41 - 2018-08-11 21:41 - 000092356 _____ C:\Windows\system32\igfcg500m.bin
      2018-08-11 21:41 - 2018-08-11 21:41 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2555.dll
      2018-08-11 21:41 - 2018-08-11 21:41 - 000060254 _____ C:\Windows\system32\iglhxg32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000060226 _____ C:\Windows\system32\iglhxc32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000060015 _____ C:\Windows\system32\iglhxo32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000051628 _____ C:\Windows\system32\iglhxs32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000001090 _____ C:\Windows\system32\iglhxa32.vp
      2018-08-11 21:40 - 2018-08-11 21:41 - 000982240 _____ C:\Windows\system32\igkrng500.bin
      2018-08-11 21:37 - 2018-08-11 21:37 - 000017408 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\KMWDFILTER.sys
      2018-08-11 21:36 - 2018-08-11 21:36 - 000007424 _____ () C:\Windows\system32\Drivers\whfltr2k.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000095488 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000073336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000042728 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2018-08-11 20:30 - 2018-08-11 20:30 - 000165608 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2018-08-11 20:27 - 2018-08-11 20:28 - 000000000 ____D C:\Users\BECKO\Downloads\windows.loader.v2.2.2
      2018-08-11 20:26 - 2018-08-11 20:26 - 001768154 _____ C:\Users\BECKO\Downloads\windows.loader.v2.2.2.zip
      2018-08-11 19:36 - 2018-08-11 19:36 - 078989872 _____ (Malwarebytes ) C:\Users\BECKO\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.6237.exe
      2018-08-11 19:36 - 2018-08-11 19:36 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\ProgramData\Malwarebytes
      2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\Program Files\Malwarebytes
      2018-08-11 19:36 - 2018-06-19 14:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
      2018-08-11 19:15 - 2018-08-11 19:15 - 000038224 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
      2018-08-11 19:14 - 2018-08-11 19:15 - 000000000 ____D C:\ProgramData\HitmanPro
      2018-08-11 18:56 - 2018-08-12 08:13 - 000001134 _____ C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
      2018-08-11 18:54 - 2018-07-20 18:17 - 084469760 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Roaming\rasapi32.dll
      2018-08-11 18:53 - 2018-08-12 06:28 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\41B13405-F6F9-0E07-41F8-1ED9F82C4739
      2018-08-11 18:52 - 2018-08-11 19:54 - 000000000 ____D C:\ProgramData\McAfee
      2018-08-11 18:51 - 2018-08-12 00:31 - 000000000 ____D C:\Windows\system32\yiuxtdsr
      2018-08-11 18:50 - 2018-08-11 19:43 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Sound Volume Control
      2018-08-11 18:47 - 2018-08-11 18:47 - 000000000 ____D C:\Windows\system32\appmgmt
      2018-08-11 18:28 - 2018-08-11 18:28 - 017142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 011220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 004240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 003969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 003914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2018-08-11 18:28 - 2018-08-11 18:28 - 002166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2018-08-11 18:28 - 2018-08-11 18:28 - 001818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
      2018-08-11 18:28 - 2018-08-11 18:28 - 000610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2018-08-11 18:28 - 2018-08-11 18:28 - 000244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2018-08-11 18:28 - 2018-08-11 18:28 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000000000 ____D C:\Users\BECKO\AppData\LocalLow\Temp
      2018-08-11 18:27 - 2018-08-11 18:27 - 001294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
      2018-08-11 18:27 - 2018-08-11 18:27 - 000868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
      2018-08-11 18:27 - 2018-08-11 18:27 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
      2018-08-11 18:27 - 2018-08-11 18:27 - 000240496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
      2018-08-11 18:27 - 2018-08-11 18:27 - 000231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
      2018-08-11 18:27 - 2018-08-11 18:27 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
      2018-08-11 18:27 - 2018-08-11 18:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 003419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 002284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
      2018-08-11 18:23 - 2018-08-11 18:23 - 001505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
      2018-08-11 18:22 - 2018-08-11 18:22 - 031194832 _____ (Microsoft Corporation) C:\Users\BECKO\Downloads\IE11-Windows6.1-x86-bg-bg.exe
      2018-08-11 17:59 - 2018-08-11 18:02 - 009037312 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd32.sys
      2018-08-11 17:57 - 2018-08-11 17:58 - 002760704 _____ (Intel Corporation) C:\Windows\system32\NETwNr32.dll
      2018-08-11 17:57 - 2018-08-11 17:57 - 000684032 _____ (Intel Corporation) C:\Windows\system32\NETwNc32.dll
      2018-08-11 17:55 - 2018-08-11 17:57 - 007523840 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETwNs32.sys
      2018-08-11 17:55 - 2018-08-11 17:55 - 000527344 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
      2018-08-11 17:55 - 2018-08-11 17:55 - 000026096 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys
      2018-08-11 17:54 - 2018-08-11 17:54 - 000232664 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1y6232.sys
      2018-08-11 17:54 - 2018-08-11 17:54 - 000121440 _____ (Intel Corporation) C:\Windows\system32\e1000msg.dll
      2018-08-11 17:54 - 2018-08-11 17:54 - 000081600 _____ (Intel Corporation) C:\Windows\system32\NicInstY.dll
      2018-08-11 17:54 - 2018-08-11 17:54 - 000028792 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll
      2018-08-11 17:54 - 2018-08-11 17:54 - 000003313 _____ C:\Windows\system32\e1y6232.din
      2018-08-11 17:53 - 2018-08-11 17:53 - 000144600 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys
      2018-08-11 17:53 - 2018-08-11 17:53 - 000060120 _____ (Broadcom Corporation.) C:\Windows\system32\btwdi.dll
      2018-08-11 17:52 - 2018-08-11 17:53 - 001680088 _____ (Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe
      2018-08-11 17:52 - 2018-08-11 17:52 - 001640152 _____ (Broadcom Corporation.) C:\Windows\system32\BcmBtRSupport.dll
      2018-08-11 17:52 - 2018-08-11 17:52 - 000175320 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys
      2018-08-11 17:50 - 2018-08-11 17:50 - 000048128 _____ (REDC) C:\Windows\system32\Drivers\rimmptsk.sys
      2018-08-11 17:45 - 2018-08-11 17:45 - 001461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoinstaller01009.dll
      2018-08-11 17:45 - 2018-08-11 17:45 - 000015544 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\CPQBttn.sys
      2018-08-11 17:44 - 2018-08-11 17:44 - 000971752 _____ (AuthenTec, Inc.) C:\Windows\system32\Drivers\ATSwpWDF.sys
      2018-08-11 17:42 - 2018-08-11 17:42 - 000035896 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\Accelerometer.sys
      2018-08-11 17:42 - 2018-08-11 17:42 - 000026168 _____ (Hewlett-Packard Company) C:\Windows\system32\hpservice.exe
      2018-08-11 17:42 - 2018-08-11 17:42 - 000025656 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\hpdskflt.sys
      2018-08-11 17:42 - 2018-08-11 17:42 - 000016952 _____ (Hewlett-Packard Company) C:\Windows\system32\accelerometerdll.DLL
      2018-08-11 17:42 - 2018-08-11 17:42 - 000014392 _____ (Hewlett-Packard Company) C:\Windows\system32\HPMDPCoInst12.dll
      2018-08-11 17:40 - 2018-08-12 07:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
      2018-08-11 17:39 - 2018-08-11 17:39 - 004107032 _____ (Easeware ) C:\Users\BECKO\Downloads\DriverEasy_Setup.exe
      2018-08-11 16:22 - 2018-08-11 16:22 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Adobe
      2018-08-11 16:21 - 2018-08-11 18:15 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
      2018-08-11 16:21 - 2018-08-11 18:15 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
      2018-08-11 16:21 - 2018-08-11 18:15 - 000000000 ____D C:\Windows\system32\Macromed
      2018-08-11 16:21 - 2018-08-11 18:15 - 000000000 ____D C:\Users\BECKO\AppData\Local\Adobe
      2018-08-11 16:21 - 2018-08-11 16:21 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Macromedia
      2018-08-11 16:21 - 2018-08-11 16:21 - 000000000 ____D C:\Users\BECKO\AppData\Local\CEF
      2018-08-11 16:17 - 2018-08-11 17:11 - 000000000 ____D C:\Users\BECKO\AppData\Local\K-Meleon
      2018-08-11 16:17 - 2018-08-11 16:17 - 000001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Meleon.lnk
      2018-08-11 16:17 - 2018-08-11 16:17 - 000001067 _____ C:\Users\Public\Desktop\K-Meleon.lnk
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\Downloads\k-meleon
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Mozilla
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\K-Meleon
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Program Files\K-Meleon
      2018-08-11 16:14 - 2018-08-11 16:14 - 032875887 _____ (kmeleonbrowser.org) C:\Users\BECKO\Downloads\K-Meleon76RC.exe
      2018-08-11 16:04 - 2018-08-11 16:04 - 000000000 ____H C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
      2018-08-11 16:04 - 2018-08-11 16:04 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
      2018-08-11 16:04 - 2012-07-26 06:39 - 000526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
      2018-08-11 16:04 - 2012-07-26 06:39 - 000047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
      2018-08-11 16:04 - 2012-07-26 05:46 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
      2018-08-11 16:04 - 2012-06-02 17:34 - 000000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
      2018-08-11 14:20 - 2018-07-17 01:02 - 000480888 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
      2018-08-11 14:18 - 2018-08-11 14:18 - 000000492 _____ C:\Users\BECKO\Desktop\LFS.lnk
      2018-08-11 14:04 - 2018-08-11 14:04 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-08-11 14:04 - 2018-08-11 14:04 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-08-11 14:04 - 2018-08-11 14:04 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Google
      2018-08-11 14:03 - 2018-08-11 14:18 - 000000000 ____D C:\Users\BECKO\AppData\Local\Google
      2018-08-11 14:03 - 2018-08-11 14:03 - 000000000 ____D C:\Program Files\Google
      2018-08-11 14:02 - 2018-08-11 14:02 - 000057560 _____ C:\Users\BECKO\AppData\Local\GDIPFONTCACHEV1.DAT
      2018-08-11 13:49 - 2018-08-11 13:49 - 000001417 _____ C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      2018-08-11 13:49 - 2014-05-14 19:23 - 001973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
      2018-08-11 13:49 - 2014-05-14 19:23 - 000581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
      2018-08-11 13:49 - 2014-05-14 19:23 - 000054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
      2018-08-11 13:49 - 2014-05-14 19:23 - 000045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
      2018-08-11 13:49 - 2014-05-14 19:23 - 000036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
      2018-08-11 13:49 - 2014-05-14 19:17 - 002425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
      2018-08-11 13:49 - 2014-05-14 19:17 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
      2018-08-11 13:49 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
      2018-08-11 13:49 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
      2018-08-11 13:48 - 2018-08-12 08:13 - 000000000 ____D C:\Users\BECKO
      2018-08-11 13:48 - 2018-08-11 13:48 - 000000020 ___SH C:\Users\BECKO\ntuser.ini
      2018-08-11 13:48 - 2018-08-11 13:48 - 000000000 ____D C:\Users\BECKO\AppData\Local\VirtualStore
      2018-08-11 13:48 - 2010-11-21 03:46 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Media Center Programs
      2018-08-11 13:43 - 2018-08-11 13:43 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
      2018-08-11 13:42 - 2018-08-11 13:42 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
      2018-08-11 13:41 - 2018-08-11 13:41 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-12 07:58 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-08-12 07:58 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-08-12 07:56 - 2010-11-21 00:01 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-08-12 07:56 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
      2018-08-12 07:51 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-08-12 00:38 - 2009-07-14 07:52 - 000028672 _____ C:\Windows\system32\config\BCD-Template
      2018-08-11 21:57 - 2009-07-14 07:52 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
      2018-08-11 21:40 - 2009-07-14 01:09 - 004967424 _____ (Intel Corporation) C:\Windows\system32\igdumd32.dll
      2018-08-11 18:36 - 2009-07-14 07:33 - 000266808 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-08-11 18:34 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\PolicyDefinitions
      2018-08-11 17:30 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\rescache
      2018-08-11 17:24 - 2010-11-21 03:38 - 000000000 ____D C:\Windows\system32\WCN
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\sysprep
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\oobe
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\migwiz
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\servicing
      2018-08-11 17:23 - 2010-11-21 03:46 - 000000000 ____D C:\Program Files\Windows Journal
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Sidebar
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Defender
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\DVD Maker
      2018-08-11 17:23 - 2009-07-14 05:37 - 000000000 ____D C:\Program Files\Common Files\System
      2018-08-11 14:05 - 2017-10-21 15:53 - 000000000 ____D C:\LFS
      2018-08-11 13:48 - 2009-07-14 05:37 - 000000000 __RHD C:\Users\Public\Libraries
      2018-08-11 13:43 - 2009-07-14 07:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
      2018-08-11 13:39 - 2010-11-21 03:46 - 000000000 ____D C:\Windows\CSC
      ==================== Files in the root of some directories =======
      2018-08-11 18:54 - 2018-07-20 18:17 - 084469760 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Roaming\rasapi32.dll
      2018-08-12 00:53 - 2018-08-12 00:53 - 000000046 _____ () C:\Users\BECKO\AppData\Roaming\WB.CFG
      Some files in TEMP:
      ====================
      2018-08-12 06:43 - 2018-08-11 18:28 - 001289096 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Local\Temp\dllnt_dump.dll
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-08-11 13:38
      ==================== End of FRST.txt ============================
      Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02.08.2018
      Ran by BECKO (12-08-2018 08:47:38)
      Running from C:\Users\BECKO\Downloads
      Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2018-08-11 10:48:46)
      Boot Mode: Normal
      ==========================================================

      ==================== Accounts: =============================
      Administrator (S-1-5-21-4192057778-3853912004-1886924142-500 - Administrator - Disabled)
      BECKO (S-1-5-21-4192057778-3853912004-1886924142-1001 - Administrator - Enabled) => C:\Users\BECKO
      Guest (S-1-5-21-4192057778-3853912004-1886924142-501 - Limited - Disabled)
      HomeGroupUser$ (S-1-5-21-4192057778-3853912004-1886924142-1002 - Limited - Enabled)
      ==================== Security Center ========================
      (If an entry is included in the fixlist, it will be removed.)
      AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
      AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
      AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      ==================== Installed Programs ======================
      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
      Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
      Adobe Flash Player 30 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
      Driver Easy 5.6.4 (HKLM\...\DriverEasy_is1) (Version: 5.6.4 - Easeware)
      Google Chrome (HKLM\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
      Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
      K-Meleon 76.0 (x86 en-US) (HKLM\...\K-Meleon 76.0 (x86 en-US)) (Version: 76.0 - kmeleonbrowser.org)
      Malwarebytes, версия 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
      Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
      RogueKiller version 12.12.31.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.31.0 - Adlice Software)
      Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
      Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
      ==================== Custom CLSID (Whitelisted): ==========================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      CustomCLSID: HKU\S-1-5-21-4192057778-3853912004-1886924142-1001_Classes\CLSID\{d33c6260-dafc-4b90-bf39-8ad6a5f19b7d}\localserver32 -> "C:\Program Files\Avira\SoftwareUpdater\AviraSoftwareUpdaterToastNotificationsBridge.exe" -ToastActivated => No File
      ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2018-08-12] ()
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2018-08-11] (Intel Corporation)
      ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2018-08-12] ()
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
      ==================== Scheduled Tasks (Whitelisted) =============
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      Task: {15D51586-5D78-42F1-9AC0-F11850F32BB2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-08-11] (Adobe Systems Incorporated)
      Task: {4311FBF7-FF23-4B96-8A7A-7C848E6879A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-08-11] (Google Inc.)
      Task: {755ADDF9-F707-4126-9FD6-5EE5C09A6ED0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-08-11] (Google Inc.)
      Task: {87310821-94B6-4F2B-B233-805F8167F2AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-11] (Adobe Systems Incorporated)
      Task: {A663C5B5-F8F8-4769-83E9-A86545183E28} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-08-11] (Adobe Systems Incorporated)
      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      ==================== Shortcuts & WMI ========================
      (The entries could be listed to be restored or removed.)

      ==================== Loaded Modules (Whitelisted) ==============
      2018-08-11 19:36 - 2018-07-03 12:59 - 002077904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
      2018-08-11 19:36 - 2018-06-18 13:32 - 002169040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
      2018-08-11 14:04 - 2018-08-08 03:55 - 004076888 _____ () C:\Program Files\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
      2018-08-11 14:04 - 2018-08-08 03:55 - 000096088 _____ () C:\Program Files\Google\Chrome\Application\68.0.3440.106\libegl.dll
      ==================== Alternate Data Streams (Whitelisted) =========
      (If an entry is included in the fixlist, only the ADS will be removed.)
      AlternateDataStreams: C:\Windows\system32\config\systemprofile:.repos [6121592]
      ==================== Safe Mode (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
      ==================== Association (Whitelisted) ===============
      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

      ==================== Internet Explorer trusted/restricted ===============
      (If an entry is included in the fixlist, it will be removed from the registry.)

      ==================== Hosts content: ===============================
      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
      2009-07-14 05:04 - 2009-06-11 00:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

      ==================== Other Areas ============================
      (Currently there is no automatic fix for this section.)
      HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: 192.168.0.1
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.
      ==================== MSCONFIG/TASK MANAGER disabled items ==

      ==================== FirewallRules (Whitelisted) ===============
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      FirewallRules: [{38F020BD-9D8B-47A7-BA58-523640743E70}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
      FirewallRules: [TCP Query User{73CDBD4B-E707-4433-90BB-0CA4D37853D5}D:\lfs\lfs.exe] => (Allow) D:\lfs\lfs.exe
      FirewallRules: [UDP Query User{43AE0B81-FBBA-40D9-9930-B10662946E5D}D:\lfs\lfs.exe] => (Allow) D:\lfs\lfs.exe
      FirewallRules: [{EB2B59E7-24DC-4376-8CA5-5C73EB6B45AC}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
      FirewallRules: [TCP Query User{3CA70832-11D6-43D6-996B-CE4FD0FFCA2F}C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe] => (Allow) C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe
      FirewallRules: [UDP Query User{A8FAE1F8-F48D-463D-9467-C469B6224C66}C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe] => (Allow) C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe
      FirewallRules: [{C20D9306-3310-4603-955A-D8750AB02ABC}] => (Allow) C:\Users\BECKO\AppData\Local\Chromium\Application\chrome.exe
      ==================== Restore Points =========================
      11-08-2018 13:48:58 Windows Update
      11-08-2018 14:19:49 Windows Update
      11-08-2018 16:16:29 Windows Backup
      11-08-2018 16:53:14 Language Pack Installation
      11-08-2018 18:23:09 Програма за инсталиране на модули за Windows
      11-08-2018 18:41:57 Windows Update
      11-08-2018 18:46:40 Removed Avira Software Updater
      11-08-2018 19:18:13 Точка на възстановяване на HitmanPro
      11-08-2018 19:29:58 Точка на възстановяване на HitmanPro
      ==================== Faulty Device Manager Devices =============
      Name: RICOH Bay8Controller
      Description: RICOH Bay8Controller
      Class Guid: 
      Manufacturer: 
      Service: 
      Problem: : The drivers for this device are not installed. (Code 28)
      Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

      ==================== Event log errors: =========================
      Application errors:
      ==================
      Error: (08/12/2018 07:53:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/12/2018 07:48:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/12/2018 07:16:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/12/2018 07:12:39 AM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Име на приложение с грешки: rundll32.exe_rasapi32.dll, версия: 6.1.7600.16385, времево клеймо: 0x4a5bc637
      Име на модул с грешки: rasapi32.dll_unloaded, версия: 0.0.0.0, времево клеймо: 0x5b51fcfc
      Код на изключение: 0xc0000005
      Отместване на грешка: 0x5d2300fb
      ИД на процес на грешка: 0xc58
      Начален час на приложението с грешки: 0x01d431b9f55ad649
      Път на приложението с грешки: C:\Windows\System32\rundll32.exe
      Път на модула с грешки: rasapi32.dll
      ИД на доклад: f345bb24-9de5-11e8-8c5b-002713343a56
      Error: (08/12/2018 12:27:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/11/2018 10:30:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/11/2018 08:31:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/11/2018 07:56:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

      System errors:
      =============
      Error: (08/12/2018 07:50:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: Услуга Software Protection беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 120000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service.
      Error: (08/12/2018 07:50:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга HP Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:50:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: Услуга Windows Media Player Network Sharing Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 30000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service.
      Error: (08/12/2018 07:50:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга Bluetooth Driver Management Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:46:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: Услуга Windows Media Player Network Sharing Service не може да бъде стартирана поради следната грешка: 
      Системата не може да намери указания път.
      Error: (08/12/2018 07:45:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга HP Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:45:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга Bluetooth Driver Management Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:45:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: Услуга Windows Media Player Network Sharing Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 30000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service.

      Windows Defender:
      ===================================
      Date: 2018-08-11 18:49:37.775
      Description: 
      Windows Defender has detected spyware or other potentially unwanted software.
      For more information please see the following:
      http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Prepscram&threatid=226289
      Name:SoftwareBundler:Win32/Prepscram
      ID:226289
      Severity:High
      Category:Software Bundler
      Path Found:file:C:\Program Files\KMSPico 10.2.1 Final\WindowsLoader.exe;process:pid:1664
      Detection Type:Concrete
      Detection Source:Real-Time Protection
      Status:Unknown
      Process Name:
      CodeIntegrity:
      ===================================
      Date: 2018-08-11 18:47:53.133
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:47:33.024
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:46:32.355
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:36:54.706
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:34:39.836
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:29:33.389
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:26:43.817
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:19:33.847
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      ==================== Memory info =========================== 
      Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
      Percentage of memory in use: 57%
      Total physical RAM: 3000.26 MB
      Available physical RAM: 1266.7 MB
      Total Virtual: 7094.55 MB
      Available Virtual: 5571.67 MB
      ==================== Drives ================================
      Drive c: () (Fixed) (Total:100.1 GB) (Free:34 GB) NTFS
      Drive d: () (Fixed) (Total:365.12 GB) (Free:278.48 GB) NTFS
      \\?\Volume{b6af5893-9d52-11e8-b3b1-806e6f6e6963}\ (Резервирана за системата) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
      \\?\Volume{b6af5896-9d52-11e8-b3b1-806e6f6e6963}\ () (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS
      ==================== MBR & Partition Table ==================
      ========================================================
      Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0FD73A73)
      Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=100.1 GB) - (Type=07 NTFS)
      Partition 3: (Not Active) - (Size=365.1 GB) - (Type=07 NTFS)
      Partition 4: (Not Active) - (Size=450 MB) - (Type=27)
      ==================== End of Addition.txt ============================
      това беше открито снощи 
      Malwarebytes
      www.malwarebytes.com
      -Детайли за регистъра-
      Дата на сканиране: 11.08.18 г.
      Час на сканиране: 19:39
      Файл на регистъра: 1355b5a2-9d85-11e8-97c9-002713343a56.json
      Администратор: Да
      -Информация за софтуера-
      Версия: 3.5.1.2522
      Версия на компонентите: 1.0.391
      Актуализирай версията на пакета: 1.0.6301
      Лиценз: Пробен период
      -Системна информация-
      OS: Windows 7 Service Pack 1
      CPU: x86
      Файлова система: NTFS
      Потребител: BECKO-PC\BECKO
      -Резюме на сканирането-
      Тип сканиране: Threat Scan
      Сканирането е стартирано от: Ръчно
      Резултат: Завършено
      Сканирани обекти: 158748
      Открити заплахи: 85
      Заплахи под карантина: 85
      Изтекло време: 3 мин, 55 сек
      -Опции за сканиране-
      Памет: Разрешено
      Стартиране: Разрешено
      Файлова система: Разрешено
      Архиви: Разрешено
      руткитове: Разрешено
      Евристика: Разрешено
      PUP: Открий
      PUM: Открий
      -Детайли за сканирането-
      Процес: 0
      (Не бяха открити зловредни елементи)
      Модул: 0
      (Не бяха открити зловредни елементи)
      Ключ на регистъра: 16
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Chromium tatec, Под карантина, [3754], [483380],1.0.6301
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3754], [483380],1.0.6301
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3754], [483380],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OPERA SCHEDULED AUTOUPDATE 4086469641, Под карантина, [103], [535908],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5A62AD84-CD2D-4C9B-AB06-213D0315B69D}, Под карантина, [103], [535908],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{5A62AD84-CD2D-4C9B-AB06-213D0315B69D}, Под карантина, [103], [535908],1.0.6301
      Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Multitimer_is1, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chromium tatec, Под карантина, [3725], [-1],0.0.0
      PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3725], [-1],0.0.0
      PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3725], [-1],0.0.0
      Adware.FastDataX, HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\SOFTWARE\FastDataX, Под карантина, [3932], [484533],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\campaign9961, Под карантина, [417], [518478],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, Под карантина, [417], [518476],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\Speedycar, Под карантина, [417], [518473],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\TechnologyDesktopnew, Под карантина, [417], [518479],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D2A33A63-8223-EBE3-33A3-9B63E32348E3}, Под карантина, [3725], [542290],1.0.6301
      Стойност на регистъра: 6
      Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Multitimer, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.NotChromeRun, HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GOOGLECHROMEAUTOLAUNCH_A26881468A4EFB18BAF645F9B1FB72E9, Под карантина, [6940], [241243],1.0.6301
      Adware.Tuto4PC.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|QWTD433SW12, Под карантина, [3704], [522751],1.0.6301
      Adware.NeoBar, HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|AwRWNQQxQn, Под карантина, [1236], [431477],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5A62AD84-CD2D-4C9B-AB06-213D0315B69D}|PATH, Под карантина, [103], [535907],1.0.6301
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}|PATH, Под карантина, [3754], [483378],1.0.6301
      Данни на регистъра: 0
      (Не бяха открити зловредни елементи)
      Поток данни: 0
      (Не бяха открити зловредни елементи)
      Папка: 8
      PUP.Optional.BundleInstaller, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\845712, Под карантина, [407], [463480],1.0.6301
      Adware.Tuto4PC, C:\PROGRAM FILES\MULTITIMER, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\5b2ec796-04d1-0, Под карантина, [679], [407181],1.0.6301
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\5b2ec796-56c1-1, Под карантина, [679], [407181],1.0.6301
      Adware.NeoBar, C:\USERS\BECKO\APPDATA\LOCAL\CYPJMERAKY, Под карантина, [1236], [431477],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\USERS\BECKO\APPDATA\LOCAL\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}, Под карантина, [3725], [542290],1.0.6301
      Файл: 55
      PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\5b2ec796-04d1-0\BITAC33.tmp, Под карантина, [3742], [257931],1.0.6301
      PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\5b2ec796-56c1-1\BIT96A0.tmp, Под карантина, [3742], [257931],1.0.6301
      PUP.Optional.BundleInstaller, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\845712\ic-0.9290ec7e4e043.exe, Под карантина, [407], [463480],1.0.6301
      PUP.Optional.BundleInstaller, C:\Users\BECKO\AppData\Local\Temp\845712\ic-0.ab640b600fd5f8.exe, Под карантина, [407], [463480],1.0.6301
      PUP.Optional.WinYahoo.Generic, C:\WINDOWS\SYSTEM32\TASKS\Chromium tatec, Под карантина, [3754], [483380],1.0.6301
      Adware.Agent, C:\WINDOWS\SYSTEM32\TASKS\OPERA SCHEDULED AUTOUPDATE 4086469641, Под карантина, [103], [535908],1.0.6301
      Adware.Agent, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\allradio_4.27_portable.exe, Под карантина, [103], [536191],1.0.6301
      Adware.Tuto4PC, C:\PROGRAM FILES\MULTITIMER\UNINS000.DAT, Под карантина, [2764], [474048],1.0.6301
      Adware.Tuto4PC, C:\Program Files\Multitimer\Multitimer.exe, Под карантина, [2764], [474048],1.0.6301
      Adware.Tuto4PC, C:\Program Files\Multitimer\unins000.exe, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}\fado, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}\hdat1, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}\hdat2, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Chromium tatec, Под карантина, [3725], [-1],0.0.0
      Adware.Tuto4PC.Generic, C:\PROGRAM FILES\YUYFG\5138832.EXE, Под карантина, [3704], [522751],1.0.6301
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      Adware.NeoBar, C:\Users\BECKO\AppData\Local\cypjMERAky\activation.exe, Под карантина, [1236], [431477],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\USERS\BECKO\APPDATA\LOCAL\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HOWTOREMOVE\HOWTOREMOVE.HTML, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\chromium-min.jpg, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\control panel-min-min.JPG, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\down.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\ff menu.JPG, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\ff search engine-min.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\hp-min ff.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\hp-min ie.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\search engine.gif, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\setup pages.gif, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\sp-min.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\start-min.jpg, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\up.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\lilacisa, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\lonadel, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\uninst.exe, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\uninstp.dat, Под карантина, [3725], [542290],1.0.6301
      Ransom.Crysis, C:\USERS\BECKO\APPDATA\ROAMING\MICROSOFT\WINDOWS\REACSRHG\UIFBACFE.EXE, Под карантина, [7210], [551188],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\Sound Volume Control.lnk, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\ROAMING\SOUND VOLUME CONTROL\SNDVOL.EXE, Под карантина, [0], [392686],1.0.6301
      PUP.Optional.BundleInstaller, C:\PROGRAM FILES\KMSPICO 10.2.1 FINAL\REGISTRY_ACTIVATION_2751393056.EXE, Под карантина, [407], [505351],1.0.6301
      Trojan.MalPack, C:\PROGRAM FILES\KMSPICO 10.2.1 FINAL\WINDOWSLOADER.EXE, Под карантина, [4152], [500527],1.0.6301
      Backdoor.Bot, C:\PROGRAM FILES\KMSPICO 10.2.1 FINAL\ACTIVATION.EXE, Под карантина, [806], [419768],1.0.6301
      Adware.Agent, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\IS-AT1Q7.TMP\ZRGVBV.DLL, Под карантина, [103], [539849],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\TEMP2_WINDOWS LOADER 3.1.ZIP\WINDOWS LOADER 3.1.EXE, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\TEMP3_WINDOWS LOADER 3.1.ZIP\WINDOWS LOADER 3.1.EXE, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\TEMP4_WINDOWS LOADER 3.1.ZIP\WINDOWS LOADER 3.1.EXE, Под карантина, [0], [392686],1.0.6301
      Adware.Tuto4PC, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\EYEKAZXXJYM.EXE, Под карантина, [2764], [474076],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\REFSUTIL.EXE, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\BEAD.TMP.EXE, Под карантина, [0], [392686],1.0.6301
      Физически сектор: 0
      (Не бяха открити зловредни елементи)
      WMI: 0
      (Не бяха открити зловредни елементи)

      (end)
    • от Антон Ангелов
      Здравейте,
      Имам съмнения, че системата ми е заразена работи, бавно и първият път, като отворя нов таб във файрфокс се отварят още два прозореца с реклами.
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
      Ran by Anton (administrator) on DESKTOP-IRI1MIH (04-08-2018 17:20:24)
      Running from C:\Users\Anton\Desktop
      Loaded Profiles: Anton (Available Profiles: Anton)
      Platform: Windows 10 Enterprise Version 1709 16299.431 (X64) Language: Български (България)
      Internet Explorer Version 11 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (AMD) C:\Windows\System32\atiesrxx.exe
      (AMD) C:\Windows\System32\atieclxx.exe
      (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
      (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
      (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
      (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
      () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (Intel Corporation) C:\Windows\System32\igfxEM.exe
      (Intel Corporation) C:\Windows\System32\igfxHK.exe
      () C:\Windows\System32\igfxTray.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
      () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
      (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
      (Realtek semiconductor) C:\Windows\RTFTrack.exe
      (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
      (BitTorrent Inc.) C:\Users\Anton\AppData\Roaming\uTorrent\uTorrent.exe
      (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (BitTorrent Inc.) C:\Users\Anton\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe
      (BitTorrent Inc.) C:\Users\Anton\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe
      () C:\Program Files\WindowsApps\60145ScottBrogden.ditto-cp_3.21.223.0_x86__n6b029mg40na2\Ditto.exe
      (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
      (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
      (Lenovo Group Limited) C:\Users\Anton\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe
      (AVAST Software) C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
      (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
      (Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
      HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5052120 2015-06-01] (Realtek semiconductor)
      HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-06-22] (AVAST Software)
      HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
      HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
      HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
      HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-06-22] (Advanced Micro Devices, Inc.)
      HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
      HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\Run: [uTorrent] => C:\Users\Anton\AppData\Roaming\uTorrent\uTorrent.exe [1984184 2018-06-22] (BitTorrent Inc.)
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\Run: [Viber] => C:\Users\Anton\AppData\Local\Viber\Viber.exe [37338696 2018-04-24] (Viber Media S.à r.l.)
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [5263040 2018-01-30] (Disc Soft Ltd)
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7368480 2018-08-04] (Lavasoft)
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\MountPoints2: {a097669a-1fdb-11e8-8817-f8a963267c4d} - "I:\startme.exe"
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\MountPoints2: {a09767e5-1fdb-11e8-8817-f8a963267c4d} - "H:\SETUP.EXE"
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\MountPoints2: {a0976fa4-1fdb-11e8-8817-f8a963267c4d} - "I:\Setup.exe"
      GroupPolicy: Restriction ? <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 62.221.132.211 85.130.60.11
      Tcpip\..\Interfaces\{3dad8f67-5fb2-42f7-8404-142ac9dfe4b7}: [DhcpNameServer] 192.168.1.1
      Tcpip\..\Interfaces\{7fd9a328-bcce-42f4-bd1c-45a1f2ee1e6c}: [DhcpNameServer] 62.221.132.211 85.130.60.11
      Internet Explorer:
      ==================
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180523__yaie
      SearchScopes: HKU\S-1-5-21-1747955922-307037692-2103265143-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10420__180523__yaie&p={searchTerms}
      BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-04-10] (Microsoft Corporation)
      BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
      BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-09-12] (Microsoft Corporation)
      BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
      Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
      Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
      Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
      Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
      FireFox:
      ========
      FF DefaultProfile: 6l09fpov.default-1519148072560
      FF ProfilePath: C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560 [2018-08-04]
      FF Homepage: Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560 -> about:home
      FF NewTab: Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560 -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180523__yaff
      FF Extension: (Easy YouTube mp3) - C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560\Extensions\d.lehr@chello.at.xpi [2018-07-07]
      FF Extension: (Avast Online Security) - C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560\Extensions\wrc@avast.com.xpi [2018-06-01]
      FF Extension: (Adblock Plus) - C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-18]
      FF SearchPlugin: C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560\searchplugins\yahoo-lavasoft-ff59.xml [2018-05-23]
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-14] ()
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
      FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-14] ()
      FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-10] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
      FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
      FF Plugin HKU\S-1-5-21-1747955922-307037692-2103265143-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Anton\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies ApS)
      Chrome:
      =======
      CHR HomePage: Default -> hxxp://www.google.com
      CHR Profile: C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default [2018-07-25]
      CHR Extension: (YouTube) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-26]
      CHR Extension: (Adobe Acrobat) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-26]
      CHR Extension: (Avast SafePrice) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-02-18]
      CHR Extension: (Avast Online Security) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-26]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-26]
      CHR Extension: (Chrome Media Router) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-23]
      CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
      R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
      R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
      R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-06-22] (AVAST Software)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-06-22] (AVAST Software)
      R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3480768 2018-01-30] (Disc Soft Ltd)
      R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2016-09-20] (Nero AG)
      R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
      R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
      S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-31] (Microsoft Corporation)
      R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11294448 2018-03-09] (TeamViewer GmbH)
      R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25888 2018-08-04] ()
      S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
      S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [65248 2015-04-24] (Advanced Micro Devices, Inc.)
      R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [197160 2018-06-22] (AVAST Software)
      R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [229392 2018-06-22] (AVAST Software)
      R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201328 2018-06-22] (AVAST Software)
      R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346664 2018-06-22] (AVAST Software)
      R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59592 2018-06-22] (AVAST Software)
      S3 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-06-22] (AVAST Software)
      R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239680 2018-06-22] (AVAST Software)
      S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-06-22] (AVAST Software)
      R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159640 2018-06-22] (AVAST Software)
      R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111872 2018-06-22] (AVAST Software)
      R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-06-22] (AVAST Software)
      R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027728 2018-06-22] (AVAST Software)
      R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467064 2018-07-25] (AVAST Software)
      R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [211160 2018-06-22] (AVAST Software)
      R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381584 2018-06-22] (AVAST Software)
      R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-03-04] (Disc Soft Ltd)
      R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-03-04] (Disc Soft Ltd)
      R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
      S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
      R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3059416 2015-06-11] (Realtek Semiconductor Corp.)
      R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
      S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
      S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
      S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-04 17:19 - 2018-08-04 17:20 - 000040238 _____ C:\Users\Anton\Desktop\Addition.txt
      2018-08-04 17:16 - 2018-08-04 17:23 - 000018696 _____ C:\Users\Anton\Desktop\FRST.txt
      2018-08-04 17:16 - 2018-08-04 17:20 - 000000000 ____D C:\FRST
      2018-08-04 17:14 - 2018-08-04 17:15 - 002412544 _____ (Farbar) C:\Users\Anton\Desktop\FRST64.exe
      2018-08-04 17:09 - 2018-08-04 17:09 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
      2018-07-25 15:13 - 2018-07-25 15:13 - 000000000 ____D C:\Users\Anton\AppData\Local\PlaceholderTileLogoFolder
      2018-07-25 15:11 - 2018-07-25 15:11 - 000107310 _____ C:\Users\Anton\Desktop\FileZilla.xml
      2018-07-25 15:10 - 2018-07-25 15:11 - 007791072 _____ (Tim Kosse) C:\Users\Anton\Downloads\FileZilla_3.35.1_win64-setup.exe
      2018-07-19 13:01 - 2018-07-19 13:01 - 000000711 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tanki Online.lnk
      2018-07-19 12:59 - 2018-07-19 12:59 - 009644712 _____ (AlternativaGame Ltd ) C:\Users\Anton\Downloads\tankionline_eu.exe
      2018-07-19 09:44 - 2018-08-04 17:06 - 000000000 ____D C:\Users\Anton\AppData\LocalLow\uTorrent
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-04 17:22 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
      2018-08-04 17:22 - 2017-09-26 18:50 - 000000000 ____D C:\Users\Anton\AppData\Roaming\uTorrent
      2018-08-04 17:21 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\AppReadiness
      2018-08-04 17:09 - 2017-09-26 00:28 - 000000000 ____D C:\Users\Anton\AppData\LocalLow\Mozilla
      2018-08-04 17:08 - 2018-06-23 10:14 - 000000000 ____D C:\Users\Anton\AppData\Local\AVAST Software
      2018-08-04 17:06 - 2017-10-12 22:48 - 000000000 ____D C:\Users\Anton\AppData\Local\HTC MediaHub
      2018-08-04 17:05 - 2017-12-31 07:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2018-08-04 17:05 - 2017-10-23 19:45 - 000000000 ____D C:\Program Files (x86)\TeamViewer
      2018-08-04 17:05 - 2017-10-21 12:50 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
      2018-08-04 17:05 - 2017-09-26 00:39 - 000000000 __SHD C:\Users\Anton\IntelGraphicsProfiles
      2018-07-25 20:17 - 2017-09-29 11:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
      2018-07-25 20:00 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\system32\NDF
      2018-07-25 19:52 - 2017-12-31 07:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
      2018-07-25 17:10 - 2017-12-31 07:18 - 000000000 ____D C:\Users\Anton
      2018-07-25 16:53 - 2017-09-26 19:10 - 000000000 ____D C:\Users\Anton\AppData\Roaming\vlc
      2018-07-25 16:51 - 2018-06-03 23:14 - 000000000 ____D C:\Users\Anton\AppData\Roaming\FileZilla
      2018-07-25 15:48 - 2018-06-03 23:14 - 000000000 ____D C:\Users\Anton\AppData\Local\FileZilla
      2018-07-25 15:13 - 2017-12-31 07:19 - 000000000 ____D C:\Users\Anton\AppData\Local\Packages
      2018-07-25 15:13 - 2017-09-29 16:46 - 000000000 ___HD C:\Program Files\WindowsApps
      2018-07-25 15:12 - 2018-06-03 23:12 - 000000000 ____D C:\Users\Anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
      2018-07-25 15:12 - 2018-06-03 23:12 - 000000000 ____D C:\Program Files\FileZilla FTP Client
      2018-07-25 14:51 - 2017-09-26 18:43 - 000467064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
      2018-07-24 21:36 - 2017-12-31 07:35 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
      2018-07-22 16:34 - 2017-10-08 22:55 - 000000875 _____ C:\Users\Anton\Desktop\Книги.txt
      2018-07-22 15:44 - 2017-09-29 16:37 - 000000000 ____D C:\WINDOWS\CbsTemp
      2018-07-18 23:21 - 2018-06-26 23:00 - 000000000 ____D C:\Users\Anton\AppData\Local\CrashDumps
      2018-07-18 23:19 - 2018-04-21 10:07 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
      2018-07-18 23:18 - 2015-10-30 10:24 - 000000167 _____ C:\WINDOWS\win.ini
      2018-07-15 13:29 - 2017-09-27 00:48 - 000000000 ____D C:\WINDOWS\system32\MRT
      2018-07-15 13:24 - 2017-09-27 00:48 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
      2018-07-15 13:17 - 2017-09-29 16:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
      2018-07-15 12:58 - 2017-12-23 17:33 - 000000000 ___DC C:\WINDOWS\Panther
      2018-07-15 12:16 - 2017-12-31 07:34 - 000065683 _____ C:\WINDOWS\diagwrn.xml
      2018-07-15 12:16 - 2017-12-31 07:34 - 000062868 _____ C:\WINDOWS\diagerr.xml
      2018-07-15 10:45 - 2017-10-21 13:22 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
      2018-07-15 10:43 - 2017-09-29 11:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
      2018-07-15 10:07 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\Registration
      2018-07-15 10:06 - 2018-04-12 20:30 - 000000000 ___HD C:\$WINDOWS.~BT
      2018-07-14 11:11 - 2017-10-15 22:30 - 000000000 ____D C:\Users\Anton\AppData\Local\LenovoServiceBridge
      2018-07-14 11:05 - 2018-03-15 00:41 - 000004588 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
      2018-07-14 11:05 - 2017-12-31 07:35 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
      2018-07-14 11:05 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
      2018-07-14 11:05 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
      2018-07-10 23:51 - 2017-09-29 00:46 - 000000187 _____ C:\Users\Anton\Desktop\Angliski.txt
      2018-07-10 20:48 - 2017-12-31 07:35 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
      2018-07-10 20:47 - 2017-09-26 18:59 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2018-07-10 08:13 - 2017-12-31 07:35 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1747955922-307037692-2103265143-1001
      2018-07-10 08:13 - 2017-09-26 00:26 - 000002391 _____ C:\Users\Anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
      2018-07-10 08:13 - 2017-09-26 00:26 - 000000000 ___RD C:\Users\Anton\OneDrive
      2018-07-08 23:05 - 2018-02-20 20:34 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2018-07-08 23:05 - 2018-02-20 20:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2018-07-07 15:25 - 2018-02-20 20:34 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
      ==================== Files in the root of some directories =======
      2018-06-03 22:57 - 2018-06-03 23:09 - 000000600 _____ () C:\Users\Anton\AppData\Roaming\winscp.rnd
      2018-02-25 19:38 - 2018-02-25 19:38 - 000001456 _____ () C:\Users\Anton\AppData\Local\Adobe Save for Web 13.0 Prefs
      2018-06-10 00:20 - 2018-06-10 00:20 - 000002031 _____ () C:\Users\Anton\AppData\Local\recently-used.xbel
      Some files in TEMP:
      ====================
      2018-07-10 08:14 - 2018-08-04 17:09 - 000391024 _____ (adaware) C:\Users\Anton\AppData\Local\Temp\wcupdater.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-07-22 16:44
      ==================== End of FRST.txt ============================
      Addition.txt
    • от CaptainJord
      Здравейте, откакто изтеглих един файл и го стартирах антивирусната ми засече някакъв вирус относно видеокартата ми (няма как файлове от видеокартата ми да са вирус) .. не знам и аз точно какво е та за по ясно ето снимка .. Колкото и да се опитвам да го махна то пак излиза ..
       
       

      Addition.txt
    • от D101149
      Здравейте! Имам вируси в компютъра. Имах Malwebytes anti-virus, изтече му лиценза пробният и го махнах и сега съм с есет за 30 дена. По-добър от Malwerbytes обаче постоянно ми вади някакъв вирус като вляза в chrome за CoinMiner
      прикачам файловете, които са ви нужни. благодаря!

      FRST.txt
      Addition.txt
    • от ℒℴ♥e
      Значи проблема е, че ми се товари процесора без видима причина, и към бонус това ми спами, някакви рандом реклами в браузера през (период от-време) без, да го стартирам, дори! (той сам се стартира)
      Вече съм с win10 pro и не знам какви са пръвите стъпки, които да направя (ако нещо се е променило (от преди време) да ми кажете), какво се правеше от самото начало?
      Като се има в предвид, че евентуално вирусите ми блокират "Malwarebytes Anti-Malware" (не се стартира след инстал) и може би, да са двойно повече от посл. път (към 500, да кажем сега).
      Не мога и да изтегля Farbar Recovery Scan Tool да кача! Не мога да го download изобщо. Браузера, които и да е, изключва при стартиране на линка!!
      Не завиждам, всъщност на този, който би се занимал с мен. И предварително, се извинявам на всеки, който съм обидил по-някакъв начин!
      И също така, съм много признателен на всички Вас, които ми оправихте последния мега-тера-гига-удар, който понесе компютъра ми, преди време и до-сега работи безотказно !!!
  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.